See, this is what I'm talking about. If you're trying to protect activists from threats, protect them from threats. Making a political statement about commercial surveillance isn't doing that. A lot of these guides are LARPs.
How about this: if you feel strongly about commercial ad surveillance vs. susceptibility to drive-by RCE exploits loaded off web pages, look to see if the "infosec for activist" guides you're reading at least offer their readership the choice of risks. Does this one? (Rhetorical, obvs.)
Commercial surveillance enables government surveillance. If an app constantly sends my location to a corporation by default, a government-level adversary can just demand it from that corporation, no need to burn a 0-day on me.
This is a complex thing. Don't give your location to the app. Turn off GPS, use VPN and don't use any apps/sites that linked with your real identity on the same device. Most of the other parameters in the commercial surveillance are too common to ID someone with a good probability.
Exploits, on other hand, can leak your full environment, including a photo from the cam.
How about this: if you feel strongly about commercial ad surveillance vs. susceptibility to drive-by RCE exploits loaded off web pages, look to see if the "infosec for activist" guides you're reading at least offer their readership the choice of risks. Does this one? (Rhetorical, obvs.)