Activists are often targets. Authorities and adversaries have long monitored activist movements. In the 1960s, for example, the FBI’s COINTELPRO program even spied on civil rights leader Martin Luther King, Jr., bugging his phones and tracking his activities.

Fast forward to today: law enforcement agencies monitor social media and online communications of protesters. In 2020, the D.C. Metropolitan Police and federal agencies shared information from social media about racial justice protests and even labeled protesters as “threats,” despite no evidence of wrongdoing. Recent activists from the left (e.g. Black Lives Matter) to the right (e.g. anti-lockdown or election protests) have been watched in this way.

Surveillance isn’t just an American issue. Around the world, authoritarian governments use digital surveillance to crack down on dissent. In Hong Kong, pro-democracy activists responded to new security laws by going underground digitally – using encrypted messaging apps and even the dark web to evade surveillance. Yet governments fought back with spyware: Chinese state-backed hackers deployed malware like “LightSpy” to infiltrate activists’ phones and steal data. In the Middle East, regimes have bought sophisticated spyware to target activists – UAE human rights defender Ahmed Mansoor received text messages that, if opened, would have turned his iPhone into a 24/7 spying device, accessing his calls, chats, and camera. These examples show that no matter where you are, if you’re speaking truth to power, someone might try to peek into your digital life.

Corporations also collect massive amounts of data on all of us – think social media companies, internet providers, and data brokers. This data can potentially be accessed by hostile groups or leaked. Activists also face threats from opposition or extremist groups that may attempt hacking, doxxing (publishing your personal info), or harassment. Good security practices help protect you against these non-governmental threats as well.

Building Your Activist Security Toolkit

This section will introduce practical tools and steps you can use right away. Don’t worry if some terms are new – we’ll explain each one.

Start with Threat Modeling

Before jumping into tools, start with a bit of planning: threat modeling. This sounds fancy, but it just means thinking about what you need to protect and from whom. Ask yourself: What do I want to keep private? Who might try to access that, and how might they do it? For example, if you’re organizing a protest, you might want to keep your group’s conversations and member list private from law enforcement or hostile groups. If you’re a whistleblower, you may need to protect the actual documents and your identity from a powerful organization.

Threat modeling for activists involves understanding your specific situation:

• Adversaries: Identify who your “opponents” are in the digital sense (e.g. a government agency, a corporation, a hacktivist collective, etc.).
• Assets: Identify what you need to safeguard (e.g. contact lists, chat contents, your personal identity or location, access to social media accounts).
• Possible attacks: Consider how those adversaries might get to those assets. Will they try to intercept your messages? Hack your accounts with phishing emails? Seize your phone at a protest?
• Likelihood and impact: Not every threat is equally likely. A local community activist might worry more about police subpoenaing Facebook for messages than about nation-state spyware (though both are possible). Focus on high-impact, higher-likelihood threats first.

By mapping this out, you can prioritize which security measures to focus on. It will help you decide, for instance, if you should spend time setting up an advanced email encryption system or if switching to a safer messaging app covers most of your needs.

Secure Communications: Using Encryption

One of the most important steps is securing your communications so that even if someone intercepts them, they can’t read them. This is where encryption comes in. Don’t let the word intimidate you – encryption is basically scrambling your data so only authorized people can unscramble it.

According to Amnesty International: “Encryption is a powerful way of helping to stop our text messages, emails, phone calls and video chats from being accessed by anyone we don’t want to see them.” In practice, this means using apps and tools that automatically encrypt your messages end-to-end, so that only you and the intended recipient can read them. End-to-end encryption (often abbreviated E2EE) ensures no third party can easily eavesdrop, not even the service provider. For example, if you send an encrypted message and someone intercepts it in transit, all they see is a jumble of gibberish.

