Digital Security for Federal Workers
Are you using a government device right now? If you are currently visiting this page from a government phone/computer or while connected to government Wi-Fi, please close this site and come back later. Your traffic can be monitored easily from government systems.
Who this checklist is for: Any federal workers are working to resist the Trump/Musk/DOGE government takeover.
The guide below offers some tips to keep the digital trail of your resistance to a minimum so you can stay more protected from retaliation. No digital security can keep you perfectly anonymous and protected, but each step below adds an important layer.
We keep us safe! Security is about the steps we take to keep each other safe, not just ourselves. Forward this guide to your colleagues and help everyone around you think through their digital security. You're now an ambassador!
Baseline security steps
Only discuss resistance & critiques away from government devices (phones/laptops)
Assume all government devices are monitoring your keystrokes and words you say near their microphones
It is reasonable to act as though all of your government devices are monitoring you. This surveillance may not be active, but it could be easy for them to find the trail of your activities.
❌ Do not talk about your resistance or objections...
while typing on a government phone
while typing on a government computer
while connected to government Wi-Fi, even if you're using your personal phone/computer
while near a government phone/computer that has a microphone (even if it's not a device provided to you)
while on a government-hosted video call (even if it's with people you trust)
✅ What to do instead
Find trusted colleagues to organize with!
Test the waters first. Build trust over time if you don't have it already.
Talk in-person away from government devices that have microphones and outside of government buildings.
Text/call these trusted folks using the Signal app which is encrypted (see next checklist item)
As an example: It's great and important to use Signal (on your personal phone) to discuss your dissent, critiques, frustrations and plans. But if you do it right next to your government laptop, it's possible that your conversation could be monitored. While it may be unlikely, it's worth moving to another room.
Use Signal for texts and calls, especially your activism and political conversations
Normal calls and texts are insecure and can be turned over to the cops
How to set up Signal
Install Signal on your phone
Message your existing contacts (they must have Signal installed as well)
Make sure to enable disappearing messages by default and for any existing threads.
Follow the Signal Checklist to make sure you have the most security and privacy.
When to use Signal
Some examples of when you would especially want to use Signal
Discussing a protest/action that is not public
Organizing a protest/action that is public, but the organizers want to protect their privacy
Criticizing government and power holders
Keep speaking out publicly! We encourage Signal (or just in-person conversations with no tech around) to have secure channels where we can speak more freely to get organized for public engagement. That said, we should encourage one another to continue to speak out publicly about our criticisms of power holders. As Timothy Snyder says, do not obey in advance.
Don't use your real name or photo in your Signal profile
If you want to have the option to communicate more anonymously on Signal, protecting your name is a good idea.
The display name you choose will depend on the level of anonymity you need. The most secure would be to choose a different name to use in protest spaces and on Signal. This can be a good default to help buffer you from surveillance. You can always choose to reveal your real name if you build sufficient trust with someone.
If you don't need as much anonymity, you could just set it to your first name, which would make it slightly harder for someone to find you from a simple Google search.
How to change your profile
Change your profile display name: Signal > Settings > Tap on your name/icon near the top > Click the top item with the silhouette of a person > Edit your profile display name
Change your profile photo: Signal > Settings > Tap on your name/icon near the top > Edit photo > Upload a generic photo that you found online that doesn't relate to your identity/preferences/interests/location.
Consider setting your LinkedIn and other social profile to be more private
Protect yourself from being targeted based on your social media content
We have seen multiple reports of DOGE using references to "DEI" on LinkedIn and other social media profiles
How to set your social media profile to be private
LinkedIn:
Public profile visibilty: Go to LinkedIn > Edit Profile > Edit Visibility > Either disable it entirely or select the items you want to disable to protect your privacy and history.
Fully hibernate your profile: If you are comfortable fully hiberating your profile to everyone (including those in your network) for a period of time, that is the most secure option. You may want to set a reminder to re-open it some time in the future.
Tighten up other visibility settings: LinkedIn > Profile Icon > Settings > Privacy > Visibility > adjust each of the settings to be more private.
LinkedIn Activity Feed: Your existing contacts on LinkedIn will still be able to see your feed. If you want to avoid targeting, you may want to go through your history and delete posts.
