Mutual aid is not a new concept, but over the past decade, as communities across the globe face increasing threats to their wellbeing and safety—and as surveillance and oppression on communities rise—the importance of mutual aid organizations is growing. This comes as no surprise, as history shows that mutual aid organizations serve as critical community pillars, often in times of need.
While there is immense diversity in how mutual aid organizations run and operate, a growing concern is the security of digital infrastructure, especially as many use digital tools to organize, communicate, and disperse aid.
For example, if a mutual aid organization loses access to its email account or payment service, it may not be able to provide support. Moreover, if they’re working in low-income or immigrant communities, protecting the identities of those receiving aid from increasing government surveillance and violence is also critical.
This year, we’ve seen Mutual Aid in Motion.
From scaling sharing hubs to Mutual Aid 101 trainings, we’re helping communities build the tools they need.
Every dollar fuels lasting resilience – proving that when we move together, we all move forward.
Seeing a major need, UC Berkeley’s Cybersecurity Clinic and the non-profit Fight for the Future have collaborated to create “Securing Mutual Aid: Cybersecurity Practices and Design Principles for Financial Technology,” a guide released in late 2025, aimed to help mutual aid organizations understand digital risks and enhance their cybersecurity.
“When we met with some mutual aid groups, we realized that they didn’t really have an understanding of their cybersecurity risk,” said Anna Lanzino, a technology policy expert and one of the authors of the guide, to Shareable. Over time, these conversations led to this guide, “For mutual aid organizers to recognize places where they could improve on cybersecurity.”
Everyday grassroots mutual aid organizations are playing a critical role in providing disaster relief, bail funds, nutrition, and health support, often filling in for the government as it cuts or denies public support. The guide emphasizes that the efforts of mutual aid organizations are under threat in a “hostile political landscape,” leading to increased susceptibility to online attacks.
“Any organization doing things maybe in a non-traditional way, according to norms, in the US faces the risk of things like surveillance and higher susceptibilities to being targeted in general, but then especially in the more polarized landscape in which we’re in now,” said Elijah Baucom, Director of the UC Berkeley Cybersecurity Clinic, to Shareable.
Beyond the obvious benefit of mitigating security risks, the guide highlights other positive outcomes from adopting their suggested measures. For example, the authors suggest limiting personal account information by using a dedicated account not tied to a specific member’s information.
“The information in this guide is for mutual aid organizations to protect themselves.” —Elijah Baucom
“We worked with a mutual aid [group] this past semester that is pretty prominent, and everything in their organization was tied to one personal Gmail account,” said Baucom. “Technically, this is against the terms and services, and Google could turn off their account anytime. But they haven’t thought about that or building a continuity plan if that were to happen.”
There is, of course, a good reason—most mutual aid organizations prioritize their work—getting aid to those who need it and building support systems, often with limited resources and time. In the short term, using a single account might seem to make sense when you want to act fast, but in the long term, losing access to that account could be devastating to the organization and the communities they serve.
“The information in this guide is for mutual aid organizations to protect themselves,” said Baucom.
Adopting stronger cybersecurity practices can ensure the longevity of the organization—for example, payment accounts and messaging platforms can be passed on from one member to the next. Furthermore, by establishing emails and communication channels to an organization instead of a personal domain, the mutual aid group can have more control over their security setting preferences, from setting stronger passwords to controlling access to sensitive information. It can even be as simple as enabling two-factor authentication.
Other tactics suggested in the guide include being aware of the potential security risks posed by tech giants such as Google, Microsoft, and Meta (owner of Facebook, Instagram, and WhatsApp). The guide stresses the importance of being aware of privacy settings and, when possible, switching to privacy-minded alternatives like Signal for digital messaging.
“Many mutual aids actually are ideologically not aligned with Big Tech, and sometimes they don’t know it,” said Baucom. “They aren’t aware of the ability for Big Tech, at any time, to de-platform you without having to tell you why and interrupting the flow of aid to the community.”
Notably, the guide also provides guidance and tips for design experts working with mutual aid organizations on financial technology, encouraging them to work with organizations and design for community control, privacy, and built-in security.
Lanzino, Baucom, and others who worked on the report hope it will be useful in helping spread best practices so that mutual aid organizations can focus less on security and more on their core missions. They also hope to further explore key questions, like how to design a payment platform for mutual aid organizations that aligns with their missions and is accessible to those in need.
For Lanzino, the past year and the growing awareness of the risks of relying on certain platforms have led, at least in her observations, to some change in thinking from many organizations.
“While we were working on this, we had a client that had an ICE raid in their community,” said Lanzino. “And the team that was working with them was actively trying to get them to switch away from WhatsApp … I feel like I’m seeing a lot more organizations kind of wise up when it comes to privacy-centered tools.”
Key Takeaways for Mutual Aid Organizers
The report includes several recommendations for mutual aid organizers to enhance their cybersecurity posture based on current practices, including:
Limit personal information on accounts. Mutual aids should avoid linking members’ personal bank accounts, credit cards, or personal information (like phone numbers or names) to accounts on payment platforms such as PayPal or Venmo. Instead of using personal payment accounts, consider using a dedicated account that is not directly tied to any specific member’s personal information, like a business/organization account, or obtaining a phone for treasurer duties.
Be aware of deplatforming. Deplatforming, when an account or its functions are temporarily or permanently banned by a technology platform, is a common experience for mutual aids, and is often done without reason or explanation. Organizations should diversify their technology platforms to avoid relying on one service.
Prioritize using privacy-centered services and understanding privacy settings. Mutual aids often rely on Big Tech platforms, like Meta’s WhatsApp and Google. Our report provides recommendations for harm reduction techniques for organizations relying on Big Tech platforms, and also outlines more private secure alternatives if a mutual aid is interested in migrating. For all platforms, mutual aids should tailor settings for better security, for example by implementing multi-factor authentication.
Establish policies for data retention, communication, and other areas to enhance cybersecurity posture. Mutual aids can establish policies and guidelines for how sensitive and non-sensitive information is communicated, and more broadly how data is stored and retained. Minimizing the amount of data that is collected and stored will better protect the organization.
Note: The points above are directly from Securing Mutual Aid: Cybersecurity Practices and Design Principles for Financial Technology
If you’re a Mutual Aid Organization and need assistance or guidance on improving your digital security practices, feel free to reach out to cybersecurityclinic@ischool.berkeley.edu.
Editor’s note: While this guide has been designed for Mutual Aid organizations and collectives, recent government aggressions have proven how important it is for everyone to increase their personal digital security. Start with the guide and when you’re ready to go deeper, check out Elijah Baucom’s presentation in Shareable’s Mutual Aid 101 series and Toolkit.
