Digital Security for Activists: The Basics

Your digital footprint is part of your organizing. The same tools that let you coordinate a rally in hours can expose your members, your plans, and your networks if used carelessly. Digital security isn't about paranoia or becoming a technical expert—it's about a handful of habits, applied consistently, that dramatically raise the cost of surveilling or disrupting your work. Start with the basics below, and remember the golden rule: your security is collective. One member's compromised account can expose everyone in the group chat.

Start With Threat Modeling

Security is not one-size-fits-all. Before adopting tools, answer four questions as a group: What do we need to protect (member lists, plans, identities)? Who might want it (opposition researchers, employers, law enforcement, harassers)? What happens if they get it? And how much effort are we willing to spend? A neighborhood mutual aid group and a group doing civil disobedience have very different threat models—and should make different choices.

The Non-Negotiables

Use strong, unique passwords with a password manager. Password reuse is the single most common way accounts get taken over. A password manager (such as Bitwarden or 1Password) makes unique passwords effortless.

Turn on two-factor authentication everywhere. Prefer an authenticator app or hardware key over SMS codes, which can be intercepted via SIM-swapping.

Keep devices updated. Most successful attacks exploit known vulnerabilities that updates already fixed. Enable automatic updates on phones and laptops.

Lock your devices. Use a strong passcode (not just a fingerprint or face unlock, which can be compelled more easily in many jurisdictions) and enable full-disk encryption—it's built into modern phones, macOS (FileVault), and Windows (BitLocker).

Communicate Securely

Move sensitive conversations to Signal. Signal provides end-to-end encryption, disappearing messages, and collects almost no metadata. Set disappearing messages by default for organizing chats.

Treat email and SMS as postcards. Assume anything sent over unencrypted channels can be read by third parties. Plan accordingly.

Be deliberate about what's written down at all. The most secure message is the one that was never sent. Discuss the most sensitive details in person.

Protect Your Identity and Your People

Audit your public footprint. Search your own name and handles. Lock down social media privacy settings, and scrub location data from photos before posting—especially photos of actions that show other people's faces.

Get consent before tagging or posting others. Not everyone at an action can afford to be publicly identified. Make "ask before you post" a group norm.

Prepare for protests. Consider a minimal phone (or airplane mode), write key phone numbers on your arm, and know your rights if a device is demanded. The ACLU's Know Your Rights resources cover this state by state.

Keep Learning

This guide covers the floor, not the ceiling. For deeper, regularly updated guidance tailored to specific situations, the Electronic Frontier Foundation's Surveillance Self-Defense project is the gold standard. Pair this guide with our hands-on Digital Security Workbook to run a security check-up with your whole team.

The Bottom Line

Digital security is a practice, not a product. Start with password managers, two-factor authentication, updates, and Signal—then build from there based on your group's actual threat model. The goal isn't perfection; it's making your movement a harder target than it was yesterday.

← Back to Resources