Digital Security for Federal Workers
Are you using a government device right now? If you are currently visiting this page from a government phone/computer or while connected to government Wi-Fi, please close this site and come back later. Your traffic can be monitored easily from government systems.
Who this checklist is for: Any federal workers are working to resist the Trump/Musk/DOGE government takeover.
The guide below offers some tips to keep the digital trail of your resistance to a minimum so you can stay more protected from retaliation. No digital security can keep you perfectly anonymous and protected, but each step below adds an important layer.
We keep us safe! Security is about the steps we take to keep each other safe, not just ourselves. Forward this guide to your colleagues and help everyone around you think through their digital security. You're now an ambassador!
Baseline security steps
Only discuss resistance & critiques away from government devices (phones/laptops)
Assume all government devices are monitoring your keystrokes and words you say near their microphones
It is reasonable to act as though all of your government devices are monitoring you. This surveillance may not be active, but it could be easy for them to find the trail of your activities.
❌ Do not talk about your resistance or objections...
- while typing on a government phone
- while typing on a government computer
- while connected to government Wi-Fi, even if you're using your personal phone/computer
- while near a government phone/computer that has a microphone (even if it's not a device provided to you)
- while on a government-hosted video call (even if it's with people you trust)
✅ What to do instead
- Find trusted colleagues to organize with!
- Test the waters first. Build trust over time if you don't have it already.
- Talk in-person away from government devices that have microphones and outside of government buildings.
- Text/call these trusted folks using the Signal app which is encrypted (see next checklist item)
As an example: It's great and important to use Signal (on your personal phone) to discuss your dissent, critiques, frustrations and plans. But if you do it right next to your government laptop, it's possible that your conversation could be monitored. While it may be unlikely, it's worth moving to another room.
Use Signal for encrypted texts and calls, especially your activism and political conversations
Normal calls and texts are not private and can be easily surveilled and turned over to law enforcement
Most normal texts and calls can be observed by your cell phone provider and the government. Telegram is incredibly insecure. (See below for our thoughts on WhatsApp.)
Signal is the best option to keep your messages secure and to keep who you are talking to private.
How to set up Signal
- Install Signal on your phone.
- You can now message your existing contacts using their phone number (they must have Signal installed as well). If you're messaging someone new who you don't yet have trust with, you should exchange usernames instead of phone numbers when possible.
- To start a new message: Press the "Create" icon in the top right of Signal, then type in either the person's phone number or username
- Enable disappearing messages by default: Signal > Profile picture > Settings > Privacy > Disappearing Messages > Set to your desired time.
- Follow the Signal Security Checklist to make sure you have the most security and privacy
When to use Signal
Some examples of when you would especially want to use Signal
- Discussing a protest/action that is not public
- Organizing a protest/action that is public, but the organizers want to protect their privacy
- Criticizing the government or other power-holders
Keep speaking out publicly! Moving some conversations to Signal for security isn't about going silent—it's about organizing safely while still voicing criticism of power holders openly. Do not obey in advance.
What about WhatsApp? (Avoid it if you can, use it if you must)
WhatsApp messages are secured with the encryption method developed by Signal, so the contents of your messages are secure. However, Meta harvests a lot of information about who you are talking to, how often, and what groups you're in. In 2024 alone, they turned over data for 78% of government requests. Your messages are safe, but who you are communciating with is not. It is an option to consider if the community you're working with is unlikely to move to Signal. It is safer than normal texts, Telegram, etc. If you do use WhatsApp, make sure to use the new Strict Account Settings feature and lock down your privacy settings
Don't use your real name or photo on your Signal profile
Helps protect you from cops or attackers who want to de-anonymize you. Especially useful if you are in unvetted Signal groups.
A lot of community organizing happens in unvetted groups on Signal where you don't know how much you can trust everyone in the group. These groups can be infiltrated by right-wing adversaries and law enforcement.
Using a fake name prevents someone from finding your real identity through a Google Search.
Using a photo that isn't your face prevents someone from finding your social profiles based on an image match or facial recognition.
Both steps help defend you against doxxing and online harassment.
How to change your profile
- Change your profile display name: Signal > Settings > Tap on your name/icon near the top > Click the top item with the silhouette of a person > Edit your profile display name
- Change your profile photo: Signal > Settings > Tap on your name/icon near the top > Edit photo > Upload a generic photo that you found online that doesn't relate to your identity/preferences/interests/location.
Remind people in your groups to do this as well. Security is a team sport.
Consider setting your LinkedIn and other social profile to be more private
Protect yourself from being targeted based on your social media content
We have seen multiple reports of DOGE using references to "DEI" on LinkedIn and other social media profiles
How to set your social media profile to be private
LinkedIn:
- Public profile visibilty: Go to LinkedIn > Edit Profile > Edit Visibility > Either disable it entirely or select the items you want to disable to protect your privacy and history.
