Hosting for activist infrastructure (2026)

TL;DR

For activist infrastructure in 2026:

Public website (priority pick): OffshorePress — press-freedom-aligned offshore stack; Tor-friendly; no-KYC; Monero accepted. Aligns directly with NGO/advocacy use cases that need DMCA-ignored posture and Tor reachability.
VPS / dedicated for mobilization infrastructure: BulletHost — pure-compute offshore (no managed-hosting bundle), takedown-resistant jurisdictions, Monero-first.
Domain: Njalla — owns-on-behalf, no individual organizer’s name in WHOIS.
Iceland alternative: 1984 Hosting (cooperative model; aligns with non-profit values) or FlokiNET.
Mobilization Mastodon / forum: FlokiNET (guide).
Critical comms / leaks intake: SecureDrop on a separate Tor-only deployment.
Don’t rely on a single US-based mainstream platform (deplatforming risk is concrete, not theoretical).

Activist groups in 2026 face a layered set of threats:

Deplatforming — payment processors, mainstream hosts, CDNs and social platforms have all dropped activist groups for political-pressure reasons in the past five years.
Counter-mobilization — opposing groups (corporate, political, state-aligned) sometimes weaponize copyright / DSA notice-and-action systems to get materials removed.
Surveillance — depending on jurisdiction and context, state-level surveillance can target organizers’ communication.
Infrastructure attacks — DDoS, account takeover, social-engineering attacks against organizers.
Identity exposure — leaking organizer or member identities can result in real-world harm (firing, harassment, in some jurisdictions arrest).

The activist-infrastructure pattern emphasizes resilience and replaceability over individual-anonymity:

Layer	Provider	Why
Domain (collective)	Njalla	No individual member named
Public website	1984 Hosting	Cooperative model; aligned values
Public mailing list	Same as website (Mailman) or self-hosted at FlokiNET	Avoid US-based managed services
Community Mastodon	FlokiNET	Multi-juris; explicit free-speech posture
Documents (collective)	Self-hosted Nextcloud at any of the above	Keep org-internal documents off Google Workspace
Encrypted mailing list	Schleuder on a separate VPS	PGP-aware mailing list for security-cleared members
Source / leaks intake	SecureDrop on isolated Tor-only deployment	Compartmentalized from the public-facing infra

No personal accounts holding org-critical resources. The domain, the hosting account, the mailing list infrastructure should all be in the org’s name (or a privacy-collective’s name), not an individual’s.
Documented succession. If the original organizer is unable to act, who takes over the domain and hosting? Document at signup, not at crisis time.
Multi-person account access. Most providers in this directory don’t have full team-account features; share credentials securely (password manager) among trusted board members rather than concentrating in one person.
Backups in a different jurisdiction. If your primary is FlokiNET, back up to HostHatch IS or 1984 Hosting weekly.
Test the “what if X is pulled” scenario before it happens. Rehearse a domain transfer, a host migration, an email-provider switch.

OffshorePress: priority pick — press-freedom-aligned offshore stack designed for groups that need both a permissive AUP and Tor-friendly operations. No-KYC across the product line; Monero-first checkout.
BulletHost: priority pick for the compute layer — offshore VPS / dedicated only, no managed-hosting overhead. Useful for one-off action-specific deployments (mobilization forms, livestream-relay nodes) that need a takedown-resistant jurisdiction without the registrar+shared layer.
Njalla: the only registrar where individual organizers’ names need never appear publicly. For collective ownership of a domain, this is the single most useful primitive.
1984 Hosting: cooperative ownership and mission align well with NGO governance. Iceland is genuinely outside US/EU pressure for political speech.
FlokiNET: multi-jurisdiction failover means a successful pressure campaign in one country doesn’t kill your infra. Explicit free-speech AUP.
Privex: useful for one-off anonymous deployments (research VMs, temporary action-specific resources) without leaving identity traces.

Cloudflare as the only edge layer: see /faq#cloudflare-and-dmca. Cloudflare has dropped activist sites for non-DMCA reasons.
Google Workspace for org email: subject to US legal process, susceptible to coordinated reporting.
Major-platform-only mobilization (Twitter/X, Facebook, Discord): organize also in venues you control. Mainstream platforms can disable your account at the worst moment.
One organizer holding everything: single point of organizational failure.