President Donald Trump doesn’t have fond feelings for whistleblowers.

During his first term, Trump’s Justice Department carried out a clandestine spying operation to try to catch leakers. On the campaign trail, Trump on multiple occasions threatened to arrest journalists who don’t reveal their sources — and suggested they should be raped in prison until they give up names.

For those who want to speak out against wrongdoing within the U.S. government, it has never been more critical to take steps to keep themselves safe. So we compiled these best practices for leaking information in public interest under the Trump administration.

Don’t Call or Text

Phone calls and text messages are convenient, but they aren’t safe for whistleblowers. As outlined in a December report from the Office of the Inspector General, the Justice Department in Trump’s first term repeatedly utilized “compulsory processes” — which include subpoenas, search warrants, and court orders — to request “non-content communications records” from phone carriers serving journalists at CNN, the New York Times, and the Washington Post. The requests were for both the reporters’ work numbers and their personal numbers.

Non-content records don’t include the communications themselves — such as copies of text messages or voicemails. Instead, government investigators were keen to gather metadata pertaining to the communications: for instance, who sent a message or made a call to a journalist’s phone and at what time.

Even if the contents of the conversation are not recorded, the metadata establishes clear links between parties.

If a metadata search turns up evidence of communication with journalists or rights groups, this alone could reveal who is behind a leak.

Don’t Email

Never use a work or personal email address when communicating with journalists.

In its attempt to root out leaks during Trump’s first term, the Justice Department also sought non-content information pertaining to reporters’ email communications from their email service providers. They wanted details such as the time an email was sent and received, as well as the sender’s email address.