X/Twitter: Follow these instructions to hide your posts.
Use privacy-focused browser for everyday browsing (instead of Chrome)
Minimize tracking, so there’s less of a digital trail.
We recommend Brave because it offers the most privacy without any additional configuration, which is our goal on this site.
Firefox can offer even more privacy if you take the time install the right plugins and configure it properly.
Use Tor Browser for highly sensitive browsing that is truly anonymous
How to set up Brave Browser
Brave is a privacy-focused browser that allows you to install Google Chrome extensions.
Install Brave on your computer (or phone).
Configure privacy settings: Go to Brave > Settings > Shields then select the following:
Select Aggressive under "Trackers & ads blocking"
Select Strict under "Upgrade connections to HTTPS"
Uncheck everything under Social media blocking
Optional: Check Forget me when I close this site. This will cause you to never be remembered by any site. It's good for privacy, but you'll want to manually override this for specific sites that you want to stay logged in to. To be remembered by a specific site: Visit the site > Click the Brave (lion) logo in the URL bar > Advanced controls > Disable "Forget me when I close this site"
Optional:
Disable the annoying new tab page: Brave > Settings > New Tab Page > Select "Blank page" from the dropdown
Re-install your extensions or import your bookmarks from another browser. (You can install any Chrome extension on Brave.)
Disable toolbar items: Brave > Settings > Appearance > Disable all the toolbar items that you don't want (Brave Rewards, VPN, Wallet, etc)
Plugins warning: Every plugin you install makes your browser stand out from “the crowd” and makes you more identifiable, reducing the effectiveness of the privacy features built-in to Brave.
Bonus Brave configuration tips:
Install Privacy Badger for some added protection.
When at a federal building
Whether you are working regularly in the office or just visiting one at any point, these steps will help add layers of protection.
Avoid bringing your personal phone/laptop to federal buildings (if you can)
If it is possible, no phone/laptop is the most secure
The most secure option is to not bring your phone or laptop.
That said, it's not always possible to leave our personal phone away since we may be someone's emergency contact (for example).
If you do bring your devices, follow the steps in the next checklist item.
If you do bring a personal device, follow these steps to keep it more secure
Keep it off whenever possible. Do not connect to government Wi-Fi. If you do connect to Wi-Fi, use a trusted VPN.
We should assume that any government network or device can monitor anything we do, even if it is on our personal device.
Recommendations:
Do not bring your personal devices if possible
If you must bring your device, leave it off as much as possible
If you must turn it on, do not connect to government Wi-Fi (or ethernet)
If you must connect to the Wi-Fi, make sure you only do it with a trusted VPN active to shield your activity. Make sure to install a VPN in advance.
If you bring government devices home
There are steps you can take to protect yourself at home even when you have government devices in the house
Turn your phone and laptop off and put away when you're done working (and before discussing dissent)
If your government phone/laptop is near you, you should treat the microphone as though it can hear your conversations.
How to
Make sure the devices are powered down at the end of the day and anytime you're discussing dissent in your house
Make sure the devices are away in a drawer, a closet, or a room with the door closed. The ensures that if the microphone were somehow still on, that your conversations wouldn't be overheard. (This may be unlikely for many of us, but it is a precaution that only takes a minute of effort.)
Separate your home Wi-Fi networks - turn on a "guest network" for government devices
This is a lower priority, but a good idea.
Enabling a "guest network" on your home Wi-Fi router ensures that your government devices don't have access to the personal devices on your network.
How to enable and use a guest network
Look at your Wi-Fi router for a model or at least a brand
Use Brave Search (rather than Google) to search for
how to enable guest network on [MODEL OR BRAND HERE]Follow the instructions you find and set up a Wi-Fi network with a different name than your main network.
On your government phone and laptop, find the "Forget this network" option for your main Wi-Fi. Then re-connect them to the new guest Wi-Fi network.
Wi-Fi routers can be difficult to configure sometimes. If you need help, ask someone tech-savvy in your life.
If you've ever had mobile device management tools installed on your personal device, remove them
Mobile Device Management apps are a piece of software that helps the government (or companies) remotely manage devices to keep them secure. If you were ever required to install one of these apps on your personal device, make sure to remove it if you're allowed to. This would usually occur when you're no longer employed by the government.
