{ "meta": { "generated_at": "2026-05-17T12:34:55.649Z", "schema_version": "1.0", "total_count": 243, "source": "https://fieldwork.news", "license": "CC-BY-SA 4.0" }, "data": [ { "name": "1Password", "slug": "1password", "url": "https://1password.com", "tagline": "Password manager with free access for journalists.", "category": "security", "securityRating": "strong", "securityRatingNote": "Zero-knowledge encryption with unique Secret Key, AES-256, SOC 2 Type 2, ISO 27001/27017/27018/27701 certified, regular pentests by Cure53 and Bishop Fox (reports on Trust Center since November 2025), regional data residency choice, passkey support across all platforms, and free for journalists. No user data has ever been compromised. The gold standard for journalist security tools.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Adobe Firefly", "slug": "adobe-firefly", "url": "https://www.adobe.com/products/firefly.html", "tagline": "AI image generation with Content Credentials baked in. Trained on Adobe Stock and licensed content. The closest thing to a defensible AI image tool for newsrooms.", "category": "visuals", "securityRating": "adequate", "securityRatingNote": "Adobe is a mature enterprise software company with SOC 2 Type II, ISO 27001, and FedRAMP authorizations across various products. The contractual commitment not to train on customer content and the IP indemnification on enterprise plans are meaningful protections that competitors do not match. Content Credentials provide a verifiable provenance chain. The 'adequate' rating reflects Adobe's overall security posture and the unresolved questions about training data composition — not a specific concern about Firefly itself.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-07" }, { "name": "Adobe Podcast Enhance", "slug": "adobe-podcast", "url": "https://podcast.adobe.com/enhance", "tagline": "Free AI audio cleanup that makes any recording sound studio-quality. The single best rescue tool for noisy interviews. Upload, wait, download.", "category": "visuals", "securityRating": "adequate", "securityRatingNote": "Adobe is a mature enterprise vendor with SOC 2 Type II and ISO 27001 across its product lines, and the contractual commitment not to train on customer content applies to Adobe Podcast. Files are processed in Adobe's US cloud and deleted on a documented schedule. The 'adequate' rating reflects standard Adobe security posture and the cloud-only architecture — fine for routine field audio destined for publication, not appropriate for confidential source material that should never leave your machine.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-07" }, { "name": "Airtable", "slug": "airtable", "url": "https://airtable.com", "tagline": "Relational database with a spreadsheet interface. The go-to for editorial calendars, source tracking, and investigation management in newsrooms.", "category": "data", "securityRating": "adequate", "securityRatingNote": "Strong encryption and compliance certifications (SOC 2 Type II, ISO 27001). Cloud-hosted and not zero-knowledge. Shared view permissions have structural limits — read-only users can still extract data. No HIPAA BAA on standard plans. Adequate for editorial workflows, not for sensitive source material.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Aleph (OCCRP)", "slug": "aleph-occrp", "url": "https://aleph.occrp.org", "tagline": "Search 1 billion+ records across 180+ countries — corporate registries, leaked databases, sanctions lists, court records. The investigative journalist's follow-the-money search engine.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Nonprofit-operated, open-source platform built specifically for investigative journalists. Strong institutional commitment to source protection — OCCRP has a decade-plus track record on major leak investigations. Search queries are logged and visible to OCCRP staff, which is a consideration for sensitive investigations. The Aleph Pro rebuild modernizes the security stack, but the funding instability introduces organizational risk: a nonprofit under financial pressure is inherently less predictable than a well-capitalized one. For maximum control, self-host OpenAleph. For most journalists, the free hosted version at aleph.occrp.org remains the best option.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Amnesty MVT (Mobile Verification Toolkit)", "slug": "amnesty-mvt", "url": "https://github.com/mvt-project/mvt", "tagline": "Open-source forensic toolkit from Amnesty International's Security Lab. Scans iOS and Android backups for traces of Pegasus and other mobile spyware. The tool the Pegasus Project used to confirm infections.", "category": "security", "securityRating": "strong", "securityRatingNote": "MVT is the gold standard for publicly available mobile spyware forensics. Built and maintained by Amnesty International's Security Lab, used in the Pegasus Project, peer-reviewed by Citizen Lab and independent researchers, fully open source, runs locally with no telemetry. The 'strong' rating reflects the tool itself — its provenance, transparency, and technical quality. It does not mean MVT will catch everything: signature-based detection is inherently limited, and unknown spyware will not appear in any IOC list. The right mental model is a smoke detector, not a force field. If you are a high-risk journalist who thinks you may be targeted, MVT is the right tool — but run it through a trained forensic investigator at Access Now, Citizen Lab, or Amnesty rather than going it alone.", "threatLevel": "high-risk", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — based on public security research and audits", "lastReviewedDate": "2026-04-07" }, { "name": "Apify", "slug": "apify", "url": "https://apify.com", "tagline": "Web scraping and automation platform. 20,000+ pre-built scrapers, managed proxy infrastructure, and a complete data pipeline — code optional.", "category": "data", "securityRating": "adequate", "securityRatingNote": "SOC 2 Type II certified, GDPR and CCPA compliant, headquartered in the EU (Czech Republic). Stronger compliance posture than most scraping tools. Scraped data passes through their cloud infrastructure, but the EU jurisdiction and SOC 2 certification provide meaningful assurance. The open-source SDK lets you run scrapers locally for sensitive work. Adequate for most journalism scraping; use local tools for the most sensitive investigations.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Arc Search", "slug": "arc-search", "url": "https://arc.net", "tagline": "AI-powered mobile browser from The Browser Company. 'Browse for Me' reads multiple pages and synthesizes answers. Ad-free. Now owned by Atlassian.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Standard browser security practices: TLS in transit, Firebase encryption at rest, no advertising or data sales. The privacy posture is better than Chrome (no ad-tracking business model) but weaker than Firefox or Brave (not open source, AI queries are processed server-side). The Atlassian acquisition introduces governance uncertainty — Atlassian's enterprise data practices may eventually supersede The Browser Company's original privacy commitments. Rating is 'adequate' because the tool works as claimed and handles data responsibly today, but the maintenance-mode status and ownership change warrant monitoring.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Arc XP", "slug": "arc-xp", "url": "https://www.arcxp.com", "tagline": "Enterprise CMS built by The Washington Post. Powers hundreds of newsrooms worldwide. Cloud-native, API-first, very expensive.", "category": "publishing", "securityRating": "adequate", "securityRatingNote": "Enterprise-grade infrastructure on AWS with SOC 2 Type II certification, encryption in transit and at rest, and dedicated security teams. The platform is well-maintained and battle-tested at Washington Post scale. Rating is 'adequate' rather than 'strong' because it is closed-source, US-jurisdiction-only by default, and your content and audience data are controlled by a third party. No self-hosting option means no path to full data sovereignty.", "threatLevel": null, "freeOption": false, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Archive.today", "slug": "archive-today", "url": "https://archive.ph", "tagline": "Snapshot any web page and preserve it permanently, independent of the original site.", "category": "verification", "securityRating": "caution", "securityRatingNote": "Downgraded from 'adequate' to 'caution' in April 2026. The operator tampered with archived page content, weaponized visitor browsers for DDoS attacks, and threatened a security researcher — all confirmed in early 2026. Wikipedia banned all links. FBI investigation ongoing. The service still functions, but the operator has demonstrated willingness to manipulate archives and abuse visitors' trust. Use as a secondary reference only, never as sole-source evidence.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Audacity", "slug": "audacity", "url": "https://www.audacityteam.org", "tagline": "Free, open-source audio editor. 20+ years of development. Runs entirely offline.", "category": "visuals", "securityRating": "strong", "securityRatingNote": "Open-source, local-only audio processing. No account required. Telemetry is opt-in and disableable. The security model is solid — the concern is Muse Group's pattern of dark patterns and upselling, not data exfiltration. Download the standalone installer, disable telemetry, skip cloud features, and you have a fully offline tool with no network dependencies.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "AudioPen", "slug": "audiopen", "url": "https://audiopen.ai", "tagline": "Voice notes to structured text. Speak naturally, get clean notes, summaries, or emails — no editing required.", "category": "writing", "securityRating": "adequate", "securityRatingNote": "Voice notes auto-deleted after processing. Encrypted at rest. Not used for AI training. No data sharing with third parties. Bootstrapped with no VC data monetization pressure. However, audio is still uploaded to cloud for processing, company jurisdiction is unclear, and no formal security certifications are published. Adequate for general note-taking but not for sensitive source material.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Auphonic", "slug": "auphonic", "url": "https://auphonic.com", "tagline": "Automated audio post-production: leveling, noise reduction, and loudness normalization in one pass. 2 hours/month free.", "category": "visuals", "securityRating": "adequate", "securityRatingNote": "Austrian/EU company subject to GDPR. Two-factor authentication available. Over a decade of stable operation. However, audio is uploaded to cloud servers for processing, specific data retention policies are not prominently documented, and encryption-at-rest status is unclear. Adequate for routine production audio but not recommended for sensitive source material.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Authory", "slug": "authory", "url": "https://authory.com", "tagline": "Auto-imports and permanently archives all your published work. Self-updating portfolio with full-text backups — not screenshots.", "category": "publishing", "securityRating": "adequate", "securityRatingNote": "Standard web platform security with TLS in transit. German/EU jurisdiction provides GDPR protections. Authory does not sell data to PR firms or AI companies — a meaningful differentiator from platforms like Muck Rack. The privacy policy is straightforward but does not detail encryption at rest or infrastructure specifics. Google Analytics and Intercom are the main third-party data processors. The archival model is the real trust signal: full-text backups are private to the account holder, and data is exportable in XML or HTML. For journalists, the risk is not data exposure — it is platform dependency on a small company. Export regularly.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03" }, { "name": "Baserow", "slug": "baserow", "url": "https://baserow.io", "tagline": "Open-source Airtable alternative you can self-host. Relational databases with a spreadsheet interface, MIT-licensed community edition.", "category": "data", "securityRating": "strong", "securityRatingNote": "MIT-licensed, self-hostable, EU-based company. Self-hosted Baserow keeps all data on your own PostgreSQL database with no third-party access. Cloud version is GDPR-compliant on EU infrastructure. The self-hosting option with full data control is what earns 'strong' — cloud-only use would rate 'adequate.' For journalism, the ability to run an Airtable-equivalent on your own server with no record limits is a genuine security and cost advantage.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "beehiiv", "slug": "beehiiv", "url": "https://www.beehiiv.com", "tagline": "Newsletter platform built by the Morning Brew team. Referral programs, ad network, A/B testing, and analytics — no revenue cut on subscriptions.", "category": "publishing", "securityRating": "adequate", "securityRatingNote": "SOC 2 Type 1 certified (October 2025). GDPR/CCPA compliant. Annual penetration testing. Data stored on US AWS infrastructure — no EU residency option. VC-funded with ad network model — subscriber engagement data is part of the business. Shared email sending infrastructure is a deliverability risk, not a security risk per se, but it matters for operational reliability. Adequate for most publishing use cases. Subscriber data is exportable.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Bellingcat Auto Archiver", "slug": "bellingcat-auto-archiver", "url": "https://github.com/bellingcat/auto-archiver", "tagline": "Automates web and social media archiving for evidence preservation. Captures posts, videos, and images in a verifiable format.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Open-source (MIT license) with active development and community review. Self-hosted architecture means you control your data — nothing is sent to Bellingcat. Security posture depends entirely on your deployment: encrypted storage, VPN usage, and access controls are your responsibility. The tool itself is well-maintained (1,500+ commits, regular releases) with no known vulnerabilities in the codebase. The main risk is operational — archiving content from adversarial actors can expose your infrastructure if not properly isolated. Adequate for journalism use with appropriate deployment practices.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Bellingcat Online Investigation Toolkit", "slug": "bellingcat-toolkit", "url": "https://bellingcat.gitbook.io/toolkit", "tagline": "Comprehensive dashboard of hundreds of OSINT tools organized by category. Maintained by Bellingcat investigators.", "category": "verification", "securityRating": "adequate", "securityRatingNote": "The toolkit itself is a read-only GitBook directory — it doesn't process your data, store credentials, or require authentication. The security consideration is with the individual tools it links to, not the directory itself. One legitimate concern: Bellingcat's main WordPress site (bellingcat.com) leaked investigator metadata through default sitemaps in February 2026, exposing 89 email addresses and 32 full profiles. That's an OPSEC failure for the parent organization, but the GitBook-hosted toolkit runs on separate infrastructure with no user data exposure. Rating reflects that the directory itself is low-risk; users should independently assess each linked tool.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "BillTrack50", "slug": "billtrack50", "url": "https://www.billtrack50.com", "tagline": "Legislative bill tracking across all 50 US states, DC, and Congress — with AI summaries and executive order mapping.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Standard SaaS platform with HTTPS throughout. Account required for most features. The data you're searching is public legislative information, but your tracked bills, saved searches, and alert keywords are stored on LegiNation's servers and reveal your reporting interests. No third-party ad trackers, which is good. No published SOC 2 or independent security audit. Bootstrapped small team means security practices are likely proportional to company size — adequate for public legislative data, but don't assume enterprise-grade protections for your usage patterns.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Bitwarden", "slug": "bitwarden", "url": "https://bitwarden.com", "tagline": "Open-source password manager with zero-knowledge encryption. Free tier with no meaningful limits. Self-hostable. Passkey support across all plans.", "category": "security", "securityRating": "strong", "securityRatingNote": "Open-source (GPL 3.0), independently audited annually (Cure53, Insight Risk Consulting, Fracture Labs), zero-knowledge encryption, SOC 2 Type 2 certified. Self-hostable for full data control. Passkey support across all plans. The May 2024 metadata exposure was limited in scope and did not compromise encrypted vaults. One of the most trustworthy tools in our evaluation set.", "threatLevel": "baseline", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Blacklight", "slug": "blacklight", "url": "https://themarkup.org/blacklight", "tagline": "Real-time website privacy inspector by The Markup. Enter any URL and see exactly which trackers, cookies, keyloggers, and session recorders are watching visitors. Free, instant, no installation required.", "category": "security", "securityRating": "strong", "securityRatingNote": "Blacklight is not a tool that handles your data — it is a tool that reveals how other sites handle visitor data. The 'strong' rating reflects The Markup's credibility (Pulitzer-finalist nonprofit newsroom), the tool's transparency (Blacklight Query is open source), the absence of tracking on the tool itself, and the public-interest mission behind it. There is no meaningful security risk in using Blacklight: you enter a URL, it scans the site, you read the results. No account, no personal data, no tracking. The only consideration is that The Markup's servers process the URLs you scan — if your scan targets reveal your investigative interests, that is a minor operational security consideration, though The Markup has no incentive or history of disclosing such information.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Blender", "slug": "blender", "url": "https://www.blender.org", "tagline": "Free, open-source 3D suite used by newsrooms for visual investigations, scene reconstructions, and data visualization.", "category": "visuals", "securityRating": "strong", "securityRatingNote": "Open-source (GPL v2+), fully local, zero telemetry, no accounts. Backed by a Dutch nonprofit with transparent finances. 27 historical CVEs are all patched; active security team tracks vulnerabilities. The only real attack surface is opening malicious .blend files — standard hygiene for any file-based tool.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Bluesky", "slug": "bluesky", "url": "https://bsky.app", "tagline": "Decentralized social network built on the AT Protocol. Open-source, no link demotion, domain-as-handle verification. 43M+ users. No ads.", "category": "publishing", "securityRating": "adequate", "securityRatingNote": "TLS encryption in transit. Partial encryption at rest — Bluesky has not published details on at-rest encryption for its managed PDS infrastructure. The real risk for journalists is not a data breach but architectural transparency: every public post is API-accessible by design. This is a feature of the AT Protocol, not a bug, but it means public Bluesky content has zero access friction for scrapers, AI trainers, or surveillance actors. DMs lack end-to-end encryption. The moderation team is small relative to the user base. Security vulnerability response has been criticized as slow. Domain-handle verification is a genuine trust innovation — it is cryptographically grounded and does not require platform approval. Data portability via self-hosted PDS is strong in theory but requires technical sophistication. For standard journalism use (sharing work, building audience, monitoring public discourse), the security posture is adequate. For sensitive source communication or any content that should not be public, Bluesky is the wrong tool.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03" }, { "name": "Botometer", "slug": "botometer", "url": "https://botometer.osome.iu.edu", "tagline": "Bot detection scores for Twitter/X accounts. Built by Indiana University researchers, frozen in archival mode after X cut off free API access in 2023.", "category": "verification", "securityRating": "adequate", "securityRatingNote": "Public university research tool. Open-source client, transparent methodology, U.S. academic jurisdiction. The honest limitation is not security but staleness — Botometer X is a historical archive, not a live detector. Use it for what it is: a retrospective lookup against pre-June 2023 Twitter data, useful for reporting on historical campaigns and longitudinal research.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-07" }, { "name": "Brave Browser", "slug": "brave-browser", "url": "https://brave.com", "tagline": "Privacy-first Chromium browser with built-in ad/tracker blocking. 100M monthly users. Chrome extensions work out of the box.", "category": "security", "securityRating": "strong", "securityRatingNote": "Open-source (MPL-2.0) Chromium fork with the strongest default privacy protections of any mainstream browser. Shields block trackers, ads, and fingerprinting out of the box. No server-side data collection from browsing. Brave Search operates an independent index with SOC 2 Type II attestation. Tor integration adds an anonymity layer. Regular Chromium merges keep security patches current. The crypto layer and past trust incidents (affiliate links, DNS leak) are real concerns but do not weaken the browser's core security architecture. Consistently top-ranked in PrivacyTests and PCMag privacy benchmarks.", "threatLevel": "baseline", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Briar", "slug": "briar", "url": "https://briarproject.org", "tagline": "P2P encrypted messaging over Tor. Works when the internet doesn't.", "category": "messaging", "securityRating": "strong", "securityRatingNote": "Fully decentralized architecture eliminates server-side attack surface entirely. Bramble protocol suite provides E2E encryption with forward secrecy across Tor, Bluetooth, WiFi, and USB transports. Tor routing by default hides metadata (who talks to whom). Two independent audits — Cure53 (2017, 12 findings, no critical) and Radically Open Security (2023, 6 findings, no critical) — confirm strong implementation. Three CVEs in 2023 were responsibly disclosed by ETH Zurich and patched quickly. Open source, reproducible builds via F-Droid. 3.6M+ Google Play downloads. No comparable tool exists for internet-shutdown resilience.", "threatLevel": "high-risk", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Buttondown", "slug": "buttondown", "url": "https://buttondown.com", "tagline": "Privacy-first newsletter platform. Markdown editor. 0% platform fee on paid subscriptions. API-first. Built and operated by a single founder.", "category": "publishing", "securityRating": "adequate", "securityRatingNote": "GDPR compliant with immediate data deletion. Analytics off by default — a meaningful privacy-first design choice. Multi-factor authentication via TOTP and passkeys. Content Security Policy implemented. Payment data handled exclusively by Stripe. No disclosed security certifications (no SOC 2, no ISO 27001). No public vulnerability disclosure program or bug bounty. Encryption at rest is not documented. Bootstrapped structure eliminates data monetization incentives. Third-party email delivery (Mailgun, Postmark) means content transits external infrastructure. Adequate for newsletter publishing. Not designed for high-risk communications.