How to Organize Safely in an Era of Mass Government Surveillance: Expert Guidance From Activists and Cybersecurity Pros

Rarely in modern U.S. history have large swathes of the public stood against federal policy with so little confidence that meaningful change will come from the highest levels of government. For millions of frustrated Americans, this has turned attention to grassroots, bottom-up resistance organizing as the only viable path forward.

But as activists build movements to protect immigrant communities, push back against the Department of Homeland Security’s overreach into local cities, and demand civil rights and policy reform, they face a stacked deck: the federal government has unmatched surveillance capabilities, and Silicon Valley Big Tech companies—who hold troves of Americans’ personal data—routinely cooperate with law enforcement and federal agencies.

This leaves grassroots organizers with a high-stakes dilemma. How do you build a broad, inclusive mass movement that welcomes people of all ages, backgrounds, and levels of technical skill, without exposing every participant to government monitoring and targeting? This risk is particularly acute for groups working against agencies like Immigration and Customs Enforcement (ICE) and Customs and Border Protection (CBP), two paramilitary-style bodies that frequently operate outside the law and receive more annual funding than the entire military budgets of many sovereign nations.

Organizing safely in the age of widespread surveillance requires more than just technical cybersecurity knowledge—it demands a careful, intentional balance between openness and secrecy, according to Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation (EFF), a leading nonprofit defending digital civil liberties. “You may need to restrict access to sensitive details to a small core group, and you have to think critically about what platforms you use, so that when law enforcement serves Google with a subpoena, there’s no sensitive information for them to hand over,” Galperin explains. “But you have to balance that against the reality that most organizing work happens in public, with broad groups of people—organizing’s power comes from numbers and solidarity, after all.”

There’s no one-size-fits-all set of tech tricks that solves this dilemma for organizers, but there are proven frameworks, guidelines, and tools that can reduce risk. WIRED interviewed technologists, frontline activists, humanitarian groups, and leading cybersecurity experts to compile actionable guidance for building and collaborating on movement work in the surveillance age. Here’s what we learned.

Step 1: Map Your Risks to Decide What Needs Protection

The first step to building more surveillance-resistant organizing is a practice digital security experts call threat modeling: mapping out what information your potential adversaries are likely to target, and what therefore needs the most protection. This process means drawing clear lines between what can be public, what can be discussed on less private platforms, and what details of your work must stay confidential. In almost every case, you’ll need a mix of both open and closed practices.

“If you don’t have clear rules for what should be encrypted or secured, you’ll end up trying to encrypt everything,” says Matt Mitchell, former founder and security trainer at CryptoHarlem, now CEO of risk mitigation firm Safety Sync Group. “That comes from a good place, but it creates unnecessary barriers for participation and makes it far more likely that someone will make a critical mistake.”

Galperin of EFF offers a simple guideline: think about what information will inevitably become public, and when. You may need to keep the time and location of a small in-person planning meeting secret, but if you’re organizing a large public rally that requires securing a city permit, most of that planning will be public anyway—so there’s far less need to lock down every detail.

Too much secrecy can also backfire by making new movement members feel unwelcome, Galperin warns. “A huge part of activism is telling people what you’re working on,” she says. “It’s potlucks and phone trees. It’s deeply unglamorous work, and it’s not supposed to be secret.”

Take the example of humanitarian relief group Distribute Aid, says cofounder Taylor Fairbank. Most of the organization’s logistics and communication work—matching donated supplies to communities in need—can, and often must, happen out in the open, even on platforms that are vulnerable to surveillance. “I could never leave Facebook, because my grandparents in the UK reach out once a year to offer hand-knitted hats and sweaters for refugee camps in Europe,” Fairbank explains. “It’s my job to be accessible, even on insecure tools, to connect these opportunities across borders.”

That said, Distribute Aid carefully protects specific sensitive information, like the physical addresses of its supply warehouses. “We never post warehouse addresses online, because we’ve seen our warehouses and our partners’ warehouses targeted for theft and political violence,” Fairbank says. “My biggest recommendation is to explicitly flag what data is sensitive, and keep that information contained.”