Tools for Encrypted Messaging and Calling

• Signal: This is often the go-to recommendation for activists and journalists worldwide. Signal is a free, open-source messaging app (available on smartphones and desktop) that provides end-to-end encryption for texts, voice calls, video calls, images – basically everything. It’s as easy to use as any messaging app. You can create group chats, make phone calls, and even set messages to self-destruct (disappearing messages) after a certain time. Signal’s reputation is excellent: even when U.S. authorities subpoenaed Signal for data on a user, the company could only provide the date the account was created and last used – nothing about messages or contacts. This is because Signal doesn’t store your conversations on their servers in plaintext form. To start, download Signal from your app store, register with your phone number, and invite your activist contacts to do the same. All messages with other Signal users are automatically encrypted. You can enable “disappearing messages” in chat settings for additional safety (so old messages don’t linger).

• WhatsApp: WhatsApp (owned by Meta/Facebook) also uses the same encryption protocol as Signal for messages and calls, which means technically it is secure in transit. It’s very popular globally. However, WhatsApp does collect more metadata (like who you contacted and when) and backups of chats to cloud can be a weak point if not handled carefully. Still, if your group absolutely won’t switch off WhatsApp, know that one-on-one and group chats are encrypted – just be cautious about what data might be stored in Google Drive/iCloud backups (those might not be encrypted by WhatsApp and could be accessed if those accounts are compromised). Whenever possible, default to Signal over WhatsApp for activism, but using WhatsApp is much better than using unencrypted SMS.

• Telegram (with caveat): Telegram is a popular messaging app often mentioned in activist contexts (e.g. it was used in some protests). It has some encryption but by default chats are NOT end-to-end encrypted unless you use the “Secret Chat” feature for one-on-one chats. Group chats on Telegram are encrypted on the server-side (meaning Telegram’s server can technically see content, though it’s protected from outsiders). So, Telegram may be okay for less sensitive group discussions or its broadcast channels, but for truly sensitive info it’s not the best choice unless all members use secret chats (which aren’t available for groups). If you use Telegram, assume that determined governments might access those chats. Always enable the secret chat for any confidential conversation if you must use it.

• Other encrypted apps: There are other tools like Wire, Threema, Element (Matrix), etc., which offer secure messaging. If you and your community are comfortable with technology, you might explore those. But if you’re a beginner, sticking to Signal (and WhatsApp as a backup where needed) is a solid start because of ease of use and widespread adoption.

How-To: Secure Your Messaging in 5 Steps

1. Choose an encrypted app and get your group onboard. If you do one thing, do this. Install Signal and encourage your fellow activists to install it too. Explain that it’s like switching from postcards to sealed envelopes – your conversations shouldn’t be public. If someone is hesitant, you can mention that even U.S. Senate staff were approved to use Signal for secure communication, which shows how much it’s trusted.
2. Verify contacts (advanced step). Most apps like Signal have a way to verify the security code or “safety number” of your contacts. This ensures you’re really talking to their phone and not an imposter. For high-risk situations (like coordinating something sensitive), meet in person or use a secondary channel to verify those codes with your trusted contacts. This prevents “man-in-the-middle” attacks where someone secretly intercepts by pretending to be the other person.
3. Enable disappearing messages for sensitive chats. If you worry about your phone being confiscated or chats being leaked, set messages to auto-delete after a period (say 1 day or 1 week) so that even if someone gets your phone later, those messages are gone. But remember, disappearing messages can be screenshot before they vanish, so it’s not foolproof for truly critical secrets.
4. Be careful with group links. Many apps allow an invite link to join a group. Share those privately, not on public social media, or unwanted people might join. Also, periodically check the members of your group chats to ensure everyone is supposed to be there. There have been cases where unknown accounts quietly joined activist group chats because someone leaked an invite.
5. Update your app regularly. This is boring but crucial: always keep Signal/WhatsApp/etc. updated to the latest version. Security improvements and bug fixes come with updates. An outdated app might have vulnerabilities that are fixed in newer versions.