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03" }, { "name": "Canva", "slug": "canva", "url": "https://www.canva.com", "tagline": "Design tool for social media graphics, presentations, and basic video. Free tier is genuinely useful. AI features expanding fast.", "category": "visuals", "securityRating": "adequate", "securityRatingNote": "SOC 2 Type II and ISO 27001 certified. Canva Shield provides enterprise-grade AI governance, SSO, SCIM provisioning, and audit logs. AI training policy is clear and favorable: off by default for individuals, always off for Teams/Business/Enterprise. The 2019 breach (139M records) is old but large. Current security posture is standard for a company at this scale. Not suitable for confidential source material, but fine for public-facing production work.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "CapCut", "slug": "capcut", "url": "https://www.capcut.com", "tagline": "Free-to-start video editor from ByteDance (TikTok's parent). Fast, capable, massively adopted — and carrying the same data governance questions as TikTok itself.", "category": "visuals", "securityRating": "caution", "securityRatingNote": "The 'caution' rating reflects ByteDance's data governance structure: Chinese national security law applies to the parent company, the ToS grant a perpetual license to all uploaded content, a biometric data class-action is pending, and the legal framework for a US ban remains in place. CapCut has not published SOC 2, ISO 27001, or equivalent security certifications. For public social video with no sensitive content, the risk is manageable. For any journalistic material involving sources, unpublished work, or operational security, CapCut is inappropriate.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "CARTO", "slug": "carto", "url": "https://carto.com", "tagline": "Enterprise geospatial analytics platform. Cloud-native spatial analysis for large datasets — used by newsrooms, governments, and Fortune 500 companies.", "category": "data", "securityRating": "strong", "securityRatingNote": "CARTO's cloud-native architecture is a genuine security advantage — your spatial data stays in your own data warehouse and CARTO queries it in place, rather than copying it to their servers. Encryption in transit and at rest. GDPR compliant. Well-funded company with enterprise security posture. The 'data never leaves your cloud' model makes this one of the more privacy-friendly options for large-scale geospatial analysis. Appropriate for sensitive data journalism if your underlying data infrastructure is properly secured.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Census Reporter", "slug": "census-reporter", "url": "https://censusreporter.org", "tagline": "Makes US Census data accessible and visual. Demographic profiles, charts, and comparisons for any geography.", "category": "data", "securityRating": "strong", "securityRatingNote": "Open-source, grant-funded, no account required, no login, no PII collected. The data is public Census Bureau information. Minimal server-side data collection. One of the lowest-risk tools a journalist can use — you're querying public data on an open-source platform with no authentication surface.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "ChangeDetection.io", "slug": "changedetection", "url": "https://changedetection.io", "tagline": "Open-source website change monitoring with 85+ notification channels. Self-host for free via Docker or use the hosted service. Tracks text changes, visual diffs, JSON APIs, and pages behind logins.", "category": "newsgathering", "securityRating": "strong", "securityRatingNote": "Open-source (MIT license), fully auditable code, self-hostable with zero third-party data exposure. When self-hosted, this is one of the strongest privacy stories in the journalism tool landscape — no one else knows what you're watching, when pages changed, or what the changes were. The code is actively maintained with regular releases. For the hosted SaaS version, the rating drops to 'adequate' since the service necessarily knows your monitoring targets. Self-hosted deployment is the recommended approach for any sensitive monitoring work.", "threatLevel": "baseline", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "ChatGPT", "slug": "chatgpt", "url": "https://chat.openai.com", "tagline": "OpenAI's general-purpose AI assistant — the most widely adopted LLM, with serious privacy trade-offs journalists need to understand.", "category": "ai", "securityRating": "caution", "securityRatingNote": "Strong infrastructure security (encryption in transit and at rest, SOC 2 for enterprise tiers) but the default data training opt-in is a serious risk for journalists. The expanding memory feature creates persistent user profiles. Worsening hallucination rates in newer models (o3: 33%, o4-mini: 48-79%) make ChatGPT unreliable for fact-dependent journalism tasks. Multiple privacy incidents in 2023-2025 demonstrate ongoing operational security gaps. The February 2026 Pentagon contract introduces new considerations for journalists covering national security. Opt out of training and memory immediately. Use Team/Enterprise for newsroom deployments. Never trust ChatGPT output without independent verification.\n", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Claude", "slug": "claude", "url": "https://claude.ai", "tagline": "Anthropic's AI assistant. Disclosure: this site was built with Claude.", "category": "ai", "securityRating": "caution", "securityRatingNote": "Consumer tiers (Free/Pro/Max) train on conversations by default with up to five-year retention — opt-out available but not the default. Commercial tiers (Team/Enterprise/Government) offer genuinely strong data isolation with no training and optional zero-data-retention. API retention is 7 days, never trained on. Rating reflects the consumer-tier defaults; commercial tiers alone would rate 'strong.' Disclosure: this site was built with Claude.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "ClinicalTrials.gov", "slug": "clinicaltrials-gov", "url": "https://clinicaltrials.gov", "tagline": "NIH clinical trial registry. 530,000+ studies from 230 countries. Free. The primary public record of what drugs and treatments are actually being tested — and what the results show.", "category": "newsgathering", "securityRating": "strong", "securityRatingNote": "US government service operated by NIH/NLM with no advertising, no data sales, and no third-party tracking. No account required for searching. All data is public record. Minimal data collection. The 'strong' rating reflects institutional credibility, federal security standards, absence of commercial incentives, and the fact that using this service exposes no meaningful personal data.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Consensus", "slug": "consensus", "url": "https://consensus.app", "tagline": "AI-powered academic search engine. Ask a question, get evidence-based answers from 200 million peer-reviewed papers with a Consensus Meter showing scientific agreement.", "category": "ai", "securityRating": "adequate", "securityRatingNote": "HTTPS encryption in transit. U.S. jurisdiction. VC-backed startup with standard security practices. No published SOC 2 certification or independent security audit. Search queries reveal your research interests, which is the primary privacy consideration for journalists. Adequate for academic background research and fact-checking. Be mindful that query patterns could reveal story angles for sensitive investigations.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Content Credentials (C2PA)", "slug": "content-credentials", "url": "https://contentcredentials.org", "tagline": "Open standard for cryptographic content provenance. A nutrition label for media — when it survives the trip.", "category": "verification", "securityRating": "adequate", "securityRatingNote": "The cryptography is sound and the standard is open and inspectable. The weakness is the ecosystem: metadata stripping on upload, optional identity fields that can dox creators, and recent certificate revocations show the trust chain is still maturing. Strong as a chain-of-custody signal inside controlled newsroom workflows. Limited as a public-facing truth signal until platforms preserve credentials end to end.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-07" }, { "name": "Copyscape", "slug": "copyscape", "url": "https://www.copyscape.com", "tagline": "Plagiarism detection service that checks text against the open web. Pay-per-search model, batch processing, API access, and automated monitoring for content theft.", "category": "verification", "securityRating": "adequate", "securityRatingNote": "Long-established service (2004) with a simple, stable business model and no known breaches. Encryption in transit confirmed. The main consideration is that submitted text is transmitted to their servers for processing — don't submit sensitive unpublished investigative material. For its intended use case (checking if text appeared elsewhere on the web), the privacy risk is minimal. Bootstrapped company with 20-year track record — no investor pressure to monetize user data.", "threatLevel": "baseline", "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Coral", "slug": "coral-project", "url": "https://coralproject.net", "tagline": "Open-source commenting platform built for newsrooms, now maintained by Vox Media.", "category": "publishing", "securityRating": "adequate", "securityRatingNote": "Open-source (Apache 2.0), 2K GitHub stars, active development (v9.11.2, Jan 2025). Self-hosted model gives full data control — a genuine advantage over Disqus. The 2021 email leak vulnerability was serious but patched fast. TypeScript codebase (71%) with verified GPG-signed releases. Main risk: Perspective API sends comment text to Google, and self-hosting security depends entirely on your own infrastructure. Adequate for most newsrooms; strong if you have competent DevOps.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Corporate Prosecution Registry", "slug": "corporate-prosecution-registry", "url": "https://corporateprosecutionregistry.com", "tagline": "Searchable database of every federal corporate criminal prosecution in the United States since 1990 — built by UVA Law, free, and continuously updated.", "category": "newsgathering", "securityRating": "strong", "securityRatingNote": "Hosted by a major US public university with institutional IT infrastructure and security. No user accounts, no personal data collection, no login required. The data is entirely public federal court records with zero sensitivity. No advertising, no tracking beyond standard university analytics. The threat model is essentially zero — you are searching public court records on a university website. No record of security incidents. Rating reflects the combination of zero-sensitivity public data, no authentication requirements, and institutional hosting.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "CryptPad", "slug": "cryptpad", "url": "https://cryptpad.org", "tagline": "End-to-end encrypted collaborative office suite — docs, spreadsheets, slides, forms, kanban, whiteboard. The server never sees your content.", "category": "writing", "securityRating": "strong", "securityRatingNote": "Zero-knowledge end-to-end encryption by default — the server never sees plaintext. Open-source (AGPL), auditable code on GitHub. EU-funded, French-hosted under GDPR. Post-quantum cryptography research completed (ML-KEM, ML-DSA) with crypto-agility refactor for easy algorithm switching. Two vulnerabilities disclosed and patched in 2025 (2FA bypass and sandboxed XSS). No full third-party audit published, which is the one gap. The architecture is sound; the disclosure process is transparent.", "threatLevel": "high-risk", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Dangerzone", "slug": "dangerzone", "url": "https://dangerzone.rocks", "tagline": "Converts potentially malicious documents into known-clean PDFs by rendering in a sandbox. Pixel-based sanitization — no signature detection to evade.", "category": "security", "securityRating": "strong", "securityRatingNote": "Pixel-based sanitization eliminates embedded malware without relying on signature detection — fundamentally stronger than antivirus scanning. gVisor sandbox (memory-safe Go) intercepts every syscall between the conversion process and the host kernel. Container has no network access and no filesystem mounts. December 2023 audit by Include Security found zero critical/high/medium issues. Local-only processing means zero data exposure. Open source (AGPLv3), 4.8K GitHub stars, 21+ contributors. Backed by Freedom of the Press Foundation with active development — 0.10.0 shipped December 2025 with Podman bundled, eliminating Docker Desktop dependency.", "threatLevel": "baseline", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "darktable", "slug": "darktable", "url": "https://www.darktable.org", "tagline": "Open-source RAW photo processor and photography workflow manager — a free Lightroom alternative.", "category": "visuals", "securityRating": "strong", "securityRatingNote": "Fully local, open-source under GPL-3.0, no accounts or telemetry. All processing happens on your machine with no network connections. Original files are never modified. Granular metadata export controls support source protection workflows. One of the strongest privacy stories in photo software.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Data.gov", "slug": "data-gov", "url": "https://data.gov", "tagline": "The US government's central open data portal — 370,000+ datasets from federal agencies, searchable and downloadable in machine-readable formats.", "category": "data", "securityRating": "strong", "securityRatingNote": "Federal government website operated by GSA on government infrastructure. HTTPS throughout. Subject to federal cybersecurity standards. No account required for core functionality. No commercial tracking. The datasets themselves are public records. The only consideration is data provenance — always verify that a dataset is current and sourced from the authoritative agency, since Data.gov is a catalog pointing to external agency servers.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Dataminr", "slug": "dataminr", "url": "https://www.dataminr.com/products/dataminr-for-news/", "tagline": "AI-powered real-time alert platform that processes 1M+ public data sources to detect breaking news before it hits the wire.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Strong technical security: AES-256 encryption at rest, TLS 1.2+ in transit, SOC 2 Type II certified, ISO 27001 and ISO 27701 certified, 24/7/365 security operations center. The infrastructure is enterprise-grade. The rating reflects the dual-use concern, not a technical weakness. Dataminr simultaneously serves newsrooms and law enforcement/military clients using the same platform and data sources. Your alert configurations and search patterns could theoretically be relevant to law enforcement interests. The privacy policy does not address journalist-specific protections. For breaking news detection, the technical security is strong. For journalists covering protests, civil liberties, or law enforcement, the company's documented history of providing surveillance alerts to police is a material consideration.\n", "threatLevel": null, "freeOption": false, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03" }, { "name": "Datawrapper", "slug": "datawrapper", "url": "https://www.datawrapper.de", "tagline": "The newsroom standard for charts, maps, and tables — no code, no trackers, no cookies.", "category": "data", "securityRating": "strong", "securityRatingNote": "ISO 27001 certified with annual audits. Annual third-party penetration testing. All code peer-reviewed. German-based, GDPR-compliant, all data in EEA. Zero cookies, zero trackers, zero third-party scripts on embedded charts. No VC funding means no data monetization pressure. Upgraded from 'adequate' to 'strong' based on verified ISO 27001 certification, pen testing program, and exceptional embed privacy posture.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "DaVinci Resolve", "slug": "davinci-resolve", "url": "https://www.blackmagicdesign.com/products/davinciresolve", "tagline": "Professional video editing, color grading, VFX, and audio post — with a genuinely free tier that has no watermarks or time limits.", "category": "visuals", "securityRating": "adequate", "securityRatingNote": "Closed-source but fully local processing — all AI inference runs on-device via the DaVinci Neural Engine, no cloud round-trips. No telemetry concerns reported. Registration required for download, but the application itself operates independently. Blackmagic's hardware-first business model (cameras, capture cards) means minimal incentive to monetize user data. Optional Blackmagic Cloud collaboration is the only feature that transmits project data, and it's explicitly opt-in. For journalists handling sensitive footage, the local-only architecture is a meaningful advantage over cloud-dependent editors.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "DeepL", "slug": "deepl", "url": "https://www.deepl.com", "tagline": "Best-in-class machine translation with real privacy guarantees on paid tiers. Now 100+ languages, plus AI writing and real-time voice translation.", "category": "writing", "securityRating": "strong", "securityRatingNote": "German-headquartered, GDPR-native. Holds ISO 27001:2022, SOC 2 Type II, and C5 Type 2 attestation. Pro tier explicitly deletes text after translation and never trains on it. Enterprise features include BYOK encryption, SSO (OIDC/SAML), MFA, network access restrictions, and detailed audit logs. Regular internal and external penetration testing. The only meaningful gap: the free tier's data handling is opaque compared to Pro, and the tool is not open source.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "DeepSeek", "slug": "deepseek", "url": "https://chat.deepseek.com", "tagline": "Chinese open-source LLM with strong reasoning capabilities. Free web interface. Open-weight models (MIT license) can be run locally to avoid Chinese data jurisdiction entirely.", "category": "ai", "securityRating": "caution", "securityRatingNote": "This rating applies to the web interface (chat.deepseek.com). Chinese data jurisdiction with mandatory intelligence cooperation laws, no independent judicial oversight, banned by multiple governments, and subject to ongoing EU regulatory action. For journalists, using the web interface with any sensitive material is inadvisable. However: the open-weight models (DeepSeek-R1, V3) run locally with zero data exposure and would rate 'strong' on privacy — the math doesn't phone home. The rating reflects the product most users will encounter (the web interface), not the self-hosted deployment that technical users can configure.", "threatLevel": "sensitive-reporting", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Descript", "slug": "descript", "url": "https://www.descript.com", "tagline": "AI-powered audio and video editing with text-based editing.", "category": "visuals", "securityRating": "adequate", "securityRatingNote": "SOC 2 Type II compliant. AES-256 at rest, TLS 1.2 in transit. GDPR/CCPA aligned. AI training opt-in disabled by default. No breaches on record. Rating reflects cloud-only processing model — all media must leave your machine. Fine for non-sensitive production; not appropriate for confidential source material.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Disconnect", "slug": "disconnect", "url": "https://disconnect.me", "tagline": "Open-source anti-tracking browser extension from ex-Google and ex-NSA engineers. Blocks 2,000+ third-party trackers. Powers tracker protection in Firefox, Edge, and Samsung Internet.", "category": "security", "securityRating": "adequate", "securityRatingNote": "Open source (GPL v3), runs entirely locally in the browser, collects no user data. The tracker protection technology is trusted enough that Mozilla, Microsoft, and Samsung license it for their browsers — that is a meaningful signal. Rating is 'adequate' rather than 'strong' because the extension's development has slowed, the curated list approach has inherent lag against new trackers, and the company's focus has shifted toward enterprise products. The tool does what it claims, but journalists needing maximum protection should pair it with uBlock Origin and other layered defenses.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "DocumentCloud", "slug": "documentcloud", "url": "https://www.documentcloud.org", "tagline": "Upload, analyze, annotate, and publish source documents for investigations.", "category": "data", "securityRating": "strong", "securityRatingNote": "Nonprofit-operated, open-source, hosted on AWS US. Three-tier access controls (private, organization, public). Built specifically for journalism with source document publishing as the core use case. No tracking or advertising. The coarse org-level permissions and the risk of accidentally publishing private documents are the main concerns — both mitigated by verifying access levels before upload.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "DuckDuckGo", "slug": "duckduckgo", "url": "https://duckduckgo.com", "tagline": "Privacy-focused search engine. No search history tracking, no personalized results, no ad profiling. Now expanding into AI chat, VPN, and identity protection.", "category": "security", "securityRating": "strong", "securityRatingNote": "No search tracking, no user profiles, no ad targeting based on history. Privacy-first by design and confirmed by independent audits. Browser apps and extensions are open source (Apache 2.0, GitHub). Core search engine is proprietary. The 2022 Microsoft tracker issue was a real failure, but it was in the browser's tracker blocking — not in the search engine itself — and it has been fully remediated. Duck.ai's privacy architecture (IP stripping, no conversation storage, proxied requests) is well-designed for private AI access. Rating remains strong because the core privacy claims hold up: your searches are not logged, your profile is not built, and your data is not sold.", "threatLevel": "baseline", "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Element", "slug": "element", "url": "https://element.io", "tagline": "Decentralized encrypted messaging on the Matrix protocol. No single server to compromise.", "category": "messaging", "securityRating": "strong", "securityRatingNote": "Open-source protocol and clients. E2E encryption via vodozemac (Rust implementation of Olm/Megolm, same Double Ratchet family as Signal). Audited by Least Authority (2022, funded by Germany's gematik), NCC Group (libolm), and Germany's BSI via the CAOS program. Formal cryptographic analysis published (2023). April 2026 mandate requires verified devices for all E2E rooms. Decentralized architecture eliminates single point of compromise. Government adoption by 25+ countries, NATO, and the European Commission validates the security model. The vodozemac cryptographic concerns raised in February 2026 are theoretical under current deployment constraints but highlight that Matrix's crypto layer receives less independent scrutiny than Signal's.", "threatLevel": "sensitive-reporting", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "ElevenLabs", "slug": "elevenlabs", "url": "https://elevenlabs.io", "tagline": "The leading AI voice platform. Text-to-speech, voice cloning, dubbing, audio isolation. $11B valuation. Powerful and dangerous in the same breath.", "category": "visuals", "securityRating": "caution", "securityRatingNote": "ElevenLabs is SOC 2 Type II compliant with HIPAA and zero-retention options on Enterprise plans. Technical security is appropriate for a company at this scale. The 'caution' rating is editorial, not technical: voice cloning misuse is documented and ongoing, the consent verification flow is weaker than newsroom standards require, and AI audio carries publication risk that the tool itself cannot mitigate. Use the product with a policy in place, not before.