Update your Cookie Settings to use this feature.
Click 'Allow All' or just activate the 'Targeting Cookies'
By continuing you accept Avaaz's Privacy Policy which explains how your data can be used and how it is secured.
Got it

Security

Avaaz is committed to protecting the information and privacy of our systems, members, and organization. If you would like to report a vulnerability or security issue in Avaaz systems or applications, please email to vulnerability@avaaz.org. If possible, please include evidence as well as steps for reproducing the issue. We are committed to responding promptly and we investigate all reported vulnerabilities.

Security and vulnerability information is extremely sensitive. We request that you encrypt your email using the PGP/GPG key below:

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBGHUkGcBEADc9ikpYtRmaQpo94cw+myvBxHUVOwsB6D+il/AgyzG/UAScmgb VGWOXBSGdlyK/tCRlDzEhZqSTKg4AVcYKNJXTc+uooz+SAA7QJnOY1enGL2kGoI1 ymqsadJ/mw53bwElY7dJDV/fhRBNFufUOzl96nDLoUJm4movA7kcz0sdoG1ccRbb lsGVGGUnvBL+FXW4ako7Y6COfn7M5dzQ7/KR9VS2oUPx5473zMlE2PGdOH7ukYVv W6n5CCwN5e1EiH5t/mRK2CvtIrilSnrfmXSoU1NYGxwS7RpBUJo50O9LgQzhJDSI JtiBDai72IeLLQcPI4vKzRDh3CUY6+QMB4WJN2sJkY3c4vot0ZeXro4lM9OK8/DC vbUZSaJAfExsDCo/YIXzKTqHWRazOCuVnuLblxNZ6BZIlhsJnHFKckBbo6B1Nk6P 2UdVYxni85gEPT7gyk/KhZrCt0mxqF9KiKRSuEsglHIoH7aqMnnP3iioOnPsGhTo KSZelMuG87wtv/EujqbipShQZDcChemXjlEpOUh/7FlPQ8mQ8RR5HiYmLjzw1Rzu Rhv9zX5rf6Z2ZNbjYuskE50KDmb0flMWC7lYJzw3xMdYIr3fy8Cqi6B4vV0Dh3GQ s4HffM8LSf5mL76VVp9DSdaemI4m598YqzstwJcCiGKRYZtc9sP/t0amwwARAQAB tChBdmFheiBTZWN1cml0eSA8dnVsbmVyYWJpbGl0eUBhdmFhei5vcmc+iQJUBBMB CAA+FiEEYEZta9pz7sQgcxLETA/TCzM6qwkFAmHUkGcCGwMFCQeGHNIFCwkIBwIG FQoJCAsCBBYCAwECHgECF4AACgkQTA/TCzM6qwnoHhAAg82p72496aWKsWGs/b8c eJX+0MSS2Mis6dqqPlilwxFxZHwLPLEn+TQrFLisB3UTfLXrMXphzbYKz6U+B6uy 6otjtktAorcdgaUcFDgTdCgbVsZ1EbTXRND3Leq76qN+21xTZ18t5xY1iz8YfCMZ 5Ynkc7LNrg1rzoa2pAG6BaHEGTjK6Ch2snqRtNTiW/xeRzfBupb9hOuJ0DgNrEqD f6I9LX8pEtTx/qSWkDFrHC2chKDuxZJWmzlokDLM3tzq66Gq3vrlLTSOwTfneHv4 WJE8qL6/lzcW59yWlL9XdcDixvKMr/9ERSbeBGAVNoBQYKy3zCGTAkRNYGDEzYv4 MuUENETE2oHdsxqiRb95sqlptGGNOqjYJ0OZoI9HQJiBObZCkH8Jm5mlam6uzii2 0Wyqao29X7GsUMStB1Ia3D3RszDxMSw5Jq0L+KPNTYC+TW60v81h1wuooWTXwF36 1/08vcu+IYEmCbRJMclhHoIGD/032l8k//p9qPN4Gs6yFh3W5qP+23KoMRaxV/IG E55kMx1qNPXioda3Soh63+DK8YcsMdCyAbVv39qIt/SY1OsrrGiPYaMJW37cb4SY m9X37LLzspB8lu/hVdPiV5Z7wFxNE6SFt5XLvzyHYMaOnbxz0EA4zm3Xvusm8nLW 8nhctFoVJsn8W+M5pQ5yI725Ag0EYdSQZwEQALgpsiwoBwZLub7wVIFQr+/MiRcn Rb4XAvSihVFL+bbpx/LUWzqOgykieYw6e2U8v8grduvteyY33vC0gs3L7Cbavanh R1hnb3nQn7BPu/SOJpINzwQtilS41HLwys35im8sPinF5vayYOhDnaHBDX1NW60S 10B4SbQYABzcvm6AaQzvbTgwweZ5XxUd1quzotOmpWTHOgAv+aUXkoLNvGJwnNRi HlUik2nKdvHRrxoLZxWrR/9D1X86Bc9vUUaRtE2WFV+Aztt0a9TFQndJsk0zCqcb t1ThDwt/n85bQyRW63E8juIp6MwARgP3G64j7Q+Da0atEEwH9LfjoEB288Z6GkR9 Iq5fLvQMIwTJb7zoRizwtAqdPnv7dEEz5lpZRnLdGEHQEI14JHJxFfv1v+TQ6GQw u5XuU+WFRG8FT3b+21g5RIwgrb8ZA/6WqdDSFkE+c4vQIn55G4zkckqHK1mdLPCR 0pJyCE2N72mgEM8eg2xDQoZdtI37P1iVz3/SXEyWfpg5In5YYDlSg3L+gGMGqTtA kASOl56uQ4K1areUS/PZrftSrXm3B6ToMSPt6iKF437kPevZgbegfw5GfFKiLQxQ 2eQen8PKnSgpzB4u5WMdB7O/W6yio8crAFcDkFW9nUvjx9DsQLolBjcw8EK5cTel fBpLfap/EmwIghtzABEBAAGJAjwEGAEIACYWIQRgRm1r2nPuxCBzEsRMD9MLMzqr CQUCYdSQZwIbDAUJB4Yc0gAKCRBMD9MLMzqrCQ5dD/9TePw45ITv2n9PIm2yJvjj d8bmRbMuHOZGJUCliazzO3GxA7DqAZaPV15RgDBNmUTpCAD+THGN23Zg/AHHHWRL RrBO0QoHk4d6txR5i2ntzdDsnRGILJqLAu2jrSJrsbnfEUqC7DyTXP1kFEy8fQ56 VFQSRfpyHNTRokvrrTOoXd3vkoNXInK9+TraaH78xSGJuNEJ1L57NPWBts89SX0N K4FsgPMtfZQ/fPxklasFHM8UHSajsr6HjLwcgsHa7MWzdbWoQIADBokX+a7hIPEK vhvrWqQkF01ReTCc5/EZRwH07uD27gZs8eL/MVuUvM1XZIsvbjLtF4KfJ2ADG/oH d6CvWuRRFhf3dlc4mi0bCVGoXeq5o5kv/mTxEuFY5jhmMeCFjVfOUIgpqYbFtdwR h1Y0dcA8/foIkTcLy3ASMXeqJT8HszC/7/39ygt6AS5M8l99wIl1vWce3Blq/hGv p5WdDC2QJyNMsjF4COsKHifttzSIsNJ9XwTCCWJnpvA4lPryHiRKHogZE1/Qf2lo hpk//H5wPIa2MziWGbfgNxZXNN+Z2Q4gBJ1CLiksBfuL0xZYl5sDyY9ep9Eo3lqN m+5NvPOv9OcSPfVn90fu6wmUGzCd8emc5GZrB/ptP5I3E5L7ZVq2uzW9aU8
JlZA9hA0m6tpmQB4ClwktBTEKaw===2uQx

