High-Risk & Activist Contexts
For most people, digital security is about protecting money and privacy. For journalists, activists, and researchers, it is about protecting sources, safety, and the ability to continue working.
The Message That Looked Like a Source
Meena was an investigative journalist covering organised crime. She had been working on a story for six months.
A Signal message arrived from an unknown number. A whistleblower, they said, with documents that would change everything. They needed her to install a "secure viewer" to open the files, a link was attached.
She had seen stories about this kind of attack. She was sceptical. She told the contact to use SecureDrop and did not click the link.
Two weeks later, a colleague at a different outlet, working on a similar story, received the same message. He installed the software.
The software was Pegasus. His phone reported every call, message, and location for the next four months before a forensic analysis identified it.
His sources were exposed. His story was killed. He received death threats.
What Is Actually Happening
50+
countries where Pegasus spyware has been confirmed on devices of journalists, activists, and opposition figures.
Commercial spyware sold to governments is now a mainstream tool of political repression, available to states without significant technical capacity.
Source: Citizen Lab / Amnesty Tech Reports, 2024-202573% of Women Journalists Targeted
UNESCO found that 73% of women journalists have experienced online violence, with 20% reporting offline attacks that followed digital targeting. The combination of harassment and surveillance creates a chilling effect on reporting.
Device Searches at Borders Rising
US Customs and Border Protection conducted over 41,000 device searches in FY2023, a record number. Journalists and activists entering or exiting high-risk countries face disproportionate device inspection. Source data on an unprotected device is permanently exposed.
Five High-Risk Threat Vectors
Surveillance Targeting Journalists and Activists
State-sponsored and commercial surveillance targets people whose work threatens powerful interests. This includes journalists, opposition politicians, NGO workers, and researchers. The threat is not hypothetical, Citizen Lab has documented Pegasus infections on hundreds of devices globally, including major media organisations.
Spyware and State-Sponsored Hacking
Commercial spyware like Pegasus can be delivered via zero-click exploits, no action from the target required. Once installed, it accesses all messages, calls, photos, microphone, and camera. Even fully updated devices from major manufacturers have been compromised. Regular forensic checks are the only detection method.
Border Security and Device Search
Crossing a border with source communications, unpublished stories, or activist coordination on your device creates exposure. Law enforcement in many jurisdictions can compel device unlocking. The correct practice is travelling with a clean device containing no sensitive data, with real data accessible only remotely after crossing.
De-platforming and Digital Erasure
Coordinated reporting campaigns can suspend accounts without legitimate cause. State actors and organised groups use mass reporting as a suppression tool. Archiving work independently of any single platform is essential, accounts that have existed for years can be suspended in hours.
Physical Security Intersection
Digital targeting escalates to physical threat in documented cases. Journalists and activists whose location, home address, or daily routine has been exposed face genuine physical danger. Digital safety and physical safety cannot be planned separately for high-risk individuals.
Try It: OpSec Checklist
Three tiers of operational security, from baseline protections everyone should have, to advanced measures for those facing active threat actors.
What That Just Showed You
Baseline protections are missing for most people.
The first tier of the checklist covers protections that prevent the majority of non-targeted attacks. Most of them take under five minutes to implement. The gap is not that they are difficult — it is that they are not habitual.
Threat level determines which tier applies to you.
Signal alone is not enough against a state actor. A hardware key alone is not enough if your device is compromised. The checklist is tiered because the protections required scale with who is targeting you and what resources they have.
Every tool in all three tiers is free.
Signal, Tor, Tails, a hardware key, and VPNs with verified no-log policies are all either free or under $30. The barrier to high-level operational security is knowledge and habit, not money.
Three Things Worth Doing
1. Use Signal for all sensitive communications, with disappearing messages enabled. Signal is the baseline. Disappearing messages means a device seizure does not expose historical conversations. This is the single most impactful change for most journalists and activists.
2. Contact Access Now's Digital Security Helpline if you are under active threat. Access Now provides free, confidential digital security support to journalists, activists, and human rights defenders. accessnow.org/help
3. Prepare a clean travel device before any high-risk crossing. A device with no source communications, no sensitive documents, and no stored credentials eliminates the risk of a border search exposing your work. Plan this before travel, not at the checkpoint.
One Question Before You Continue
Meena was asked to install a 'secure viewer' app sent by an unknown contact claiming to be a source. She refused. Her colleague installed it and was compromised. What made Meena's instinct correct?