With insider threat, the idea isn’t to force the behavior into concealed channels, but instead into “cleartext” channels where the data exfil, or I guess in this case subversive employee behavior, can be watched/snapshotted. Once that’s done, it goes over to HR/legal. So it’s not so much make it inconvenient to participate, but to make it easy to catch that participation is occurring, with some safeguards around what that participation is - chatter is ok, but have safeguard for Apple intellectual property landing in that activist slack.

So with FB and Blind, a company has two ways to ID that’s occurring, take evidence,nand then over to HR /Legal it goes.

If it occurs on work computers, one is device management tools like Forcepoint that allow an insider threat team to see your real time action. They see the employee going to this Slack/Blind, insider threat team starts taking artifacts, and that’s evidence. Other device mgmt tools aren’t as invasive, but achieve similar ends. All in all, regardless of the forum, the behavior can get caught, and it’s shipped to HR.

If all of the activism occurs off work computers, I’d bet the behavior gets caught by two ways. One, 3rd party vendors who scan social media/GitHub for company branding existing outside of company channels (so on FB “Apple Activist Group” would fire). Two, and more likely, is the activists suck at OPSEC because Bob or Susan from marketing who join the group but computers are Google-machines to them talk about it on work devices or the water cooler/Slack.

Gotta remember a place like Apple has insider threat programs dealing with industrial/corporate espionage. A bunch of pissed off activist employees trying to sneak around aren’t the same challenge. If Apple did have an employee activist group with ironclad OPSEC, Apple prob has big problems and those employees need to balance how important the cause is and why can’t they just talk about it to mgmt vs how that would look from the outside to a company/law enforcement.