Survey B: Individual Perspectives

The following synthesizes findings from Survey B: Individual Perspectives, designed to understand how individual staff perspectives on online safety, experiences with personal threats, and relative preferences with regard to privacy protection.

The survey features 14 structured questions spread over 6 sections, using a combination of single-choice, multiple-choice, and ranking formats. It closes with 5 open-ended questions in order to gather more in-depth, qualitative insights. The length was tested so that most people can expect to finish it within 10–15 minutes. The survey complemented Survey A: Organizational Assessment by focusing on the lived experiences of civil society and non-profit workers rather than organizational policies.

• Section 1 - Role & Organization: professional context and organizational affiliations
• Section 2 - Personal Safety: current visibility, safety concerns, and feelings
• Section 3 - Personal Experience: direct experiences with threats, and organizational responses
• Section 4 - Risk Tolerance: preferences for information removal and timing
• Section 5 - Feature Preferences: desired capabilities and controls
• Section 6 - Final: continued concerns and needs

This analysis includes 35 responses, including incomplete submissions and test responses (excluded with no substantive data). Response rates vary significantly by question type, with some questions have 40-60% non-response rates. Throughout this document, percentages are calculated as proportion of total sample, unless explicitly stated as “% of respondents.” Missing data patterns were analyzed as they may indicate a level of discomfort and/or uncertainty with sensitive topics (or, of course, issues with the design of the survey itself). The survey was open from July 14th to September 24, 2025. To distribute, it was shared through direct outreach, social media, and various organizational networks. All responses were anonymous and kept confidential, with optional contact available for a follow-up interview.

• Individual staff members at CSOs and NPOs
• Roles in human rights, journalism, advocacy, and human rights
• Individuals whose work may expose them to online threats
• Geographic diversity across multiple global regions

• Roles: 25.7% leadership, 17.1% program staff, 11.4% admin/ops, 31.4% not specified, 14.3% other
• Sectors: 32% digital rights, 24% journalism, 20% research, 24% other (multiple selection)
• Regions: 40% North America, 32% Europe, 28% other regions (multiple selection)
• Threat experience: 31.4% reported experiencing threats, 28.6% no threats, 40% not answered

• Small sample - size (n=35) limits generalizability of data.
• Self-selection bias - respondents likely more concerned about online safety and privacy
• English-language bias - survey was not offered in other languages and so excludes non-English speakers
• Global minority focused - respondent locations are geographically skewed toward North America and Europe

• Basic statistics to summarize closed-ended questions
• Frequency distributions and percentages
• Cross-tabulation analysis to explore relationships between groups/variables
• Thematic coding for open-ended questions/responses

PII Removal Level

Removal Level	Count	Percentage
Not answered	15	43%
Some things - keep name and role only	7	20%
Nothing - transparency is critical/essential	5	14%
Everything - complete anonymity	4	11%
Most things - only keep my role/department visible	3	9%
Very little - just contact details	1	3%
Not sure	0	0%

People have varied, non-binary views on privacy protection. The largest group (35%) prefers a balanced approach—hiding some details but keeping their name and role visible. Over half (55%) are interested in partial, not total, removal of information.

Yet the data shows more complex motivations than might be expected. Only 20.0% of respondents sought total anonymity through complete PII removal, while 25.0% indicated they would prefer to remove nothing at all, prioritizing transparency even when facing potential threats. This transparency-focused group represents a significant minority whose needs must be carefully considered in privacy tool design. No respondents expressed uncertainty about their preferences in this sample, suggesting that when people do respond to this question, they have relatively clear preferences about their desired level of PII protection.

Timing Trigger	Count	Percentage
Not answered	14	41%
At the first sign of potential threat	7	21%
If I was experiencing active harassment online	5	15%
Before any threat materializes	4	12%
Not sure	2	6%
If my physical safety was at risk	1	3%
Would prefer permanent anonymity	1	3%

There’s a clear escalation pattern in when people want protection. Of those who answered, 39% would use for active or imminent threat, while only 15% would want to have enabled even before threats surface. Notably, 41% did not answer this question.

Still, the data shows an interesting trend of staff might want to protect their information. Many of the respondents (41%) didn’t answer, but among those who did, most want Privacy Mode to turn on only if there’s a threat. About 21% want protection as soon as there’s any sign of trouble, and 15% would wait until harassment actually starts. Just 12% prefer to have protection before any threat, while very few—only 3%—think privacy should only start if they’re in physical danger. Permanent privacy, where information is always hidden, is also not very popular (just 3%). And 6% weren’t sure when protection should begin.