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-07" }, { "name": "Elicit", "slug": "elicit", "url": "https://elicit.com", "tagline": "AI research assistant for academic literature. Searches 138 million papers, extracts data, synthesizes findings — every claim linked to the source sentence.", "category": "ai", "securityRating": "adequate", "securityRatingNote": "Public benefit corporation structure provides some alignment of incentives. HTTPS encryption in transit. U.S. jurisdiction. Research queries reveal your investigative interests, which is the primary privacy consideration. No published SOC 2 certification or independent security audit. Adequate for academic background research. Be mindful that query patterns could reveal unpublished story angles for sensitive investigations.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "ExifCleaner", "slug": "exifcleaner", "url": "https://exifcleaner.com", "tagline": "Drag-and-drop metadata removal. No network access, no telemetry. Open source.", "category": "security", "securityRating": "strong", "securityRatingNote": "Fully local processing — no network connections, no telemetry, no data exfiltration path. Open-source under MIT license, independently auditable. Wraps ExifTool, the industry-standard metadata engine maintained for 23+ years. The only attack surface is Electron's dependency chain and ExifTool's file parsing — both mitigated by keeping the app updated. One of the most trustworthy tools for journalists handling sensitive files.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03" }, { "name": "ExifTool", "slug": "exiftool", "url": "https://exiftool.org", "tagline": "Read, write, and strip metadata from photos and files. All processing happens locally — no data leaves your machine.", "category": "verification", "securityRating": "strong", "securityRatingNote": "Fully local processing — no network connections, no data exfiltration path. Open-source Perl script, independently auditable, maintained for 23+ years with prompt CVE response (v13.50 patched CVE-2026-3102 within days). The only attack surface is processing malicious files, which is inherent to any metadata tool. Keep it updated. One of the most trustworthy tools available for journalists handling sensitive files.", "threatLevel": "high-risk", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Expertise Finder", "slug": "expertise-finder", "url": "https://expertisefinder.com", "tagline": "Search engine for university experts. Find faculty sources by topic across North American institutions for interviews and commentary.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Low-risk tool for journalists — no account required for searching, minimal personal data collection. Faculty data is published with institutional consent. Canadian jurisdiction with standard privacy protections. The main concern is not security but completeness: results are limited to paying institutions, which could bias your sourcing if you rely on it exclusively. Adequate for its purpose as a sourcing aid.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Factiva", "slug": "factiva", "url": "https://www.dowjones.com/professional/factiva/", "tagline": "Dow Jones's premium news and business research database — 32,000+ licensed sources across 200 countries and 28 languages, with deep archives and company intelligence.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Factiva runs on Dow Jones enterprise infrastructure with encryption in transit and at rest, role-based access, and standard logging. There is no public record of a major Factiva breach. The platform has not publicly disclosed SOC 2 Type II status, and pricing opacity makes it difficult for individual researchers to negotiate data handling terms. The bigger trust consideration is corporate: Factiva is owned by News Corp, which means search queries flow through Murdoch-controlled infrastructure. Rating reflects standard enterprise security with a meaningful corporate-conflict caveat for journalists covering News Corp or Murdoch family interests.\n", "threatLevel": null, "freeOption": false, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-07" }, { "name": "Factiverse", "slug": "factiverse", "url": "https://factiverse.ai", "tagline": "AI-powered fact-checking and claim verification for newsrooms. Checks claims against source databases in real time, built specifically for editorial workflows.", "category": "verification", "securityRating": "adequate", "securityRatingNote": "Norwegian company under GDPR jurisdiction — strong legal framework for data protection. Encryption in transit confirmed. Specific data retention and at-rest encryption details not publicly documented, which is typical for enterprise-only products. No known breaches or privacy incidents. The Norwegian jurisdiction and journalism-specific focus are positive signals, but the lack of public security documentation means you should verify terms contractually before submitting sensitive editorial content.", "threatLevel": "baseline", "freeOption": false, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Fathom", "slug": "fathom", "url": "https://fathom.video", "tagline": "AI meeting recorder and note-taker. Free tier with unlimited recordings. HIPAA, SOC 2 Type II, and GDPR compliant.", "category": "writing", "securityRating": "adequate", "securityRatingNote": "Strong compliance posture: HIPAA, SOC 2 Type II, GDPR compliant, and Zoom-security-reviewed. Encryption in transit and at rest, no third-party cookies, no AI training on user data. Recordings are private by default. The main risk is inherent to the category — all recordings are cloud-stored, and a visible bot joins every call. Appropriate for on-the-record interviews and editorial meetings. Not appropriate for sensitive source conversations.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Felt", "slug": "felt", "url": "https://felt.com", "tagline": "Collaborative web mapping platform. Build, share, and analyze geographic data in the browser — no GIS degree required.", "category": "data", "securityRating": "strong", "securityRatingNote": "SOC 2 Type II certified and GDPR compliant — unusual for a mapping tool at this stage. Encryption in transit and at rest. U.S. jurisdiction with AWS hosting. MFA required for employee access to internal systems. The cloud-only model means your data lives on their servers, but the security posture is genuinely strong for a Series A company. Appropriate for public data journalism. Use local GIS tools for investigations involving sensitive geographic intelligence.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Firefox", "slug": "firefox", "url": "https://www.mozilla.org/firefox/", "tagline": "The only major browser not built on Google's engine. Enhanced Tracking Protection, Total Cookie Protection, and fingerprint resistance on by default.", "category": "security", "securityRating": "strong", "securityRatingNote": "Open-source, nonprofit-backed, strong default tracking protection with Total Cookie Protection and fingerprint resistance. The only major browser independent of Google's Chromium engine. Regular 4-week security update cycle. Full Manifest V2 extension support (uBlock Origin works here, not in Chrome). Rating holds despite Mozilla's AI pivot controversy and Terms of Service missteps — the browser's actual privacy architecture remains best-in-class for a mainstream daily driver. Watch the AI integration closely.", "threatLevel": "baseline", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Flourish", "slug": "flourish", "url": "https://flourish.studio", "tagline": "Interactive data visualization and scrollytelling — 50+ templates, no code required.", "category": "data", "securityRating": "adequate", "securityRatingNote": "Encrypted infrastructure on AWS with Postgres encryption at rest. The Canva ownership is the main concern: free-tier users are opted into AI training by default, and free projects are public and duplicable. Paid tiers and GNI newsroom accounts get private projects and are exempt from AI training. Adequate for most newsroom work on paid/GNI tiers; use caution on the free tier with any data you wouldn't publish.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "FOIA.gov", "slug": "foia-gov", "url": "https://www.foia.gov", "tagline": "The federal government's centralized portal for submitting Freedom of Information Act requests to any federal agency.", "category": "newsgathering", "securityRating": "strong", "securityRatingNote": "Federal government website operated by the Department of Justice on government infrastructure. HTTPS throughout. Subject to federal cybersecurity standards (FISMA, FedRAMP). No commercial tracking or advertising. The main consideration is not technical security but operational privacy: your FOIA requests are federal records that may be publicly logged, which can reveal your reporting interests to the agency you are investigating and to anyone who reviews FOIA logs.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "FotoForensics", "slug": "fotoforensics", "url": "https://fotoforensics.com", "tagline": "Error-level analysis for detecting image manipulation. Upload a photo, see where it was edited.", "category": "verification", "securityRating": "adequate", "securityRatingNote": "Useful triage tool with a clear scope. The public site's indefinite image retention and lack of privacy controls are the main concern — uploaded images join a research archive visible to administrators and partners. The paid Lab service addresses this with auto-deletion and no research sharing. Standard HTTPS in transit. For sensitive verification work, use offline ELA tools or the paid Lab service instead of the public site.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Gamma", "slug": "gamma", "url": "https://gamma.app", "tagline": "AI presentation builder. Generates slides from text prompts. 70M+ users, $100M ARR, $2.1B valuation.", "category": "writing", "securityRating": "adequate", "securityRatingNote": "Standard cloud SaaS with encryption in transit. All content is AI-processed, meaning everything you enter flows through Gamma's models. No published SOC 2 or ISO 27001 certifications found. GDPR concerns around viewer tracking have been raised by enterprise users. Adequate for public-facing content, but not appropriate for sensitive or confidential material.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "GeoConfirmed", "slug": "geoconfirmed", "url": "https://geoconfirmed.org", "tagline": "Community-verified geolocations of conflict events — crowdsourced OSINT with rigorous multi-analyst verification, mapping incidents from Ukraine to Sudan to Myanmar.", "category": "verification", "securityRating": "adequate", "securityRatingNote": "The platform publishes publicly available geolocation data derived from open-source social media. No accounts required to view data — minimal privacy exposure for users. The data itself is conflict documentation, not personal information. Netherlands-based operation within EU jurisdiction. The main considerations are source-media link fragility (not a security issue but an evidence-preservation issue) and the absence of formal organizational governance. Rating reflects low-risk data profile and no-login access, balanced against limited documentation of infrastructure security practices and no formal institutional backing.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "GeoSpy", "slug": "geospy", "url": "https://geospy.ai", "tagline": "AI geolocation from photos. Upload an image, get predicted coordinates — no metadata required. Now restricted to law enforcement and enterprise clients.", "category": "verification", "securityRating": "caution", "securityRatingNote": "Upgraded from 'adequate' to 'caution.' Images are uploaded to servers operated by a company whose primary customers are law enforcement. Data retention terms are vague. No transparency report. No independent audit. The tool was publicly available for months with documented stalking misuse before access was restricted — and only after press pressure, not internal policy. Graylark's business model is surveillance; journalists should weigh whether that alignment creates risks for their sources and reporting.", "threatLevel": null, "freeOption": false, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Ghost", "slug": "ghost", "url": "https://ghost.org", "tagline": "Open-source publishing platform. Nonprofit-operated. No revenue cut. Self-host or use managed hosting.", "category": "publishing", "securityRating": "strong", "securityRatingNote": "Open-source with active security response. Nonprofit structure eliminates data monetization incentives. Passwords use bcrypt with salting per OWASP standards. No raw SQL — uses Bookshelf ORM and Knex query builder exclusively. Ghost-CLI runs without root privileges and auto-configures SSL via Let's Encrypt. Login attempts rate-limited to 5/hour/IP. Device verification on new staff logins. Optional email-based 2FA (though CVE-2026-22594 showed a bypass, now patched). Responsible disclosure program at security@ghost.org with defined response timelines (critical fixes within one month). Continuous dependency scanning via GitHub and yarn audit. Several CVEs in 2024–2026 (XSS, SSRF, auth bypass) were all patched promptly. Self-hosting option gives full infrastructure control. No compliance certifications (SOC 2, ISO 27001) claimed by Ghost Foundation directly, though third-party Ghost hosting providers like Elestio hold them.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "GIMP", "slug": "gimp", "url": "https://www.gimp.org", "tagline": "Free image editor with non-destructive editing, now at version 3.2 after a decade-long overhaul.", "category": "visuals", "securityRating": "strong", "securityRatingNote": "Open-source, fully local, no accounts or telemetry. Part of the GNU Project with decades of community oversight. File-parsing CVEs are the main attack surface — mitigated by keeping current (3.2.2 as of March 2026) and not opening untrusted files in exotic formats.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Global Fishing Watch", "slug": "global-fishing-watch", "url": "https://globalfishingwatch.org", "tagline": "Open-data platform tracking global fishing activity and vessel movements via satellite AIS and radar — free, open source, purpose-built for transparency and ocean accountability.", "category": "newsgathering", "securityRating": "strong", "securityRatingNote": "US-based nonprofit with a transparency mission. All data is public and open — there is no sensitive proprietary information to protect. The code is open source on GitHub, allowing full methodology verification. Infrastructure runs on Google Cloud Platform with standard enterprise security. Minimal user data collection (email for optional account). No advertising, no data sales, no commercial surveillance. The open-source, open-data architecture is the strongest possible trust signal for investigative work: every detection is reproducible and verifiable. No record of security incidents.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Global Forest Watch", "slug": "global-forest-watch", "url": "https://www.globalforestwatch.org", "tagline": "Free satellite-based deforestation monitoring — real-time alerts, 65+ datasets, and 20+ years of tree cover change data for environmental investigations worldwide.", "category": "newsgathering", "securityRating": "strong", "securityRatingNote": "Operated by WRI, a major global research institution with strong governance and a 40-year track record. All data is public satellite-derived information — no sensitive proprietary data to protect. Open-source code and peer-reviewed methodology provide full transparency. Infrastructure on Google Cloud with standard enterprise security. Minimal user data collection — platform works without login. The main concern is standard Google Analytics tracking search patterns, which is mitigatable by downloading datasets for offline analysis. No record of security incidents. The open, reproducible methodology is the strongest possible trust architecture for investigative environmental journalism.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Good Tape", "slug": "good-tape", "url": "https://goodtape.io", "tagline": "Transcription built by journalists, for journalists. Audio deleted after processing by default. EU servers, ISO 27001, GDPR compliant. 2.5M users.", "category": "visuals", "securityRating": "strong", "securityRatingNote": "ISO 27001 certified. AES-256 encryption at rest, TLS 1.2/1.3 in transit. Audio deleted after processing by default. EU-only servers and subprocessors. No AI training on user data. Hosts own LLM rather than routing to third-party APIs. DPA available on Pro and Business tiers. Built by journalists for journalists — privacy is architectural, not bolted on.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Google Alerts", "slug": "google-alerts", "url": "https://www.google.com/alerts", "tagline": "Free email alerts when Google indexes new results matching your search terms. The simplest web monitoring tool — and one of the least reliable.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Standard Google security infrastructure — TLS in transit, encryption at rest, robust account security options (2FA, passkeys). The concern is not security but privacy: your alert queries reveal your investigative interests to Google, which retains that data, uses it for profiling, and will disclose it under legal process. For journalists covering sensitive topics, this is a meaningful exposure. A separate, pseudonymous Google account mitigates the risk but does not eliminate it. Google Alerts requires a Google account — there is no anonymous usage path.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Google Colab", "slug": "google-colab", "url": "https://colab.research.google.com", "tagline": "Browser-based Python notebooks with free GPU access. No local setup needed.", "category": "data", "securityRating": "adequate", "securityRatingNote": "Standard Google Cloud security: encryption in transit (TLS) and at rest, isolated VM execution, SOC 2/ISO 27001 infrastructure. The concern is not a security weakness — it is data access. Google can see your notebooks, your data, and (if you use AI features) your prompts. Human reviewers may read them. Adequate for public data analysis and learning. Not suitable for sensitive or confidential material. Use local Jupyter instead.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Google Docs", "slug": "google-docs", "url": "https://docs.google.com", "tagline": "Collaborative document editing. Free with a Google account. Google can access your content.", "category": "writing", "securityRating": "adequate", "securityRatingNote": "Strong infrastructure security: AES-256 at rest, TLS in transit, ISO 27001 and SOC 2/3 certified, FIPS 140-2 validated encryption modules. But Google is not zero-knowledge — they can access your document content, and they comply with legal process (82,000+ government data requests in H1 2024 alone). Gemini AI processes document content when features are active. Client-Side Encryption exists but is locked behind Enterprise Plus plans ($25–35+/user/month) and requires third-party key management. Google Advanced Protection Program (free) adds phishing-resistant login but does not change Google's ability to access stored documents. Adequate for general editorial collaboration. Not recommended for sensitive source material, investigation notes, or legally risky reporting without Enterprise CSE. Journalists handling sensitive material should use CryptPad or local encrypted storage.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Deepened evaluation by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Google Earth Pro", "slug": "google-earth-pro", "url": "https://www.google.com/earth/about/versions/#earth-pro", "tagline": "Free desktop satellite imagery with historical views back to the 1940s, 3D terrain, GIS import, and measurement tools. Version 7.3.7.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Powerful free tool with standard Google data collection. Your search queries and viewed locations are logged and feed advertising profiles. Common Sense Privacy rates Google Earth as 'Warning' for data practices. Adequate for routine journalism; use a dedicated account and VPN for sensitive geolocation investigations. The CIA-funded origin story is historical context, not a current operational concern — but it underscores that geospatial intelligence has always been a dual-use technology.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Google Fact Check Explorer", "slug": "google-fact-check-explorer", "url": "https://toolbox.google.com/factcheck/explorer", "tagline": "Search engine for fact-checks from around the world — find what's been debunked before you publish.", "category": "verification", "securityRating": "adequate", "securityRatingNote": "Standard Google service with HTTPS and enterprise-grade infrastructure. The privacy trade-off is typical of Google products: your search queries are logged and subject to Google's broad data collection practices. For routine verification work this is fine. For sensitive pre-publication research, the fact that Google can see exactly what claims you're investigating warrants caution — use without signing in and consider your threat model.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Google Gemini", "slug": "google-gemini", "url": "https://gemini.google.com", "tagline": "Google's AI assistant. Deep Workspace integration. The hallucination problem is real.", "category": "ai", "securityRating": "caution", "securityRatingNote": "Strong infrastructure security at the Workspace tier: SOC 1/2/3, ISO 42001, FedRAMP High, HIPAA, client-side encryption. Workspace Business/Enterprise provide genuine data isolation with no model training on customer data. The free tier trains by default with human review of anonymized conversations — a significant risk for journalists. The hallucination problem is the most serious concern: 88-91% hallucination rates on ungrounded queries make Gemini unreliable for fact-dependent journalism without source documents. Use Workspace tiers for newsroom deployments. Never trust ungrounded Gemini outputs without verification.\n", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03" }, { "name": "Google Maps", "slug": "google-maps", "url": "https://maps.google.com", "tagline": "Street View in 80+ countries. 280 billion panoramic images. Route planning, location verification, satellite imagery. The everyday mapping tool for field reporting.