Tor for Political Dissidents: Secure Organizing and Communication

Political dissidents face threats that differ from corporate or personal privacy concerns. Threat sources: state security services (the primary threat for most dissidents - well-resourced, persistent, legally empowered), paramilitary groups, informants within activist networks, and corporate surveillance (secondary). Attack vectors: device compromise (targeted malware like Pegasus), network surveillance (ISP monitoring, national surveillance infrastructure), human intelligence (informants, interrogation of associates), and social media analysis (mapping relationships, tracking activity patterns). Tor addresses network surveillance directly and partially addresses device compromise by routing through circuits that do not directly connect to the activist's IP address. Tor does not protect against: device compromise (if Pegasus or similar malware runs on the device, it reads data before Tor encryption), informants (human networks are not a technical problem), and behavioral pattern analysis (if you always access Tor from home at 9pm, that pattern is visible even if the content is not).

Building secure communication infrastructure for an activist group requires more than individual tool adoption - it requires organizational security practices that the whole group follows. Minimum security baseline for groups: (1) Signal for one-on-one and small group messages (accept the phone number requirement as a trade-off for strong end-to-end encryption and large user base), (2) Session or XMPP with OMEMO over Tor for communication where phone number linkage is unacceptable, (3) a .onion-hosted private Matrix or XMPP server for secure group communication, (4) encrypted storage for shared documents (CryptPad via .onion, Keybase, or self-hosted Nextcloud with E2EE). The group should have documented communication security policies: what tools to use for what sensitivity levels, how to onboard new members with security training, and how to respond when a member's device is compromised (change shared credentials, inform the group).

Dissidents who document human rights abuses, corruption, or government crimes need to publish their findings without being identified. Anonymous publishing approaches: (1) submit to established media organizations via SecureDrop or GlobaLeaks - this protects the source while giving the story credibility and reach, (2) self-hosted .onion blog or wiki using Tor to post directly - provides control but requires the audience to find the .onion address, (3) use Riseup, Autistici, or other activist-friendly hosting for clearnet blogs accessed via Tor - the hosting provider knows you (by pseudonym and payment) but not by network-identified IP. For videos and images: strip metadata before publishing (MAT2 for files, ExifTool for images), re-encode video (reduces the chance of device-specific encoding artifacts that could identify the recording device), and avoid publishing in real-time if timing could reveal location.

In environments where state security services target activists aggressively, standard Tor browser use is insufficient. Higher-security practices: use Tails OS booted from USB for all activism-related digital activity - Tails leaves no trace on the computer's storage, and if the USB is confiscated, the device contains only the OS (not your activity data). Use separate devices for activism and personal use - if your personal device is compromised or confiscated, your activism-related activity is not exposed. Access Tor from locations that are not your home or office - vary locations to prevent timing correlation. For meetings and organizing: Signal or Session with disappearing messages (set to 1 week maximum), verify safety numbers with key contacts in person, and have a protocol for what happens when a member is arrested or their device compromised.

Numerous organizations provide free digital security support for activists and dissidents. Access Now's Digital Security Helpline (accessnow.org/help) provides free direct technical assistance in multiple languages. Front Line Defenders (frontlinedefenders.org) provides security training and emergency support for human rights defenders. Committee to Protect Journalists (cpj.org) provides security resources for journalists. EFF's Surveillance Self-Defense (ssd.eff.org) provides guides specifically for activists. Security in a Box (securityinabox.org) provides tool tutorials in multiple languages. The Freedom of the Press Foundation provides training for press freedom organizations. Many of these organizations operate .onion versions of their resources and can be contacted via Tor-routed communication channels.