This process means evaluating every collaboration and communication to decide whether and how it needs protection. For any information that truly must stay confidential, you’ll need to take steps to encrypt it, delete it after a set period, and store it under your own control rather than on a third-party cloud server.

TL;DR: Trying to keep every detail secret is neither practical nor strategically smart. Instead, build a threat model: identify what information is sensitive, protect it through encryption, secure storage, or timed deletion, and don’t waste energy locking down information that will be public anyway.

Step 2: Secure Your Communications

For text, voice, and video communication, every expert WIRED spoke to pointed to the encrypted messenger Signal as the default, go-to tool. Signal’s core advantage is its end-to-end encryption, which means only the devices of conversation participants can decrypt messages. It’s also battle-tested, free, open-source, widely used, and simple enough to quickly onboard new movement members.

Unlike WhatsApp— which uses Signal’s own encryption protocol for its end-to-end encrypted chats and calls—Signal doesn’t log metadata like who you call or text, a critical privacy feature. Signal has also become far more reliable for large group video calls, making it a solid alternative to email, Zoom, and other mainstream video meeting tools.

There are a few simple practices that can drastically boost Signal’s security, however. Just as important as Signal’s encryption is its disappearing messages feature, which lets you set messages to delete after a set window, ranging from four weeks down to just 30 seconds. Turn this feature on. Even setting a one-week deletion window for less sensitive conversations will drastically cut the risk of your organization’s communication being leaked later. You should also use Signal’s username feature instead of asking new members to share their phone numbers, which further reduces exposure of personal identifying contact information.

It’s important to remember that encryption doesn’t protect against leaks from group members themselves, a lesson driven home by the Trump administration’s so-called SignalGate scandal. As a Signal group grows beyond a small size, newly added members often haven’t been thoroughly vetted. “If your group has more than 50 people in it, it’s not a private space for communication,” Galperin says. Keep truly sensitive information limited to the smallest possible groups, or one-on-one chats.

End-to-end encryption is also only as secure as the devices on each end of the conversation. All group members should enable app-level authentication to access Signal: you can turn on Screen Lock in Signal’s Privacy settings. For members with access to highly sensitive information and groups, require everyone to use a strong passcode for screen lock, and consider disabling biometric access. For maximum security, turn off all biometric unlocking for the device Signal is running on—face and fingerprint unlocking have far weaker Fourth Amendment protections against law enforcement searches, as seen in the case of Washington Post reporter Hannah Natanson, where biometric access to a desktop with the Signal app let authorities access her entire linked account, even though her phone was locked down.

If full device-level security feels too cumbersome for everyday use, Galperin suggests setting up a separate “alt phone” (not just a disposable burner phone) dedicated exclusively to sensitive organizing work, with extra security measures enabled. “Compartmentalization is good,” Galperin says. “It keeps your organizing work separate from your everyday life, so you don’t mix the two up.”

While other encrypted messaging apps like SimpleX, Session, and Signal forks have grown in popularity in security circles, none of the experts we interviewed recommended switching away from Signal. These alternatives are far less widely tested, and asking all movement members to learn a new, often more complex tool creates unnecessary barriers to participation. Experts also uniformly warned against using built-in private messaging features on social media apps, even though they’re convenient for organizers—these tools rarely offer strong encryption or solid privacy guarantees.

One tool Signal can’t easily replace for many groups is Slack. Slack’s flexible group messaging and notification system make it feel far more efficient than Signal for complex cross-team organizing. But Slack has no end-to-end encryption, no disappearing messages, and it’s centrally hosted by a company that routinely complies with law enforcement data requests—making it a major privacy risk for organizers, warns Harlo Holmes, security trainer and director of digital security at the Freedom of the Press Foundation (the same risks apply to Discord, Holmes notes). She points out that Slack’s name was originally an acronym for “Searchable Log of all Communications and Knowledge”—hardly a reassuring label for storing sensitive information. “Slack is designed to feel like a casual office water cooler, where you can say whatever you want,” Holmes says. “But it’s not your friend.” (Disclosure: WIRED’s global editorial director serves on the Freedom of the Press Foundation’s board.)