- Fully hibernate your profile: If you are comfortable fully hiberating your profile to everyone (including those in your network) for a period of time, that is the most secure option. You may want to set a reminder to re-open it some time in the future.
- Tighten up other visibility settings: LinkedIn > Profile Icon > Settings > Privacy > Visibility > adjust each of the settings to be more private.
- LinkedIn Activity Feed: Your existing contacts on LinkedIn will still be able to see your feed. If you want to avoid targeting, you may want to go through your history and delete posts.
X/Twitter: Follow these instructions to hide your posts.
Use privacy-focused browser for everyday browsing (instead of Chrome)
Minimize tracking, so there’s less of a digital trail.
We recommend Brave because it offers the most privacy without any additional configuration, which is our goal on this site.
Bonus Brave configuration tips:
- Install Privacy Badger for some added protection.
- You can install the iPhone or Android Brave app as well.
Other browser options:
How to set up Brave Browser
Brave is a privacy-focused browser that allows you to install Google Chrome extensions.
- Install Brave on your computer (or phone).
- Follow the steps after you launch to import your configuration from Chrome or another browser. (See warning below about how plugins make you more identifiable.)
- Configure privacy settings: On the desktop browser, go to Brave > Settings > Shields then select the following: (The mobile app will not have all these settings)
-
Select Aggressive under "Trackers & ads blocking"
-
Select Strict under "Upgrade connections to HTTPS"
-
Uncheck everything under Social media blocking
-
(Optional) Enable Forget me when I close this site. (On the mobile app, the settings is called "Shred Site Data") The site won't be able to store anything about you after your reset your browser.
This will make it harder for sites to track you across the internet. It's good for privacy, but you'll want to manually override this for specific sites. Visit the site > Click the Brave (lion) logo in the URL bar > Advanced controls > Disable "Forget me when I close this site"
-
Optional:
- Disable the annoying new tab page: Brave > Settings > Get started > New Tab Page > Select "Blank page" from the dropdown
- Disable toolbar items: Brave > Settings > Appearance > Toolbar > Disable all the toolbar buttons that you don't want (Brave Rewards, VPN, Wallet, Leo AI, etc)
Plugins warning: Every plugin you install makes your browser stand out from “the crowd” and makes you more identifiable, reducing the effectiveness of the privacy features built-in to Brave.
- Firefox can offer even more privacy if you take the time install the right plugins and configure it properly.
- Use Tor Browser for highly sensitive browsing that is truly anonymous
When at a federal building
Whether you are working regularly in the office or just visiting one at any point, these steps will help add layers of protection.
Avoid bringing your personal phone/laptop to federal buildings (if you can)
If it is possible, no phone/laptop is the most secure
The most secure option is to not bring your phone or laptop.
That said, it's not always possible to leave our personal phone away since we may be someone's emergency contact (for example).
If you do bring your devices, follow the steps in the next checklist item.
If you do bring a personal device, follow these steps to keep it more secure
Keep it off whenever possible. Do not connect to government Wi-Fi. If you do connect to Wi-Fi, use a trusted VPN.
We should assume that any government network or device can monitor anything we do, even if it is on our personal device.
Recommendations:
- Do not bring your personal devices if possible
- If you must bring your device, leave it off as much as possible
- If you must turn it on, do not connect to government Wi-Fi (or ethernet)
- If you must connect to the Wi-Fi, make sure you only do it with a trusted VPN active to shield your activity. Make sure to install a VPN in advance.
If you bring government devices home
There are steps you can take to protect yourself at home even when you have government devices in the house
Turn your phone and laptop off and put away when you're done working (and before discussing dissent)
If your government phone/laptop is near you, you should treat the microphone as though it can hear your conversations.
How to
- Make sure the devices are powered down at the end of the day and anytime you're discussing dissent in your house
- Make sure the devices are away in a drawer, a closet, or a room with the door closed. The ensures that if the microphone were somehow still on, that your conversations wouldn't be overheard. (This may be unlikely for many of us, but it is a precaution that only takes a minute of effort.)
Separate your home Wi-Fi networks - turn on a "guest network" for government devices
This is a lower priority, but a good idea.
Enabling a "guest network" on your home Wi-Fi router ensures that your government devices don't have access to the personal devices on your network.
How to enable and use a guest network
- Look at your Wi-Fi router for a model or at least a brand
- Use Brave Search (rather than Google) to search for
how to enable guest network on [MODEL OR BRAND HERE] - Follow the instructions you find and set up a Wi-Fi network with a different name than your main network.
