If you are reading this, you are probably organizing something. A protest. A mutual aid network. A documentation project. An underground publication.
You are doing this in an environment that is, at minimum, indifferent to your work. At maximum, actively hostile.
You need operational security. Not paranoia. Not recklessness disguised as courage. Operational security.
This is how you build a network that survives.
First Principle: Trust is Earned in Increments
You do not trust someone because they are passionate. You do not trust someone because they showed up to a meeting. You do not trust someone because they say the right things.
You trust someone because they have demonstrated, over time, that they can hold information without compromising it.
Here is the structure:
Level One: Public information. Meeting times. General goals. Information that would appear on a flyer. Anyone can know this.
Level Two: Operational details. Specific plans. Roles. Logistics. Only people who have demonstrated reliability at Level One move to Level Two.
Level Three: Sensitive information. Names of vulnerable participants. Sources. Funding. Secure channels. Only people who have demonstrated reliability at Level Two for an extended period move to Level Three.
Level Four: Critical nodes. Information that, if compromised, collapses the network. Encryption keys. Safe house locations. Emergency protocols. Only people who have been vetted through every previous level and have operational need-to-know access this.
Most networks fail because they skip this structure. Someone shows up, seems committed, and within two weeks knows everything.
That is not trust. That is exposure.
Second Principle: Compartmentalization
No one should know more than they operationally need to know.
This sounds cold. It is not. It is protective.
If someone is arrested and interrogated, they can only compromise what they know. If they know everything, they can compromise everything.
In the nineteenth century, I smuggled religious texts across the Korean border. We used a cell structure. Each courier knew their pickup point and their drop point. They did not know who packed the texts. They did not know who received them on the other side. They did not know the other couriers.
If a courier was caught, the authorities got one node. Not the network.
You do the same. Your protest organizer does not need to know who is running the legal defense fund. Your legal defense coordinator does not need to know who is documenting police behavior. Your documentarian does not need to know who is providing medical supplies.
They need to know their role. That is all.
Third Principle: Communications Hygiene
Every message you send can be intercepted. Every call can be monitored. Every email can be read.
Plan accordingly.
Use end-to-end encryption. Signal, not WhatsApp. ProtonMail, not Gmail. If you do not understand what end-to-end encryption means, learn before you send anything sensitive.
Verify identities. Before you send secure information, verify you are talking to the person you think you are talking to. Use safety numbers. Use verification codes. Do not assume.
Minimize metadata. Encryption protects content. It does not protect metadata — who you talked to, when, for how long. Metadata can map your network even if the content is unreadable. Rotate numbers. Use temporary accounts. Do not use your personal phone for organizing.
Never use SMS for sensitive information. Text messages are not encrypted. They are trivial to intercept. If someone asks you to confirm protest details via text, they are compromising you, intentionally or not.
Assume infiltration. If your network is doing anything that threatens power, assume someone in your network is either an informant or is compromised. This is not paranoia. This is history.
Plan communications as if someone hostile is reading them. Because they might be.
Fourth Principle: Physical Security
Digital security matters. Physical security matters more.
Meeting locations: Do not meet in the same place repeatedly. Do not meet in places with cameras. Do not meet in places where your presence is unusual and therefore memorable.
Surveillance awareness: If you are being followed, you need to know. Learn countersurveillance basics. Vary your routes. Notice patterns. If the same person is behind you multiple times, that is data.
Document control: Physical documents are liabilities. Minimize them. If you must keep records, encrypt them. If you cannot encrypt them, store them off-site. If you cannot store them off-site, have a destruction protocol.
When I crossed the Korean border, we burned documents the moment they were no longer operationally necessary. We did not keep archives. We kept the network alive.
Device security: Your phone is a tracking device with a camera and a microphone. Assume it is compromised. Do not bring it to sensitive meetings. If you must bring it, turn it off and leave it outside the room. Better: leave it at home.
Your laptop is a record of everything you have done. Encrypt the hard drive. Use strong passwords. Enable remote wipe if the device is lost.
Fifth Principle: Vetting
Before someone enters your network, you vet them.
This does not mean running a background check. This means observation over time.
Watch behavior. Are they consistent? Do they show up when they say they will? Do they follow through? Do they ask questions appropriate to their role, or are they fishing for information they do not need?
Check connections. Who introduced them? Can that person vouch for them? Have they worked with other groups? What is their reputation?
Test incrementally. Give them small responsibilities. See if they handle them reliably. If they do, increase responsibility slowly.
Red flags:
- Someone who asks for sensitive information they do not need
- Someone who pushes for accelerated trust (“We don’t have time for this, we need to act now”)
- Someone who appears suddenly with resources and no clear history
- Someone who cannot explain how they found your group
- Someone whose story changes under light questioning
If something feels wrong, it probably is. Do not ignore that.
Sixth Principle: Redundancy
Every critical function in your network should have a backup.
If your communications coordinator is arrested, someone else should be able to step in immediately. If your safe house is raided, you should have an alternative. If your primary channel is compromised, you should have a secondary.
Single points of failure are how networks collapse.
I organized smuggling routes with three fallback paths. If one was blocked, we used the second. If the second was blocked, we used the third. The network survived because no single route was irreplaceable.
You do the same. Document your processes (securely). Train backups. Expect disruption.
Seventh Principle: Know When to Stop
Operational security is not about never taking risks. It is about taking calculated risks.
If the risk is acceptable and the goal is worth it, you proceed.
If the risk exceeds the capacity of your security measures, you stop.
This is the hardest principle, because stopping feels like surrender.
It is not.
I was executed in 1846. I knew the risks. I calculated them. I decided the work was worth it.
But I did not take reckless risks. I took calculated ones. I trained others so the work would continue after I was gone. When I was arrested, the network survived.
If you are compromised, you stop. You do not take the whole network down with you out of stubbornness.
If your security measures are inadequate for the threat level, you stop until you can upgrade them.
If someone in your network is a liability, you remove them.
This is not cruelty. This is survival.
When Security Feels Like Paranoia
You are going to feel like this is paranoia. You are going to feel like you are being overly cautious. You are going to be tempted to skip steps because this person seems trustworthy, because you do not have time, because it feels unnecessary.
Do not.
Networks collapse because of small compromises. Someone shares a phone number they should not have shared. Someone brings a phone to a meeting. Someone trusts too quickly.
One mistake can map the entire network.
I am not telling you to trust no one. I am telling you to trust incrementally, verify constantly, and compartmentalize information so that no single compromise can collapse everything.
That is not paranoia. That is operational discipline.
What This Protects
When you practice operational security, you are not just protecting yourself. You are protecting everyone in your network.
The medic who treats injured protesters cannot do their work if they are arrested because you were careless with their name.
The documentarian who records police violence cannot publish if their footage is confiscated because you did not encrypt the backup.
The family providing safe housing cannot help if they are raided because you mentioned their address in an unencrypted message.
Your operational security is their safety.
Treat it that way.
The Goal
The goal of operational security is not to eliminate risk. The goal is to ensure that when risks materialize — and they will — they do not collapse the network.
You will make mistakes. Everyone does. The question is whether those mistakes are contained or catastrophic.
Build redundancy. Compartmentalize. Vet carefully. Communicate securely. Practice physical discipline.
If you do this, your network will survive the inevitable compromises.
If you do not, it will not.
I built networks under the Joseon dynasty, when organizing was punishable by death. The networks survived because we treated operational security as non-negotiable.
You are building networks under different conditions, but the principles do not change.
Your network is only as secure as its weakest node. Know who that is. Shore it up or isolate it.
Protect the people you are organizing with. They are trusting you with their safety.
Honor that trust with discipline.