Email Encryption (PGP) and Secure Email Services

Email is an older technology that wasn’t built with privacy in mind. Regular emails are like postcards – unencrypted and visible to mail servers that handle them. If you send sensitive info via normal email, it could be read by your email provider or intercepted. To secure email, activists often turn to PGP (Pretty Good Privacy) encryption or use secure email services.

PGP is a method to encrypt emails and files. It’s very powerful but admittedly a bit complex for beginners. It involves creating a pair of cryptographic keys (a public key you share with others and a private key you keep secret). If someone wants to email you securely, they use your public key to encrypt the message, and you use your private key to decrypt it. The upside: extremely strong encryption. The downside: both parties need to handle keys and an email client or plugin that supports PGP. Many activists eventually learn PGP for important communications (for instance, Edward Snowden insisted on using PGP when he first contacted journalist Glenn Greenwald), but if you’re not there yet, don’t worry – you have alternatives.

You can use an email service that has encryption built-in with less hassle, like ProtonMail or Tutanota. ProtonMail, for example, automatically uses end-to-end encryption if you email between ProtonMail users, and even allows you to send an encrypted message to someone’s regular email (they get a link and need a password to read it). It also supports PGP if you want to use that down the road.

If you prefer to keep using your current email, you can use a plugin or app like Mailvelope (browser extension) or Thunderbird with Enigmail that adds PGP encryption to your emails. But remember you’ll need your contacts to also use PGP to exchange encrypted mail – it’s a commitment for both sides.

Important: Encryption protects the content of your messages from eavesdroppers. However, other information about the communication (called metadata) – like who you contacted and when – may still be visible to some degree. For instance, an email’s sender, recipient, and timestamp are usually not encrypted even if the body is. An observer or email provider could infer “Alice emailed Bob at 2 pm” even if they can’t read what was said. Messaging apps like Signal hide some metadata (Signal blurs this by not keeping logs of who you contacted), but telephone companies for example log which numbers called which. Why mention this? Because sometimes metadata alone can be revealing (imagine an authoritarian government seeing an opposition leader suddenly contact several regional coordinators – they might guess a protest is being planned). There’s not a complete fix for metadata leakage except using systems like Tor (discussed later) to mask your network traffic. Just be aware and try to use tools that minimize metadata exposure.

Protecting Your Identity and Anonymity Online

Sometimes as an activist, it’s not just the content of your messages you want to protect, but your identity itself. Maybe you’re organizing under a pen name or anonymously to avoid personal repercussions. Or perhaps you simply don’t want corporations tracking your every online move as you research sensitive topics. Here we’ll cover how to be anonymous (or at least hard to trace) online, and how to prevent leaving an unnecessary trail.

Private Browsing, VPNs, and Tor

When you browse websites or use online services, your computer or phone has an IP address that can often be tied to you or your location. Also, services may log your activities. To mask your identity and location online, activists rely on tools like VPNs and Tor:

• VPNs (Virtual Private Networks): A VPN is like a secure tunnel for all your internet traffic. When you use a VPN, your connection goes from your device to a VPN server (often in another location), and only then out to the internet. This hides your real IP address from the websites you visit – they’ll see the VPN server’s IP instead. It also encrypts your traffic so that your Internet Service Provider (ISP) or someone on the same Wi-Fi network can’t easily spy on it. VPNs are great when you’re on public Wi-Fi (to stop Wi-Fi snoopers) and to bypass local censorship (e.g., if a site is blocked in your country, connecting via a VPN server elsewhere might get around it). Many activists use VPNs daily for general privacy. However, note: you must trust your VPN provider, because your internet traffic routes through them. A bad or shady VPN could potentially log what you do. It’s important to choose reputable, no-log VPNs (ones that pledge not to keep history of your activity). Popular choices include ProtonVPN, Mullvad, IVPN, NordVPN, ExpressVPN, etc. Some have free plans or discounts for activists.To start, subscribe to a VPN service, install their app on your device, and click “connect.” Once connected, your internet traffic is protected and private from local eyes, and you appear to be coming from the VPN server’s location. You can usually choose server locations in various countries.

