Identity Discipline —
Protecting Yourself in Hostile Environments
Identity discipline is the practice of separating who you are from what you do — protecting your personal identity, your network, and your sources from surveillance, retaliation, and exposure. Drawn from Reporters Sans Frontières methodology and adapted for activists, journalists, and civil society workers operating under scrutiny.
Identity discipline is not paranoia. It is a structured practice — developed by journalists, human rights workers, and resistance movements operating under hostile surveillance — that separates your personal identity from your activist or professional role. The goal is not to conceal who you are. It is to control what information adversaries can access, correlate, and use against you or your network.
Reporters Sans Frontières frames this as a fundamental protection for anyone working in an information-sensitive role. The same principles that protect a journalist’s sources protect an activist’s network. Exposure of either can result in arrest, harassment, loss of employment, or physical harm — not only to the individual, but to everyone connected to them.
Identity discipline operates on three layers: digital identity (what you do online and what traces you leave), physical identity (what you present in the world and what can be observed), and social identity (what your network knows and what they might disclose). All three require active management. Weakness in any one layer can compromise the other two.
This page does not assume you are engaged in illegal activity. Identity discipline is a legitimate and widely practiced professional standard for journalists, lawyers, NGO workers, opposition politicians, and anyone whose work puts them in conflict with powerful interests. The question is not whether to practise it — it is how rigorously your threat environment requires you to do so.
RSF’s digital security methodology begins with threat modelling — the process of identifying who might target you, what they are capable of, and what they are trying to find. Your identity discipline measures should be proportionate to your threat environment. Over-preparation wastes resources; under-preparation creates exposure.
Civil society activity in a stable democracy with a free press. Adversary is opportunistic, not targeted. Basic digital hygiene, strong passwords, and careful social media use are sufficient. No dedicated surveillance capacity directed at you.
Organising in a context where authorities monitor activist networks, or working on issues that attract corporate or government attention. Separate identities for activist and personal activity. Encrypted communications standard. Legal observer presence at actions.
Journalist, opposition figure, or activist in a context with documented state surveillance of civil society. Full separation of digital identities. Hardened device security. Source protection protocols. Physical identity discipline at all actions. RSF and EFF full-protocol guidance applies.
Operating in or communicating with contacts in an authoritarian or conflict context. Assume all communications are monitored. Air-gap sensitive material. Use only vetted secure channels. Consult Access Now Digital Security Helpline and RSF emergency protocols directly. This page is not sufficient for this threat level alone.
Reporters Sans Frontières recommends beginning every security assessment with four questions: Who wants to harm me or my sources? What do they want to find? What do they have access to? What are the consequences of exposure? The answers determine the proportionate response — not a one-size checklist.
The most common identity discipline failure is the conflation of personal and activist digital identities. A single email account, phone number, or social media profile that bridges both worlds creates a correlation point that adversaries can exploit. Separation is not about hiding — it is about compartmentalisation.
Separate email accounts: One account for personal life, a distinct account — ideally on a privacy-focused provider (ProtonMail, Tutanota) — for activist or professional work. Never cross-reference them. Do not forward between them.
Pseudonymous accounts: Where your role requires public presence, use a consistent pseudonym rather than your legal name. A pseudonym maintained over time builds credibility without exposing your personal identity. RSF uses the term “journalistic alias” for this practice.
Account creation hygiene: Do not create activist accounts from your personal device or home IP address. Use a VPN or Tor for account creation. Do not use your personal phone number for verification — use a separate SIM or a voip service.
Password discipline: Unique strong passwords for every account. A password manager (Bitwarden, KeePassXC) is the only practical solution. Never reuse passwords. Enable 2FA on all accounts — hardware keys (YubiKey) or authenticator apps, never SMS for high-risk accounts.
Audit existing accounts: Review everything you have posted publicly. Information that seems innocuous in isolation — workplace, neighbourhood, daily routine, family members — can be combined to identify and locate you. Use the OSINT section of this page to see what is already findable.
