Tor for Human Rights Workers: Digital Safety in the Field

Human rights workers face threats from state security services with substantial technical capabilities, local law enforcement with phone seizure authority, criminals hired to intimidate workers, and hostile armed groups with informant networks. The technical threat includes deep packet inspection of internet traffic to detect communications with international human rights organizations, IMSI catchers (Stingrays) that impersonate cellular towers to intercept communications, physical device seizure and forensic analysis, and social engineering of communication platform providers to reveal account data. Tor addresses the network surveillance component by encrypting and routing traffic through multiple relays, preventing local network monitoring from identifying communication destinations.

Tails (The Amnesic Incognito Live System) is purpose-built for human rights work and journalistic documentation in hostile environments. Boot Tails from a USB drive on any computer - it runs entirely in RAM, leaves no trace on the host computer, and shuts down cleanly leaving no forensic evidence. Tails routes all network traffic through Tor by default. Use Tails for drafting reports, encrypting files with GPG, and transmitting documentation to international organizations. Tails includes KeePassXC for secure password management, GnuPG for encryption, and Tor Browser with Tor-routed network access. Configure persistent storage (encrypted partition on the USB) only if you need to retain specific documents between sessions - stateless operation maximizes security.

Sources willing to provide testimony or documentation face retaliation risk if their contact with human rights organizations is discovered. Use Signal for communications with sources who have smartphones, configured with disappearing messages (30 days maximum, 1 week preferred). For sources with limited technical capability, WhatsApp provides end-to-end encryption for messages and calls, though metadata (who talked to whom, when) is visible to the platform. For highly sensitive source relationships, establish contact over SecureDrop - a Tor-based platform specifically designed for source-organization communications. SecureDrop requires the source to access a .onion address, providing protection against network-level surveillance of the contact. Provide sources with Tor Browser and the SecureDrop address through in-person meetings.

Evidence transmission must balance speed with security. Large files (video documentation, high-resolution photographs) cannot be transmitted over Tor Browser during active monitoring situations due to bandwidth constraints. Pre-encrypt evidence with GPG to the recipient organization's public key before transmission. Use OnionShare to create temporary .onion file transfer endpoints for large encrypted files. OnionShare generates a temporary onion address that only you and the recipient know, avoiding any third-party file storage. For ongoing field teams, establish a dedicated file transfer server running on .onion address with SFTPPlus or similar, so evidence transfers appear as routine Tor traffic rather than identifiable file upload sessions to known organization infrastructure.

Digital security measures fail if physical security is compromised. Border crossings with device inspection are a primary risk - cross sensitive borders with factory-reset or clean devices, upload encrypted backups to secure storage before crossing, and restore after arrival. Use full-disk encryption (VeraCrypt hidden volumes for high-risk scenarios, standard LUKS for moderate risk) on all devices storing sensitive documentation. Carry only information necessary for the immediate field mission. Establish cover stories for device use that explain ordinary travel purposes. For communications with headquarters during field operations, use pre-arranged signal phrases that indicate whether communications are being made under duress. Tor protects network traffic but cannot protect against an adversary physically present at your device.