Skip to content

Digital Activism Also Needs Protection:

Seeing the Full Picture of Digital Risk from a Single Act of Goodwill

A Seemingly Ordinary Favor, Fraught with Hidden Risks

Xiao Ming is a worker at an NGO in Country T. One day, a former partner asked if he could help a civil society group in a Southeast Asian country bypass severe internet censorship, allowing local people to freely access outside information. Although not a technical expert, he was enthusiastic about providing support with data organization, training materials, and website setup.

One day, using his regular home internet connection, Xiao Ming logged into a free website platform with a standard browser and uploaded the content provided by his partner, creating a temporary website. Because he didn't use an anonymous browser, his real IP address, connection time, and operational records were all exposed to monitoring systems.

A few days later, the website was blocked, the partner's account was disabled, and someone was even summoned for questioning by the government and subsequently lost contact. Xiao Ming was shocked that his carelessness had put his partners in danger.

If he had used Tor Browser from the start, his identity and location would not have been so easily revealed, thanks to its multi-layered encrypted routing and anonymous traffic forwarding. Tor can effectively prevent governments or internet providers from identifying users from network traffic, protecting him from being tracked. This is a critical protection that ordinary browsers cannot provide.

  • Role: As an NGO worker
  • Need: I need a secure and anonymous way to share sensitive information
  • Reason: To protect myself and my partners from being tracked or retaliated against

A Temporary Website Exposed Their Real Identities

After the incident, Xiao Ming tried to raise his security awareness and began teaching his team to use anonymous tools and encrypted sharing platforms, but he still made mistakes.

Once, to make things convenient for his Southeast Asian friends, he directly posted a Google Drive link in a regular messaging app, setting the permission to "anyone with the link can view," without any encryption. Unexpectedly, these links were easily intercepted by monitoring systems, and the content might even have been indexed by search engines. A few days later, Xiao Ming received an anonymous threatening letter, warning him to stop his assistance.

To prevent similar situations, he started using PrivateBin, a tool that can encrypt text and links before sending. Only those with the password can read the content, and it can be set to auto-delete, effectively preventing sensitive information from leaking.

  • Role: As an NGO worker
  • Need: I need a secure way to share and protect sensitive information
  • Reason: To prevent my activities and my partners' safety from being threatened

Truly Secure Conversations Start with Choosing the Right Tool

As the situation escalated, Xiao Ming realized that the communication software he had been using also posed security risks. Although he used Tor to protect his browsing, his communication content could still be intercepted.

After a friend warned him that a strange number was trying to detect their communication records, Xiao Ming began looking for a secure communication tool and finally chose Signal. It provides end-to-end encryption, meaning messages can only be read by the sender and receiver, and the server cannot decrypt them. It also supports disappearing messages and screenshot prevention, taking communication security to another level.

Xiao Ming taught his friends step-by-step how to download and use Signal, ensuring their sensitive conversations were not monitored.

  • Role: As an NGO worker needing to protect communication privacy
  • Need: I need a secure communication tool with end-to-end encryption
  • Reason: To ensure sensitive conversations are not monitored or intercepted, enhancing our security posture

Securely Transferring Large Files to Prevent Data Leaks

Xiao Ming and his team needed to securely transfer a large report containing a great deal of sensitive personal data from one office to a partner in a remote area. The file was too large to be sent conveniently via email, and using a cloud drive raised concerns about the data being monitored or intercepted during transfer or storage.

At this point, Xiao Ming remembered Magic Wormhole. This tool allowed them to establish an encrypted connection directly between two computers using a short "password" or "wormhole code" to securely transfer files and folders of any size. The data is end-to-end encrypted during transit and does not pass through any third-party servers, significantly reducing the risk of being monitored or intercepted.

  • Role: As an NGO worker needing to securely transfer sensitive data
  • Need: I need a secure, efficient way to transfer large files that doesn't rely on third-party servers
  • Reason: To ensure sensitive data is not monitored or leaked during transfer

Shedding Trackers to Protect Digital Footprints

While researching sensitive topics, Xiao Ming noticed that related ads and content recommendations followed him everywhere. He realized his digital footprint was being extensively collected by ad networks and trackers, gradually building a complete personal profile of him.

To block this tracking, he found AdGuard. It not only improved his browsing experience but, more importantly, blocked potential third-party scripts from collecting and recording his usage habits, preventing his browsing behavior and interests from being turned into an exploitable personal profile.

  • Role: As a user focused on privacy and anti-tracking
  • Need: I need to block ads and third-party trackers
  • Reason: To prevent my browsing behavior and interests from being built into an exploitable personal profile

Locking Down Account Security, Abandoning Universal Passwords

Xiao Ming also reflected on his long-standing bad habit: for convenience, he used similar passwords for many different websites. When one of these services was breached, he realized all his accounts using similar passwords were at risk.

