Digital Security Resource Hub

The Digital Security Resource Hub was prepared by Amnesty International’s Security Lab for human rights defenders, activists, journalists and other members of civil society. The hub will make it easier to identify accessible, high quality, updated and free advice and resources to support civil society with building and protecting their digital resilience.

Governments and non-state actors regularly use digital attacks to surveil, harass and intimidate human rights defenders (HRDs), activists, journalists, and other civil society members.

Forms of digital attacks can include:

  • malware attacks, including mobile and computer spyware
  • ransomware
  • social engineering threats, including phishing attacks and impersonation
  • threats against availability, including availability of the internet and denial-of-service attacks
  • disinformation and misinformation
  • online harassment, including tech-facilitated gender-based violence
  • doxing and blackmailing
  • blackmail
  • account takeover
  • digital surveillance

It is not possible to stop all attacks, but it is possible to increase individuals’ and organisations’ digital resilience to protect data, accounts, devices, and infrastructure.

This resource hub provides recommendations to protect your devices and data against digital surveillance, along with additional resources to help you build your digital resilience.


Digital surveillance

Protecting devices and data

All users

If you are at risk of digital surveillance, you can enable and use specific tools and features on your phones and accounts to enhance the protection of your devices and data.

Open Briefing has created the Holistic Security Protocol for Human Rights Defenders (the Defender’s Protocol) to help us enhance our individual and collective security, including our digital security.

Defender’s Protocol – Digital Security
  1. Consider the different types of information that you hold and seek to better understand both their value to your work and the harms to you and others that could result from an attacker accessing them. Put in place additional measures to protect those assets representing the greatest value or potential harms.
  2. If it has to be shared, communicate sensitive information with co-workers face-to-face or using communication tools that allow end-to-end encryption and disappearing messages.
  3. Ensure that any computer or mobile device that you use:
    1. Cannot be physically accessed by unauthorised persons.
    2. Requires a password or passcode to unlock.
    3. Is running the latest available versions of the operating system and all installed apps/software.
    4. Has full disk encryption enabled, if legal in your country.
    5. Has antivirus software and a firewall installed, updated and configured correctly.
    6. Is not rooted or jailbroken and does not have any pirated software installed on it.
    7. Is shut down and powered off as frequently as possible, rather than just put into sleep or hibernate state.
  4. Ensure that any online service that you use:
    1. Requires a complex, unique password to access.
    2. Has two-factor authentication (2FA/2SV) enabled, if available.
  5. Use a privacy-focused VPN if accessing the internet through a public or untrusted network.
  6. Securely delete sensitive information in all its forms and variations as soon as it is no longer needed, and ensure that it is not recoverable.

High-risk users

Specific users might be at heightened risk of digital surveillance due to their profile or activity. Protective tools and features for high-risk users can be found on iPhones, Android devices and online services.

Please note this list is not intended as a replacement for formal information and digital security risk assessment and training.


Detecting spyware threats

If you believe you have been targeted by spyware, it is important to get a forensic check on your device. This can help confirm an attack took place and collect forensic evidence to protect other at-risk individuals. A number of organisations, including Amnesty International’s Security Lab, have developed methodologies to detect traces of spyware.

If you have serious concerns that you or your devices may be targeted by spyware or other digital threats, please click below to contact the Security Lab.

The Security Lab works to investigate and document human rights abuses linked to spyware and surveillance technology, alongside other targeted digital threats facing civil society.

Other civil society partner organisations are also available to offer support to individuals who are concerned about spyware threats. The Access Now Digital Security Helpline offers multi-lingual support to individuals who are concerned about spyware threats.


Digital resilience and security

For other forms of digital attacks, the Security Lab has brought together relevant, free and accessible digital and information security resources. Resources include helplines and helpdesks, digital and information security guides and tools, as well as organisations providing digital risk assessments.

We have further lists of local resources for specific countries, please let us know if you would like to access them.

The Security Lab assumes no responsibility for the resources and organisations shared. This list is in ongoing improvement so please feel free to suggest additional resources, or let us know when resources are no longer available by contacting us.

Please be mindful when using any online tools and avoid sharing your personal and digital information online, such as your passwords.