Set Up Secure Communication For Labor Strike: Practical

Labor strike organizing requires communication infrastructure that resists employer surveillance, protects activist identities, and maintains operational reliability under pressure. Unlike standard workplace communication, strike organizing faces adversaries with legal resources, corporate monitoring tools, and potentially sophisticated surveillance capabilities. This guide provides practical implementation strategies for developers and power users building secure communication systems for labor organizing.

Establishing Your Threat Model

Before selecting tools, identify what you’re protecting against. Labor strike organizers typically face employer surveillance through company devices, subpoena of messaging service records, location tracking via phone metadata, social engineering attacks, and potential device seizure. Your threat model determines which tools provide adequate protection.

For most labor organizing scenarios, the priority is preventing message content exposure if a device is seized or a service provider is compelled to hand over data. End-to-end encryption where the service provider cannot read messages provides essential protection. Additionally, minimizing metadata—who communicated with whom and when—protects the network structure of your organizing committee.

Recommended Communication Stack

Signal for Real-Time Coordination

Signal provides the strongest available end-to-end encryption with an audited security model. The Signal protocol implements perfect forward secrecy, meaning compromised keys cannot decrypt past messages. For strike coordination requiring real-time communication, Signal remains the best option for core organizing teams.

Secure Signal setup for organizing:

Install Signal from signal.org or your platform’s official app store
Register with a dedicated phone number not linked to your primary identity
Create a group limited to trusted steering committee members
Enable disappearing messages with a 1-hour or shorter window
Disable cloud backup in Signal settings

# Verify Signal Android APK integrity (example)
# Download SHA-256 hash from signal.org before installing
sha256sum Signal-*.apk

The primary limitation of Signal is phone number metadata. Your phone carrier knows you registered with Signal, and Signal itself retains limited metadata. For higher-threat scenarios, consider combining Signal with Session for anonymous communication channels.

Session for Anonymous Communication

Session provides end-to-end encrypted messaging without requiring a phone number. Messages route through a decentralized network of nodes, making it difficult to identify users. Session’s onion-routing protocol protects metadata better than Signal for high-risk scenarios.

Session setup for anonymous organizing:

Download Session from sessionapp.com or F-Droid
Create an account and save the recovery phrase securely (offline, encrypted)
Share the Session ID instead of phone numbers
Create group chats for different organizing teams

Session works well for communicating with workers who need to maintain separation from their professional identity.

Matrix (Element) for Self-Hosted Infrastructure

Matrix provides a decentralized alternative with end-to-end encryption. Running your own Matrix server eliminates dependence on corporate providers and gives control over your data. For larger organizing efforts requiring infrastructure you control, Matrix offers the best flexibility.

Deploying a minimal Element/Matrix server:

# Install Docker and docker-compose first
apt install docker.io docker-compose

# Create directory for Matrix
mkdir -p ~/matrix
cd ~/matrix

# Create docker-compose.yml for Element + Synapse
cat > docker-compose.yml << 'EOF'
version: '3'
services:
  synapse:
    image: matrixdotorg/synapse:latest
    container_name: synapse
    volumes:
      - ./data:/data
    ports:
      - "8008:8008"
    environment:
      - SYNAPSE_SERVER_NAME=your-strike-org.org
      - SYNAPSE_REPORT_STATS=no
    restart: unless-stopped

  element:
    image: vectorim/element-web:latest
    container_name: element
    volumes:
      - ./element-config:/etc/element
    ports:
      - "80:80"
    environment:
      - SERVER_URL=https://your-strike-org.org:8008
    restart: unless-stopped
EOF

# Start the services
docker-compose up -d

After deployment, enable end-to-end encryption in Element’s security settings and configure your organizing team with verified devices.

Device Security Fundamentals

Communication security depends on device security. A compromised device exposes all communications regardless of encryption quality.

Device Preparation

For dedicated organizing devices:

Use a separate device from your work and personal phones
Install a privacy-focused operating system (GrapheneOS, CalyxOS, or standard iOS with minimal apps)
Enable full-disk encryption with a strong passphrase
Use a hardware security key for authentication where possible

# Verify Android encryption status (on device)
# Settings > Security > Encryption
# Should show "Phone encrypted"

Network Security

Organizing communications should occur over trusted networks. Avoid using workplace WiFi for organizing discussions, as employers often monitor network traffic.

Using a personal VPN for organizing:

# Example: WireGuard client configuration
# /etc/wireguard/wg0.conf

[Interface]
PrivateKey = <your-private-key>
Address = 10.0.0.2/24
DNS = 10.0.0.1

[Peer]
PublicKey = <vpn-server-public-key>
Endpoint = vpn.your-privacy-provider.com:51820
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25

Self-hosted WireGuard connections to a server you control provide the best metadata protection. For labor organizing, consider running your own VPN server on a privacy-respecting host.

Strike organizing requires sharing sensitive documents: bargaining demands, member lists, strategy documents. These require encrypted file sharing with access controls.

PrivateBin for Sensitive Text

PrivateBin is a minimalist encrypted pastebin that stores data on your server with client-side encryption.

Self-hosted PrivateBin deployment:

# Using Docker for PrivateBin
docker run -d -p 8080:8080 \
  -v privatebin_data:/data \
  --name privatebin \
  privatebin/nginx-fpm:1.6

Configure PrivateBin with expiration times and burn-after-reading for highly sensitive communications.

Syncthing for Document Synchronization

Syncthing provides encrypted, decentralized file synchronization between devices without cloud storage dependencies.

Syncthing configuration for organizing committee:

# Install Syncthing on each committee member's device
# Configure device ID exchanges offline (at initial in-person meeting)
# Set up a shared folder for organizing documents

# Syncthing config location: ~/.config/syncthing/config.xml
# Enable encryption for all shared folders
# Disable reporting and UPnP

Operational Security Practices

Communication Discipline

Use code words: Establish harmless code words for sensitive topics (e.g., “pizza party” for strike vote)
Rotate accounts: Periodically create new Signal/Matrix accounts for long campaigns
Minimize metadata: Avoid discussing organizing during work hours on personal devices
Verify identities: Use in-person key verification for core committee members

Device Seizure Preparation

Prepare for the possibility of device seizure:

Enable “panic wipe” features that destroy local data
Use ephemeral messaging that auto-deletes
Keep sensitive organizing documents on encrypted external storage, not on your daily device
Memorize critical phone numbers rather than storing them

# Example: Create encrypted container for sensitive documents
# Using VeraCrypt command line
veracrypt --create --size=500M --volume-type=normal \
  --encryption=AES --hash=SHA-512 --filesystem=FAT \
  /path/to/organizing-container

Built by theluckystrike — More at zovo.one