He started using Bitwarden to generate random, strong passwords for all his accounts and manage them securely in one place. This drastically reduced the risk of multiple accounts being compromised due to credential reuse and brute-force attacks.

  • Role: As an organization member managing numerous accounts
  • Need: I need to securely generate and store strong passwords
  • Reason: To prevent credential reuse from leading to multiple account breaches

Establishing a Reliable Transfer Channel on a Restricted Network

On one occasion, Xiao Ming's volunteer partner was in an area with a restricted network, unable to use cloud services but in urgent need of exchanging files.

In this situation, Croc came in handy. It provided a simple command-line tool to establish a peer-to-peer (P2P) connection with a one-time code, supporting both encryption and resumable transfers. This ensured that data could still be transferred securely and reliably even on an unstable network.

  • Role: As a collaborator communicating with partners in remote areas
  • Need: I need a simple, encrypted, command-line P2P file transfer tool
  • Reason: To securely transfer data even on restricted or unstable networks

Locking Down Cloud Data to Protect Storage Privacy

The team was accustomed to backing up data to commercial cloud drives, but Xiao Ming always worried that this data could be accessed or scanned by the platform itself or third parties.

To address this, he introduced Cryptomator. This tool creates an encrypted "vault" on his local machine. All files placed in it are automatically encrypted before being synced to the cloud. This way, even if the cloud service is hacked or accessed, the actual file contents remain encrypted and unreadable.

  • Role: As a data manager using cloud backups
  • Need: I need to encrypt data locally before uploading it to the cloud
  • Reason: To prevent the actual content from being accessed by the platform or third parties in the cloud

Protecting Search Privacy to Avoid Intentions Being Logged

While researching sensitive topics, Xiao Ming didn't want the keywords he searched for to be logged and built into a long-term personal profile.

He switched the team's default search engine to DuckDuckGo. This search engine doesn't "personalize" search results based on past behavior and doesn't build user profiles, thereby protecting their research topics and interests from being exposed.

  • Role: As a user researching sensitive topics
  • Need: I need a private search engine that doesn't build user profiles
  • Reason: To prevent my search history from revealing my research topics and interests

Balancing Quality and Security with Offline Document Proofreading

Xiao Ming often needed to check the grammar of sensitive English or multilingual documents, but he worried that online tools would upload and store his entire text.

He discovered that LanguageTool could be run on a local server or in offline mode. This allowed the team to perform manuscript corrections on their local computers without sending text externally, thus balancing language quality with content security.

  • Role: As an author or editor writing sensitive documents
  • Need: I need grammar checking without uploading documents to an external server
  • Reason: To protect document content from being collected by third-party platforms

Working Offline to Reduce Cloud Exposure Risk

Because some documents could not be leaked or involved sensitive personal data, Xiao Ming decided to push the team to do all drafting and editing locally, rather than relying entirely on cloud-based office suites.

Open-source office software like LibreOffice and ONLYOFFICE Desktop provided full-featured, offline document, spreadsheet, and presentation capabilities, allowing them to work without an internet connection or uploading files, reducing the risk of being indexed or accessed by third-party platforms.

  • Role: As a worker who prefers to handle sensitive documents offline
  • Need: I need a full-featured office suite that can be used offline
  • Reason: To reduce the risk of data leakage caused by cloud synchronization or third-party services

Cleaning Metadata to Prevent Media Files from Leaking Location

After publishing photos from an offline event, a partner reminded Xiao Ming that photos can contain metadata (EXIF) such as the date, time, and GPS location, which could expose sensitive information about interviewees or participants.

From then on, he mandated that all media files for external release must first be processed with MAT2. This tool can batch-clean metadata from images, audio, and documents, ensuring that published media does not accidentally reveal time, location, or device information.

  • Role: As an editor or journalist responsible for media publication
  • Need: I need to remove hidden personal data from files before uploading
  • Reason: To prevent media files from becoming a source for location or tracking

Creating an Encrypted Digital Notebook for Sensitive Thoughts

In his work, Xiao Ming would jot down contact information for interviewees, sensitive observations, or action plans, but he worried that regular note-taking services would data-mine this content.

He found Notesnook, a note-taking tool that offers end-to-end encryption. It ensures that even when notes are synced to the cloud, the service provider cannot read them, making it ideal for workflows involving highly sensitive information.

  • Role: As a worker recording sensitive information
  • Need: I need an encrypted and cross-device syncable note-taking tool
  • Reason: To keep notes private while maintaining workflow convenience

Running AI Locally to Maintain Data Sovereignty

Xiao Ming wanted to try using generative AI to help organize reports and create teaching materials, but he was concerned that uploading raw data to a cloud AI service would result in it being stored or reused by the model provider.