No cross-posting between identities: Never share content from your activist accounts on personal accounts or vice versa. Engagement patterns — likes, follows, shares — are metadata that correlates identities even when names differ.
Location data: Disable location tagging on all posts. Review app location permissions. Photographs contain EXIF metadata including GPS coordinates — strip metadata before posting images from sensitive locations.
For moderate to high threat environments, RSF recommends maintaining separate devices for personal and activist use. A dedicated low-cost Android device running GrapheneOS or a hardened configuration for activist communications provides meaningful separation. At minimum, do not conduct sensitive communications on a device that also contains your personal contacts, banking apps, or location history.
At any point of arrest or detention, your device may be seized. Assume law enforcement has the technical capability to extract data from unlocked or poorly secured devices. Enable full-disk encryption. Use a strong alphanumeric passcode — not biometric alone. Biometric unlocks can be compelled; passcodes cannot in most jurisdictions. Know your device’s data protection settings before attending any action.
Digital identity discipline is only half the picture. Physical presence at protests, meetings, and actions creates observable identity data — facial recognition, gait analysis, licence plate readers, and informant identification all operate in the physical domain. Physical identity discipline addresses what can be seen, recorded, and correlated in the real world.
Face covering: Where legal in your jurisdiction, wearing a face covering at demonstrations protects against facial recognition systems and photographic identification. Check the law in your area — some jurisdictions prohibit face coverings at protests, and non-compliance creates its own legal exposure.
Distinctive clothing: Avoid wearing distinctive items — branded clothing, unusual accessories, or anything that makes you easily identifiable across multiple events. Adversaries correlate attendance across demonstrations using clothing identification.
Carry only what you need: Do not carry unnecessary identification, loyalty cards, or items linked to your personal identity. Carry only what you are legally required to carry and what you would be comfortable having examined.
Travel to and from actions: Avoid travelling to actions directly from your home. Public transport, cycling, or walking from a neutral location reduces the correlation between your home address and your activist presence. Avoid using personal vehicles — licence plates are logged.
IMSI catchers (stingrays): Law enforcement in many jurisdictions deploys IMSI catchers at demonstrations — devices that mimic cell towers and log all phones in an area. Your phone’s presence at an action is logged even if you make no calls. A separate prepaid SIM or leaving your primary phone at home prevents this correlation.
Airplane mode is not sufficient: Some location logging occurs independently of cellular connectivity. If you require your phone to be non-trackable, power it off completely — or leave it at home and use a separate dedicated device for the action.
Bluetooth and WiFi: Both broadcast identifiable signals when enabled. Disable both before arriving at any action.
Communications security is the practice of ensuring that only the intended recipients can read what you send. This is not the same as privacy — it is operational security. Unencrypted communications sent over standard channels are accessible to network operators, law enforcement with legal authority, and in some contexts hostile state actors. The Freedom of the Press Foundation’s guides treat encrypted communication as baseline — not exceptional — for anyone in an information-sensitive role.
End-to-end encrypted messaging and calls. Open source, audited. Enable disappearing messages. Do not use SMS as a fallback for sensitive content. Recommended by RSF, EFF, and FPF as primary secure messaging tool.
signal.org →End-to-end encrypted email between users on the same platform. For email to non-encrypted recipients, use PGP encryption. Standard email providers (Gmail, Outlook) hand over data under legal compulsion.
proton.me →Routes traffic through multiple encrypted relays, masking your IP address and browsing activity. Slower than standard browsing but provides strong anonymity. Use for sensitive research and account creation. Do not log into personal accounts while using Tor.
torproject.org →Masks your IP address from websites and network operators. A VPN is not anonymity — the VPN provider can see your traffic. Choose a provider with a verified no-logs policy in a jurisdiction outside your adversary’s legal reach.
mullvad.net →Open-source, audited disk encryption. Use for sensitive document storage on local devices. Create encrypted containers for activist materials, keeping them separate from personal files.
veracrypt.fr →Secure file sharing over Tor. OnionShare for peer-to-peer transfer; SecureDrop for journalist source submissions. Both leave no metadata trail accessible to third parties.
onionshare.org →The Electronic Frontier Foundation’s Surveillance Self-Defense guide explicitly advises against adopting all tools simultaneously. Start with Signal for messaging and a password manager for accounts. These two changes address the majority of exposure for most threat levels. Add layers as your threat assessment requires — complexity introduces its own operational risk if tools are used incorrectly.