• Tor (The Onion Router): Tor is a free tool that provides anonymity by design. Instead of a single server like a VPN, Tor bounces your connection through multiple volunteer-run servers (nodes) around the world, wrapping it in layers of encryption (hence “onion” routing). The result is a high level of anonymity – it’s very hard for anyone to trace the connection back to you. Tor is widely used by political activists, journalists, and whistleblowers who need to bypass censorship or surveillance in repressive environments. For example, someone in a country with heavy internet monitoring might use Tor to access banned news sites or to publish an anonymous blog without revealing their IP address. Tor is most easily used via the Tor Browser, which is a special web browser (based on Firefox) that routes all its traffic through the Tor network automatically.

  • To use, download the Tor Browser from the official Tor Project website. It’s available for PC, Mac, Linux, and even Android (via the Orbot and Tor Browser apps). Open it and you’re automatically connected to the Tor network. It works like a normal browser but may be a bit slower due to the multi-hop routing.
  • Tor is extremely effective for anonymity (more so than VPNs), but it does have trade-offs: it’s generally slower, and some websites or services block Tor connections or make you solve lots of captchas (because Tor can also be used for abuse). Also, you have to be careful not to do something in the Tor browser that gives away your identity (like logging into your personal Facebook account – that would obviously reveal who you are). When used properly, Tor lets you browse without leaving a trace to your real identity or location..

• Browser privacy tools: Even if you don’t use Tor, consider using a more private browser or extensions. Firefox with privacy add-ons (like uBlock Origin, Privacy Badger, HTTPS Everywhere) or Brave Browser (which blocks trackers by default) can reduce how much you’re tracked online. Chrome is popular but made by Google, which has an interest in data collection – you might switch to Firefox/Brave for activism-related browsing. Also use private/incognito mode when searching or doing anything sensitive (note: private mode doesn’t hide your IP but it doesn’t save history or cookies on your device, which is good practice).

Anonymity on Social Media and Communication Platforms

Sometimes you need to engage on mainstream platforms (Facebook, Twitter/X, Instagram, etc.) for outreach, but you want to separate that activism persona from your real identity. Here are tips for that:

• Use Pseudonyms and Separate Accounts: It might be obvious, but don’t use your personal everyday account for sensitive activist organizing. Create a new email (on a service like ProtonMail if possible) and use it to register new accounts that are not in your real name. Be mindful not to choose a username that you’ve used elsewhere or that might inadvertently reveal you (don’t reuse a handle that can be tied to your real life). On Facebook, you might consider creating a Page or a Group for the movement rather than operating from your personal profile. Keep in mind Facebook has “real name” policies, but many activists still create pseudonymous profiles – if you do, avoid logging in from the same browser or device that you use for your real account (Facebook can track device info).

• Lock Down Privacy Settings: For any social media you use, go through the privacy settings carefully. For example, set your Twitter account to private (only approved followers can see your posts) if you want to limit exposure. On Facebook, make activist posts visible to “Friends only” or a custom list, not public. Disable location tagging on posts. Every bit of data you can limit helps reduce what can be collected or used against you.

• Be aware of metadata in media: If you share photos or videos of events, be careful – they may contain hidden data like the GPS location where they were taken. Activists have been identified by such metadata before. For instance, during protests, law enforcement and internet researchers have analyzed photos/videos to find locations or timestamps, or even faces in the crowd (facial recognition is unfortunately used by some police departments). To counter this:

  • Remove metadata from images before sharing. You can use tools (for example, on PC use a program or an online service to strip EXIF data from photos; on Linux, the command exiftool -all= yourphoto.jpg removes metadata). Some social platforms strip metadata automatically, but not all do.
  • Consider using apps that allow you to blur or mask faces of others in photos (if you’re sharing protest photos, protect the identities of participants if exposing them could be risky). Tools like Obscuracam (by Guardian Project) can blur faces on mobile, and there are desktop tools as well.