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "TLS encryption in transit. Encryption at rest on Google's servers. The risk is not a security vulnerability but a data collection model. Google Maps logs your searches, routes, and location visits, feeding this into advertising profiles. The $392 million location tracking settlement confirms that Google's location data practices have exceeded what users consented to. Geofence warrants are a real concern for journalists investigating sensitive locations. For routine field work — navigation, location verification, Street View reconnaissance — the security posture is adequate. For sensitive investigations where your search patterns could reveal sources or story targets, use a dedicated account, VPN, and incognito mode, or switch to OpenStreetMap.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03" }, { "name": "Google NotebookLM", "slug": "google-notebooklm", "url": "https://notebooklm.google.com", "tagline": "AI research assistant grounded in your uploaded documents, not the open web.", "category": "ai", "securityRating": "adequate", "securityRatingNote": "Google infrastructure with standard encryption in transit and at rest. Google commits to not training on uploaded data, with stronger contractual guarantees for Workspace accounts than consumer accounts. All documents are processed server-side on Google Cloud. No zero-knowledge architecture — Google can technically access your content. Adequate for public records and published research. Not appropriate for source-identifying materials, leaked documents, or anything requiring confidentiality from a platform operator.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Google Pinpoint", "slug": "google-pinpoint", "url": "https://journaliststudio.google.com/pinpoint/about/", "tagline": "AI document analysis for investigative journalism.", "category": "newsgathering", "securityRating": "caution", "securityRatingNote": "Strong infrastructure security (Google Cloud encryption, private-by-default collections) but documents are processed on Google's servers under Google's broad privacy policy. Human reviewers can sample your prompts. No journalist-specific data protection guarantees. Use a dedicated account and keep sensitive source materials off the platform entirely.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Google Sheets", "slug": "google-sheets", "url": "https://docs.google.com/spreadsheets", "tagline": "Free collaborative spreadsheet. 10 million cell limit. Real-time multi-user editing. The starting point for most data journalism.", "category": "data", "securityRating": "adequate", "securityRatingNote": "Strong infrastructure security: AES-256 at rest, TLS in transit, ISO 27001 and SOC 2/3 certified, FIPS 140-2 validated encryption modules. But Google is not zero-knowledge — they can access spreadsheet contents, and they comply with legal process (82,000+ government data requests in H1 2024 alone). Gemini AI processes spreadsheet data when features are active. Client-Side Encryption exists but is locked behind Enterprise Plus plans ($25-35+/user/month) and requires third-party key management. Adequate for public data, published datasets, and general newsroom data work. Not recommended for sensitive source-linked data, investigation financials, or legally risky datasets without Enterprise CSE.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03" }, { "name": "Google Translate", "slug": "google-translate", "url": "https://translate.google.com", "tagline": "249 languages. Camera translation, voice translation, document translation. Gemini-powered since December 2025. The default translation tool for field reporting.", "category": "writing", "securityRating": "adequate", "securityRatingNote": "TLS encryption in transit. Encryption at rest on Google's servers. Access restricted to authorized Google employees. The privacy concern is data retention, not data security: text submitted to the free version may be logged and used for model training. The Cloud Translation API has stronger guarantees — Google does not log request content for paid API customers. No known data breaches specific to Google Translate. For routine journalism (reading foreign sources, field translation, quick document scans), the security posture is adequate. For sensitive material, use DeepL Pro or local translation tools.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03" }, { "name": "Google Trends", "slug": "google-trends", "url": "https://trends.google.com", "tagline": "Real-time search interest data for story research, trend identification, and audience behavior analysis.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Standard Google infrastructure. No sensitive data uploaded — you only view aggregated public data. The risk is metadata: Google logs your Trends queries as part of Web & App Activity when signed in, which could reveal story research patterns. Mitigated by using incognito mode or signing out.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "GPTZero", "slug": "gptzero", "url": "https://gptzero.me", "tagline": "AI text detector built by a Princeton student in January 2023. Useful as a screen, dangerous as a verdict.", "category": "verification", "securityRating": "caution", "securityRatingNote": "Technical security is standard commercial SaaS — HTTPS, U.S. jurisdiction, reasonable retention for personal data. The caution is editorial. Dashboard submissions are stored and may be used for training in anonymized form permanently. Documented bias against non-native English speakers and active lawsuits over wrongful accusations make this a tool to use defensively, never offensively. Use the API path for sensitive text. Never base a published claim on a score alone.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-07" }, { "name": "Grammarly", "slug": "grammarly", "url": "https://www.grammarly.com", "tagline": "Dominant grammar and writing assistant with 30 million daily users. Free tier. Processes all text on company servers — opt-out from AI training available but not default.", "category": "writing", "securityRating": "caution", "securityRatingNote": "Strong infrastructure security: encryption in transit (TLS 1.2) and at rest (AES-256), SOC 2 Type II, ISO 27001/27017/27018, HIPAA option for Enterprise. The concern is not infrastructure — it is the data model. All text processing is server-side with no local option. AI training is opt-in by default for individual users. The browser extension processes every text field indiscriminately. Enterprise tier provides contractual protections, but individual journalists on Free or Pro have limited recourse. The rapid corporate transformation (three acquisitions, rebrand, new CEO) adds uncertainty about future data practices. Opt out of training, disable the extension on sensitive sites, and never process confidential source material through Grammarly.\n", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03" }, { "name": "GrapheneOS", "slug": "grapheneos", "url": "https://grapheneos.org", "tagline": "Hardened Android OS for Pixel phones. Strips Google services, sandboxes sensors, defeats forensic extraction tools that crack stock Android and iOS.", "category": "security", "securityRating": "strong", "securityRatingNote": "Hardened kernel with memory-safe allocator, verified boot via Titan M2, auto-reboot re-encryption, USB-C lockout, per-app network and sensor controls, sandboxed Google Play without system privileges. Open-source with active security research and rapid patch delivery (ships Android security patches before Google's public bulletin). Leaked 2024 Cellebrite documents confirm GrapheneOS defeats their extraction tools on Pixel 6 and later — the only mobile OS with that distinction. The gold standard for mobile security.", "threatLevel": "high-risk", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "GuideStar (Candid)", "slug": "guidestar", "url": "https://www.guidestar.org", "tagline": "Nonprofit data on 1.9 million organizations — 990 filings, financials, board members, and mission statements. Now part of Candid.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Operated by a well-established nonprofit (Candid) with a 25+ year track record. HTTPS throughout. Account required for full access. The underlying nonprofit data is derived from public IRS filings, so the data itself is not sensitive. Your search patterns and the nonprofits you research are visible to Candid. Privacy policy is clear and recently updated. No advertising trackers. Adequate security for the nature of the data — the main consideration is operational, not technical.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Have I Been Pwned", "slug": "have-i-been-pwned", "url": "https://haveibeenpwned.com", "tagline": "Free breach notification service tracking 14B+ compromised accounts across 900+ breaches. Check if your credentials have been exposed.", "category": "security", "securityRating": "strong", "securityRatingNote": "K-anonymity password checking is cryptographically sound — your password hash is never fully transmitted. The FBI feeds compromised passwords directly into the Pwned Passwords database, making it the most comprehensive credential-checking service available. Azure Storage provides AES-256 encryption at rest. Cloudflare handles edge security. The Pwned Passwords API processes 2B+ queries per month and is integrated into major browsers, password managers, and identity services. The March 2025 Mailchimp phishing incident affected Hunt's personal mailing list, not the HIBP service itself, and his 34-minute disclosure set a transparency standard few organizations match. The main limitation: the core HIBP codebase is closed-source, so you're trusting Hunt's infrastructure. Given 12+ years of consistent, transparent operation and FBI partnership, that trust is well-placed.", "threatLevel": "baseline", "freeOption": true, "openSource": false, "reviewedBy": "Fieldwork evaluation by Mike Schneider", "lastReviewedDate": "2026-04-02" }, { "name": "Hemingway Editor", "slug": "hemingway-editor", "url": "https://hemingwayapp.com", "tagline": "Color-coded readability analysis. Flags complex sentences, passive voice, adverbs, and reading grade level in real time.", "category": "writing", "securityRating": "adequate", "securityRatingNote": "Free web version and desktop app keep text local — no server transmission for core readability features. Editor Plus sends text through OpenAI for AI rewrites, with a stated no-sell/no-training policy but limited transparency on retention. No SOC 2 certification or independent security audit disclosed. Low risk for most editing use cases; avoid Plus for sensitive unpublished material.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "HeyGen", "slug": "heygen", "url": "https://www.heygen.com", "tagline": "AI avatar video platform for talking-head explainers, translation, and dubbing. 175+ languages. Growing newsroom adoption for localization — and growing deepfake concerns.", "category": "visuals", "securityRating": "adequate", "securityRatingNote": "HeyGen maintains SOC 2 Type 2 certification, GDPR compliance, and a structured consent flow for biometric data. The company's trust and safety team actively moderates content. The 'adequate' rating reflects the solid security infrastructure and privacy practices, balanced against the inherent dual-use risk of synthetic media technology and the absence of C2PA provenance on outputs. The consent mechanisms are better than most competitors, but the technology remains fundamentally capable of misuse.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Hindenburg PRO", "slug": "hindenburg", "url": "https://hindenburg.com", "tagline": "Audio editor built for spoken-word journalism. Auto-leveling, local transcription, broadcast-standard loudness — in a tool designed by a journalist.", "category": "visuals", "securityRating": "adequate", "securityRatingNote": "Desktop application with local-only audio processing and on-device transcription — no audio ever leaves your machine. Strong structural privacy model for the core editing workflow. Rating is 'adequate' rather than 'strong' because: encryption-at-rest details are undocumented, the licensing system requires periodic online check-ins, and the company's website deploys extensive third-party tracking (Google Analytics, Facebook Pixel, LinkedIn, Twitter, Reddit). The product itself handles sensitive audio well. The marketing infrastructure is typical adtech.", "threatLevel": null, "freeOption": false, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03" }, { "name": "Hunchly", "slug": "hunchly", "url": "https://hunch.ly", "tagline": "Web investigation capture tool. Records, hashes, and archives every page you visit during an investigation.", "category": "verification", "securityRating": "adequate", "securityRatingNote": "Local-first architecture (Classic plan) with SHA-256 evidence hashing is solid for investigative integrity. Cloud plan adds Kasm browser isolation, which is a real operational security upgrade for sensitive investigations. Not open source, so no independent code audit. Now owned by Maltego (German company, $100M funded), which is a more institutional owner than a solo developer — brings resources but also changes the trust calculus. Hashing proves post-capture integrity but not pre-capture authenticity. Strong reputation across OSINT community, Bellingcat endorsement, and law enforcement adoption. Evidence packages have been used in legal proceedings, though admissibility ultimately depends on jurisdiction and chain-of-custody procedures beyond the tool itself.", "threatLevel": "sensitive-reporting", "freeOption": false, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Hunter.io", "slug": "hunter", "url": "https://hunter.io", "tagline": "Find professional email addresses associated with any domain. Verify deliverability before sending. Used by journalists for source outreach.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "EU-hosted (Belgium) with GDPR compliance and Standard Contractual Clauses for international transfers. Hunter indexes only publicly available professional email data — not scraped from private databases. Encryption in transit confirmed. Search history is logged and retained, which matters if you're researching sensitive targets. The platform is a data aggregator by design, so it inherently involves collecting and storing personal information (professional emails). Adequate for standard journalism outreach; not appropriate for high-risk investigations where your search activity itself could be compromising.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Hypothesis", "slug": "hypothes-is", "url": "https://web.hypothes.is", "tagline": "Annotate any web page collaboratively. Highlight, comment, and share notes with your team.", "category": "writing", "securityRating": "adequate", "securityRatingNote": "Open source (BSD 2-Clause license) with nonprofit+PBC governance. No data monetization. Completed Cloud Security Alliance CAIQ assessment. Regular vulnerability testing. Hosted on AWS. Annotations stored on Hypothesis servers — public annotations are fully discoverable by anyone, including unauthenticated users. Access controls exist for private and group annotations. No published SOC 2 Type II audit. The extension's always-on nature creates browsing metadata that journalists in sensitive contexts should weigh carefully.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "iA Writer", "slug": "ia-writer", "url": "https://ia.net/writer", "tagline": "Distraction-free Markdown writing app. Focus mode, syntax highlighting, no account required. One-time purchase.", "category": "writing", "securityRating": "strong", "securityRatingNote": "Local-first architecture with no account requirement and no content transmission to iA servers. Bootstrapped Swiss company with no investor pressure to monetize data. Telemetry is minimal and optional. Privacy posture is among the strongest in the writing tool category. The only variable is your choice of cloud sync provider.", "threatLevel": null, "freeOption": false, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "ICIJ Offshore Leaks Database", "slug": "icij-offshore-leaks", "url": "https://offshoreleaks.icij.org", "tagline": "Search 810,000+ offshore entities from five major leak investigations — Panama Papers, Pandora Papers, Paradise Papers, Bahamas Leaks, and Offshore Leaks.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Nonprofit-operated public database with no account requirement and minimal data collection. The main operational security consideration is that your search queries are processed on ICIJ's US-based servers — if you're investigating entities that monitor their own exposure, your query pattern could be revealing. Download the bulk data for local querying if that matters. The Reconciliation API sends your match data to ICIJ servers for processing, so don't submit sensitive source lists without considering that.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "iFOIA", "slug": "ifoia", "url": "https://www.ifoia.org", "tagline": "File, track, and appeal FOIA requests electronically — free, from the Reporters Committee for Freedom of the Press.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Operated by a 501(c)(3) nonprofit with 55+ years of press freedom advocacy. No monetization of user data. Requests are private to your account. Encryption at rest is unverified. The primary exposure is inherent to FOIA itself: agencies know who is asking. iFOIA's operator has no incentive to misuse journalist data — the Reporters Committee exists to defend journalists, not surveil them.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03" }, { "name": "Immersive Translate", "slug": "immersive-translate", "url": "https://immersivetranslate.com", "tagline": "Browser extension for bilingual side-by-side web page translation. 20+ AI translation engines. Chrome Best Extension 2024. Read foreign-language sources with original and translation visible together.", "category": "writing", "securityRating": "caution", "securityRatingNote": "Two documented security incidents in 2024–2025: an XSS vulnerability and a critical data exposure through the snapshot feature that leaked user documents to publicly accessible cloud storage. Text is sent to third-party translation APIs by design — this is functional, not a flaw, but journalists must understand that every translated page leaves their device. Data controller is Funstory.ai Limited (Hong Kong) with primary storage in South Korea and processing through Chinese cloud providers (Alibaba, Tencent). No disclosed security certifications. No public bug bounty or vulnerability disclosure program. Google Analytics tracks usage. The translation quality is excellent and the bilingual UX is best-in-class, but the security posture requires caution for any use involving sensitive material.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03" }, { "name": "Infogram", "slug": "infogram", "url": "https://infogram.com", "tagline": "Data visualization and infographics platform. Drag-and-drop charts, maps, and interactive graphics — owned by Prezi since 2017.", "category": "data", "securityRating": "adequate", "securityRatingNote": "HTTPS encryption in transit. Owned by Prezi, a well-funded company with standard enterprise security practices. GDPR compliance claimed. No published SOC 2 certification or independent security audit. Data jurisdiction spans Latvia and the U.S. Adequate for visualizing public data. For sensitive unpublished data, use tools with stronger documented security postures (Datawrapper, or local visualization tools).", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Inkscape", "slug": "inkscape", "url": "https://inkscape.org", "tagline": "Free vector graphics editor for illustrations, diagrams, and infographics.", "category": "visuals", "securityRating": "strong", "securityRatingNote": "Open-source, fully local, no accounts or telemetry. Maintained under the Software Freedom Conservancy since 2006. The macOS privilege escalation CVE (2025-15523) was patched promptly in 1.4.3. Active development with 120+ bug fixes in the latest release. As local-only software with no network requirements, the attack surface is minimal.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Instant Data Scraper", "slug": "instant-data-scraper", "url": "https://chromewebstore.google.com/detail/instant-data-scraper/ofaokhiedipichpaobibbnahnkdoiiah", "tagline": "Browser extension that uses AI to detect data patterns on web pages and export to CSV or Excel. No code, no account, no server.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Local-only data processing is a genuinely strong privacy model — no server ever touches your scraped data. But the extension is closed-source, requires broad page access permissions across all websites, and ownership transferred from webrobots.io to Flavr Technology, LP without public explanation. You're trusting a publisher with minimal public presence to not inject malicious code into a future update. The extension continues to receive updates (v1.2.1, March 2026, Manifest V3), which is a positive signal. Adequate for scraping public data in non-sensitive contexts. If you're scraping data related to sensitive sources or investigations, consider using the open-source Firefox reboot port (MPL 2.0) where the code is auditable, or a self-hosted tool like Scrapy.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "IntelTechniques", "slug": "inteltechniques", "url": "https://inteltechniques.com", "tagline": "Michael Bazzell's OSINT tools, training, and methodology — the definitive resource for digital investigations, online search techniques, and personal privacy protection.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Built by a former FBI cyber crimes investigator and active privacy advocate — the developer's personal expertise is the strongest trust signal here. HTTPS encryption in transit. Minimal data collection philosophy consistent with Bazzell's published privacy principles. No advertising, no third-party analytics visible. The main considerations: it's a one-person operation without published security certifications or third-party audits, and the tools generate queries against external sources with their own logging. The privacy expertise of the operator provides high confidence in intentional security design, but no formal verification exists. Rating reflects strong practitioner credibility offset by lack of institutional security documentation.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "InVID/WeVerify", "slug": "invid-weverify", "url": "https://github.com/AFP-Medialab/verification-plugin", "tagline": "Browser extension for verifying videos and images — keyframe extraction, reverse search, deepfake detection, and metadata analysis.", "category": "verification", "securityRating": "adequate", "securityRatingNote": "Metadata extraction and forensic analysis run locally — good. Open-source under MIT license with full code on GitHub. No personal data collection by the extension. But reverse searches and AI tools send content to third-party and CERTH servers. Content cached for ~1 day by partner tools. The split architecture (local forensics + remote AI + third-party search) means your operational security depends on which tabs you use. Stick to local-only features for sensitive material.