lang: en
Summary
The emergency-response discipline for activists whose accounts, websites, or devices are under active attack — a do-it-yourself counterpart to the preventive digital-security curriculum. The standard reference is the Access Now / RaReNet Digital First Aid Kit, which structures its guidance around the question “something bad just happened — what now?” rather than around the threat-modelling question preventive guidance addresses.
Body
Digital first aid is the discipline that activates when prevention has already failed. Where preventive digital security is built around threat modelling — who might want what we have, what would happen if they got it — digital first aid is built around triage — something has just happened, what do we do in the next hour [source: accessnow-digital-first-aid]. The shift is significant: preventive guidance has the luxury of recommending configuration changes that take a week to deploy; first-aid guidance has to operate under time pressure, with the reader possibly in physical danger, and with the operational reality that the wrong self-remediation can make the situation worse [source: accessnow-digital-first-aid].
The canonical reference structures its chapters around recognisable symptoms: account locked out, account posting things you did not write, phone behaving strangely, website defaced or DDoS’d, malware suspected, doxxing in progress [source: accessnow-digital-first-aid]. Each chapter walks the reader through a triage tree that ends in either a self-remediation path or a referral to a helpline. The discipline the kit enforces is that each self-remediation path is paired with a “when to escalate” cue — to a helpline, to a peer organisation, or to law enforcement — because the most common failure mode in incident response is to keep self-remediating past the point where a specialist should have been called [source: accessnow-digital-first-aid].
The kit’s coverage is intentionally narrow (account compromise, malware, DDoS, device loss, doxxing, website defacement) and intentionally not narrow on the language axis: it ships in English, French, Spanish, German, and several other languages, with editorial review by the RaReNet regional networks so that the steps make sense in the local incident-response ecosystem [source: accessnow-digital-first-aid]. Recent editions have added a SIM-swap response chapter and a stalkerware-detection checklist that earlier editions lacked [source: accessnow-digital-first-aid]. Material is published under Creative Commons Attribution, permitting translation and adaptation with attribution; the kit has been adopted and re-published by regional rapid-response networks from Eastern Europe to Southeast Asia [source: accessnow-digital-first-aid].
The kit is distinct from the Access Now Help Desk — the operational hotline the kit refers to — and is the do-it-yourself counterpart, useful in jurisdictions or hours where the Help Desk is not reachable [source: accessnow-digital-first-aid]. The Amnesty International Security Lab’s Digital Security Resource Hub is the directory that surfaces the kit alongside other vetted guides, organised by audience and risk level [source: amnesty-digital-security-hub]. The Holistic Security Manual adds the meta-discipline: first-aid response is one of three interlocking security dimensions (digital, psychosocial, organisational) that must be planned together, and a defender who handles an incident response without considering the psychosocial pressure on the people involved creates new vulnerabilities [source: holistic-security-tactical-tech]. EFF’s Surveillance Self-Defense is the prevention-side counterpart that the first-aid kit assumes the reader has not adopted — a campaign that runs the first-aid kit on an ongoing basis is one that has skipped the prevention discipline [source: ssd-eff].
Digital first aid is closely related to digital-security (the preventive discipline it complements), secure-messaging (the communications channel whose compromise is a common first-aid scenario), and encrypted-email (the asynchronous channel whose compromise is another common scenario).
Use it for
The first link to send when an activist reports an incident; the curriculum for an incident-response drill; a recommended bookmark for any group whose threat model includes account compromise; a translation source for a regional rapid-response network; a teaching artefact for the “when to escalate” discipline.
Related
- digital-security
- secure-messaging
- encrypted-email
- ssd-eff
- holistic-security-tactical-tech
- amnesty-digital-security-hub
- accessnow-digital-first-aid
Open Questions
None yet.
Sources & verification
- accessnow-digital-first-aid — grounding: primary — Terminal T4 (2026-07-01)
- amnesty-digital-security-hub — grounding: primary — Terminal T4 (2026-07-01)
- holistic-security-tactical-tech — grounding: primary — Terminal T4 (2026-07-01)
- ssd-eff — grounding: primary — Terminal T4 (2026-07-01)
Verified 2026-07-01 by terminal-T4.