Common MDM apps:
Microsoft Intune
BM MaaS360
VMware Workspace ONE (formerly AirWatch)
MobileIron
BlackBerry UEM
Master Data Management by Civica
When organizing
Use Proton Docs instead of Google Docs
Protect yourself from Google tracking every doc you view
Google's business model relies on tracking user activity - including what documents you open, share, and access. Law enforcement can obtain this data through warrants, and they've been known to access it without proper authorization. Doing our organizing outside of Google Docs helps us keep each other more safe.
Proton Docs is a high-quality alternative to Google Docs. Your docs are end-to-end encrypted, which means that even if the authorities accessed Proton's servers, they wouldn't be able to see what was contained in your documents.
How to use Proton Docs
Create a Proton account if you don't have one already — choose the free plan
Visit Proton Drive > Click the "New" button > Select "New Document"
Once your document is ready for sharing, you can click the "Share" button and either share it with other Proton accounts or enable "Create public link" to share with people who don't have a Proton account. Be careful where you share the link since it will be less secure!
Encourage the people you're organizing with get a Proton account and we can all move toward our activism being more secure.
Looking for spreadsheets or forms? Proton Docs doesn't offer a spreadsheet solution like Google Sheets. If you need a simple spreadsheet, you can insert a table into a Proton Doc. Alternately, you can use Cryptpad spreadsheets. It is a less user-friendly solution, but it is free and end-to-end encrypted.
Follow our Security Essentials checklist for more protection
The Security Essentials checklist will guide to secure your accounts and protect your private
Security Essentials Guide
Follow our Security Essentials checklist to make sure your personal devices are as secure as possible.
FAQ
Is it risky to open my personal email on a government device?
A FOIA request will look for written products using government resources. It is not a search warrant. Anything produced on a government device would be subject to FOIA (docs, emails, texts, etc).
(Source: A former FOIA employee. This is not legal advice.)
Is it risky to open government email/chat on a personal device?
Anything created on a government app on a personal device (Outlook, Teams, etc) would be subject to FOIA. A FOIA request would not open your personal device up for a sweeping search of your personal data. Requests have to be very specific and a search for information would use keywords specified in the request. Change wording (names, etc) in government messaging and written products if you do not want it to be included.
(Source: A former FOIA employee. This is not legal advice.)
Other questions?
Please contact us if you have other questions that aren't answered here.
Share this checklist with other federal workers
The more of us who practice digital security, the more secure we all become. Consider sending this to your colleagues—and make sure to send it via Signal:
Here's a checklist for federal workers who want to protect their digital security. I found it helpful and wanted to share.
Digital security checklist:
https://activistchecklist.org/federalKey tips:
Don't use your government phone/computer to discuss your dissent.
Don't discuss your dissent around any government device that has a microphone
Don't log on to government Wi-Fi with your personal devices (or use a VPN like IVPN.net, Mullvad, or Proton VPN if you must connect to the Wi-Fi)
Do not access personal email/chat/texts on a government device (opens you to FOIA)
Only discuss your dissent using the Signal app on your personal phone (not over regular texts/calls or any email, not on government devices). Find the colleagues you trust and connect on Signal.
We keep each other safe.
Community organizing advice
If you're new to political organizing, welcome! This moment requires all of us to find our place in the movement. Thankfully, there are a lot of resources for you to build on, so no one has to reinvent the wheel.
Here are some places to start:
Organizing: People, Power, Change by Marshal Ganz at the Harvard Kennedy School (free book, PDF)
Community Organizing Basics from Neighborhood Anarchist Collective (links at the bottom for facilitation, convening, security culture, and more)
Team Building from Activist Handbook
Organizing 101 from Beautiful Trouble
Finally, seek out mentorship from experienced organizers. There are thousands of people who have done this before who are eager to support you!
Talking to the press: If part of your organizing includes sharing your stories with the press, make sure to get the reporters Signal username (or phone number) and only communicate using Signal. Be cautious about putting your name, email, and phone number into a form if you're not sure where that information will go.
Read More
Have Questions?
Let us know if you have questions or feedback so we can make these guides as useful as possible.