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Deepened evaluation by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Jitsi Meet", "slug": "jitsi-meet", "url": "https://meet.jit.si", "tagline": "Open-source encrypted video conferencing — self-host for full control, or use meet.jit.si for quick calls.", "category": "messaging", "securityRating": "strong", "securityRatingNote": "Open-source with optional E2E encryption, self-hosting available, no tracking on self-hosted instances. Rating assumes self-hosting for sensitive work. The meet.jit.si public instance lost its anonymous room creation in 2023 — room creators are now identified to 8x8. Still strong overall: open codebase, Insertable Streams E2EE, active development, NLnet-funded encryption work, and endorsement from Freedom of the Press Foundation for high-risk users.", "threatLevel": "sensitive-reporting", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Journallist / trust.txt", "slug": "journallist", "url": "https://journallist.net", "tagline": "Machine-readable transparency file for news publishers — declares organizational affiliations, ownership, social accounts, and AI training permissions in a standard text format.", "category": "verification", "securityRating": "adequate", "securityRatingNote": "Trust.txt files contain only public organizational data — no personal information, no credentials, no sensitive content. The spec is open-source with an expired IETF draft. JournalList.net uses HTTPS and requires 2FA for staff. The decentralized architecture means no single point of compromise for all publisher data. The main risk is not technical but conceptual: trust.txt signals affiliation, not quality, and consumers or platforms may conflate the two. Low data sensitivity, straightforward implementation, no authentication required to read the files.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03" }, { "name": "Journo Portfolio", "slug": "journo-portfolio", "url": "https://journoportfolio.com", "tagline": "Purpose-built portfolio builder for journalists. Import clips by URL, auto-screenshot backups, custom domain — starting at $0.", "category": "publishing", "securityRating": "adequate", "securityRatingNote": "Standard web platform security with TLS in transit. UK jurisdiction with ICO registration provides GDPR-equivalent protections. Uses Plausible Analytics instead of Google Analytics — a privacy-positive choice that avoids cookie tracking. Payment processing is handled by Stripe, PayPal, and Paddle — no card data stored by Journo Portfolio. The privacy policy is honest about its limits: acknowledges no method of electronic storage is 100% secure. For journalists, the main risk is platform dependency on a small bootstrapped company with a single director. Use a custom domain and keep local backups of your clips.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03" }, { "name": "Junkipedia", "slug": "junkipedia", "url": "https://junkipedia.org", "tagline": "Cross-platform social media monitoring for journalists and researchers. Tracks 14 platforms including fringe networks that most tools ignore.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Junkipedia aggregates publicly available social media content — it does not handle end-to-end encrypted messages or sensitive source communications. The primary security consideration is that your monitoring lists reveal your investigative interests, and the platform stores that data on U.S.-based infrastructure operated by a nonprofit. HTTPS in transit is confirmed. Encryption at rest and detailed infrastructure security are not publicly documented. NCoC is a Congressionally-chartered nonprofit with 80 years of history and institutional funders (Gates, Rockefeller, Ford), which provides organizational stability but also means the platform operates in a U.S. government-adjacent context — relevant for journalists investigating U.S. government actors. Not open source, so no independent code audit exists. No reported data breaches or security incidents. For its intended use case — monitoring public social media posts for investigative research — the risk profile is low. Do not use it for anything requiring source protection or operational security.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03" }, { "name": "Jupyter Notebooks", "slug": "jupyter-notebooks", "url": "https://jupyter.org", "tagline": "Interactive computing environment for data analysis, visualization, and documentation in one document.", "category": "data", "securityRating": "adequate", "securityRatingNote": "Open-source, runs locally, no telemetry or data collection. The security model is sound when used as intended: local execution, password/token-protected server, trusted notebooks only. The risk surface comes from two directions. First, notebooks execute arbitrary code by design — opening an untrusted .ipynb file is equivalent to running an unknown script. Second, historical vulnerabilities (XSS-to-RCE, config file injection, server proxy auth bypass) show the project has had real security gaps, though they've been patched. Cloud-hosted alternatives like Google Colab introduce data jurisdiction and privacy risks that local Jupyter avoids entirely. Rating: adequate for local use with basic precautions. Would be 'strong' if Jupyter had sandboxed execution or mandatory code signing, but that's not how notebooks work.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Kaggle", "slug": "kaggle", "url": "https://www.kaggle.com", "tagline": "The world's largest data science community — 460,000+ public datasets, free cloud notebooks, and machine learning competitions. Google-owned.", "category": "data", "securityRating": "adequate", "securityRatingNote": "Google-operated platform with enterprise-grade infrastructure security. HTTPS throughout. The technical security is strong. The consideration for journalists is privacy, not security: Google sees your account activity, notebook contents, dataset downloads, and search patterns. For public data analysis this is a non-issue. For sensitive reporting work, do not use Kaggle — download data locally and analyze offline. The platform is best treated as a public research tool, not a secure workspace.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Kagi", "slug": "kagi", "url": "https://kagi.com", "tagline": "Paid, ad-free search engine funded entirely by users. No ads, no tracking, no surveillance economics. Custom result ranking, domain lenses, and access to multiple AI assistants in one subscription.", "category": "newsgathering", "securityRating": "strong", "securityRatingNote": "Kagi's structural alignment is the rare case where the business model and the privacy claims point in the same direction. No ads means no incentive to track. Subscription funding means the user is the customer, not the product. Public Benefit Corporation status legally codifies the mission. Search queries are not linked to accounts, Kagi Assistant conversations purge in 24 hours, and Bitcoin payment is accepted to decouple billing identity. The 'strong' rating reflects design and incentives, not an independent audit — Kagi's index and infrastructure are proprietary, and you are still trusting a US company subject to US legal process. For journalists who can afford $10/month, Kagi removes the entire ad-tech surveillance layer from a tool used dozens of times a day.", "threatLevel": "baseline", "freeOption": false, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-07" }, { "name": "KeePassXC", "slug": "keepassxc", "url": "https://keepassxc.org", "tagline": "Local-only password manager. No cloud, no server, no account required.", "category": "security", "securityRating": "strong", "securityRatingNote": "Open source (GPLv3), fully local, no cloud dependency. KDBX4 format with AES-256-CBC + HMAC-SHA256 or ChaCha20 encryption. Argon2id key derivation (memory-hard, GPU-resistant). ANSSI CSPN security visa (November 2025, valid through 2028). Independent audit (2023) found no major cryptographic issues. YubiKey challenge-response support. No attack surface from cloud infrastructure. The trade-off is convenience — you manage your own sync, backups, and key recovery.", "threatLevel": "sensitive-reporting", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Klaxon", "slug": "klaxon", "url": "https://newsklaxon.org", "tagline": "Website change monitoring built for newsrooms. Get alerts when government pages, court dockets, or corporate sites change.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Open source (MIT) and operated by two nonprofits (Marshall Project, MuckRock). Self-hosted option gives full control. Klaxon Cloud relies on MuckRock/DocumentCloud infrastructure, which has a strong track record serving 2,000+ newsrooms. No sensitive content is processed — only public web page changes. Main concern: the URLs you monitor are stored on third-party nonprofit servers, which constitutes metadata about your reporting interests. For high-risk investigations, self-host or use a throwaway DocumentCloud account.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Knight Lab JuxtaposeJS", "slug": "knight-lab-juxtapose", "url": "https://juxtapose.knightlab.com", "tagline": "Before/after image slider for comparing photos. Embed in stories to show change over time.", "category": "data", "securityRating": "adequate", "securityRatingNote": "Client-side tool with no data collection or server-side storage. Open source under MPL 2.0. Academic project with no commercial incentives. The XSS vector in credit fields is low-risk in practice (you control the input). Main concern is CDN dependency on cdn.knightlab.com — if Knight Lab infrastructure goes down or is compromised, embeds break. Self-hosting the library eliminates this risk.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Knight Lab StoryMap", "slug": "knight-lab-storymap", "url": "https://storymap.knightlab.com", "tagline": "Map-based interactive narratives — pin locations, add media, publish an embeddable story. Free, open-source, no coding.", "category": "data", "securityRating": "adequate", "securityRatingNote": "University-operated, grant-funded, open-source. Google OAuth scope is narrow (profile ID only). Published stories are inherently public with no access controls. At-rest encryption status is undocumented. Low risk for general journalism use. Not suitable for stories involving sensitive locations or sources that could be endangered by public coordinate disclosure.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Krisp", "slug": "krisp", "url": "https://krisp.ai", "tagline": "AI noise cancellation and meeting transcription. Noise removal runs locally on-device — no audio sent to the cloud for that feature.", "category": "visuals", "securityRating": "adequate", "securityRatingNote": "SOC 2 certified, GDPR compliant, HIPAA compliant, PCI-DSS certified. Noise cancellation runs entirely on-device with zero cloud exposure — genuinely strong for that specific feature. However, meeting assistant features (transcription, recording, notes) process and store data in the cloud. The privacy posture is split: local for noise cancellation, cloud for everything else. Enterprise tier offers on-device transcription for English. Overall security infrastructure is serious, but journalists must understand which features are local vs. cloud.", "threatLevel": null, "freeOption": false, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "LanguageTool", "slug": "languagetool", "url": "https://languagetool.org", "tagline": "Open-source grammar checker supporting 31 languages. Self-hostable. The privacy-first alternative to Grammarly — run it locally and no text leaves your machine.", "category": "writing", "securityRating": "strong", "securityRatingNote": "Self-hosted deployment is the gold standard for privacy: open-source core (LGPL 2.1), local processing, no network dependencies, no account required. Cloud service also has a clean posture — text is not stored or used for training, no IP logging. The main caveats are the closed-source browser extensions (cannot be independently audited) and the Learneo acquisition shifting data controllership to a US entity. For maximum trust, self-host the server and use the open-source LibreOffice plugin. The cloud service is adequate for non-sensitive work.\n", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03" }, { "name": "Latakoo", "slug": "latakoo", "url": "https://latakoo.com", "tagline": "Secure video workflow for newsrooms. Fast file transfer, auto-transcription in 99 languages, and cloud-based media asset management built by broadcast journalists.", "category": "visuals", "securityRating": "adequate", "securityRatingNote": "Purpose-built for newsroom video workflows with encryption in transit as a core feature. B2B business model with no incentive to monetize content. NPPA partnership adds professional credibility. Rating is 'adequate' because detailed security architecture documentation is limited, and video files and transcriptions are processed on US cloud infrastructure with no self-hosting option. For routine newsroom video workflows, this is fine. For highly sensitive footage, use encrypted direct transfer methods instead.", "threatLevel": null, "freeOption": false, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "LexisNexis Nexis", "slug": "lexisnexis", "url": "https://www.lexisnexis.com/en-us/professional/research/media.page", "tagline": "The largest licensed news and public records database — 39,000+ sources, 45 years of archives, 138 billion documents. The backbone of professional investigative research.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "LexisNexis deploys encryption in transit and at rest, network security controls, and logging. However, the February 2026 breach exposed serious operational gaps: an unpatched critical vulnerability left open for two months, a weak master database password, and overly permissive IAM roles that gave a single credential access to all cloud secrets. The breach affected 400,000 user profiles. LexisNexis maintains a Trust Center but has not publicly disclosed SOC 2 Type II certification. The core Nexis research product has standard enterprise security controls, but the 2026 incident demonstrates that infrastructure hygiene has not matched the company's scale or the sensitivity of its user base — which includes federal judges and DOJ attorneys. Rating reflects adequate baseline security with documented recent failures.\n", "threatLevel": null, "freeOption": false, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03" }, { "name": "LibreOffice", "slug": "libreoffice", "url": "https://www.libreoffice.org", "tagline": "Free, open-source office suite. No account, no cloud, no tracking. Runs offline.", "category": "writing", "securityRating": "strong", "securityRatingNote": "All processing is local. No telemetry, no cloud, no account required. Zero data collection by design. ODF encryption supports AES-256. The main security concern is keeping the software updated — several critical CVEs were patched in 2025 (remote code execution, PDF signature spoofing, macOS privilege escalation). Macro security should be set to High. The governance crisis does not affect the current software's security, but it raises questions about the pace of future security patches if core contributors reduce their involvement.\n", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03" }, { "name": "Loom", "slug": "loom", "url": "https://www.loom.com", "tagline": "Async video messaging with screen recording and camera. Acquired by Atlassian for $975M in 2023. Free tier with limits.", "category": "visuals", "securityRating": "adequate", "securityRatingNote": "Enterprise-grade infrastructure via Atlassian — encryption at rest and in transit on AWS, VPC isolation, SSL-encrypted video uploads. Enterprise tier adds SSO, SCIM, advanced privacy controls, and custom data retention. Atlassian is SOC 2 and ISO 27001 certified at the company level. Free and Business tiers have limited admin controls. Not recommended for recording discussions involving confidential sources or sensitive editorial content.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "MacWhisper", "slug": "macwhisper", "url": "https://goodsnooze.gumroad.com/l/macwhisper", "tagline": "Native Mac GUI for OpenAI's Whisper and Nvidia Parakeet. Local transcription, one-time purchase, no cloud required.", "category": "visuals", "securityRating": "strong", "securityRatingNote": "Fully local processing with zero network dependency. No data collection, no telemetry, no cloud requirement. Audio never leaves your device. One-time purchase means no ongoing data relationship. The strongest privacy posture available for GUI-based transcription. The hallucination problem is an accuracy concern, not a security concern — it does not compromise confidentiality.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Mailvelope", "slug": "mailvelope", "url": "https://mailvelope.com", "tagline": "PGP encryption for Gmail, Outlook.com, and Yahoo — without switching email providers.", "category": "security", "securityRating": "adequate", "securityRatingNote": "Open-source, ten independent audits since 2013, BSI-funded development, local key management. The 2025 0xche audit found issues but all critical ones were patched promptly. Browser extension attack surface is real but manageable. Adequate for sensitive reporting where PGP email is specifically required. For most journalist-source communication in 2026, Signal or SecureDrop is the better choice.", "threatLevel": "sensitive-reporting", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Make", "slug": "make", "url": "https://www.make.com", "tagline": "Visual workflow automation platform connecting 3,000+ apps. Formerly Integromat. More powerful and cheaper than Zapier for complex multi-step automations, with a steeper learning curve.", "category": "ai", "securityRating": "adequate", "securityRatingNote": "SOC 2 Type II certified, GDPR-compliant, EU data residency by default, encryption in transit and at rest. Owned by Celonis (well-funded German enterprise company), which brings enterprise security infrastructure. The structural consideration is the same as any cloud automation platform: Make sees everything flowing through your workflows. For routine newsroom automation, this is fine. EU jurisdiction is a meaningful advantage over US-based Zapier for European newsrooms. For sensitive workflows, self-hosted n8n remains the better choice.", "threatLevel": "baseline", "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Mapshaper", "slug": "mapshaper", "url": "https://mapshaper.org", "tagline": "Browser-based tool for editing, simplifying, and converting geographic data. All processing happens locally — your shapefiles never leave your machine.", "category": "data", "securityRating": "strong", "securityRatingNote": "Client-side processing means zero data exposure — your files never touch a server. Open-source (MPL 2.0) with 3,400+ GitHub stars and transparent code on GitHub. No accounts, no tracking, no cookies, no analytics. One of the strongest privacy stories in our entire evaluation set. The only theoretical risk is a supply-chain attack via npm dependencies, which applies to any JavaScript tool — mitigated by running a pinned version locally.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Deepened evaluation by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "MarineTraffic", "slug": "marine-traffic", "url": "https://www.marinetraffic.com", "tagline": "Real-time global ship tracking via AIS — 13,000+ terrestrial receivers and satellite coverage, the standard tool for maritime investigations and sanctions evasion reporting.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "MarineTraffic runs on EU infrastructure under GDPR with encryption in transit and at rest, standard account security, and no public record of a major breach. The vessel data itself is public AIS broadcast information, not personal data — the privacy concern for journalists is account metadata (search history, saved fleets) revealing investigation targets, not the underlying vessel records. The bigger trust consideration is corporate consolidation: Kpler now owns most of the public ship-tracking market and serves both journalists and the commodity traders whose flows are being investigated. Rating reflects standard SaaS security plus a meaningful note about corporate context and the inherent unreliability of self-reported AIS data when targets are sophisticated.\n", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-07" }, { "name": "Media Bias/Fact Check", "slug": "media-bias-fact-check", "url": "https://mediabiasfactcheck.com", "tagline": "Independently operated database of news source bias ratings and factual reporting scores. Covers 7,000+ sources with transparent methodology.", "category": "verification", "securityRating": "adequate", "securityRatingNote": "This is a reference website, not a workflow tool — you read it, you don't submit sensitive data to it. HTTPS is enabled. The main privacy consideration is standard ad-network tracking (Google AdSense, Snigel), which is easily mitigated with an ad blocker. No user accounts, no sensitive data collection. The security question here is about the reliability of the information rather than data protection — and on that front, it's a useful first-pass reference that shouldn't be treated as authoritative on its own.", "threatLevel": "baseline", "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Media Cloud", "slug": "mediacloud", "url": "https://mediacloud.org", "tagline": "Open-source media analysis platform. Search and analyze news coverage across 60,000+ sources and 1 billion+ stories worldwide.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Academic nonprofit with no commercial data incentives. Indexes only publicly published news content — no private data collection beyond user accounts. Open-source codebase allows independent security review. US-hosted at university infrastructure. The main risk is institutional: as an academic project, long-term service continuity depends on funding and institutional commitment. The transition from Harvard/MIT to the current consortium was bumpy. Adequate for media research purposes.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Media Defence", "slug": "media-defence", "url": "https://www.mediadefence.org/", "tagline": "Free legal representation for journalists worldwide with emergency defense funding.", "category": "legal", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Preliminary assessment by Fieldwork", "lastReviewedDate": "2026-04-12" }, { "name": "Microsoft Copilot", "slug": "microsoft-copilot", "url": "https://copilot.microsoft.com", "tagline": "Microsoft's free AI assistant powered by GPT-4 class models. Web search integration, image generation, and document analysis — no account required for basic use.", "category": "ai", "securityRating": "adequate", "securityRatingNote": "Enterprise-grade infrastructure (Azure), encryption in transit and at rest, explicit no-training policy for personal conversations, SOC 2 and ISO 27001 certified. The privacy commitment is stronger than most consumer AI products. The caveat is structural: Microsoft is a US company subject to FISA, national security letters, and law enforcement requests. For routine journalism AI assistance, this is fine — the free tier with no account is surprisingly privacy-friendly. For investigative research where your queries themselves are sensitive, use a local model.", "threatLevel": "baseline", "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Midjourney", "slug": "midjourney", "url": "https://www.midjourney.com", "tagline": "The most popular AI image generator. Produces high-quality stylized and photorealistic output. No Content Credentials, no provenance trail, no IP indemnification for most users.", "category": "visuals", "securityRating": "caution", "securityRatingNote": "Midjourney is a well-funded, profitable company with reasonable infrastructure security. The 'caution' rating reflects the absence of C2PA Content Credentials (a significant gap for editorial use), the lack of IP indemnification for most users, active copyright litigation, default public visibility of all generations, and no explicit commitment regarding training on user content. For non-editorial creative work these are manageable risks; for journalism with provenance requirements they are disqualifying.", "threatLevel": null, "freeOption": false, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Miro", "slug": "miro", "url": "https://miro.com", "tagline": "Collaborative whiteboard for visual planning, investigation mapping, and newsroom brainstorming. SOC 2 and ISO 27001 certified.", "category": "writing", "securityRating": "adequate", "securityRatingNote": "SOC 2 Type II and ISO 27001 certified. Enterprise-grade encryption, SSO, and SCIM on higher tiers. Zero Trust Architecture. The security infrastructure is solid for a collaboration tool at this scale. Free and Starter tiers lack admin controls. Not recommended for boards containing confidential source material or sensitive investigation details — content lives on Miro servers.