TLDR Digital Safety Checklist

🤔 Who this guide is for

🌱 How this guide works

🗣 This guide in other languages

🕒 Last updated

🧐 Theory & science

🎯 Threat modeling

🔡 Encryption levels

  1. Not encrypted: Any third party who intercepts the data can read it as-is.
  2. Regular encryption: Data is encrypted so that third parties cannot read them. But the platform (e.g. Google or Facebook) still has access, and may hand the data over to law enforcement if they are required to do so by the courts.
  3. End-to-end encryption: the data can only be read by the original sender and receiver. This means not even the platform has access. So if the courts call, the service provider can’t hand over the messages because they don’t have them either.

🧩 Metadata

💦 Level 1 recommendations

✅ Things to do now


Good passwords

Encrypt your devices


💪🏽 Habits to cultivate


Update all the things


👍 Great job! You’ve covered the basics.
👍 What about trying out the next level?

💦💦 Level 2 recommendations

✅ Things to do now

Enhance your privacy


💪🏾 Habits to cultivate

Enhance your privacy


🎉 Congratulations! You’re now reasonably
🎉 secure, which is more than most :)

💦💦💦 Level 3 recommendations

✅ To do

Lock up sensitive files

Revisit old passwords

💪🏾 Habits to cultivate

😲 Wow, you even finished the difficult
😲 digital housekeeping tasks. Well done!

💦❗️ Scenario-based recommendations

🛫 Crossing an international border

😭 Somebody took my phone/computer!

👾 I think my computer has been hacked!

🍆 Sexting & non-consensual image sharing

✊🏾 Attending a protest

In case of emergency

Store less share less


📰 I’m a journalist working on a sensitive topic

Below are some basics that all journalists should consider. If you’re working on/in a particularly sensitive story/region (e.g. a whisteblower story), you and your team should get an tailored training session from an expert.

Be prepared

Protect yourself

Protect your sources

Protect your data

For more information

🕵🏼‍♂️ Online harassment & doxxing

Harassment and doxxing can get very specific and complicated based on the attacker, your position, the overall cultural context, etc. While we have some general suggestions below, we implore you to think about whether your situation has escalated sufficiently and whether it’s time to find professional, one-on-one help.

Recruit a trusted friend

Monitor updates & collect receipts

Remove your personal information from the internet

Obscure your personal information

Ignore/reply/report/block your harassers

For more information

👤 I don’t want to give out my real phone number for online dating/networking/organizing

For messaging apps that use phone numbers as the primary identifier/username (e.g. Signal, WhatsApp), get a secondary number from:

But keep in mind:

For true anonymity – create an untraceable online persona under a pseudonymn

🤐 Traveling to a place with weak data protection laws or internet censorship

😣 I need help now, my systems are under attack!

If you work as part of a civil society group, you can contact:

If you have a bit more time, you can also apply for a Digital Defenders Partnership Incident Emergency Grant.

💦❓ Other recommendations

This section is a catch-all for difficult or esoteric practices that do not fall under any of our scenarios above and might not lead to an immediate payoff for the casual user.


File storage & sharing

Messaging apps

Hosting/running a website


🏆 Oh my, you made it this far.
🏆 You are a true champ!

🧠 Sources

We consulted many sources and drew upon our own experiences in creating this resource. If you’re not finding quite what you want here, we recommend checking out these other resources:

📝 License

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.