-----END PGP PUBLIC KEY BLOCK-----

We request you allow us 60 days to fix the security issue before any public disclosure. If you believe that earlier public disclosure is necessary, please let us know as soon as possible so that we can have a dialogue about it.

If you inadvertently encountered or obtained sensitive or personal information, you must follow these steps:

  1. Immediately stop your research activities and any other actions in any way related to such data or personal information;
  2. Do not save, store, alter, copy, disclose, transfer, publish or otherwise take an action related to sensitive data or personal information;
  3. Destroy any sensitive data or personal information that you may have saved, stored, or copied; and
  4. Alert us immediately, provide all relevant information provided that this does not involve any processing or copying of information as at 3 above, and cooperate with any actions Avaaz needs to take.

Avaaz appreciates the efforts of those who report security vulnerabilities to us. We pledge to not retaliate against or report you to law enforcement for reporting security vulnerabilities to Avaaz (except when required by law). Please ensure you are aware of, understand, and comply with the applicable laws in your jurisdiction.

Your efforts in identifying potential vulnerabilities are highly valued and appreciated at Avaaz. However, please note that we do not operate a public bug bounty program nor do we offer rewards or compensation for submitting potential issues. Thank you for your commitment to security.


For additional information on Avaaz's data privacy and security policy, please review our Privacy Policy & Terms of Use.

Thank you for helping secure our systems and protect our members. We deeply appreciate your support.