About this Documentation

The community documentation is for Access Now’s Digital Security Helpline to ensure transparency and accountability in its work. These documents provide the guidelines we use for our incident handlers, and include guides and FAQs for our clients and friends of the Helpline. We hope to make public as much as we can about the Helpline’s operations and look forward to incorporating your feedback!

Current Status of Documentation

It takes time to produce and edit our docs for publish here. Not all of our available categories will have documents associated with them yet, but as we work through our internal documentation, we hope that won’t be the case for long. We thank you for your patience, and welcome any feedback you have, by email or by contributing to our GitHub page.

Types of Documentation


Articles are documents that provide advice for situations the Helpline’s incident handlers encounter. These docs lead the handler through expected behaviors and modes of reaction for the specific scenario.


Frequently Asked Questions (FAQs) are documents that answer the most asked or anticipated questions for a piece of software, hardware, process, or policy. Usually, but not always, FAQs are directly related to an Article or Guide and thus do not stand alone. If this is the case, the associated documents will be linked within the document. FAQs are geared toward the general public and Helpline clients.


Guides are step-by-step instruction manuals made to assist those that contact the Helpline move through the set up of a piece of software, hardware, process or policy.

Categories of Documentation Types

Articles, FAQs, and Guides each contain three distinct categories, and within these categories we also have subcategories that help us more easily define our information.

For example, an article about Facebook’s privacy settings would be found under

  • Type: Articles
    • Category: Support
      • Subcategory: Social Media Security

Events & Incidents

This category is used when the Article, FAQ or Guide describes how to react when we are alerted to an attack or threat against an individual, organization, or asset. This includes situations in which there has already been a compromise of the client’s security.

Subcategories for Events & Incidents

  • Account Compromise: loss of access to, or suspected or confirmed malicious activity on, a client’s account
  • Censorship: censorship of the client’s web presence, whether this is by technical means, takedown notice, seizure of the web content, etc
  • Data Leak: recovery of leaked, accessed, or posted data, reported by the client.
  • Fake Domain: discovery of a malicious domain, possibly impersonating a website owned by the client
  • Malware: relates to an attempted malware infection on a client’s device.
  • Shutdown: relates to an internet outage incident
  • Suspicious Email: relates to phishing, spam or spoofing. If the suspicious email includes possible malware or links to a site where malware might be downloaded, please use the Malware category
  • System Compromise: relates to a confirmed compromise on the client’s device. This includes both laptops, phones, defacements, servers or network devices
  • Vulnerability: we’ve been alerted to, or discovered, a system weakness, or an attacker who can exploit, or has access to, a system flaw

Procedures & Policies

When an Article, FAQ, or Guide describes a situation that deals with an internal policy or process, it goes here.

Subcategories for Procedures & Policies

  • Documentation: a review of, or request for the production, update, or edit of our organization’s documentation
  • Outreach: relates to the Helpline initiating a communication with a client
  • Tor Abuse: response to a report of abuse (threats, harassment, unauthorized access attempts, stalking) on one of our Tor Exit Nodes


This category encompasses advice, training, and assistance in secure practices or tools.

Subcategories for Support

  • Anonymity: implementation of or advice on anonymity tools and practices
  • Authentication Security: includes storage of, creation of, and questions about passwords, and includes 2 factor/step authentication
  • Backup Security: relates to the secure back up of critical data
  • Browsing Security: generally about assistance provided to improve the browsing security. This includes, for example, plugin installation and secure practices while navigating online
  • Circumvention: relates to technologies and tools that can be used to circumvent a network block
  • Device Security: security advice and tools to protect the client’s endpoints. This includes, for example, antivirus, security updates and basic digital security hygiene for both portable and desktop equipments
  • Email Security: request for knowledge or assistance in best security practices for Email: e.g. encrypted email
  • Infrastructure Security: relates to protecting the client’s infrastructure. Their servers, for example
  • Instant Messaging Security: generally about assisting the client in securing their instant messaging communications on their laptop
  • Organizational Security Policies: assistance in the design and implementation for security policies at an organizational level
  • Safe Travel: how to protect tech belongings and one’s physical person while travelling
  • Secure Storage: relates to protecting and securing data at rest. This frequently involves file encryption techniques
  • Security Assessment: requests for a security assessment for an individual or an organization
  • Shutdown Resilient Solutions:
  • Social Media Security: request for knowledge or assistance in best security practices for their social media accounts like Twitter, Facebook and more. For work involving passwords, password management, and 2FA, please use the authentication security category: privacy settings, permissions, notifications, etc.
  • Voice/Video Calls Security: generally about enabling the client with secure voice communication mechanisms
Tags: about