How Journalists and Activists Can Protect Text Message Sources With Encrypted Archiving

In 2024, the Committee to Protect Journalists documented 43 cases of reporter phone seizures worldwide. In each case, the seized device contained text messages from sources — some confidential, some whose safety depended on anonymity.

When your phone is taken, everything on it is exposed. Every source who texted you. Every whistleblower who sent a tip. Every contact in a sensitive investigation. All of it — on a device that's now in someone else's hands.

This guide shows you how to create a continuous, encrypted archive of your text messages that exists completely independently of your phone. If your device is seized, stolen, or destroyed, the record survives — encrypted, off-device, and under your control.

The Threat Model

Threat	How It Happens	What's Exposed
Phone seizure by authorities	Border crossing, arrest, warrant, "routine inspection"	All SMS, contacts, call logs, apps
Phone confiscation by security forces	Protest, conflict zone, checkpoint	Everything. Often no warrant.
Phone theft (targeted)	Stolen by actors interested in your sources	Source identities, ongoing investigations
Compelled unlock	Court order or coercion to provide passcode/biometric	Full device access despite encryption
Remote compromise	Pegasus, Predator, or similar spyware	Real-time access to all communications

SMS is particularly vulnerable because it's stored in plaintext on the device, cannot be individually encrypted, and is the first thing forensic tools extract.

The Architecture: SMS → Encrypted Email → Separate Device


Source texts you → Your iPhone → SMS to Email Forwarder
                                         ↓
                              [yourname]@protonmail.com
                                    (encrypted at rest)
                                         ↓
                              Accessed from separate device
                              (laptop, another phone)
                              that you don't carry to the field

Why ProtonMail?

Feature	Why It Matters
End-to-end encryption	Even ProtonMail staff can't read stored emails
Swiss jurisdiction	Outside US/EU data-sharing agreements for most scenarios
No phone number required	Create an account without linking to your identity
Free tier	1 GB storage, sufficient for years of text archives
Tor access	Can access via Tor browser for additional anonymity
Open source	Auditable by security researchers

Alternatives: Tutanota (Germany-based, open source), self-hosted email (maximum control, most effort).

Setup (10 Minutes)

Step 1: Create a Dedicated Archive Email

On a separate device (not the phone you'll carry):

Go to protonmail.com using a VPN or Tor
Create a new account with a username that doesn't reveal your identity
Set a strong, unique password — store it in a password manager (Bitwarden, KeePassXC)
Enable 2FA using a hardware key (YubiKey) or authenticator app on a separate device
Do not install ProtonMail on the phone you carry to the field

Step 2: Install SMS to Email Forwarder

On your iPhone (the one you carry):

Download SMS to Email Forwarder
Enter your ProtonMail archive address
Complete the Shortcuts setup
All incoming SMS are now forwarded to the encrypted inbox

Step 3: Verify the Flow

Have a colleague send you a test text
On your separate device, log into ProtonMail and verify the email arrived
Delete the test email to keep the archive clean

Step 4: Compartmentalize

Your iPhone = field device. Carries the app. May be seized.
Your laptop/second phone = archive access. Never carry to sensitive situations.
ProtonMail = the bridge. Encrypted at rest. Accessible from any device with your credentials.

Operational Security for Journalists

On Your Field Phone

Don't install ProtonMail. If your phone is seized and they see ProtonMail, they know you're using encrypted email. The SMS forwarding app is innocuous — thousands of people use it.
Rename the Shortcuts automation to something generic: "Battery Report" or "Focus Update"
Consider the metadata. The forwarding emails contain the sender's phone number. If a source texts you, their number will be in the subject line of the forwarded email. This is by design (it's useful for you) but consider whether the email itself needs additional protection.

On Your Archive Device

Full-disk encryption (FileVault on Mac, BitLocker on Windows)
Don't leave ProtonMail logged in. Log out after each session.
Consider a Tails USB for accessing the archive — leaves no trace on the host computer
Back up the archive periodically by exporting emails (ProtonMail Bridge for IMAP access)

Source Protection

Tell sensitive sources to use Signal, not SMS. SMS is inherently insecure — this archive doesn't fix that.
For sources who can only use SMS: the archive ensures you retain their messages even if your phone is compromised. But be aware: the forwarded emails contain their phone number.
Consider pre-arranging code words with high-risk sources so that forwarded messages are meaningless to anyone else.

Scenarios

Border Crossing

You're an investigative journalist entering a country known for inspecting journalists' devices at the border.

Before crossing: Your SMS archive has been forwarding for months. Your ProtonMail inbox on your laptop (which you shipped ahead or accessed remotely) contains the full record.

At the border: They take your phone. They image the device. They see your texts — but only recent ones. Anything you deleted is gone from the device (or recoverable, but incomplete).

What you retain: The complete, encrypted archive in ProtonMail — accessible from any device, any location. Your source communications are preserved and protected.

Protest Coverage

You're covering a protest. Police begin arresting journalists. Your phone is confiscated.

What's exposed: Whatever is on the phone — recent texts, photos, notes.

What's protected: Every text you received since you set up the archive. You don't need your phone to access the record. You borrow a friend's laptop, log into ProtonMail, and file your story using the text evidence.

Newsroom Subpoena

Your newsroom receives a subpoena for all communications with a source. Your phone is surrendered for forensic examination.

Your defense: The texts on the phone are one copy. Your encrypted ProtonMail archive is another, but it's protected by:

Journalist shield laws (varies by state)
Swiss data protection (ProtonMail won't comply with foreign subpoenas without Swiss court order)
End-to-end encryption (ProtonMail literally cannot read the emails even if compelled)

What This Doesn't Protect Against

Be honest about the limitations:

Limitation	Explanation
Spyware (Pegasus, etc.)	If your phone is compromised at the OS level, the attacker sees texts before they're forwarded — and sees the forwarding destination
Your outgoing texts	This only archives incoming SMS. Your replies are not captured.
Real-time surveillance	If someone is watching your phone live, they see the texts in real-time — the archive is a backup, not a defense
Email metadata	ProtonMail encrypts content, but metadata (sender, timestamp, subject) may be visible to ProtonMail infrastructure
SMS inherent weakness	SS7 interception, SIM swapping — these attack the SMS channel itself. Use Signal for truly sensitive communications.

The Bottom Line for Press Freedom

Every journalist's phone is a repository of source trust. When that phone is seized, that trust is violated — not by the journalist, but by the system that took the device.

Encrypted SMS archiving doesn't solve the systemic problem. But it ensures that your journalistic record survives the loss of your device. Your sources' communications are preserved. Your story can still be told.

That's worth 10 minutes of setup.

Your sources trust you. Protect that trust.

Download SMS to Email Forwarder — encrypted, automatic, off-device SMS archiving.

Ready to get started?

Set up automatic SMS forwarding in under 2 minutes. Free plan available — no credit card required.

Download on the App Store