In a 51-minute video posted on YouTube last month, the Russian opposition leader Alexei Navalny described in chilling detail how a secret service hit squad had poisoned him with the novichok nerve agent. Navalny identified the intelligence operatives involved. He even telephoned one of them later and tricked him into describing how he smeared novichok on Navalny’s underpants, the subject of another video.

The Kremlin dismissed the accusations on the novel grounds that it would have done a better job of killing Navalny had it wanted to do so. But Navalny’s video has severely dented the Kremlin’s denials of involvement and presented an alternative story to 22m viewers, something unimaginable in the pre-internet era.

This extraordinary exposé was aided by Bellingcat, an open-source investigative agency founded by Eliot Higgins, a British researcher and citizen journalist. Using airline passenger manifests, telephone records, geolocation data and personnel files, all circulating on the darker recesses of the Russian internet, Bellingcat was able to piece together the plot to poison Navalny.

Not only does Higgins antagonise the autocrats, he also takes aim at those who only bewail the downsides of the internet. “At Bellingcat, we do not accept this cyber-miserabilism. The marvels of the internet can still have an impact for the better.” In his view, the internet remains an astonishing resource for helping redress the power imbalances between the rulers and the ruled. History is no longer just written by the winners, but filmed by the losers on their smartphones.

Arguably, this kind of digital activism may mark the start of the third stage in the internet’s short history. After swinging wildly from the naive libertarian utopianism of the cyberspace pioneers of the 1990s to the despairing dystopianism about the rise of surveillance capitalism and techno-authoritarianism in more recent years, we may be settling into a new era of steely eyed realism in which civil society fights back against dominant state and corporate interests.

Regulators around the world are finally catching up with the big tech platforms and are intent on taming their power, while digital activists and innovative entrepreneurs, empowered by cheap and accessible new technologies, are challenging the established online order.

Even the tech platforms themselves now accept that they cannot operate without a societal licence and are calling for limited regulation to establish clearer rules on privacy and free speech. The suspension this month of President Donald Trump’s Twitter and Facebook accounts over his glorification of violence may mark the moment when they acknowledge they have broader responsibilities than making money.

Many of these themes are developed by Ronald J Deibert in Reset: Reclaiming the Internet for Civil Society. As director of the Citizen Lab at the Munk School at the University of Toronto, Deibert explains how civil society can mobilise to loosen the state and corporate grip over the internet. Citizen Lab, which researches the intersection between technology and human rights, and many other civil institutions like it, can act as “counter-intelligence for global society”, he claims.

However, both writers make clear that there will be no quick and simple solutions to the multiple challenges of the internet era. It will take a painstaking struggle over many years and across many domains to reclaim the internet for the people.

In We Are Bellingcat, Higgins recounts how he dropped out of college in the 1990s and worked in a series of dead-end jobs in Leicester, taking refuge in video games. But his fascination with the Arab Spring sparked a new obsession with current affairs. By scouring online videos, using translation services and Google Maps, Higgins was able to piece together the unfolding drama and contributed to news blogs before setting one up himself.

In doing so, he built up a network of fellow citizen journalists around the world, all with their particular expertise. He quickly discovered that often they knew more about what was happening on the ground than most analysts and politicians who relied on traditional methods of acquiring news. Bellingcat’s name comes from the old fable in which the mice hung a bell around the cat’s neck so that it would never catch them again.

Its team of researchers helped unmask the Russian spies responsible for the novichok poisonings of Sergei Skripal and his daughter Yulia in Salisbury in 2018. They also tracked down the Russian Buk anti-aircraft missile system that shot down Malaysia Airlines MH17 over eastern Ukraine in 2104, killing 298 passengers and crew.

They have documented chemical weapons attacks in Syria and human rights abuses in Libya, that have been pursued by the International Criminal Court. Bellingcat has become “an intelligence agency for the people,” as Higgins puts it.

Some critics have been dismissive of citizen journalism and crowdsourced news. The low point came in 2013 when an online mob of “digilantists” on Reddit circulated false claims and botched the investigation of the bombing of the Boston marathon.

But Higgins makes clear that while there is no substitute for on-the-ground reporting, Bellingcat can enrich it by identifying, verifying and amplifying new evidence. Its credo is that evidence exists and falsehood exists and people still care about the difference.

In this sense, Bellingcat acts as a firewall against disinformation. It is in constant battle with what Higgins calls the “Counterfactual Community”, whose playbook is: dismiss, distort, distract, dismay. By contrast, the Bellingcat method is: click the links and check the conclusions for yourself.