As a more secure alternative, Holmes and other experts recommend tools like Mattermost and Matrix, both of which offer far stronger security protections: Matrix includes end-to-end encryption, both tools support automatic timed message deletion, and both can be self-hosted on a server your organization owns and controls, rather than a third-party server owned by a company like Slack. Self-hosting does come with its own major security challenges (more on that below), but it’s still preferable to storing your entire communication history with a third party that will almost always hand over data when authorities demand it.

TL;DR: Use Signal for as many texts, calls, and video chats as possible, and enable disappearing messages. Remember encryption isn’t a magic shield—always evaluate the security of each participant’s device, and how much you trust everyone in the group.

Step 3: Choose Secure Collaboration Tools That Fit Your Needs

Organizing requires a lot of behind-the-scenes coordination: spreadsheets for scheduling, shared planning documents that multiple people can update, and more. For most people, the default go-to tools are cloud-based options like Google Workspace or Microsoft 365, which sync automatically across devices. But these tools store your group’s data with Google or Microsoft, which can revoke your access at any time or hand over your data to federal agencies that issue a legal demand for it.

This creates a tough tradeoff: these mainstream tools are undeniably vulnerable to surveillance, but they’re familiar and accessible to people of all ages and technical skill levels—an essential feature for inclusive organizing.

Larger, better-resourced organizations can afford an enterprise solution: they can implement client-side encryption for tools like Google Docs, managing encryption keys through a third-party service like Virtru, so Google itself can’t access the content of your files. But for most grassroots organizers who can’t afford to pay thousands of dollars a year for this setup, experts say unencrypted Google Docs still has a place in most threat models— as long as you understand the risks.

“Will Google hand over your data to the feds if they get a subpoena? Yes. Is it still a functional tool for the work you’re trying to do? Most of the time, yes,” says Evan Greer, director of nonprofit advocacy group Fight for the Future. “Would I tell you to switch to some obscure open-source alternative in the middle of an active campaign? Not necessarily. We’re in a crisis moment right now. I want organizers out there fighting and organizing, not troubleshooting how to configure their email.”

The good news is that there are a growing number of affordable, more secure alternatives to mainstream cloud tools that don’t require an expensive enterprise encryption setup. Switzerland-based Proton offers a full suite of end-to-end encrypted tools, including its flagship email service Proton Mail, plus encrypted Docs, Sheets, Calendar, and Drive.

(A quick note on Proton Mail: Emails are only end-to-end encrypted when you message another Proton Mail user. If you email a Gmail address from Proton Mail, Google can access the content just like any other email. For sensitive conversations, it’s still better to stick to Signal, which doesn’t interoperate with unencrypted platforms, so you’re far less likely to accidentally expose your communications.)

Free Proton accounts include 1GB of storage, and paid plans start at $13 a month for more storage and additional protection features. Proton also offers business plans for larger organizations. For encrypted cloud storage, another Swiss firm called Tresorit offers a non-open-source end-to-end encrypted option that many experts recommend.

Building synchronous collaborative tools that keep all content end-to-end encrypted is technically complex, so Proton’s tools aren’t quite as full-featured or easy to use as traditional mainstream web platforms (for example, its word processor doesn’t split documents into pages, notes Safety Sync’s Matt Mitchell). But Proton has worked for years to build a straightforward, familiar user interface that makes it far more accessible than many other encrypted alternatives.

Proton’s products are open source and independently audited, and its base in Switzerland offers additional legal data privacy protections. That said, multiple experts noted that Proton has been compelled by law enforcement to hand over customer metadata in the past, including a 2021 case where the company logged the IP address and device ID of a French activist at the request of Swiss law enforcement.

In some cases, owning and controlling your own server is more secure than using a server run by even a reputable third party. Greer of Fight for the Future points to self-hosted options as another way to reduce surveillance risk: Nextcloud offers a Google Workspace-style collaboration suite that organizations can install on their own server, creating a fully private cloud. Another tool, Cryptpad, also offers self-hosting and end-to-end encrypts all your data. This keeps data out of the hands of untrusted third-party companies, and in theory even protects your data if your organization’s Cryptpad server is seized or compromised.

