As part of EngageMedia’s Human Rights Technology Initiative, the first Open Tech Camp – which took place in Penang on 17-18 February 2025 – brought together activist-technologists from across Asia-Pacific in a dynamic, participant-driven unconference. Against the backdrop of deteriorating internet freedom across the region, attendees collaborated to share knowledge, build skills, and develop strategies for digital resilience. The vibrant exchange of ideas revealed several interconnected themes that highlighted both the challenges facing the regional digital rights community and the creative, community-led responses emerging to address them.
Building resilience against expanding surveillance
Surveillance emerged as a central concern, with diverse yet intersecting experiences across the region. Siti’s mapping session revealed troubling patterns – from Myanmar’s Chinese-built smart cities with extensive CCTV networks to Malaysia’s monitoring of social media under the so-called ‘3R’ (race, royalty, religion) framework and the Philippines’ mandatory SIM card registration creating centralised repositories of citizen data. This surveillance disproportionately affects marginalised communities, with rural and activist populations facing particularly intense targeting.
Yin’s internet shutdown drill vividly demonstrated the need for pre-emptive planning, as participants tested offline communication tools under simulated crisis conditions. Such hands-on experiences underscored that preparedness must include realistic testing before crises occur. Sessions on pre-arrest digital preparation and ransomware response further emphasised the necessity for proactive strategies and clear organisational policies to protect activists and their data.
Reclaiming digital infrastructure through pragmatic approaches
A striking feature of many sessions was the emphasis on building and maintaining independent technological infrastructure through pragmatic, accessible solutions. The tech camp demonstrated that effectiveness and accessibility need not be sacrificed for ideological purity – a principle exemplified in Nabila’s presentation on how EngageMedia leverages Cloudflare’s Project Galileo to enhance organisational security.
We have to acknowledge the complex reality that civil society organisations face when balancing security needs with limited resources. This pragmatism extended to sessions on Tor relays with Wibi from SAFEnet.
The session on federated cloud storage systems by Combine Resource Institution‘s duo Ferdhi and Wahyu offered a compelling vision of interconnected yet autonomous civil society cloud networks. Solutions like Nextcloud provide a practical pathway toward digital sovereignty. This approach recognises both the resource constraints facing individual groups and the strength that comes from collective infrastructure development.
Contextualising privacy across cultures and communities
The session ‘What does privacy mean in Southeast Asia?’ led by Stefan and Monish, researchers from the Southeast Asia Research Centre for Digital Tech and Society (SEADS), prompted rich reflections on how privacy concepts vary across cultural contexts. Participants explored how comfort levels with sharing different data points vary dramatically between contexts – and how these comfort levels themselves are culturally determined.
Several participants noted that ‘privacy’ often lacks direct translation in regional languages, challenging the assumption of privacy as a universal concept. The insights from this session prompted attendees to reconsider privacy not merely as secrecy but as a matter of autonomy and dignity, shaped significantly by privilege, culture, and language.
This cultural complexity extended to security practices as well. The holistic Digital Protection Accompaniment Manual presented by Resa and Tel from Digital Defenders Partnership highlighted the importance of starting with organisational needs assessment rather than predetermined technical solutions – an approach that naturally accommodates cultural differences in risk perception and communication styles.
Mapping and countering sophisticated digital threats
From sophisticated censorship to disinformation and online scams, the tech camp revealed the evolving landscape of digital threats facing civil society. In the ad-hoc session led by Elizaveta on network interference measurement data, the group explored how tools by OONI, IODA, M-Lab, Cloudflare, and others could help in understanding censorship patterns, while country-specific initiatives like Myanmar Internet Project and Shutdown Watch in Bangladesh demonstrated regional innovation in monitoring network interference.
Participants shared observations about evolving censorship tactics, including geofencing, DNS hijacking, and localised internet shutdowns targeting protest areas. They also noted the more targeted approaches that represent an increased sophistication beyond earlier blunt-force blocking strategies.
Rowella’s session on the archetypes of mis/dis/malinformation provided a nuanced categorisation of disinformation actors based on their motivations and behaviours. By identifying patterns, from financially motivated ‘engagement hackers’ optimising for algorithm visibility to ideological actors focused on persuasion, the framework developed by Sigla Research Center helps tailor counter-disinformation interventions, from platform demonetisation to prebunking campaigns.
Similarly, Kazymir’s presentation on ScamHunt demonstrated how AI-powered analysis can help combat the proliferation of online scams. With a system that empowers people to easily report suspicious scam content and using AI-powered assessment of scam tools, internet users are stepping in where platforms have failed.
From resistance to change
A thread running through the entire camp was the power of collective action and knowledge-sharing across borders. From documenting surveillance patterns to developing shared security infrastructure, participants demonstrated that regional solidarity provides both practical benefits and emotional support in challenging circumstances.
The tech camp’s unconference format itself embodied this collaborative ethos, with participants self-organising the event, driving the agenda, and contributing as both learners and instructors. This approach fostered unexpected connections between topics and created space for the emergence of new collaborative initiatives.
As participants mapped the common threats they face, from repressive technology infrastructure to ransomware attacks targeting civil society, they also recognised their shared strengths. The emergence of cross-border cooperation in threat documentation, tool development, and security practices suggests a maturing regional digital rights ecosystem that values both technical sophistication and cultural context.
As Open Tech Camp Penang 2025 concluded, we left with not only new knowledge and skills but also strengthened regional connections and collaborative possibilities. Several initiatives proposed during the camp showed promise for ongoing cooperation, from shared infrastructure projects to coordinated monitoring of digital threats.
The most powerful insight from the camp may have been its vision of technology not just as a means of resistance but as a vehicle for change.
In a region where internet freedom continues to decline, the tech camp demonstrated that civil society resilience depends on both technical sophistication and cross-border solidarity. The camp offered a glimpse of what’s possible when digital rights advocates come together with a shared purpose – not just defending against threats, but collectively reimagining and rebuilding our digital future.
