Skip to Main Content

Digital Security and Privacy

Assessing Your Risk Level

Researchers working with sensitive personal data have legal and ethical responsibilities towards their partners to adopt secure data storage and communication methods. Activists and those working with them should carefully assess how and by whom they could be targeted, and what the consequences would be for them and their partners if their data and accounts get breached.

The security vs convenience trade-off
You should make consistent usage of reasonable security measures.

  • If your security strategy is too weak, your data might be hacked, stolen, destroyed, etc.
  • If your security strategy is too strong, you will waste time and efforts, and possibly be discouraged. You also run the risk of losing data because of a lost password or encryption key.

Your strategy should be adapted to your specific situation, without excess in either direction.

Digital security is relative
Hacker groups and state-sponsored organisations have access to extremely performant surveillance and hacking tools such as Pegasus. None of the tools and strategies exposed in this guide will ever make you perfectly safe, but you should not become paranoid. Focus on "good enough" strategy rather than attempt to win an arms race you are not equipped for.

Data minimisation principle
The best way to avoid a data breach is by not storing it in the first place. Do not collect, record or store data you do not need.

Other Concerns

Offline, "real-world" security
Is there a threat that someone gets physical access to you or your data? Hardware theft, spying, or interrogation are actual risks in some cases. This means that activists and researchers working on sensitive subjects should make sure they will not divulge information.

Protect others by protecting yourself
Adopting secure tools for your day-to-day usage allows other people with higher risk profiles to contact you securely. The security of communication is only as good as its weakest link.

Additionally, if only people doing high-risk work adopt advanced security tools, they become easy to identify as outliers. Using the tools presented in this guide helps protect those who really need them by allowing them to be lost in the crowd.

Why Open Source Matters

Much of the software described on other pages in this guide is open source. The reason for this is that the transparency of open source solutions allow the faster discovery and patching of security weaknesses through community collaboration. "Security through obscurity" in many cases results in more issues than successes.

Other advantages of open source solutions often include cost-effectiveness and interoperability through the use of open standards, which improves their longevity and are usually important for long-term data management.

Additional Resources

The Electronic Frontier Foundation Surveillance Self-Defense guide helps you understand and define what risks you should consider and how to prepare against them by building Your Security Plan.

You should also consider Tactical Tech's Holistic Security guide for more considerations about the specific issues of digital activism.