Duration	Count	Percentage
Not answered	15	45%
Same day	5	15%
Immediate (less than 5 minutes)	4	12%
Not sure	4	12%
Quickly (under 30 minutes)	3	9%
Within a few days	2	6%
Speed isn’t critical for me	0	0%
Fast (< 1 day)	0	0%

When we asked people how quickly they’d want Privacy Mode to respond in a threat, their answers varied a lot. About 20% said they’d need help within 5 minutes, and 15% within half an hour. A quarter are fine with a response by the end of the same business day. Others are more flexible—10% are okay with waiting days, and another 10% don’t think speed is all that important. 20% were unsure about their timing needs. If you put those together, about 35% need a response in 30 minutes or less, 60% want some protection within the same day, and 80% care about speed at least a little. Only a small group (10%) say response time isn’t a big deal.

A key insight here is that 42% of people didn’t answer this question—the most for any part of the survey. That could mean it’s hard to know what you’d want unless you’re actually in that situation, that people’s needs vary a ton, or maybe the question felt too hypothetical.

For Privacy Mode’s design, it may be important to offerer different response speeds, but make the default as quick as possible. Most ideally within an hour, since about a third of the respondents selected they would require a “quick” to an “immediate” response.

Threat Type	Count	Percentage
Hacking attempts	6	29%
Surveillance concerns	5	24%
Online harassment, bullying, or trolling	4	19%
Doxxing	2	10%
*Other	2	10%
Threats against yourself, loved one, or your family	1	5%
Unwanted contact/stalking	1	5%
Identity fraud	0	0%
Prefer not to answer	0	0%

• Experienced threats: 11 people (31.4% of total, 52.4% of respondents)
• No threats: 10 people (28.6% of total, 47.6% of respondents)
• Not answered: 14 people (40% of total)

When we look at which threats respondents reported they’ve faced, technical issues like hacking attempts (29%) and surveillance concerns (24%) are the most common. And social threats are also real: 19% experienced online harassment or bullying, and 10% faced doxxing. Other types—like threats against family, unwanted contact, or stalking—each affected about 5% of respondents.

It’s worth noting that some staff members dealt with more than one kind of threat at a time.

Comparing these findings to organizations (Survey A), we see a big concern about doxxing: 27% of organizations said it was a major worry, but only 10% of individuals in our sample reported actually experiencing doxxing, and just 9% of organizations ever removed content in response. This suggests CSOs and NPOs might anticipate more risk than their staff personally report—or perhaps not everyone feels comfortable sharing their experiences.

We can understand CSOs and NPOs experiences with threats as a spectrum, varied in how severe they felt the threat was. The implications in this case for Privacy Mode might surface as user guidance and education. Here’s a breakdown of the different types and how common each one was:

• Passive Surveillance: low-intensity risks where information is quietly collected or monitored, often without direct interaction.
• Active Technical Threats: direct attempts to breach security, such as hacking or intrusive technical measures.
• Target Abuse: para-social attacks, harassment, bullying, or unwanted contact—includes both public and private forms of intimidation.
• Identity Attacks: efforts to expose, steal, or misuse personal information—covers doxxing and identity fraud.
• Personal Danger: escalating threats aimed at an individual’s physical safety or their loved ones, moving beyond digital risks.

Reported threat	Count	Percentage
Yes	8	22.9%
No	3	8.6%
Not sure	0	0.0%
Not answered	24	68.6%
Total	35	100.0%

Another significant organizational gap emerges here: among those who experienced threats, about 1 in 3 did not tell their organization. This means many threats may go unreported and unnoticed. Plus, with nearly 70% of the whole sample not answering this question, it’s likely that even more threats are flying under the radar. Even when staff do speak up, responses from organizations can widely vary. For Privacy Mode, this makes apparent the need for internally visible and accessible tools—so staff can easily make their concerns heard and addressed.

Preference	Count	Percentage
Not answered	13	38%
I want input but organization can act quickly if needed	11	32%
I trust my organization to act without asking me first	4	12%
I want to approve any changes	3	9%
I want to be notified before any changes	2	6%
I prefer my organization handles this entirely	0	0%
Want notification or approval	0	0%

Most people want to be involved in decisions about their privacy settings, exercising some degree of agency over the process. About 9% want to personally approve any changes, and another 32% prefer to have input but are comfortable if the organization can act quickly when needed. Just 6% want to be notified before changes but don’t necessarily want direct input, while 12% fully trust their organization to act without consulting them. Notably, 38% didn’t answer this question at all.