After some research, he discovered that with tools like Ollama, he could deploy and run open-source language models on his own computer. All inputs and outputs remained local, allowing him to enjoy the efficiency of AI while maintaining full sovereignty over his data.

  • Role: As a user who wants to use AI for creation without uploading sensitive content
  • Need: I need an AI solution that can run locally and does not transmit data externally
  • Reason: To maintain control over project and personal data while using generative tools

Creating a Secure, Encrypted Tunnel on Public Networks

Once, while sending meeting minutes over the public Wi-Fi at a coffee shop, Xiao Ming felt uneasy, worried that the transmitted content could be intercepted by others on the same network.

From then on, whenever he was on a public network, he would first activate ProtonVPN. A VPN encapsulates all his network traffic in an encrypted tunnel, making it difficult for malicious hotspots or eavesdroppers on the network to listen in or steal the transmitted content.

  • Role: As a collaborator who often works on the go
  • Need: I need to encrypt my connection on public networks
  • Reason: To prevent transmitted content from being intercepted by third parties on the local network

Self-Hosting a Communication Platform to Control a Conversation

As the sensitivity of their topics increased, the team became more reluctant to rely on commercial instant messaging platforms to discuss internal strategies.

With the help of a technical partner, they used Quiet (or a similar Matrix-based solution) to set up a private communication service on their own server. This gave them full control over the message flow, member permissions, and data retention policies, ensuring communications were encrypted and reducing the risks associated with relying on third-party platforms.

  • Role: As a team manager needing a controllable communication environment
  • Need: I need a private, self-hostable, and secure communication platform
  • Reason: To gain control over data governance and reduce risks from external platforms

Xiao Ming needed to urgently send a list of interviewees to a partner but didn't want to create a long-lasting download link that could be accessed by unauthorized people in the future.

He used a one-time, secure sharing service like send. Such services allow a file to be automatically destroyed after being downloaded once or after a short period, often accompanied by encryption and download limits,. * Role: As a worker needing to share data temporarily * Need: I need a one-time, short-term, and secure way to share files * Reason: To avoid data leakage from a permanently accessible link

Finding an Encrypted Note Database for Long-Term Records

Besides daily notes, Xiao Ming needed a place to securely store long-term strategic records and sensitive contacts, while still being able to search and categorize them.

He chose StandardNotes, known for its strong encryption and extensibility. It provides end-to-end encrypted long-term storage for notes and supports extensions, making it suitable for a highly private, long-term database.

  • Role: As a user needing to store important notes long-term
  • Need: I need an encrypted and reliable note-taking system
  • Reason: To protect historical records and contact data from unauthorized access

Enhancing Email Security with End-to-End Encryption

When handling more sensitive communications, Xiao Ming realized that with a webmail interface, the email content on the server remains unencrypted and could be subject to scanning or policy restrictions.

He started using the Thunderbird desktop email client combined with an OpenPGP encryption plugin. This allowed him to directly encrypt emails and attachments on his own computer and fully control where emails were stored and backed up, providing a powerful solution for scenarios requiring strict email security and control.

  • Role: As a contact person who frequently handles sensitive emails
  • Need: I need a desktop email client that provides encryption and local control
  • Reason: To prevent emails from being scanned or leaked on the server-side

Locking Down Devices as the Last Line of Defense Against Physical Risks

Once, Xiao Ming's work laptop was lost during a business trip. Although anxious, he knew the data was unreadable without the password because the hard drive had been fully encrypted with VeraCrypt.

This experience taught him that full-disk encryption is the final and most crucial line of defense to protect data from being accessed if a device is stolen or physically inspected.

  • Role: As a worker traveling with sensitive data
  • Need: I need to protect the data on my device from being compromised due to physical loss
  • Reason: To ensure data remains secure even if the device falls into the wrong hands

Conclusion: From Single-Point Fixes to Comprehensive Security Habits

From initially endangering a partner through a single mistake to now skillfully assessing various situations and implementing appropriate safeguards, Xiao Ming's story demonstrates a complete journey of growth in digital security.

He learned to use Tor Browser and ProtonVPN to hide his digital footprint; protect his communications with Signal, Thunderbird, and a self-hosted Quiet; securely share and transfer files with PrivateBin, send, Magic Wormhole, and Croc; manage passwords with Bitwarden; and lock down static data with Cryptomator and VeraCrypt. Even in his daily work, he began to pay attention to protecting his search privacy with DuckDuckGo, cleaning file metadata with MAT2, and ensuring the privacy of his work output with LibreOffice, LanguageTool, and a locally-run Ollama.

He ultimately understood that digital security is not about a single silver bullet, but about building a layered, comprehensive protection strategy for different risks and internalizing it as a way of thinking in his workflow. This journey, though it began with a painful lesson, has allowed him and his partners to walk the path of their ideals more steadily and securely.