Open Source Intelligence (OSINT) is the collection and analysis of publicly available information. State actors, hostile organisations, and individuals use OSINT techniques to identify, locate, and build profiles on activists and journalists. Understanding what is findable about you is the first step in reducing your exposure surface.
Before taking any protective action, understand your current exposure. The following process is adapted from standard OSINT methodology and requires no specialist tools:
Google yourself comprehensively: Search your full name, your name plus location, your name plus employer, your email addresses, and your phone number. Note everything that appears. Repeat with Bing and DuckDuckGo — results differ between search engines.
Review all social media profiles: Including inactive accounts. Old accounts often contain more identifying information than current ones. Check privacy settings on every platform. Assume anything set to “friends of friends” is effectively public.
Check data broker sites: People-finder and data broker sites (Spokeo, Whitepages, Intelius equivalents in your country) aggregate personal data from public records. Most allow opt-out removal requests. Submit them. This is a standard RSF recommendation for journalists in any threat environment.
Check image search: Reverse image search your profile photographs. If the same photo appears across multiple platforms, it creates a correlation bridge between your personal and activist identities. Use different photographs for different identities — or no photograph at all for activist accounts.
Review public records: Voter registration, property records, and company registrations are often publicly searchable and contain home addresses. Understand what is in the public record in your jurisdiction and whether opt-out or redaction mechanisms exist.
Your identity can be exposed through your network even when your own accounts are clean. A colleague who tags you in a photograph, a contact who lists you publicly, or a group membership that is publicly visible can all create exposure. Brief your network on identity discipline. You are only as protected as your weakest link.
Conduct a personal OSINT audit. Note everything findable. Begin removal requests on data broker sites.
Install a password manager. Change all account passwords to unique strong passwords.
Enable 2FA on all critical accounts — use an authenticator app, not SMS.
Install Signal. Move sensitive communications off standard SMS and email.
Enable full-disk encryption on all devices. Set a strong alphanumeric passcode.
Confirm your activist and personal digital identities are fully separated — no shared accounts, no cross-posting, no shared photographs.
Strip EXIF metadata from any photographs before posting — especially location data.
Brief your network. Confirm they understand not to tag, identify, or publicly link you without consent.
At any physical action: disable Bluetooth and WiFi. Carry only what is legally required. Travel from a neutral location.
Repeat your OSINT audit every 6 months. Data brokers re-aggregate removed data over time.
Review app permissions quarterly — particularly location, microphone, and contacts access.
Re-assess your threat level when your circumstances change — new role, new campaign, new jurisdiction.
The following organisations publish the most authoritative publicly available guidance on identity discipline, digital security, and source protection. All materials are free to access.
The primary international reference for journalist digital security. Publishes threat-modelled guides for reporters in hostile environments.
rsf.org →The Electronic Frontier Foundation’s comprehensive threat-based security guide. Covers tools, threat modelling, and specific scenarios.
ssd.eff.org →Publishes security training guides and maintains SecureDrop. Specific guidance for journalists and their sources.
freedom.press →Free direct digital security assistance for civil society, journalists, and activists under threat. Available in multiple languages.
accessnow.org →Digital protection for human rights defenders at risk. Publishes a comprehensive workbook on protection planning.
frontlinedefenders.org →Digital safety resources specifically for journalists. Includes country-specific threat assessments and emergency support.
cpj.org →If you believe you are currently under active surveillance or facing immediate digital threat, contact the Access Now Digital Security Helpline directly at accessnow.org/help. They provide free, confidential, expert assistance to civil society and journalists in real time. This page is an educational reference — it is not a substitute for direct expert support in an active threat situation.