secret garden support network

security for activists

Principles

Collect the minimum data necessary

  • The less data you collect in the first place, the less data you have to worry about protecting
  • When using people’s names, use just the first name, nickname, or initials

De-identify or anonymize when possible

  • Avoid attaching names to notes or documents
  • Blur/crop things out from sensitive photos, screenshots
  • Use roles, codes, or aliases instead of identities

Limit sharing

  • Share sensitive data only with the person(s) who absolutely needs them
  • Avoid posting sensitive information in large group chats

Limit holding onto data

  • Set data to delete automatically (e.g. disappearing messages on Signal or self-destructing emails on ProtonMail)
  • Periodically delete files, chats, and documents no longer needed

Secure data in storage and while in transit

  • Use end-to-end encrypted tools
  • Lock devices and enable full-disk encryption
  • Use strong, unique passwords

Get consent

  • When collecting someone's personal data, explain to them what is being collected and why
  • Ask before sharing someone else’s information
  • Respect requests to remove or delete data

Prioritizing threats and vulnerabilities

What data are we protecting?

Identify sensitive information that could put people at risk.

  • Full legal names
  • Home or work addresses
  • Faces or identifying photos/videos
  • Phone numbers, emails, social media accounts
  • Immigration or documentation status
  • Location data (check-ins, metadata)
Who are we protecting it from?

Identify likely or plausible adversaries.

  • Federal agencies (e.g. ICE, FBI)
  • Local police or campus security
  • Far-right vigilantes or doxxers
  • Employers, landlords, schools
  • Tech companies or data brokers
  • People outside the group who do not need access
What is at stake if protection fails?

Clarify real-world consequences.

  • Arrest, detention, or deportation
  • Criminal or felony charges
  • Physical harm or death
  • Family separation
  • Disruption or collapse of organizing
  • Legal expenses, loss of housing or employment
How likely is an attack or breach?

Assess risk based on context, not fear.

  • Do you know people targeted for similar activities?
  • Has this happened in your community?
  • Are there recent news reports?
  • Is your activity explicitly criminalized?
  • How much far-right activity exists in your area?
  • What factors increase profiling or targeting (race, immigration status, gender identity, prior records)?
How far are we willing to go to protect it?

Define realistic and sustainable boundaries.

  • How much extra work is acceptable?
  • Is slowing down organizing worth increased safety?
  • Are stricter procedures enforceable?
  • Are we willing to limit trust or access?
  • What practices must everyone follow, no exceptions?