• Watch out for imposters and spies: It’s common for police or adversaries to create fake profiles to infiltrate activist groups. For example, during BLM protests, there were instances of officers creating fake accounts posing as like-minded activists to join private Facebook groups and collect info. Be cautious about who you allow into your online groups. If someone new joins and starts asking a lot of questions or seems slightly off, do a bit of vetting. Develop a security culture in your group where it’s okay to verify someone’s identity offline or through trusted networks before sharing sensitive plans with them online.

Securing Your Devices (Phones, Laptops)

All the secure apps in the world won’t help if someone gets physical access to your device or if your device is infected with malware. Activists should take basic steps to harden their smartphones and computers, since those are the main tools we use.

1. Strong Passwords and Passphrases: This is fundamental. Ensure your devices (phone, laptop) are locked with a strong PIN or password. Avoid simple PINs like 1234 or birth years. Ideally, use a longer passphrase if your device allows (6-digit PIN at minimum, but alphanumeric code is even better). Yes, it’s a hassle to type, but it’s worth it. Also, use strong, unique passwords for your online accounts (email, social media, etc.). A common failure point is an activist’s account getting hacked because they used a weak password or reused one from another site that got leaked.

2. Full-Disk Encryption: Modern phones and computers often come with encryption built in:

• Smartphones: iPhones have device encryption by default (as long as you set a passcode). Most modern Android phones also encrypt storage by default if you set a PIN/password. Double-check that it’s enabled (in Settings, it might say “Device encryption” – most newer ones auto-encrypt upon adding a lock screen PIN). Device encryption means if your phone is lost or seized, it’s much harder for anyone to extract its data without your passcode.
• Computers: If you use a laptop for activism, enable full-disk encryption. For Windows, this means turning on BitLocker (available on Pro editions or Device Encryption on Home edition if supported). For macOS, it’s called FileVault – turn that on in System Preferences. For Linux, you can set up encryption (LUKS) when installing, or use something like VeraCrypt for specific volumes. Full-disk encryption ensures that if your laptop is taken or stolen, the data is not easily readable. (An anecdote: there have been cases of border agents seizing devices of activists – if your laptop is encrypted and powered off, it’s essentially a vault.)
• External Drives/USBs: Also encrypt any external storage that has sensitive info. VeraCrypt is a free tool that can encrypt USB sticks or hard drives.

3. Updates, Updates, Updates: Keep your operating system and apps updated. Yes, those annoying update prompts… But they often contain security patches that fix vulnerabilities. Exploiting outdated software is a common way attackers hack phones and PCs. For instance, remember Ahmed Mansoor, the activist targeted with Pegasus spyware? That was done via exploiting bugs in iPhone’s iOS – Apple pushed updates once those were discovered. If he hadn’t updated, clicking that link would have compromised him. So, on your phone, enable automatic updates for OS and app store apps. On your computer, regularly check for system updates. This reduces the risk of “zero-click” or “phishing” exploits succeeding.

4. Malware Protection: Activists have been targeted by malware tailored to spy on them (from state-level spyware like Pegasus to simpler keyloggers or trojans). To guard against malware:

• Be careful with links and attachments: Phishing emails or messages are a classic tactic. Don’t click suspicious links sent to you unexpectedly, even if they look juicy or alarming. If an email claims to be from a known organization but something feels off (weird grammar, strange sender address), double-check before clicking anything or downloading files.
• Consider using an antivirus/anti-malware program on your computer. Windows Defender (built into Windows) is decent if kept updated. There are others like Malwarebytes, etc. On Android, be cautious what apps you install (stick to Google Play Store or F-Droid for vetted apps). On iPhone, only install apps from the App Store. Avoid pirated software or apps – they often hide malware.
• For extremely high risk activism, you might even use a separate device that you only use for sensitive communications (sometimes called a “clean phone” or “burner phone” for protests), which has minimal apps and is factory reset after use. This reduces the chance of persistent malware. This might not be necessary for everyone, but it’s a tactic used by some who suspect their primary devices are targeted.