There’s a major caveat here, though: self-hosting is hard. It requires a dedicated, skilled IT person to maintain infrastructure, keep the network secure, update software, and respond to outages at any time of day or night. “Activists often talk about self-hosting as automatically more secure, but that depends entirely on how good your systems administrator is,” says EFF’s Galperin. “Keeping a server up and secure is not a part-time job. It’s extremely hard to do correctly.”

For well-resourced, technically skilled organizations, though, it can be a powerful option. Fight for the Future, for example, has largely “de-Googled” over the past year, Greer says, switching most of its tools to end-to-end encrypted or self-hosted alternatives including Signal, Nextcloud, Matrix, and the self-hosted wiki tool Outline. (Greer adds that the move was driven partly by security, and partly by a sentiment of “fuck these Big Tech monopolists, we don’t want to use their software if we don’t have to.”) Distribute Aid’s Fairbank notes that groups like Movement Infrastructure Research and Rise Against Big Tech often offer support for smaller organizations looking to set up self-hosted tools.

Another key risk to remember: web-based services are convenient because you can access them from any browser, but if the platform’s encryption is compromised (for example, if the company is legally compelled to weaken it, or its server is seized), all your activity on that tool can be exposed without any warning. For maximum security, use end-to-end encrypted platforms through standalone desktop or mobile apps, where the encryption software is downloaded and installed on your device, and can only be altered through an official update. Nextcloud and Cryptpad both offer standalone apps, and Proton offers apps for its Mail and Calendar services, but not yet for Docs and Sheets.

If you’re working on a truly sensitive document with a small group, you can always fall back on the old-fashioned approach: store a copy locally on one person’s computer, take turns editing it, and pass it between members over Signal.

No matter what approach you choose, the same rule applies as with Signal communications: a piece of information is only as secure as the least secure device that accesses it. So for any member with access to your most sensitive data, make sure their devices and accounts are locked down: enable full-disk encryption (guides are available for Windows and Mac), use a password manager for strong unique passwords, and turn on multifactor authentication for all cloud and self-hosted accounts.

TL;DR: There’s a whole range of collaboration options to fit your threat model: from accessible but vulnerable Google Docs, to end-to-end encrypted or self-hosted tools like Proton and CryptPad, to storing and editing files locally and sharing them over Signal. Choose what works best for your group’s needs and risk level.

Step 4: Meet In-Person Safely

If you and your fellow organizers live in the same region, does it make sense to skip all the digital security work and just meet in person? In most cases, experts say yes—but there are important caveats to consider. Just like with your digital work, you need to do a threat model assessment for in-person meetings: is your relationship with the people you’re meeting already public? Or is the fact that you work together a secret? You need to evaluate the meeting location and any other places you’ll go together the same way you evaluate where you store sensitive digital data.

If you can’t be seen together, or spotted entering or exiting a sensitive meeting location, meeting in person may not offer any privacy benefit. You could be observed by bystanders, followed by law enforcement, or tracked via cell phone data, surveillance cameras, facial recognition, automatic license plate readers, or any of the dozens of other physical surveillance tools widely used today.

That said, there are many cases where your affiliation is already public or non-sensitive—for example, meeting neighbors you already know, or regular volunteers from a church group, labor union, or other public organization. If being seen together doesn’t expose any sensitive information, experts emphasize that in-person collaboration is one of the most secure and valuable organizing tools available.

“Face-to-face communication can never be replaced, and I’m a huge champion of it,” says the Freedom of the Press Foundation’s Holmes. “I always say the best encryption is a noisy bar where you’re whispering to someone. But we still have to think about the widespread surveillance infrastructure that exists everywhere today.”

TL;DR: In-person meetings eliminate many of the technical vulnerabilities that can compromise your organization’s privacy and security. But always run it through your threat model: if the fact of your meeting itself needs to stay secret, physical surveillance can make in-person meetings just as, or even more, risky than digital communication.

Final Takeaway: Assess Your Risks, Then Act

The reality is that any organizing that challenges the interests of powerful people—whether it happens online or offline—carries some risk of surveillance and its consequences, says Distribute Aid’s Taylor