In chapter `assess-plan/private communication` under section "[Keep in mind some basic security measures](https://gitlab.com/securityinabox/securityinabox.gitlab.io/-/tree/545f30cde72f9802eda872778e0896a306d9d420/src/assess-plan/private-communication#keep-in-mind-some-basic-security-measures)" The recommendations in this section along with the expandable explanation are confusing with regard to TLS/HTTPS and end-to-end encryption and the relationship thereof. On one hand the recommendation is to seek/use TLS/HTTPS and verify its implementation by the chosen communications app/service wherever possible, and on the other they recommend e2ee. The confusion is stemming from: 1. the order these techniques are recommended 2. the absence of a clear relationship, or order of preference Which may leave the reader trying to follow the advice literally and seeking a solution, or information thereof, that is irrelevant. Because actually, when e2ee is implemented, we do not care about TLS/HTTPS, nor should seeking it be a priority. In many cases, applications that do implement e2ee do not state whether TLS is used or not. I recommend stating an explicit hierarchy among the techniques, starting with the most preferred, and going down to the required minimum. Specifically: 1. E2ee is absolutely preferred, and must be sought after 2. In cases where e2ee is not available, such as when using email without the extra effort of using PGP, or when having to use apps that do not promise 2e22, then 2) TLS/HTTPS must be sought after 3. with a strong discouragement from such apps that do not implement e2ee 4. Finally, and optionally, when TLS/HTTPS is absent, the least preferred, and the bare minimum, is to use a VPN, because the most likely adversary is usually close (on the LAN, the ISP, etc).