5. Back Up Data Safely: This might sound unrelated to security, but it’s important. If something goes wrong – your phone is confiscated or smashed, your laptop is stolen or malware-encrypted – you don’t want to lose important information. Regularly back up your data in a secure way. For instance, you can keep an encrypted backup of important files on a USB drive stored safely, or use a cloud service with zero-knowledge encryption (like SpiderOak, ProtonDrive, etc.). Just make sure the backups are encrypted too, especially if it’s on the cloud. For phones, an iCloud or Google backup might not be encrypted end-to-end (Apple and Google can access those backups). If you are concerned about that, you can do local encrypted backups (iTunes backups with a password for iPhones, etc.). The goal is to prevent data loss and not inadvertently give an adversary a way to get data (for instance, if police get a warrant for your iCloud, an end-to-end encrypted backup means they still learn nothing useful).

6. Disable Unnecessary Sensors at Protests: If you’re going to an action where you fear surveillance, there are a few extra steps:

• Consider turning off your phone or putting it in airplane mode (or a signal-blocking bag) when not needed, to prevent location tracking via cell towers. Or use a “burner” phone with no personal accounts.
• Turn off biometric unlock (fingerprint or FaceID) if there’s a risk of police detaining you; in the U.S., police can legally compel a fingerprint or face scan more easily than a passcode (which is protected by the Fifth Amendment in many jurisdictions). Before attending a protest, switch to PIN unlock only. That way, even if forced, you can refuse to divulge the PIN.
• Remove sensitive apps or data before attending in person events if there’s a chance of phone seizure. Some activists use a secondary device or SIM just for the protest.

7. Use Reliable Hardware if Possible: Interestingly, not all devices are equally secure. For example, reports suggest that modern iPhones are generally harder for many law enforcement agencies to crack than many Android phones. This is partly because Apple strongly secures their hardware and responds quickly to vulnerabilities, whereas the Android ecosystem is varied. If you have the means, an up-to-date iPhone or a Google Pixel (which gets timely security patches) might be safer choices. Of course, use whatever you have – any phone with our recommended settings (strong password, encryption, updated OS) can be made reasonably secure. Just don’t neglect the basics thinking your brand of phone is magically secure.

Legal Considerations for Activists

Using these cybersecurity tools is not just a technical choice, it also has legal dimensions. In the United States, most of these privacy tools are completely legal to use. In fact, your rights to free speech and privacy can be supported by using them. But there are some things to be aware of:

• First Amendment: In the U.S., your freedom of speech and association are protected, which includes the right to advocate for causes and organize protests. But surveillance can have a chilling effect on those rights. While using encrypted tools is legal, activists have sometimes been discouraged or intimidated by authorities for doing so. Remember, it’s not illegal to encrypt your communications – it’s a smart precaution. Don’t let anyone tell you that using Signal or Tor implies you’re doing something wrong. As one privacy advocate famously said, “Arguing that you don’t care about privacy because you have nothing to hide is like saying you don’t care about free speech because you have nothing to say.” You have a right to private conversations.

• Fourth Amendment: This protects against unreasonable searches and seizures. In digital terms, police usually need a warrant to search your devices or email. However, if you’re arrested (say at a protest), they might physically search your belongings including your phone. If your phone is locked, many jurisdictions require a warrant to compel you to unlock it. The law is evolving: some courts have said police cannot force you to divulge a password (protected by the Fifth Amendment right against self-incrimination), but they might be able to force a fingerprint or face unlock because it’s considered physical evidence. It’s wise, as mentioned, to turn off biometric unlock in high-risk scenarios to invoke your right to remain silent (you may be able to verbally refuse to give a passcode; that stance has legal backing in some cases). Also, if asked to consent to a search of your device, you have the right to say no – make them get a warrant.

