Protecting Yourself and Your Comrades Without Becoming Paranoid
Security culture is a set of practices and norms that help activists protect themselves, their organizations, and their communities from infiltration, surveillance, and legal repression. It is not about paranoia. It is about being thoughtful and deliberate in how we communicate, organize, and share information — so that our movements can sustain themselves through adversity.
Getting security culture right is a balance: too little leaves movements vulnerable; too much creates an atmosphere of suspicion that poisons solidarity. This guide aims to help you find that balance.
Core Principles
- Need-to-know: Share information about sensitive plans, identities, and activities only with those who genuinely need it to do their work. This limits the damage if anyone is compromised.
- Assume insecurity: Treat any unencrypted channel as potentially monitored. This doesn't mean assuming the worst of people — it means being realistic about the technical capabilities of adversaries.
- Don't ask, don't tell: Don't ask others about their involvement in activities they haven't volunteered, and don't share your own beyond what's necessary.
- Separate identities: Keep your activist life and your professional/personal life appropriately separated, depending on the risks you face.
Digital Security Basics
You don't need to be a technical expert to practice reasonable digital security. Start with these fundamentals:
- Use Signal for sensitive communication. Signal is an end-to-end encrypted messaging app. Enable disappearing messages for sensitive conversations.
- Use a strong, unique password for every account. A password manager (like Bitwarden, which is open-source and free) makes this manageable.
- Enable two-factor authentication (2FA) on all important accounts, using an authenticator app rather than SMS where possible.
- Be cautious about metadata. Even encrypted messages can reveal who you talk to and when. Consider what that pattern might reveal.
- Use a VPN when appropriate — especially on public networks — but understand its limitations.
- Vet apps before installing them. Many apps collect far more data than their function requires.
Physical Security at Demonstrations
Protests and demonstrations carry their own security considerations:
- Know your legal rights before you go: the right to remain silent, the right to an attorney, when you must identify yourself (this varies by jurisdiction).
- Write a legal support number on your arm in permanent marker before attending.
- Consider what you carry: phones can be seized and searched. Leave sensitive information at home.
- Be aware of facial recognition: some demonstrators choose to cover identifying features in jurisdictions where this is legal.
- Don't photograph others without consent, and be cautious about posting images that could identify people.
Recognizing and Responding to Infiltration
Infiltration is a real and documented tactic used against activist groups. Signs that may warrant attention include: someone who pushes aggressively for more radical or illegal action, someone who asks unusually detailed questions about plans and participants, or someone whose backstory doesn't hold up to gentle scrutiny.
However, paranoia and witch-hunts are also damaging — perhaps more so. The appropriate response to suspicion is to limit exposure (need-to-know), not to publicly accuse or exclude based on unverified hunches. Consult experienced organizers if you have genuine concerns.
Security Culture Is Collective Care
Ultimately, security culture is a form of mutual aid. We protect each other by being thoughtful about what we share, how we communicate, and how we organize. It is not about distrust — it is about recognizing that the stakes are real, that repression is real, and that we owe it to each other to take that seriously.
The goal is movements that are resilient enough to survive the inevitable storms — and to keep building, keep organizing, and keep fighting back.