Writing Under Surveillance: Digital Safety Tools for Activists
In authoritarian contexts, what you write can put you in prison. Here's how encryption, air-gap architecture, and open source verification provide real protection for those who document truth.
The threat is not theoretical
For activists, journalists, and human rights defenders in many parts of the world, digital surveillance is a daily reality — not a theoretical concern. Governments routinely compel technology companies to hand over user data. Cloud services cooperate with law enforcement requests. And the consequences of exposed writings can include surveillance, harassment, detention, or worse.
This article is about practical digital safety for writers operating under surveillance.
Why cloud services fail activists
Cloud platforms are designed for convenience and collaboration. Their architecture is fundamentally incompatible with the needs of activists:
Data requests
Every major cloud provider publishes transparency reports showing tens of thousands of government data requests per year. When your notes live on their servers, those notes are one court order away from exposure.
Network monitoring
Using cloud services creates network traffic. That traffic can reveal which services you use, when, and from where — metadata that is itself valuable intelligence.
Terms of service
Platform terms can change, companies can be acquired, and government pressure can force policy modifications. Today's privacy guarantee may not exist tomorrow.
What real protection looks like
Effective digital safety for activists requires three properties:
1. Zero network calls
The application should make absolutely no network connections during operation. No API calls, no DNS lookups, no telemetry pings. Zero network activity means zero network-based surveillance.
2. Local encryption
AES-256 encryption transforms documents into data indistinguishable from random noise. Without the password, the content is mathematically unrecoverable — not just difficult, but physically impossible with current technology.
3. Open source verification
In high-risk environments, trust but verify. Open source code allows security teams to audit the entire application for backdoors, hidden data collection, or covert network activity.
Operational security layers
Encryption alone isn't enough. Consider these additional measures:
- Full disk encryption: Use FileVault (macOS) or BitLocker (Windows) to protect everything on the device
- Dedicated devices: Consider using a separate device for sensitive documentation
- Secure deletion: When documents must be destroyed, overwrite disk sectors
- Physical security: Encryption protects data; physical security protects the device
- Password hygiene: Use strong, unique passwords. Consider diceware passphrases.
For those who document abuse
If you're documenting human rights abuses, corporate malfeasance, or government overreach:
- Keep evidence encrypted at all times when not actively working
- Use per-investigation encryption vaults with different passwords
- Maintain chain of custody documentation for court admissibility
- Consider air-gapped devices for the most sensitive work
- Have a trusted contact who knows how to access materials if something happens to you
Conclusion
The right to write freely is the foundation of every other right. When writing becomes surveillance, democracy itself is at risk. For activists who write truth, choosing tools that provide real security — not security theater — is an act of self-preservation.
Writtt is a free, open-source text editor with AES-256 encryption and zero network calls. Download it here or inspect the source code.