• Data warrants and subpoenas: Even if your device is safe, police or feds can try to get your info from companies – e.g., they can serve a warrant or subpoena to Facebook for your messages. If you used encrypted messaging (Signal etc.), the company can’t hand over content. But if you used standard SMS or unencrypted email, those providers do have content that they must hand over if legally compelled. This is why using tools that don’t store or even have access to your data is key. In contrast, an email provider like Gmail could be forced to hand over all your emails (unless they’re encrypted with something like PGP which Google can’t read). So, from a legal perspective, using end-to-end encryption is a way of exercising your right to privacy – even if a court order is served, the evidence simply isn’t there in decipherable form.

• The Border Exception: Be aware that at U.S. borders (or ports of entry like airports), Customs and Border Protection (CBP) have broader powers to search devices without a warrant. There have been cases of journalists and activists having their phones seized or searched when re-entering the U.S. If you’re traveling internationally, consider cleaning your device before coming through customs (e.g., use a travel-only phone or ensure no sensitive data is on it, maybe keep data in cloud and log out). Apps like Signal have a feature to quickly lock and require the PIN if you’re stopped. You can also use full-disk encryption and power off your device before customs – a powered-off encrypted phone is very hard to get into. Refusing to unlock at the border can lead to device confiscation or delays, so it’s a personal call how to handle it. Internationally, some countries might detain you if you refuse; know the situation for any country you enter.

• When Privacy Tools Themselves Are Restricted: In the U.S., there’s currently no ban on using VPNs, Tor, or encryption. But some other countries do restrict these. For example, China blocks Tor and many VPNs; using them can draw attention. Russia has attempted to ban or pressure secure messaging apps like Telegram. Some Middle Eastern countries consider the use of encryption as suspicious or have laws requiring you to hand over encryption keys if asked. Always check the local laws if you’re an activist operating in a different country. If you’re training activists abroad, emphasize they must adapt to their legal context – sometimes the very use of certain tools can raise a red flag. In those environments, activists often have to get more creative (using covert apps, steganography, etc., which is beyond our scope here).

• Communication Decency and Surveillance Laws: Just to be aware, in the U.S. we have laws like the Electronic Communications Privacy Act (ECPA) which governs when and how government can get electronic info, and things like the Patriot Act which expanded surveillance. There are also ongoing debates about encryption – law enforcement often complains that encryption lets “bad guys” hide (they call it “going dark”). As a result, there’s pressure to force companies to have backdoors (keys to decrypt). Civil liberties groups like EFF fight this, noting that any backdoor for the “good guys” can be exploited by “bad guys” too. As of now, strong encryption is legal. It’s good for activists to stay informed on these policy debates because they could affect available and recommended tools in the future.

• If You Get in Legal Trouble: If you’re ever arrested or your devices are confiscated, get a lawyer (ACLU or EFF might help if it’s related to activism). Do not talk to police without legal counsel. The less you say, the better – you won’t talk your way out of it, and you might inadvertently give them information. From a tech perspective, if your devices were taken, assume they are compromised and change passwords for accounts you had on those devices (in case they do get in or clone it later). Having good security (as we’ve covered) will limit what they can get, and having backups means you won’t lose your important info even if you don’t get the device back quickly.

Digital security can feel overwhelming at first, but you’ve taken the first step by learning the basics. Cybersecurity and privacy for activists are about empowerment – controlling your information so you can continue your important work without undue fear. By using encryption, practicing anonymity, and being mindful of threats, you build resilience against those who prefer silence and surveillance over your voice and advocacy.

Continue with 7.3 Countering Misinformation and Deepfakes>>, which covers identifying and challenging digital disinformation.

Return to the Museum of Protest Activist Resources>> to find more topics of interest.