This means nearly two-thirds (65%) want to be notified or give approval—they want to stay in the loop and help make decisions. On the other hand, only about a quarter of those who answered the question fully trust their organization to act for them. CSOs/NPOs staff appear to want collaboration rather than strict approval.

Comparing this to Survey A, organizations guessed that only 36% of people would want personal control. But in reality, 65% want control or input—almost twice what organizations expected. This shows that CSOs and NPOs are potentially underestimating how much their staff want to manage their own privacy; their underestimating staff agency and input could cause misunderstandings or make people less likely to adopt formalized privacy tools within their organization.

Collaborative Model Preferrend:

• “I want to know what’s happening but trust them to act fast in emergencies”
• “It’s my information so I should have final say, but I understand emergencies”
• “A balance - I want input but don’t want to slow down protection”

Context-Dependent Preferences:

• “Depends on the threat level - physical danger = act immediately, online harassment = consult me”
• “For minor stuff notify me, for serious stuff just act”

Trust-based:

• “I trust my org’s judgment on security matters”
• “They have more expertise than me”

Agency-based:

• “My information, my decision”
• “I know my risk tolerance best”

This seems to mean that Privacy Mode should offer different levels of response, depending on the situation. For low-risk cases, people should get a notification and be asked to approve any actions. If things start to look more serious, there should still be a notification, but organizations should be able to act quickly. When there’s a high-risk threat, the organization needs to respond right away, but still let the individual know what’s happening.

Regardless, the data shows us that staff of CSOs and NPOs should probably always be able to step in and make their own choices—whether that means slowing things down or speeding them up. This way, everyone gets the level of control they need.

Independence and Restoration dominate preferences, aligning with findings elsewhere. Simplicity also ranked high, suggesting that technical barriers could prevent adoption–which correlates with findings from Survey A (i.e. Operational Challenges theme, and technical capacity).

Protection Feature	Rank 1 Count	Rank 2 Count	Rank 3 Count	Rank 4 Count	Rank 5 Count	Rank 6 Count	Rank 7 Count	Rank 8 Count	Actual Rank #1	Actual Rank #2	Actual Rank #3	Actual Rank #4	Actual Rank #5	Actual Rank #6	Actual Rank #7	Actual Rank #8
Awareness - knowing exactly when, where and why I am being protected	2	2	8	3	1	0	2	1	2	3	1	0	0	0	0	1
Flexibility - having different responses for different situations	1	2	3	3	1	3	5	1	3	1	3	0	1	0	0	0
Simplicity - protecting my information without technical complexity	2	4	2	4	2	2	2	1	1	5	0	2	0	0	0	0
Speed - reacting faster than threats can propagate	4	2	3	3	4	1	2	0	1	2	2	2	0	0	0	0
Coordination - synchronizing protection of my information across many platforms and	2	2	1	0	3	5	4	3	1	2	2	1	1	0	0	0
Control - deciding what stays visible about me	6	5	0	4	2	2	0	0	0	2	0	1	1	1	0	0
Independence - protecting myself and my information without permission or waiting	3	1	1	1	6	3	3	1	4	0	3	0	0	1	0	0
Restoration - returning to normal when its determined to be safe	0	1	1	1	0	3	1	12	4	0	1	0	0	0	0	0

1. Tie: Independence & Restoration
2. Simplicity
3. Flexibility
4. Speed
5. Tie: Coordination & Control

This section examines relationships between key variables to identify patterns that would inform Privacy Mode’s design. It’s important to note that the sample size to small for reliable conclusions, and what we can garner are directional trends regarding the target audience’s behavior. These cross-tabulations are not a summation of all variables identified in Survey B, but those I found the most substantive.

COUNTA of Response ID	How safe do you feel knowing your information is on your organization’s website?
In recent years, have you experienced any online safety concerns or digital security threats?	Neutral	Not answered	Somewhat safe	Somewhat unsafe	Very safe	Very unsafe	Grand Total
No	2		4	2	2		10
Not answered		13		1			14
Yes	7		3			1	11
Grand Total	9	13	7	3	2	1	35

Those who experienced threats actually reported feeling safe at a slightly higher rate (60%) than those who had no threat experience (45%). Neutral responses were less common among threat survivors (20%) than among those with no threats (35%), and both groups had similar rates of feeling unsafe (20%). This may suggest that simply implementing Privacy Mode may help reduce staff anxieties around safety; yet, expecting all staff to feel immediately safe may will not be realistic—here success might better be measured by decreases in anxiety rather than increases in safety.