- On your government phone and laptop, find the "Forget this network" option for your main Wi-Fi. Then re-connect them to the new guest Wi-Fi network.
Wi-Fi routers can be difficult to configure sometimes. If you need help, ask someone tech-savvy in your life.
If you've ever had mobile device management tools installed on your personal device, remove them
Mobile Device Management apps are a piece of software that helps the government (or companies) remotely manage devices to keep them secure. If you were ever required to install one of these apps on your personal device, make sure to remove it if you're allowed to. This would usually occur when you're no longer employed by the government.
Common MDM apps:
- Microsoft Intune
- BM MaaS360
- VMware Workspace ONE (formerly AirWatch)
- MobileIron
- BlackBerry UEM
- Master Data Management by Civica
When organizing
Use Proton Docs instead of Google Docs
Protect yourself from Google tracking every doc you view
Google's business model relies on tracking user activity - including what documents you open, share, and access. Law enforcement can obtain this data through warrants, and they've been known to access it without proper authorization. Doing our organizing outside of Google Docs helps us keep each other more safe.
Proton Docs is a high-quality alternative to Google Docs. Your docs are end-to-end encrypted, which means that even if the authorities accessed Proton's servers, they wouldn't be able to see what was contained in your documents.
How to use Proton Docs
- Create a Proton account if you don't have one already — choose the free plan
- Visit Proton Drive > Click the "New" button > Select "New Document"
- Once your document is ready for sharing, you can click the "Share" button and either share it with other Proton accounts or enable "Create public link" to share with people who don't have a Proton account. Be careful where you share the link since it will be less secure!
Encourage the people you're organizing with get a Proton account and we can all move toward our activism being more secure.
Looking for spreadsheets or forms? Proton Docs doesn't offer a spreadsheet solution like Google Sheets. If you need a simple spreadsheet, you can insert a table into a Proton Doc. Alternately, you can use Cryptpad spreadsheets. It is a less user-friendly solution, but it is free and end-to-end encrypted.
Follow our Security Essentials checklist for more protection
The Security Essentials checklist will guide to secure your accounts and protect your private
Security Essentials Guide
Follow our Security Essentials checklist to make sure your personal devices are as secure as possible.
FAQ
Is it risky to open my personal email on a government device?
A FOIA request will look for written products using government resources. It is not a search warrant. Anything produced on a government device would be subject to FOIA (docs, emails, texts, etc).
(Source: A former FOIA employee. This is not legal advice.)
Is it risky to open government email/chat on a personal device?
Anything created on a government app on a personal device (Outlook, Teams, etc) would be subject to FOIA. A FOIA request would not open your personal device up for a sweeping search of your personal data. Requests have to be very specific and a search for information would use keywords specified in the request. Change wording (names, etc) in government messaging and written products if you do not want it to be included.
(Source: A former FOIA employee. This is not legal advice.)
Other questions?
Please contact us if you have other questions that aren't answered here.
Share this checklist with other federal workers
The more of us who practice digital security, the more secure we all become. Consider sending this to your colleagues—and make sure to send it via Signal:
Here's a checklist for federal workers who want to protect their digital security. I found it helpful and wanted to share. Digital security checklist:
https://activistchecklist.org/federal Key tips:
- Don't use your government phone/computer to discuss your dissent.
- Don't discuss your dissent around any government device that has a microphone
- Don't log on to government Wi-Fi with your personal devices (or use a VPN like IVPN.net, Mullvad, or Proton VPN if you must connect to the Wi-Fi)
- Do not access personal email/chat/texts on a government device (opens you to FOIA)
- Only discuss your dissent using the Signal app on your personal phone (not over regular texts/calls or any email, not on government devices). Find the colleagues you trust and connect on Signal.
We keep each other safe.
Community organizing advice
If you're new to political organizing, welcome! This moment requires all of us to find our place in the movement. Thankfully, there are a lot of resources for you to build on, so no one has to reinvent the wheel.
Here are some places to start:
- Organizing: People, Power, Change by Marshal Ganz at the Harvard Kennedy School (free book, PDF)
- The Citizens Handbook
- Community Organizing Basics from Neighborhood Anarchist Collective (links at the bottom for facilitation, convening, security culture, and more)
- Team Building from Activist Handbook
- Organizing 101 from Beautiful Trouble
- Finally, seek out mentorship from experienced organizers. There are thousands of people who have done this before who are eager to support you!
Talking to the press: If part of your organizing includes sharing your stories with the press, make sure to get the reporters Signal username (or phone number) and only communicate using Signal. Be cautious about putting your name, email, and phone number into a form if you're not sure where that information will go.
Read More
Have Questions?
Let us know if you have questions or feedback so we can make these guides as useful as possible.