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Muck Rack", "slug": "muck-rack", "url": "https://muckrack.com", "tagline": "PR database that profiles 600K+ journalists and sells access to communications teams. Free portfolio tools for journalists — but you are the product.", "category": "publishing", "securityRating": "adequate", "securityRatingNote": "Encrypted in transit (TLS 1.2+) and at rest (AES-256). SOC 2 certified with regular security testing and a responsible disclosure program. No major breaches or security incidents in the public record. The primary risk is not technical — it is data exposure by design. Muck Rack's business model requires aggregating journalist contact details and making them accessible to paying PR customers. Journalists on sensitive beats should treat their Muck Rack profile as a public directory listing. The platform does not offer end-to-end encryption, two-factor authentication documentation is not publicly available, and there are no published data residency options. Adequate for general-purpose journalist portfolio and media monitoring use. Not appropriate for journalists who need to minimize their professional footprint or control who can access their contact information.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03" }, { "name": "MuckRock", "slug": "muckrock", "url": "https://www.muckrock.com", "tagline": "File, track, and share public records requests — with a nonprofit that actually files them for you.", "category": "newsgathering", "securityRating": "strong", "securityRatingNote": "Nonprofit with fully aligned incentives. Open-source codebase. Minimal data collection. Funded by Knight Foundation and Democracy Fund, not advertisers. Operates DocumentCloud — the document-publishing infrastructure used by the world's top newsrooms. One of the most trustworthy tools in the journalism ecosystem.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Mullvad VPN", "slug": "mullvad-vpn", "url": "https://mullvad.net", "tagline": "Privacy-focused VPN. No account needed. No logging. Pay with cash or crypto.", "category": "security", "securityRating": "strong", "securityRatingNote": "No-logs policy verified by five independent audits (2024-2026) and a real-world police raid. RAM-only servers across entire 700+ node network. No account or email required. All clients open-source (GPL-3.0, Rust-based). Post-quantum WireGuard enabled by default on all platforms. DAITA v2 counters AI traffic analysis. Swedish jurisdiction does not require VPN data retention. GotaTun WireGuard implementation passed independent audit with no major findings. The gold standard for VPN privacy.", "threatLevel": "high-risk", "freeOption": false, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "n8n", "slug": "n8n", "url": "https://n8n.io", "tagline": "Self-hostable workflow automation with 350+ integrations. Fair-code licensed. The open alternative to Zapier where you keep your data on your own server.", "category": "data", "securityRating": "strong", "securityRatingNote": "Self-hosted n8n keeps all workflow data on your own infrastructure — no third party sees your automations or the data flowing through them. German company subject to GDPR. Cloud version encrypts data in transit and credentials at rest on EU infrastructure. The self-hosting option is what elevates this above cloud-only automation tools for journalism. Rating reflects the self-hosted deployment; cloud-only use would be 'adequate' — same trust model as Zapier but with a smaller, EU-based company.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "NewsGuard", "slug": "newsguard", "url": "https://www.newsguardtech.com", "tagline": "Browser extension that rates news sites on nine journalistic criteria. Used by libraries, advertisers, and AI companies — and now sued by both sides of the trust war.", "category": "verification", "securityRating": "adequate", "securityRatingNote": "Standard commercial SaaS. HTTPS in transit. U.S. jurisdiction. The risk profile here is editorial and political, not technical: NewsGuard sees the URLs you visit, and the company is actively litigating with the FTC. For routine library and classroom use, the security posture is fine. For sensitive newsroom research, use a separate browser profile or skip the extension.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-07" }, { "name": "NorthData", "slug": "northdata", "url": "https://www.northdata.com", "tagline": "European company intelligence engine — 87 million entities across 23 countries with financial indicators, network visualizations, and ownership chains extracted from official registries.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "German company operating under GDPR and Germany's strict federal data protection law. Processes only publicly available official registry data — low sensitivity profile. HTTPS encryption in transit. Data at rest encryption status not publicly documented. No public record of security breaches. The main journalist concern is account activity (search history) potentially revealing investigation targets — use a dedicated research account for sensitive work. Rating reflects solid EU regulatory framework and low-risk data profile, offset by limited public documentation of security practices.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Notion", "slug": "notion", "url": "https://www.notion.com", "tagline": "All-in-one workspace for notes, docs, wikis, and project management.", "category": "writing", "securityRating": "adequate", "securityRatingNote": "Strong encryption and compliance certifications (SOC 2 Type II, ISO 27001/27701/27017/27018). Not zero-knowledge — Notion can access content. Cloud-only storage means you trust Notion with your data. The September 2025 AI agent vulnerability — and Notion's initial dismissal of the HackerOne report — shows that AI features create new attack surfaces that even well-resourced security teams underestimate. The 30-day LLM data retention on non-Enterprise plans is a meaningful gap for newsrooms handling sensitive material. Adequate for general editorial work; not for sensitive source material. Disable AI features unless you are on Enterprise with zero data retention.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Notion Calendar", "slug": "notion-calendar", "url": "https://www.notion.com/product/calendar", "tagline": "Free calendar app integrated with Notion. Fast keyboard-driven interface. Links events to Notion pages for notes and agendas. Formerly Cron (acquired by Notion 2022).", "category": "writing", "securityRating": "adequate", "securityRatingNote": "SOC 2 Type 2 certified, TLS in transit, encryption at rest on Notion and Google infrastructure. The main security consideration is that Notion does not use end-to-end encryption — the company holds the keys and can technically access your data. This is standard for productivity SaaS but means sensitive source information should not be stored in linked Notion pages. Google OAuth means your calendar data flows through both Google and Notion infrastructure. Rating is 'adequate' because the security practices are industry-standard for a productivity tool but do not meet the higher bar needed for source-sensitive journalism workflows.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "OBS Studio", "slug": "obs-studio", "url": "https://obsproject.com", "tagline": "Free, open-source screen recording and live streaming — 60K GitHub stars, zero data collection, no account required.", "category": "visuals", "securityRating": "strong", "securityRatingNote": "Open-source (GPL-2.0), 60K+ GitHub stars, 500+ contributors, publicly auditable code. Fully local processing — no accounts, no telemetry, no network dependency for core functionality. Two CVEs in 2024, both local-only attack vectors, both patched. Funding model (donations + sponsorships) creates zero incentive to monetize user data. The strongest privacy posture in the visuals category.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Obsidian", "slug": "obsidian", "url": "https://obsidian.md", "tagline": "Local-first markdown note-taking. Your files, your device, plain text.", "category": "writing", "securityRating": "strong", "securityRatingNote": "Local-first architecture means no cloud dependency and no company access to your notes by default. Obsidian Sync uses AES-256 E2E encryption (AES-GCM for contents, AES-SIV for file paths). Two independent Cure53 penetration tests (2023, 2024) with all findings fixed. No telemetry, no tracking, no ads. Bootstrapped with no VC — no incentive to weaken privacy for growth metrics. The main risk is the community plugin ecosystem: no sandboxing, full vault and OS access, and the team is too small to audit every update. Use Restricted Mode unless you have vetted your plugins. ~8% market share in note-taking but dominant in the personal knowledge management niche among researchers, developers, and journalists.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Octoparse", "slug": "octoparse", "url": "https://www.octoparse.com", "tagline": "No-code visual web scraper. Point-and-click data extraction with cloud execution, IP rotation, and 469+ pre-built scraper templates.", "category": "data", "securityRating": "caution", "securityRatingNote": "The dual corporate structure — U.S. subsidiary with Chinese parent company — is the primary concern. Cloud-scraped data passes through infrastructure controlled by a company with roots in Shenzhen. The company claims GDPR, CCPA, and Privacy Shield compliance, and its cloud providers have SOC 2 and ISO 27001 certifications. But Meta's 2022 lawsuit against Octopus Data for scraping Facebook/Instagram data raises questions about corporate oversight. For public data scraping, the risk is manageable. For sensitive investigations, use the local extraction mode or switch to open-source scraping tools you control entirely.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Ollama", "slug": "ollama", "url": "https://ollama.com/", "tagline": "Run AI models locally — your data never leaves your machine.", "category": "ai", "securityRating": "strong", "securityRatingNote": "Truly local processing with zero data transmission earns a 'strong' rating for privacy. But that rating assumes localhost-only use. The moment you expose Ollama's API to a network, the rating drops to 'caution' — multiple critical CVEs (including a CVSS 9.3 auth bypass) show the API was not designed for untrusted network exposure. For the intended use case of local-only AI on sensitive documents, nothing is more private. Keep it updated, keep it on localhost, and the security guarantee is absolute.", "threatLevel": "sensitive-reporting", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "OnionShare", "slug": "onionshare", "url": "https://onionshare.org", "tagline": "Share files, host websites, and chat anonymously over Tor. No third-party services.", "category": "security", "securityRating": "strong", "securityRatingNote": "No third-party servers, no metadata collection, peer-to-peer over Tor, open-source under GPL-3.0. Passed a funded penetration test by Radically Open Security with no critical or high findings — auditors could not de-anonymize users. The architecture eliminates most attack vectors by removing intermediaries entirely. Input validation issues in 2.6.2 were patched promptly. The main risk is Tor-level vulnerabilities, which are upstream and outside OnionShare's control.", "threatLevel": "high-risk", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Open WebUI", "slug": "open-webui", "url": "https://openwebui.com", "tagline": "Self-hosted chat interface for local and cloud LLMs. The privacy-first alternative to ChatGPT.", "category": "ai", "securityRating": "strong", "securityRatingNote": "Strong rating assumes self-hosted, localhost-only deployment paired with local models. No data leaves your machine, no accounts required, no telemetry. Rating drops to 'adequate' if exposed to a network without proper access controls — the default install has no authentication enabled.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "OpenCorporates", "slug": "open-corporates", "url": "https://opencorporates.com", "tagline": "World's largest open database of company information. 230+ million entities from 140+ jurisdictions. Free for journalists.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "UK-based certified B-Corp with a corporate transparency mission enshrined in its Articles of Association. The data is public registry information — low sensitivity. Free web search requires no account. Standard web analytics present. API keys are issued per account. No evidence of data breaches or security incidents. Low-risk for journalists; the main concern is data freshness, not security.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Deepened evaluation by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "OpenRefine", "slug": "openrefine", "url": "https://openrefine.org", "tagline": "Clean, transform, and reconcile messy data with reversible operations.", "category": "data", "securityRating": "strong", "securityRatingNote": "Runs entirely locally with no cloud dependency. Open-source with transparent operation logging. Data never leaves your machine unless you use external reconciliation services. Historical CVEs are serious but all patched in 3.8.3+. The lack of authentication is a non-issue for default localhost usage but becomes a real risk if you change the bind address. Keep it updated.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "OpenSanctions", "slug": "opensanctions", "url": "https://www.opensanctions.org", "tagline": "Open-source sanctions, PEP, and criminal-watchlist database — 2.1 million entities aggregated from 328 official sources, free for journalists and non-commercial use.", "category": "newsgathering", "securityRating": "strong", "securityRatingNote": "OpenSanctions runs on EU infrastructure under GDPR, with encryption in transit and at rest, minimal data collection, and a published Trust Center. The dataset itself is public and verifiable — every entity record links back to its original government source, which is the strongest possible form of provenance for investigative work. The pipeline code is open source. The project is run by a journalist with a decade of experience in investigative data work at OCCRP. There is no record of a security incident. For sensitive investigations, the bulk-download workflow lets journalists query offline with no server-side logging at all. Rating reflects strong baseline security plus an unusually transparent trust architecture.\n", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-07" }, { "name": "OpenSecrets", "slug": "opensecrets", "url": "https://www.opensecrets.org", "tagline": "Campaign finance, lobbying, and dark money database for US politics.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Nonprofit-operated public database built from government records. No account required for most use. Standard web analytics present. Low-risk for journalists — the data you are searching is already public. Bulk data account requires email registration.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "OpenStates", "slug": "openstates", "url": "https://openstates.org", "tagline": "Open legislative data from all 50 states, DC, and Puerto Rico — bills, votes, and legislators searchable in one place.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "The data itself is public legislative records with no security sensitivity. The website uses HTTPS. No account required for basic use. The main consideration is that Plural is a commercial entity — your API usage patterns and search queries are visible to the company. For the vast majority of legislative research this is a non-issue. If you are tracking politically sensitive legislation and want no usage trail, download the bulk data instead of using the API.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "OpenStreetMap", "slug": "openstreetmap", "url": "https://www.openstreetmap.org", "tagline": "Open map data used by the Washington Post, LA Times, and Chicago Tribune. Free, community-maintained, no tracking.", "category": "data", "securityRating": "strong", "securityRatingNote": "No user tracking, no advertising, no data monetization. Viewing maps requires no account. The data is open and mirrored globally — no single point of control. The Foundation's privacy policy is minimal by design because minimal data is collected. The main considerations are practical: verify community-maintained data for accuracy, self-host tiles for high-traffic embeds, and be careful about publishing sensitive geographic coordinates. Infrastructure security is adequate for a nonprofit — encryption in transit and at rest, distributed tile servers.\n", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03" }, { "name": "Opus Clip", "slug": "opus-clip", "url": "https://www.opus.pro", "tagline": "AI-powered clip extraction from long-form video. Identifies hooks, reframes for vertical, adds captions, and scores clips for engagement potential. A first-draft machine for repurposing.", "category": "visuals", "securityRating": "adequate", "securityRatingNote": "Opus Clip is a standard venture-backed SaaS product with US-based infrastructure and no documented security red flags. The 'adequate' rating reflects reasonable baseline practices (encryption in transit, US jurisdiction, established investors) balanced against the lack of published security certifications and the requirement to upload full video content to third-party servers. Appropriate for repurposing public content; not appropriate for sensitive pre-publication material.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Orbot", "slug": "orbot", "url": "https://orbot.app", "tagline": "Free, open-source Tor proxy for Android and iOS. Routes your mobile traffic through the Tor network to mask your identity and location. Built by the Guardian Project.", "category": "security", "securityRating": "strong", "securityRatingNote": "Orbot is the mobile implementation of Tor — the most studied and battle-tested anonymity network in existence. The Guardian Project has a 15+ year track record building privacy tools for journalists and activists. The code is fully open source, the Tor network itself undergoes continuous academic scrutiny, and the tool is recommended by CPJ, EFF, RSF, and Freedom of the Press Foundation. The 'strong' rating reflects the tool's provenance, transparency, and the maturity of the underlying Tor network. It does not mean Tor provides absolute anonymity — traffic correlation attacks by nation-state adversaries remain theoretically possible, and operational security mistakes can deanonymize users regardless of the technology. Orbot is strong infrastructure used correctly; it is not a magic cloak.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "OSINT Framework", "slug": "osint-framework", "url": "https://osintframework.com", "tagline": "Clickable directory of 500+ OSINT tools organized by investigation type — the table of contents for online research.", "category": "verification", "securityRating": "adequate", "securityRatingNote": "The framework itself is a static site with zero data collection — minimal attack surface. The risk is downstream: it links to 500+ tools without vetting their security posture, and some linked tools collect query data, require accounts, or operate in adversarial jurisdictions. Treat the framework as a phone book, not an endorsement. Evaluate each linked tool independently before using it on sensitive investigations.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Deepened evaluation by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Otter.ai", "slug": "otter-ai", "url": "https://otter.ai", "tagline": "AI-powered meeting transcription and note-taking — fast and accurate, but your audio trains their models.", "category": "newsgathering", "securityRating": "caution", "securityRatingNote": "SOC 2 Type II and HIPAA compliance show genuine security investment, but the core problem is structural: Otter uploads all audio to US cloud servers and uses content for AI training. The 2025 class action lawsuit and 2024 hospital breach demonstrate real-world consequences of this architecture. Adequate for routine journalism. Not recommended for any work involving confidential sources or sensitive material.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Our World in Data", "slug": "our-world-in-data", "url": "https://ourworldindata.org", "tagline": "Open-source research and data on global development, health, energy, poverty, and environment — from the University of Oxford.", "category": "data", "securityRating": "strong", "securityRatingNote": "No account required. No personal data collected. HTTPS throughout. No advertising or commercial tracking. Open-source codebase auditable on GitHub. Nonprofit with transparent funding. Hosted at the University of Oxford. From a privacy and security perspective, this is among the lowest-risk tools in the directory — a public research website with no user accounts, no tracking, and open-source code.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Overpass Turbo", "slug": "overpass-turbo", "url": "https://overpass-turbo.eu", "tagline": "Web-based query tool for OpenStreetMap data. Extract hospitals, roads, buildings, or any mapped feature from the world's largest open geographic database.", "category": "data", "securityRating": "adequate", "securityRatingNote": "No user accounts, no personal data collection, no data storage — the attack surface is minimal. All queried data is public. HTTPS in transit. The privacy consideration is that your queries reveal what locations and features you're investigating, which matters for sensitive geolocation work. Use a VPN for sensitive queries. The tool itself is open-source (MIT license) and auditable. Adequate for journalism use with basic network-level precautions.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Overview", "slug": "overview", "url": "https://github.com/overview/overview-server", "tagline": "Open-source document clustering and visualization for large investigative sets. Self-host only — the hosted service is gone.", "category": "data", "securityRating": "caution", "securityRatingNote": "Open-source and self-hostable, which is good for data sovereignty. But the software is unmaintained — no security patches since at least 2020 (copyright range 2011-2020). Running unmaintained server software with document upload capabilities is a real risk. The Scala/Play framework and PostgreSQL stack may have unpatched vulnerabilities. Only run on isolated infrastructure, never internet-facing without additional security layers.