ORGANIZING UNDER SURVEILLANCE

A practical safety stack for activists — without killing momentum

Based on reporting from WIRED

Modern organizing has to balance two competing truths: power comes from mass participation and visibility, and risk comes from surveillance — government, platform data, subpoenas, leaks.

The goal isn’t “go dark.” It’s be intentional: decide what must stay private, then use tools and habits that reduce what can be collected, subpoenaed, leaked, or exploited.

1. THREAT MODEL FIRST

WIRED emphasizes threat modeling as step zero: separate information into buckets — what can be public vs. what must remain private — and avoid trying to secure everything (friction increases mistakes).

PUBLIC
Intended for outreach and eventual publicity. Press releases, public events, social media campaigns.
INTERNAL
Useful for coordination but not catastrophic if exposed. Meeting notes, logistics, volunteer lists.
SENSITIVE
Could endanger people, expose locations/suppliers, invite harassment, or create legal/financial risk.
Security isn’t secrecy; it’s prioritization.

2. LOCK DOWN COMMUNICATIONS

WIRED’s practical default for encrypted comms is Signal, plus behaviors that matter as much as the app:

  • Turn on disappearing messages (even 1 week reduces retained history)
  • Consider usernames / minimal identity exposure when onboarding
  • Keep truly sensitive info in small groups or 1:1 (large groups become non-private)
  • Protect endpoints: screen lock, strong passcodes, and in higher-risk cases a dedicated “organizing” phone
Encryption helps, but group size and devices can defeat it.

3. COLLABORATION TOOLS

This is where groups accidentally “leak by design.” Your collaboration stack (docs, chat, calendars, file storage) is often the most subpoena-able, searchable, and persistently logged system you use.

A) The Mainstream Convenience Stack

High usability, high exposure. Excellent for productivity — risky for sensitive organizing because content is stored server-side, searchable, retained, and legally compellable.

Google Workspace · Microsoft 365 · Slack
Use when: your work is mostly public or internal and the main goal is speed + adoption.
Avoid for: anything you’d regret seeing screenshotted, subpoenaed, leaked, or scraped.

B) Privacy-Forward Suites

Safer defaults. They can be a big upgrade for sensitive coordination — but each comes with practical constraints.

Proton (Mail + Drive + Docs + Calendar)
Privacy-first ecosystem designed to reduce tracking and advertising incentives.
Why: Cleaner privacy posture than ad-driven platforms. Helps groups stop being structurally dependent on data-mining ecosystems.
Tradeoff: Email interoperability is still “email” — messages can leave Proton and land somewhere less secure. Security still limited by device hygiene.
CryptPad (End-to-End Encrypted Office Suite)
Collaborative docs, spreadsheets, rich text, forms — with end-to-end encryption and open-source development.
Why: Strong protection against server-side reading. Real-time collaboration without the Google Doc surveillance footprint.
Tradeoff: Less familiar UI than Google Docs; onboarding takes effort. Performance and features may feel lighter.
Nextcloud (Self-Hosted Private Cloud)
Open-source platform you run on infrastructure you control. Files, sharing, calendars, contacts, and more.
Why: Data control — you choose where it lives and who administers it. Can be paired with OnlyOffice/Collabora for editing.
Tradeoff: Self-hosting is real work. If you don’t have admin capacity, security can get worse, not better. Managed hosting reduces hassle but adds cost.

C) Slack-Like But More Controllable

Channels, roles, moderation, integrations — with a safer posture than mainstream work chat.

Matrix (Decentralized, Open Protocol)
Open protocol for decentralized communication. You pick a provider or run your own server.
Why: Avoids a single centralized owner controlling your entire communications graph. Flexible ecosystem of clients and hosting models.
Tradeoff: Setup choices can overwhelm non-technical groups. Security depends on the provider you choose and how rooms are configured.
Mattermost (Self-Hostable Team Chat)
Slack-like collaboration that can be self-hosted. Popular in technical and operational environments.
Why: Better operational control — your data, your server, your retention policies. Not feeding everything into a major data ecosystem.
Tradeoff: Self-hosting requires competence, patching, backups, and policy. If you can’t maintain it, choose a simpler managed option.

Choose Your Stack

  1. Public outreach: use familiar tools (Google/Microsoft/Slack) and move fast.
  2. Internal but not sensitive: mainstream tools with retention limits and strong account security.
  3. Sensitive: privacy-forward tools (Signal + Proton/CryptPad + limited-access groups). Minimize what you write down.
  4. Can’t maintain self-hosting: don’t self-host. Use simpler privacy-forward hosted tools and focus on habits.
If you can’t run an IT department, don’t cosplay as one.

4. MEET IRL… CAREFULLY

In-person meetings are valuable, but WIRED notes IRL isn’t magically private. Cameras, license plate readers, location trails, and face recognition change the threat surface.

  • Leave phones behind or power them off for sensitive conversations
  • Vary meeting locations — patterns create exposure
  • Be aware of CCTV, ALPRs (license plate readers), and retail surveillance
  • Consider transit instead of personal vehicles for sensitive meetings
Physical organizing still needs threat modeling.

Risk is real, but it shouldn’t paralyze action. The point is not to build a perfect fortress. The point is to assess, choose tools + habits, and act.

Don’t let perfect security become self-sabotage.
How We Win → Take Action →