• For those who experience threats (‘threat survivors”)
  • 60%safe (Somewhat safe or Very safe)
  • 20% feel neutral
  • 20% feel unsafe (Somewhat unsafe or Very unsafe)
• For those with no threat experience:
  • 45% feel safe
  • 35% feel neutral
  • 20% feel unsafe

COUNTA of How quickly would you need this removal to happen?	How quickly would you need this removal to happen?
Which best describes your primary role?	Immediate (less than 5 minutes)	Not answered	Not sure	Quickly (under 30 minutes)	Same day	Speed isn’t critical for me	Within a few days	Grand Total
Administrative/Operations	2		1		1			4
Board member			1					1
Communications/Media						1		1
IT/Technical		2						2
Leadership/Management	1	2	1	1	2	1	1	9
Not answered		10			1			11
Program/Project Staff	1		1	2	1		1	6
Volunteer/Intern		1						1
Grand Total	4	15	4	3	5	2	2	35

Programmatic staff want the fastest action (most selecting “right now”), but since only 3 people answered, we really cannot trust the numbers. Regardless, here’s the trend:

• Leaders are satisfied with same-day responses (most aren’t in a rush).
• Program staff mostly want immediate help –maybe because they deal with a higher volume of externally facing interactions, as so feel more exposed/at-risk.

Ultimately, Privacy Mode shouldn’t make different speed options based on someone’s role; instead what matters here probably worth investigating further is the volume, frequency, and intensity of threats as they might vary by different roles in the organization.

COUNTA of Response ID	If you could magically delete your information from your organization’s website in an instant during a threat, how much would you remove?
In recent years, have you experienced any online safety concerns or digital security threats?	Everything - complete anonymity	Most things - only keep my role/department visible	Not answered	Nothing - transparency is critical/essential	Some things - keep name and role only	Very little - just contact details	Grand Total
No	1	1		4	4		10
Not answered			13	1			14
Yes	3	2	2		3	1	11
Grand Total	4	3	15	5	7	1	35

When looking at desired PII removal, there were very few responses in both groups, so the patterns aren’t clear-cut. Among those who reported threat experience, most wanted at least some information removed, but only one person reported they were okay with nothing being hidden. For respondents who hadn’t experienced threats, there was only one response, showing they preferred not to have anything hidden at all.

Yet, because the numbers are so small, it’s tough to spot strong trends—still this suggests Privacy Mode should offer options both for total anonymity and for users who want to stay open, as well as a way for people to indicate when they’re unsure. More data would help clarify these patterns in future research.

This section analyzes open-ended responses from Survey B using affinity mapping to identify emergent themes. Response rates for open-ended questions ranged from 14-29%, representing deeper insights from a subset of engaged participants. Responses were analyzed using affinity mapping in Miro, allowing themes to emerge organically from the data rather than through predetermined categories. Each response was tagged with its Response ID for traceability.

”Getting doxxed"	"I don’t have a bio for my work”	“I keep my presence minimal—no direct mentions, no photo, etc.”

“Getting doxxed” emerged as a distinct concern cluster, representing a specific, named threate rather than abstract safety concerns. CSOs and NPOs staff seem to all share the sense of anxiety, ruminating “[am I] being targeted for my organization’s work?” Indeed, doxxing represents a boundary violation—the transition from public professional information to weaponized personal exposure. Unlike the target abuse, effects can be evaded or made obsequious through withdrawl, doxxing has a clear before/after state that respondents can imagine and fear. This specificity makes it actionable for Privacy Mode’s design; in fact, it’s messaging should explicitly address doxxing prevention, no just vague “safety” language.

When respondents reported threats to their organizations, common responses revealed systemic gaps internally:

No formal process:

• “No formal process for handling this”
• “They were sympathetic but didn’t have tools to help”

Inadequate response:

• “We discussed it but no formal action taken”
• “Told me to be more careful online”
• “They said to report to police but that didn’t help”

CSOs and NPOs want to provide support and help, but often lack concrete response mechanisms. “Be more careful” advice shifts responsibility back to individuals without providing tools. But when these organizations had the capacity to respond, staff in turn were positive:

“They provided security training and updated our protocols"	"IT team helped secure my accounts immediately”	“We developed a safety plan together”

Positive responses shared common elements: technical capability (IT team), proactive planning (protocols), and partnership approach (developed together). Most organizations lack these elements. In this way, Privacy Mode could fill this gap in organizational capacity for some of its target audience who’s operational capacity is stretched, giving them something concrete and actionable to do when staff report threats.

Multiple respondents used “not sure” language across different questions, possibly revealing decision paralysis around privacy choices. Uncertainty isn’t lack of concern (apathy)–here, it appears that it’s difficulty predicting needs without experiencing threats. Privacy decisions are contextual and threat-specific, making hypothetical planning difficult.

