Ask HN: Best Security Practices for Activists?
Eight years ago I asked for advice about security practices for activists, and received the helpful advice (from Thomas Ptacek, if I remember correctly) not to disarm unilaterally, but to use a useful tool if it helps a group of activists organize well, and not to obsess about the full theoretical security of one online tool versus another.
I am seeing new groups of activists pop up organized through largely online channels, including some channels that were founded way back in the early years of HN by people well known to the HN community. I use Signal now and am curious Discord (which I have never used, but which is used a lot by a group of local activists). What tools and practices should I be familiar with in 2025? How can I help newbies to activism who are also newbies to technology (the kind of folks who would never visit HN) get up to speed with best practices? What habits are useful to practice and what tools are useful to use to facilitate communication without getting nonviolent, peaceful, legal protesters in trouble just because they are trying to organize to express dissent?
(How much do those considerations change in the United States with new directors in all the United States federal agencies that have investigative powers and electronic communications resources?)
Thanks for any suggestions you have.
10 comments
[ 5.7 ms ] story [ 35.8 ms ] threadIs a start.
It gets complicated because we are getting to the point where using signal is itself being seen as probably cause for investigation: https://kmlawfirm.com/2023/02/28/its-not-what-you-say-its-ho... so I encourage everybody who doesn't need such security to use signal anyways, if only to add protection to the vulnerable.
Pay attention when you scan signal QR codes: https://cloud.google.com/blog/topics/threat-intelligence/rus...
I would personally not use Discord for activist coordination. All your communications are stored on their servers.
I guess the first question is in trouble with who? For the longest time I worked at a place that pressured employees to avoid getting involved in politics which turned out to just be patently false and was only ever used to squash one side of the argument. So, in that case, I just didn't post things where my employer might run across them, which doesn't take very advanced technology.
If you're trying to protect yourself from a government, you're going to probably have a bit more work ahead of you.
Model you tactics on successful campaigns and people. What does the ACLU use? How about Amnesty International?
How much do you want to pay with blood of the best? Or are you playing for the other team?
Being there with identity obscured is most definitely not standing in the shadows.
ACLU and Amnesty are only support groups. They rarely make things happen.
Privacy Guides home:
https://www.privacyguides.org/en/
The Protesters' Guide to Smartphone Security
https://www.privacyguides.org/articles/2025/01/23/activists-...
Infosec 101 for Activists
https://infosecforactivists.org/
Using Tails When Your World Doesn't Feel Safe Anymore
https://www.privacyguides.org/articles/2025/01/29/installing...
How I’m Building a Trump-Proof Tech Stack Without Big Tech
https://www.joanwestenberg.com/american-tech-is-compromised-...
EFF guides: I don't have the URL's handy
https://eff.org
See also:
https://riseup.net
> What habits are useful to practice and what tools are useful to use to facilitate communication without getting nonviolent, peaceful, legal protesters in trouble just because they are trying to organize to express dissent?
I'll repeat my old recommendation: Assume three letters agencies can read all your communication anyway. Beware of the guy that wants to escalate and blow up everything, he is probably an informant (or an idiot).