Although Deibert shares Higgins’ appetite for the fight, he is much more mindful of the immense scale of the challenge. In a series of essays, originally comprising the 2020 Massey Lectures in Canada, Deibert describes the multiple ways in which companies, governments, propagandists and criminals manipulate and exploit our online world. We have sleepwalked into a machine-based civilisation of our own making that is full of unforeseen consequences and existential risks.

At its core is an incestuous relationship between state and corporate power, most notably in the US and China. In his telling, in the aftermath of the 9/11 terrorist attacks on New York, the US National Security Agency “piggybacked” on the surveillance capitalism infrastructure created by private tech companies. The NSA’s vast PRISM program, revealed by the whistleblower Edward Snowden, was “like a top secret tax on Silicon Valley data harvesting practices”.

The most extreme form of techno-authoritarianism is being exercised in China’s western region of Xinjiang, home to the Muslim Uighur population, where more than 1m people have been interned. According to Human Rights Watch, Xinjiang authorities have started systematically collecting biometric data of everyone between the ages of 12 and 65, including DNA samples, fingerprints, iris scans and blood types. As a result, people live in “a Kafkaesque state of perpetual fear of algorithm-driven, omnipresent, and unaccountable surveillance”.

Other authoritarian states have also embraced the use of facial recognition technology and artificial intelligence to monitor, track and hack their own citizens, often using products sold by outside technology groups, such as Israel’s NSO Group. The company has faced accusations that its technology has helped governments from Mexico to Saudi Arabia to hack dissidents, journalists and human rights campaigners.

Such monitoring of citizens has grown even more intense during the Covid-19 pandemic, even if few leaders have gone so far as President Rodrigo Duterte in the Philippines in calling on the police to track down those who break isolation orders to “shoot them dead”.

State monitoring has been made easy by the vast scale and intrusiveness of surveillance capitalism, as described by the Harvard scholar Shoshana Zuboff. Every day, on average 1.47bn people log on to Facebook and 500m tweets are posted on Twitter. Every minute, we collectively conduct 3.87m Google searches, every one revealing an aspect of our lives.

Social media apps are crafted as addiction machines, exploiting intimacy by design. Expecting these companies to incorporate privacy by design makes about as much sense as expecting the beef industry to protect the lives of the cattle they slaughter, he writes.

Deibert is always acute and provocative but where he is most interesting is in the final section of the book, where he lays out a recipe of possible remedies. He argues strongly for regulations to limit the extent of data harvesting by private companies. Why should a weather app need to access our social contacts? To this end, he supports the call by Tim Wu, the Columbia University professor, to create a “codified anti-surveillance regime”.

Strong antitrust laws need to be updated and enforced to reverse the concentration of corporate power. Data portability rules should enable consumers to take their business elsewhere and stimulate competition. End-to-end encryption is needed to protect consumers from state and criminal hackers.

To combat disinformation, we need more media literacy and fact-checking sites to act as “ideational pest control”. But he does not support the idea of scrapping Section 230 of the 1996 Communications Decency Act, that gives internet companies immunity from liability for the content that users post. “Not only are liability protections critical to ensuring free speech online, they reduce barriers for new entrants to the online space, which is essential for competition,” he writes.

Progress may be piecemeal and chaotic but the combination of such measures could enable civil society to turn the tide and reclaim more of the internet’s original promise. His core message is that we need to build more restraints into our online world, just as we have established checks and balances in our offline politics. As George Washington is supposed to have explained to Thomas Jefferson, the purpose of the Senate was to cool the passions of the House of Representatives, just as a saucer is used to cool hot tea.

National and municipal governments, civil society organisations, universities and consumer groups all have vital roles to play in building needed restraints into the system. And we need new kinds of organisations, such as Bellingcat, that stand at the nexus of journalism, activism, computer science, criminal investigation and academic research.

“Nobody will ever ‘fix’ the internet, just as nobody will ever fix the world,” Higgins writes. But “the internet has given us immense new powers, and it is time to marshal them.”

We Are Bellingcat: An Intelligence Agency for the People, by Eliot Higgins, Bloomsbury Publishing, RRP£20, 254 pages

Reset: Reclaiming the Internet for Civil Society, by Ronald J Deibert, House of Anansi Press, RRPC$22.95/RRP£9.99, 419 pages

John Thornhill is the FT’s innovation editor

Join our online book group on Facebook at FT Books Café

Listen to our podcast, Culture Call, where FT editors and special guests discuss life and art in the time of coronavirus. Subscribe on Apple, Spotify, or wherever you listen