• What information is currently visible about them
• How much to remove during threats
• Whether speed is critical for their situation
• What their organization can/will do
• “Not sure” (open text responses)

To address these areas, Privacy Mode should attempt to:

1. Show you what’s public - feature a dashboard or panel(s) to see what info about you is visible on the site (helps with the “wait, what can people see about me?” confusion)
2. Guide your choices - feature step-by-step help for privacy decisions as they relate to the site, and not overwhelm with options.
3. Let you change your mind - feature easy adjustment of visibility of PII in case they need to change urgently or temporarily.
4. Be secure by default - when staff are not sure what to do, the system protects them by default first.

The survey responses showed there are two key, simultaneous needs for the respondents: tools (capability to act) and awareness (knowledge to decide).

”[I would feel safer if] I had more control and that the process was clear"	"[I would feel safer if] I had more awareness about my digital presence”	“[I would fell safer if] I knew more about who was monitoring my online presence”

”[I would feel safer if] I could easily tell what information is public"	"…the website made it easy to hide staff info"
"…removal could happen in minutes not days"	"I would feel safer online if I have access to tools and information to mitigate online harassment”

Responses in the survey pointed out three critical things: first, they want to understand what PII is actually exposed and what the risks are that it is; second, it’s not enough just to know, they want practical ways to protect themselves; and finally, three, they want control over their data, so they can decide what’s shared–not someone else in their organization. Because, right now, we can infer most CSO/NPO staff aren’t getting any of those things, so they are bound to feel exposed and vulnerable.

”[I would safer if] I could hide my info quickly when needed"	"minutes not days"
"easy to hide"	"simple toggle”

Respondents in the survey were worried about how quickly threats can spread. Fundamentally, they feel anxious because it only takes minutes for a threat to escalate, overwhelm, and capitalize on a vulnerability, but it can take hours or even days to get a protection in place afterward.

The survey results show that CSO/NPO staff may have mixed feelings about sharing PII on organizational sites, and sharing their public professional information elsewhere online. Some think being open is super important for credibility and advocacy—one person said, “Nothing—transparency is critical.” Others, though, worry a lot about safety, like “Physical safety from people who disagree with our work” or “Family safety if someone finds my information.”

The dilemma is being visible helps the organization, but can put staff at risk. And most people don’t want to pick between being effective at their job or feeling safe. Which is why Privacy Mode shouldn’t just hide everything (all attributions or PII) by default, but instead let organizations and staff collaborate to customize what’s public, keeping both transparency and safety in mind.

”Family safety if someone finds my information"	"Threats to self/family” [from threat types data]

Perhaps more of a sub-theme to the previous are threats to family and extended networks for CSO/NPO staff. Clearly, threats don’t stop at work for the respondents; the survey reveals a blurring of boundaries between the professional and the personal; threats spill over into staff’s personal lives, putting their family members at risk. Because of this, Privacy Mode should clearly mention these extended risk and let people completely remove their info if they need to keep their dependents safe. It also may explain why some may want total and complete removal of their PII rather than partial, because protecting oneself means protecting your extended network.

”[I would feel safer if] There were less fascists in the world"	"[I would feel safer if] “The world was not as hostile”	“disassembling the police state is…”

It is not surprising that some respondents locate threats in the broader political context rather than individual behavior. Safety isn’t achieved through better privacy tools alone–it requires societal change to transform material circumstances. How does Privacy Mode as a concept relate, or rather, define itself in the solution space, amidst this broader context of extremism, walled gardens, and AI-slop? We should delineate when/whether Privacy Mode is a strategic/systemic or immediate/tactical. Presently the concept appears to address tactical needs, but respondents (and interviewees certainly) don’t seem to recognize that such a tool could solve system problems.

The implications are Privacy Mode messaging should acknowledge it’s a harm reduction tool within an broader set of organizational digital security tactics that align (hopefully) align with an overall organizational strategy–it is a harm reduction tool to be used within unjust systems.

When respondents did report threats to organizations, responses varied from highly supportive (security training, safety plans) to inadequate (sympathy without action, no process). The 27.3% who don’t report threats (from the quant data) seems to make sense given organizational response inconsistency. This likely correlated to the Operational Capacity Gap Theme from Survey A. Ostensibly, this is frustrating for staff whom experience it–if reporting leads to “we discussed it” without action, why report? Yet, we can surmise why some don’t report:

• Organizations lack tools to respond effectively.
• Unclear what organization can/will do.
• Previous reports led to unhelpful responses.
• Didn’t want to burden organization.