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "ParseHub", "slug": "parsehub", "url": "https://www.parsehub.com", "tagline": "Visual web scraper. Point-and-click data extraction from JavaScript-heavy websites. No coding required. Desktop app builds the scraper; cloud servers run it.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "HTTPS encryption in transit. Cloud-based processing means all scraped data — and any credentials you use for authenticated scraping — passes through ParseHub's servers in Toronto. Canadian jurisdiction with reasonable privacy laws (PIPEDA). No published security audit or SOC 2 certification. Adequate for scraping public data. Not appropriate for investigations involving sensitive sources, whistleblower material, or login-protected content where credential exposure to a third party is unacceptable.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Perplexity", "slug": "perplexity", "url": "https://www.perplexity.ai", "tagline": "AI search engine with source citations — useful for research, controversial for how it gets those sources.", "category": "ai", "securityRating": "caution", "securityRatingNote": "Search queries are sensitive journalist data. Perplexity collects and retains them by default, with AI training opt-out buried in settings. The company's documented pattern of bypassing robots.txt, disguising crawlers, and reproducing publisher content without permission reveals how it treats consent. 40+ copyright lawsuits pending. Useful tool, real risks. Use only for non-sensitive, public-record research.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "PhantomBuster", "slug": "phantombuster", "url": "https://phantombuster.com", "tagline": "Social media scraping and automation. Extract data from LinkedIn, Twitter, Instagram for investigations.", "category": "data", "securityRating": "caution", "securityRatingNote": "Caution rating reflects two concerns: (1) you must share social media session tokens with PhantomBuster's servers, creating credential exposure risk, and (2) most automations violate target platforms' ToS, risking account suspension. The tool itself uses standard cloud security (TLS, encrypted storage, GDPR compliance). For journalists, the operational risk — losing your LinkedIn or Twitter account mid-investigation — is the primary concern. Use dedicated accounts and understand the legal landscape before deploying.", "threatLevel": null, "freeOption": false, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "PimEyes", "slug": "pimeyes", "url": "https://pimeyes.com", "tagline": "Facial recognition reverse-image search engine — finds photos of a face across the open web. Powerful for identification work, ethically fraught, used by journalists and stalkers alike.", "category": "newsgathering", "securityRating": "caution", "securityRatingNote": "The caution rating is not primarily about technical security — it is about trust, governance, and ethical risk. PimEyes uses HTTPS and standard payment processing, but the company is structurally opaque (registered across Dubai, Belize, Poland, and Seychelles), refuses to disclose data retention or breach history, has been the subject of three open regulatory investigations (UK, Germany, Illinois BIPA), and has been documented enabling stalking, child-image searches, and protest doxing. The opt-out process requires submitting ID to the same company you are trying to escape. For journalism, the tool can produce useful identifications, but using it means trusting an entity with no meaningful accountability and a track record of misuse. Newsrooms should treat PimEyes as a tool of last resort, document its use in published methodology, never query private individuals or minors, and never upload photos of confidential sources. If a comparable result can be obtained with Yandex reverse image search, Google Lens, or direct reporting, prefer those.\n", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-07" }, { "name": "Privacy Badger", "slug": "privacy-badger", "url": "https://privacybadger.org", "tagline": "EFF-built browser extension that blocks invisible trackers and sends Global Privacy Control signals on every page you visit.", "category": "security", "securityRating": "adequate", "securityRatingNote": "Open source (GPLv3), backed by EFF, 3.5k GitHub stars, actively maintained with 10+ releases in 2025. No data collection. GPC signals carry legal weight under CCPA. The 2020 fingerprinting vulnerability in learning mode was responsibly handled — disabled by default, pre-trained lists shipped instead. Manifest V3 transition complete but with reduced capabilities in Chrome. Strong choice as a secondary blocker; not comprehensive enough alone.", "threatLevel": "baseline", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "ProJourn Legal Help", "slug": "projourn-legal", "url": "https://projourn.org/", "tagline": "Connects journalists to pro bono attorneys for legal help with their reporting.", "category": "legal", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Preliminary assessment by Fieldwork", "lastReviewedDate": "2026-04-12" }, { "name": "ProPublica Nonprofit Explorer", "slug": "propublica-nonprofit-explorer", "url": "https://projects.propublica.org/nonprofits/", "tagline": "Search 1.9 million US nonprofits. Every Form 990 filing, executive salary, audit flag, and financial trend — free, no account required.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Nonprofit-operated public database of government records. No account required. Minimal data collection — email alerts are the only feature requiring personal information. The underlying data is public IRS filings. ProPublica has a strong track record on data handling and has proactively addressed IRS data quality issues (SSN redaction, nonpublic form removal). No authentication on the API means no credentials to protect.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Proton Drive", "slug": "proton-drive", "url": "https://proton.me/drive", "tagline": "End-to-end encrypted cloud storage from Proton AG. Swiss jurisdiction. Zero-access encryption means Proton cannot read your files — even under court order.", "category": "security", "securityRating": "strong", "securityRatingNote": "Zero-access E2E encryption with client-side key generation and hierarchical signed key tree. Open-source clients audited by Securitum (no outstanding vulnerabilities). ISO 27001 certified (May 2024). SOC 2 Type II attested (July 2025). Swiss jurisdiction with FDPA protections. File contents are cryptographically undisclosable even under court order. Metadata (IP, payment info) is the attack surface — mitigated by VPN use and anonymous payment. Contest rate on legal orders trending upward (10.6% in 2025 vs 5.9% in 2024).", "threatLevel": "sensitive-reporting", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Proton Mail", "slug": "proton-mail", "url": "https://proton.me/mail", "tagline": "E2E encrypted email under Swiss jurisdiction — but Swiss privacy protections are eroding, and Proton is moving infrastructure to the EU.", "category": "messaging", "securityRating": "caution", "securityRatingNote": "Zero-access encryption remains strong technically. But the pattern of journalist account suspensions, payment metadata sharing with the FBI, 89% law enforcement compliance rate, and the proposed VÜPF revision (ID verification, mandatory decryption, IP logging) represents systemic erosion of the trust assumptions journalists relied on. Proton is responding — €100M+ EuroStack investment, SOC 2 Type II certification, Workspace launch — but the gap between privacy and anonymity continues to widen.", "threatLevel": "sensitive-reporting", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "PubMed", "slug": "pubmed", "url": "https://pubmed.ncbi.nlm.nih.gov", "tagline": "NIH/NLM biomedical literature database. 40M+ citations from MEDLINE and life science journals. Free. The definitive starting point for health and science journalism research.", "category": "newsgathering", "securityRating": "strong", "securityRatingNote": "US government service operated by NIH/NLM with no advertising, no data sales, and no third-party tracking. No account required for searching. Federal security standards apply to infrastructure. The only data you provide is your search query, and the service returns publicly available citation data. There is effectively zero security risk in using PubMed for journalism research. The 'strong' rating reflects the institutional credibility, absence of commercial incentives, and minimal data collection.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "QGIS", "slug": "qgis", "url": "https://qgis.org", "tagline": "Open-source geographic information system used by every serious data journalism team.", "category": "data", "securityRating": "strong", "securityRatingNote": "Runs entirely locally with no telemetry, no accounts, no cloud dependency. Open-source with 579 contributors and active security response. Backed by the OSGeo foundation and 141 sustaining member organizations. 2025 Swiss NCSC penetration test confirmed strong security posture. The only real risk vector is third-party plugins that phone home — manageable by auditing your plugin list and disconnecting when handling sensitive data.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Deepened evaluation by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "QuillBot", "slug": "quillbot", "url": "https://quillbot.com", "tagline": "AI paraphrasing and rewriting tool. Free tier with limits. Owned by Learneo (Course Hero, LanguageTool, Scribbr).", "category": "writing", "securityRating": "caution", "securityRatingNote": "Text is processed on QuillBot servers and, as of November 2025, stored by default for browser extension users (opt-out available). The shift from opt-in to opt-out storage is a meaningful trust signal change. Owned by Learneo, a portfolio company with seven brands in the education/writing space. QuillBot states it does not sell data or allow third-party AI training, but the data collection posture has expanded over time. Not appropriate for confidential source material or sensitive reporting.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Raindrop.io", "slug": "raindrop", "url": "https://raindrop.io", "tagline": "Bookmark and research manager. Save, organize, search, and archive web content across every device.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "TLS in transit, encryption at rest on AWS, and a subscription-funded business model with no advertising or data sales. The founder is transparent about limitations, including the deliberate absence of E2EE. Data is hosted on US-based AWS infrastructure. The single-developer model is a trust consideration in both directions: no corporate pressure to monetize data, but also no team for security audits or incident response. Adequate for organizing public web research. Not appropriate for storing confidential source material or sensitive documents.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03" }, { "name": "RAWGraphs", "slug": "raw-graphs", "url": "https://www.rawgraphs.io", "tagline": "Open-source data visualization for unconventional chart types. All processing happens in your browser.", "category": "data", "securityRating": "strong", "securityRatingNote": "Data never leaves your browser. No server-side processing, no accounts, no data collection. Open source under Apache 2.0 and academically maintained. One of the most privacy-respecting data tools available. Only caveat: exported SVGs can contain raw data values, so review before publishing sensitive work.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "RCFP Legal Defense Hotline", "slug": "rcfp-legal-hotline", "url": "https://www.rcfp.org/legal-hotline", "tagline": "Free legal assistance for subpoenas, records access, newsgathering rights, and defamation threats.", "category": "legal", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Preliminary assessment by Fieldwork", "lastReviewedDate": "2026-04-12" }, { "name": "Readwise Reader", "slug": "readwise-reader", "url": "https://readwise.io/read", "tagline": "Read-later app with highlighting, RSS, annotations, and AI summaries. A power user's Pocket replacement built for people who read for a living.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Encrypted in transit. Small, bootstrapped company with no incentive to monetize user data. The privacy posture is reasonable for a reading tool, but this is a US-hosted cloud service that stores your full reading history, highlights, and annotations. For published articles and public documents, this is fine. For sensitive research materials, use a local tool instead.", "threatLevel": null, "freeOption": false, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "RECAP / CourtListener", "slug": "recap-free-law", "url": "https://free.law/recap", "tagline": "Free access to tens of millions of federal court documents. Browser extension archives PACER purchases and shares them publicly through CourtListener.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Open-source, nonprofit-operated, privacy-focused by design. The extension only activates on PACER/CourtListener domains and does not track users. Sealed documents are architecturally excluded — RECAP cannot access ECF magic links. Strong institutional commitment to open access, backed by 15+ years of operation, major foundation funding, and government adoption (1,000+ verified government users). The main risk is operational: your PACER activity feeds a public archive, which could reveal reporting interests to anyone monitoring new additions.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Remotion", "slug": "remotion", "url": "https://www.remotion.dev", "tagline": "Programmatic video creation using React and TypeScript. Write components, feed data, render MP4s.", "category": "visuals", "securityRating": "strong", "securityRatingNote": "Source-available, local rendering, no data collection during video creation. 41.6k GitHub stars and 604 releases signal active maintenance. The team monitors GitHub's vulnerability scanner and patches moderate-severity issues and above. No SOC 2 or ISO 27001, but the local-first architecture means Remotion never touches your footage or data. The custom license is auditable — you can read every line of code.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Remove.bg", "slug": "remove-bg", "url": "https://www.remove.bg", "tagline": "AI-powered background removal — upload a photo, get a transparent PNG in seconds.", "category": "visuals", "securityRating": "caution", "securityRatingNote": "Images are uploaded to Canva's cloud with no local processing option. Third-party tracking on the website. Broad Canva privacy policy. The tool works well for non-sensitive images, but journalists should never upload photos involving sources, unpublished material, or sensitive locations. Adequate for routine newsroom graphics work with appropriate caution.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Research Rabbit", "slug": "research-rabbit", "url": "https://www.researchrabbit.ai", "tagline": "Visual academic research discovery — 'Spotify for papers.' Start with one paper, discover hundreds through citation mapping, author networks, and AI recommendations. Free, with Zotero integration.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Standard security for a free research discovery tool. HTTPS throughout, no visible advertising trackers. The 'adequate' rating reflects two concerns: first, the company's ownership and funding model are opaque — journalists should know who is behind their tools. Second, an account is required and your research collections inherently reveal your investigative interests. There is no anonymous usage path. For routine academic research this is fine. For sensitive investigative work where your research topics themselves are sensitive, the mandatory account and unclear data practices warrant caution. Use a pseudonymous account for sensitive research and do not rely solely on Research Rabbit for critical work.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Riverside", "slug": "riverside", "url": "https://riverside.fm", "tagline": "Remote recording studio. Records locally on each participant's device — up to 4K video and 48kHz WAV audio, regardless of internet quality.", "category": "visuals", "securityRating": "adequate", "securityRatingNote": "SOC 2 certified. Local-first recording architecture means audio/video quality is not compromised by network conditions. Recordings upload to cloud servers post-session — not end-to-end encrypted between participants. VC-backed with standard data sharing (analytics, marketing tools). Suitable for standard journalism workflows. Not suitable for confidential source interviews where recordings must never touch third-party infrastructure.", "threatLevel": null, "freeOption": false, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03" }, { "name": "Runway", "slug": "runway", "url": "https://runwayml.com", "tagline": "The professional AI video platform. Gen-4.5 leads the Video Arena leaderboard. Used in film and editorial. Training data lawsuits remain unresolved.", "category": "visuals", "securityRating": "caution", "securityRatingNote": "The technical security posture is standard for a venture-backed AI startup at this scale — encryption in transit and at rest, US infrastructure, account-based access. The 'caution' rating reflects unresolved copyright litigation, the leaked internal training data spreadsheet, the absence of IP indemnification on consumer plans, and the broad terms of use Runway claims over uploaded content. None of these are security failures in the traditional sense. They are governance and provenance failures that matter for newsroom adoption.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-07" }, { "name": "SciLine", "slug": "sciline", "url": "https://www.sciline.org", "tagline": "Free expert-matching service from AAAS. Connects journalists with scientists on deadline for science and health reporting.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Nonprofit service with no commercial data incentives. Minimal data collection — journalist requests and scientist profiles for matching purposes only. US jurisdiction under AAAS governance. No advertising or tracking beyond standard analytics. The main consideration is that your story topic and source needs are shared with AAAS staff and matched scientists, which is inherent to the service. Low-risk for standard science reporting. Adequate security posture for a free public interest service.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Scribe", "slug": "scribe", "url": "https://scribehow.com", "tagline": "Auto-generates step-by-step how-to guides from screen recordings. 5M+ users. $1.3B valuation.", "category": "writing", "securityRating": "adequate", "securityRatingNote": "Encryption in transit and at rest. Enterprise tier supports SSO (including Azure) and advanced data controls. The inherent risk is that Scribe captures everything visible on screen during recording — any sensitive information displayed will be included in the generated guide. No published SOC 2 or ISO 27001 certifications found in public materials. Adequate for documenting non-sensitive workflows. Review recordings carefully before sharing.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Scribus", "slug": "scribus", "url": "https://www.scribus.net", "tagline": "Free open-source desktop publishing for newsletters, reports, and print layouts.", "category": "visuals", "securityRating": "strong", "securityRatingNote": "Local-only desktop application with no cloud dependency, no accounts, and no telemetry. Open-source under GPL v2+. The only meaningful attack vector is opening malicious document files — the 1.6.5 SVG fix addressed the most notable instance. No network surface. Strong rating for a desktop tool.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Scrivener", "slug": "scrivener", "url": "https://www.literatureandlatte.com/scrivener", "tagline": "Long-form writing tool with binder, corkboard, and outliner. One-time purchase. Built by a writer who couldn't find anything better.", "category": "writing", "securityRating": "strong", "securityRatingNote": "Fully local architecture with no account, no telemetry, and no content transmission. Independent company with no investor pressure. The only network connection is an optional update check that can be disabled. Privacy posture is excellent — your data never leaves your machine unless you choose to sync via Dropbox or iCloud.", "threatLevel": null, "freeOption": false, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "SEC EDGAR", "slug": "sec-edgar", "url": "https://www.sec.gov/edgar", "tagline": "SEC's electronic filing system. Every public company filing since 1993 — 10-Ks, 10-Qs, 8-Ks, proxy statements, insider trades. Free. The foundation of financial and business journalism.", "category": "newsgathering", "securityRating": "strong", "securityRatingNote": "US government service operated by the SEC with no advertising, no data sales, and no third-party tracking. No account required. All data is public record. The only information you provide is your search query and (for API use) a User-Agent header. There is effectively zero security risk in using EDGAR for journalism research. The 'strong' rating reflects institutional credibility, absence of commercial incentives, and minimal data collection.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "SecureDrop", "slug": "securedrop", "url": "https://securedrop.org", "tagline": "Whistleblower submission platform. Sources submit anonymously via Tor.", "category": "security", "securityRating": "strong", "securityRatingNote": "Purpose-built for source protection. Tor-only access, E2E encryption, no metadata retention, air-gapped viewing. Open-source with six completed security audits (most recent: 7ASecurity, mid-2024 — one medium, two low findings, all patched in v2.10.0). No known incidents of source exposure through SecureDrop itself. Backed by Freedom of the Press Foundation with $20.7M in assets and a dedicated security engineering team led by CTO Jennifer Helsby.", "threatLevel": "sensitive-reporting", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Semantic Scholar", "slug": "semantic-scholar", "url": "https://www.semanticscholar.org", "tagline": "AI-powered academic search engine with 234 million papers. Free, fast, and built by the Allen Institute for AI. The best way to find and understand scientific literature for reporting.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Standard security for a free academic search tool. HTTPS throughout, no advertising trackers, nonprofit operator with no data monetization incentive. The 'adequate' rather than 'strong' rating reflects that this is a search tool, not a security tool — it does not claim or need exceptional privacy protections. The main consideration for journalists: your search queries reveal your investigative interests. Use without an account and through a VPN if researching sensitive topics. Ai2's nonprofit status and research mission align with user interests, but US jurisdiction means data could theoretically be subject to legal process.