Digital privacy guide for NGO workers abroad.

The specific risks: access by partner government authorities who are formally cooperative and operationally hostile; surveillance by actors with a direct interest in what your organisation is doing; border searches in both directions; local infrastructure that may be monitored at the state level. None of that is addressed by a list of VPN reviews.

Worth naming early: the people most at risk are rarely the senior staff who have been through training. They are local employees, in-country partners, field workers who use personal accounts for operational communications because organisational infrastructure does not extend to them. That gap is the most common real vulnerability in NGO security. It requires an organisational decision to close, not an individual one.

Assess the actual threat before you pack

Not every deployment carries the same risk. A country where the government has a documented record of accessing humanitarian worker communications is a different situation from a country where the primary concern is opportunistic device theft.

The questions that need answers: what is the host government’s documented relationship with NGOs doing this work? What can local authorities compel from communications providers without an international legal process? Has your organisation or its partners been targeted before? The answers determine what preparation is necessary. A checklist that skips those questions is decoration. (See: security checklist for high-risk travel.)

The device question is an organisational decision

Does your organisation issue dedicated field devices, reset before and after each deployment? Or are workers using personal phones because nothing else is available?

Personal devices carry years of accumulated history: messages, contacts, photos with location embedded, accounts that have nothing to do with the deployment but reveal personal relationships and patterns. A device issued specifically for the deployment, containing only what the deployment requires, presents a fundamentally different access profile at a border crossing or during a search. That device exists because someone at the organisational level decided it should. If that decision hasn’t been made, making the case for it is the first recommendation in this guide.

Communications in the field

Signal with disappearing messages for sensitive communications. WhatsApp is not sufficient. Content is encrypted in transit, but the backup is not end-to-end encrypted by default, and who communicated with whom and when is accessible under legal process in the US jurisdiction where Meta operates.

Proton Mail for email that may be sensitive. A dedicated address for field communications, not your primary professional one. Brief your contacts before you leave, not after you arrive.

A VPN tested and confirmed working before departure. Not configured the night before the flight. Tested three days in advance, on a restricted network if you can find one, so you know it connects before you depend on it.

Local SIM: what you are actually trading

Buying a local SIM registers your identity with local authorities through the carrier. Your number is known. Your traffic runs through local infrastructure. Your call metadata — who you called and from where — is available to local authorities without the friction of an international legal request.

For deployments where the existence of foreign workers is itself sensitive, a local SIM protects nothing and adds a registration record. For deployments where the main concern is data costs, it is a practical trade-off if you understand what you are trading.

On return

A field device needs review before it reconnects to organisational networks. Change passwords for accounts accessed during the deployment from a clean device first. If the device was out of your physical control at any point — at a border, at a hotel, in a shared vehicle — treat it as potentially compromised until someone has looked at it properly.

Frequently asked questions

What VPN is recommended for NGO workers in restricted countries?

Proton VPN with Stealth protocol. Stealth makes VPN traffic look like standard HTTPS, which keeps connections alive in environments that block standard VPN protocols. Test it from a home network before departure. Know that it connects before you need it.

Should NGO workers use personal phones for work?

Where possible, no. Personal devices carry personal history that creates unnecessary exposure if searched. If a personal device is the only option, audit it before departure and strip it to the operational minimum.

---

There’s no perfect setup. Anyone selling you perfect is selling fear. The goal is simple: make yourself a harder target than the person next to you.