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Session", "slug": "session", "url": "https://getsession.org", "tagline": "Decentralized encrypted messenger that requires no phone number, no email, and routes messages through onion paths. The most metadata-resistant messenger available — if it survives its funding crisis.", "category": "messaging", "securityRating": "adequate", "securityRatingNote": "Session's privacy architecture is technically superior to Signal for metadata resistance: no phone number, no central server, onion-routed message delivery. The encryption is sound (adapted Signal protocol with modern primitives). The 'adequate' rather than 'strong' rating reflects operational reality: the Session Foundation faces an existential funding crisis as of early 2026, the audit trail is less extensive than Signal's, the development team is smaller, and long-term maintenance is uncertain. A security tool is only as good as its next vulnerability patch. If Session's funding stabilizes and independent audits confirm its implementation, this rating should be revisited upward. For now, journalists should treat Session as a specialized high-metadata-threat tool, not a primary messenger.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Sherlock", "slug": "sherlock", "url": "https://github.com/sherlock-project/sherlock", "tagline": "Find social media accounts by username across 400+ platforms. Command-line OSINT.", "category": "verification", "securityRating": "adequate", "securityRatingNote": "Open-source, runs locally, no data collection. The operational security concern is real: every platform you query sees your IP address and the username you're searching. Some platforms log lookup attempts. Since v0.16.0, built-in Tor support is deprecated — you need an external proxy for anonymity. The tool itself is trustworthy; the risk is in how you use it and whether targets or platforms detect your enumeration activity.", "threatLevel": "sensitive-reporting", "freeOption": true, "openSource": true, "reviewedBy": "Deepened evaluation by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Signal", "slug": "signal", "url": "https://signal.org", "tagline": "E2E encrypted messaging. No ads, no tracking, no compromises.", "category": "messaging", "securityRating": "strong", "securityRatingNote": "Open-source protocol with extensive independent audits and post-quantum cryptography upgrades (PQXDH and SPQR). Sealed sender minimizes metadata. Group attributes now E2E encrypted. No business incentive to weaken privacy. Named to TIME100 Most Influential Companies 2025. ~85 million monthly active users as of late 2025.", "threatLevel": "baseline", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Sky Follower Bridge", "slug": "sky-follower-bridge", "url": "https://github.com/kawamataryo/sky-follower-bridge", "tagline": "Browser extension that finds your Twitter/X contacts on Bluesky — migrate your professional network without starting over.", "category": "publishing", "securityRating": "adequate", "securityRatingNote": "Open-source under MIT license with readable code. Runs locally in the browser with no third-party data collection. The main trust consideration is that it authenticates to your Bluesky account — use OAuth rather than app passwords for better security. Solo developer project means slower security response if issues arise, but the codebase is small and auditable.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Slack", "slug": "slack", "url": "https://slack.com", "tagline": "Team messaging platform. Not end-to-end encrypted — your employer and Salesforce can access messages.", "category": "messaging", "securityRating": "adequate", "securityRatingNote": "Encrypted in transit (TLS 1.2+) and at rest (AES-256), with SOC 2 Type II, SOC 3, ISO 27001 certifications. FedRAMP Moderate authorized since May 2020; GovSlack holds FedRAMP High authorization. Not end-to-end encrypted — Salesforce and workspace admins can read all messages. Enterprise Key Management (EKM) available only on Enterprise Grid, using AWS KMS for customer-controlled encryption keys. Three major real-world incidents in 18 months (Disney 1.1TB exfiltration, Nikkei 17K-user breach, Slack AI prompt injection) demonstrate that Slack's attack surface — particularly through integrations, AI features, and credential theft — is actively exploited. The May 2024 ML training controversy revealed Slack's default opt-in approach to data usage. Adequate for non-sensitive newsroom coordination. Not appropriate for any communication involving sources, confidential tips, or sensitive editorial material.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Social Blade", "slug": "social-blade", "url": "https://socialblade.com", "tagline": "Social media analytics platform. Track follower growth, engagement trends, and channel statistics across YouTube, Twitch, Instagram, and TikTok.", "category": "newsgathering", "securityRating": "caution", "securityRatingNote": "The December 2022 data breach (5.6 million records) is a significant mark against Social Blade's security posture. The platform itself is useful for journalists as a read-only analytics tool, but creating an account carries documented risk. Use it without logging in whenever possible. The free tier's heavy advertising also introduces tracker exposure. Rated caution rather than warning because the core use case (looking up public social media stats) doesn't require sharing sensitive information — but the breach history means you should treat any account data as potentially compromised.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Source of Sources", "slug": "source-of-sources", "url": "https://www.sourceofsources.com", "tagline": "Free expert-finding email service for journalists, from the founder of HARO.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Standard HTTPS. Low-risk for routine source finding. But the privacy policy has no journalist-specific protections, uses advertising cookies, and data-sharing terms are vague. Your query topics are visible to 30K subscribers and logged by the platform. Adequate for everyday reporting; not suitable for sensitive investigations.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "SPJ Legal Defense Fund", "slug": "spj-legal-defense", "url": "https://www.spj.org/ldf.asp", "tagline": "Financial assistance for journalists facing legal challenges related to their reporting.", "category": "legal", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Preliminary assessment by Fieldwork", "lastReviewedDate": "2026-04-12" }, { "name": "Spotify for Creators", "slug": "spotify-creators", "url": "https://creators.spotify.com", "tagline": "Free unlimited podcast hosting from Spotify. Audio and video podcasts, built-in monetization, and distribution to all major platforms.", "category": "publishing", "securityRating": "adequate", "securityRatingNote": "Spotify is a publicly traded company with enterprise-grade infrastructure and GDPR compliance. Encryption in transit is standard. The security concern for journalists is not infrastructure quality but data collection scope — Spotify collects extensive listener behavior data that feeds its advertising business. Your podcast content and listener analytics are on a platform with its own commercial interests. No known breaches of the podcast hosting product specifically. Adequate for most journalism podcast use cases, but journalists covering sensitive topics should weigh Spotify's data practices against the zero-cost hosting.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Squarespace", "slug": "squarespace", "url": "https://www.squarespace.com", "tagline": "Design-forward website builder. Zero code required. The default portfolio platform for freelance journalists.", "category": "publishing", "securityRating": "adequate", "securityRatingNote": "TLS encryption on all customer domains with automatic free SSL certificates. HSTS enforced. Passwords hashed. Two-factor authentication available. Web Application Firewall deployed. Regular penetration testing. PCI-DSS compliant for payment processing. EU-U.S. Data Privacy Framework certified. The July 2024 domain hijacking incident — caused by weak defaults during the Google Domains migration — is the most significant security event in Squarespace's history. The flaw was patched and MFA was mandated for domain management, but it demonstrated that security was not the top priority during a major infrastructure transition. No encryption-at-rest details are publicly disclosed. No SOC 2 or ISO 27001 certifications are publicly claimed. Closed-source platform means no independent code audit is possible. Rating reflects solid baseline security practices offset by the 2024 incident, lack of transparency on at-rest encryption, and absence of third-party security certifications.", "threatLevel": null, "freeOption": false, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03" }, { "name": "Standard Notes", "slug": "standard-notes", "url": "https://standardnotes.com", "tagline": "E2E encrypted note-taking with zero-knowledge sync across devices.", "category": "writing", "securityRating": "strong", "securityRatingNote": "Open-source clients and server (AGPL-3.0), E2E encryption with XChaCha20-Poly1305 and Argon2 key derivation, zero-knowledge architecture, independent audits by Cure53 (penetration test) and Trail of Bits (cryptography audit) in 2021 with all findings resolved. Proton ownership adds organizational credibility — Swiss jurisdiction, track record of resisting government data requests. Freedom of the Press Foundation recommends it for journalists. No business incentive to weaken encryption. Rating would be higher if audits were more recent and development velocity were stronger post-acquisition.", "threatLevel": "sensitive-reporting", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Substack", "slug": "substack", "url": "https://substack.com", "tagline": "Newsletter publishing platform. Free to publish, 10% commission on paid subscribers. Built-in social network and recommendation algorithm.", "category": "publishing", "securityRating": "adequate", "securityRatingNote": "Standard web platform security with TLS and encrypted storage. The risk is not data breach — it is platform dependency and data practices. Substack controls email deliverability, app distribution, and algorithmic visibility. DMs are not end-to-end encrypted. The privacy policy now includes data sharing with AI service providers. Subscriber data is exportable (emails, dates, status), which is the critical safety valve. The real question for journalists is not security but governance: Substack can terminate any writer at any time, and its content moderation philosophy has proven divisive. For journalists covering sensitive topics, the lack of encrypted messaging and the platform's data collection (IP, device, reading behavior, contact syncing) warrant caution.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Deep evaluation by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Substack Defender", "slug": "substack-defender", "url": "https://substack.com/defender", "tagline": "Pre-publication legal review, cease-and-desist response, and up to $1M in legal fee coverage for Substack writers.", "category": "legal", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Preliminary assessment by Fieldwork", "lastReviewedDate": "2026-04-12" }, { "name": "SunCalc", "slug": "suncalc", "url": "https://www.suncalc.org", "tagline": "Sun position and shadow calculator for chronolocation and photo verification. The standard tool in OSINT shadow analysis.", "category": "verification", "securityRating": "adequate", "securityRatingNote": "Open-source, client-side calculations with no server-side data processing. The sole privacy concern is Google Maps: every location you view generates tile requests to Google's servers, exposing coordinates and your IP address. No account, no cookies, no first-party tracking. Rating stays 'adequate' rather than 'strong' because the Google Maps dependency is baked in with no option to swap map providers, and investigators working on sensitive locations (conflict zones, source locations) should treat those tile requests as a metadata trail.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Superdesk", "slug": "superdesk", "url": "https://www.superdesk.org", "tagline": "Open-source newsroom CMS built by Sourcefabric. Used by national news agencies. Headless architecture for multi-platform publishing.", "category": "publishing", "securityRating": "strong", "securityRatingNote": "Open-source, self-hostable, built by a nonprofit with no incentive to monetize user data. Full data ownership on your own infrastructure. The AGPLv3 license ensures the codebase remains open and auditable. EU-based organization subject to GDPR. Rating reflects self-hosted deployment — the software itself has strong architectural foundations for data control, though security depends on your own server administration and keeping the stack updated.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Superhuman", "slug": "superhuman", "url": "https://superhuman.com", "tagline": "AI-powered email client. Fast, keyboard-driven, $30/month.", "category": "writing", "securityRating": "adequate", "securityRatingNote": "Standard cloud email client security — TLS in transit, encrypted at rest, SOC 2 compliant. The concern is not a security flaw but an expanded data surface: your email now flows through both your provider and Superhuman's servers. Read receipts enabled by default are a privacy issue for journalists. Adequate for general newsroom use. Not recommended for source communication on sensitive investigations.", "threatLevel": null, "freeOption": false, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Tableau Public", "slug": "tableau-public", "url": "https://public.tableau.com", "tagline": "Free data visualization platform from Salesforce. Drag-and-drop charts, maps, and dashboards — but every viz you publish is visible to the entire internet, including the underlying data.", "category": "data", "securityRating": "adequate", "securityRatingNote": "Salesforce enterprise-grade infrastructure protects the platform itself — encryption in transit and at rest, SOC 2 compliance, regular audits. The real risk is not a breach. It's the design: everything you publish is intentionally, irrevocably public. Underlying datasets are downloadable by default. Journalists have accidentally exposed source identities, pre-publication data, and PII by not understanding this. Adequate for published, public-interest data. Do not use for anything you wouldn't print on the front page.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Tabula", "slug": "tabula", "url": "https://tabula.technology", "tagline": "Extract tables from PDF files into CSV or spreadsheet format.", "category": "data", "securityRating": "strong", "securityRatingNote": "Fully local processing. Open-source (MIT license, auditable code). No data leaves your machine. No account, no network connection, no telemetry. The strongest privacy posture possible for a data tool — nothing to intercept, nothing to subpoena from a third party.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Tails", "slug": "tails-os", "url": "https://tails.net", "tagline": "Portable operating system that leaves no trace. Runs from USB, routes everything through Tor.", "category": "security", "securityRating": "strong", "securityRatingNote": "The strongest endpoint security option available for journalists. Amnesic design eliminates forensic evidence by default. Kernel-level memory poisoning resists cold boot attacks. Tor routing for all traffic. LUKS2/Argon2id persistent storage passed a 2024 audit clean. Open-source, regularly audited, maintained by the Tor Project since September 2024. Tails 7.6 (March 2026) adds automatic Tor bridge detection. Compared to alternatives: Whonix offers similar Tor routing but runs in a VM (not amnesic, not portable); Qubes OS provides stronger VM isolation but requires dedicated hardware and is far more complex. Tails dominates the portable, leave-no-trace use case that field journalists actually need.", "threatLevel": "high-risk", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Telegram", "slug": "telegram", "url": "https://telegram.org", "tagline": "Cloud-based messaging. NOT end-to-end encrypted by default. Not recommended for journalist-source communication.", "category": "messaging", "securityRating": "warning", "securityRatingNote": "Not E2E encrypted by default. Telegram holds encryption keys for all regular and group chats. Custom MTProto protocol with documented cryptographic weaknesses. Server code closed-source. Infrastructure linked to companies with Russian intelligence ties (IStories/OCCRP, June 2025). Founder under indictment in France on 12 charges. Now shares user data with law enforcement — 900 US requests fulfilled in 2024. 1 billion monthly users but massive abuse problem (44M channels blocked in 2025). Not appropriate for journalist-source communication. Use Signal.", "threatLevel": "sensitive-reporting", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Tella", "slug": "tella", "url": "https://tella-app.org", "tagline": "Encrypts photos, video, and audio on capture. Hides files on-device. Captures verification metadata for evidence. Works offline.", "category": "security", "securityRating": "strong", "securityRatingNote": "AES-256 encryption in CTR mode with PBKDF2 key derivation encrypts all captured media at rest. TLS encryption in transit for all server connections. Subgraph security audit through OTF Red Team Lab found only low-to-medium severity issues — no critical vulnerabilities. Android camouflage hides the app behind a functional calculator. Verification mode captures forensic metadata (file hash, GPS, device ID, cell towers, WiFi networks) for evidentiary integrity. Quick delete enables emergency data destruction. Fully open source with a dedicated FOSS version that strips all proprietary dependencies. Local-only by default — no data leaves the device without explicit user action. Built and maintained by a 501(c)(3) nonprofit with OTF grant funding and a published security audit.", "threatLevel": "high-risk", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03" }, { "name": "Threads", "slug": "threads", "url": "https://www.threads.net", "tagline": "Meta's text-based social platform. 400M+ monthly active users. Instagram integration. No link demotion. ActivityPub federation in progress.", "category": "publishing", "securityRating": "caution", "securityRatingNote": "TLS encryption in transit. Encryption at rest for stored data. The core concern is not technical security but data practices. Meta collects 28 categories of user data per the App Store privacy label, including location, browsing history, contacts, and financial information. This data feeds cross-platform ad targeting. DMs are not end-to-end encrypted. Meta has been fined $1.3 billion for GDPR violations and $392 million for deceptive location tracking. For standard journalism use — sharing stories, building audience, monitoring public discourse — the platform functions. For any communication involving sources, confidential information, or sensitive investigations, Meta products are the wrong tool. The 'caution' rating reflects the data collection scope, not a technical vulnerability.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03" }, { "name": "Threema", "slug": "threema", "url": "https://threema.ch", "tagline": "Swiss encrypted messenger with no phone number required. Paid, private, and metadata-minimal — the privacy-first alternative to Signal for journalists who want to stay off the grid entirely.", "category": "messaging", "securityRating": "strong", "securityRatingNote": "Threema earns a strong rating on privacy architecture: no phone number required, metadata minimized to near-zero, servers exclusively in Switzerland, open source with reproducible builds, regular external audits (Cure53), ISO 27001 certified, Perfect Forward Secrecy, and a business model aligned with user privacy (paid product, no ads, no data monetization). The 2023 ETH Zurich protocol critique was addressed rapidly with a new protocol and independent audit. The one area where Signal edges ahead: Signal's sealed sender feature hides even the sender's identity from Signal's servers, which Threema does not yet implement. But Threema's overall metadata posture — especially the no-phone-number requirement — makes it arguably the strongest option for journalists who need anonymous, unlinkable communication channels.", "threatLevel": null, "freeOption": false, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "TinEye", "slug": "tineye", "url": "https://tineye.com", "tagline": "Reverse image search built for finding the oldest instance of an image and tracking how it was modified.", "category": "verification", "securityRating": "strong", "securityRatingNote": "Canadian jurisdiction under PIPEDA. No account required for basic use. Images deleted within seconds of search — never stored, indexed, or used for training. No search history retained. No data sold. Bootstrapped company with no investor pressure to monetize user data. One of the cleanest privacy postures among verification tools.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Deepened evaluation by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Topaz Labs", "slug": "topaz", "url": "https://www.topazlabs.com", "tagline": "Desktop AI for image and video upscaling, denoising, and sharpening. Processes locally. Useful for enhancing low-quality source material, surveillance footage, and archival media.", "category": "visuals", "securityRating": "strong", "securityRatingNote": "Local-only processing is the strongest possible posture for sensitive source material. No user content leaves the machine. No cloud dependency for core features. No third-party server exposure. The 'strong' rating reflects this architecture — your footage stays on your hardware. The only network activity is license activation and software updates. For journalists working with sensitive visual material, this is the ideal model.", "threatLevel": null, "freeOption": false, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Tor Browser", "slug": "tor-browser", "url": "https://www.torproject.org/download/", "tagline": "Anonymous web browsing via the Tor network. Prevents traffic analysis and fingerprinting.", "category": "security", "securityRating": "strong", "securityRatingNote": "Battle-tested anonymity network with ~8,000 relays serving millions daily. Open-source, with regular independent audits (Radically Open Security for ESR transitions, 7ASecurity code audit in 2025, Cure53 for censorship circumvention tools). The 2024 German timing attack is the most significant documented deanonymization — but it targeted outdated software and required months of surveillance plus ISP cooperation. Current versions have mitigations. CVE-2024-9680 was critical but patched in under 25 hours. Merged with Tails OS in 2024, strengthening both projects. Funding is diversifying away from US government dependency. Exit-node vulnerability remains a known limitation — mitigated by HTTPS-only mode.", "threatLevel": "sensitive-reporting", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "TRAC (Transactional Records Access Clearinghouse)", "slug": "trac", "url": "https://trac.syr.edu", "tagline": "Federal enforcement data obtained through FOIA — immigration courts, IRS audits, federal prosecutions, staffing. Built by and for journalists at Syracuse University.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Nonprofit research organization with a 35-year track record of handling sensitive federal enforcement data. HTTPS on both domains. The data itself is public record obtained through FOIA. No commercial tracking. The main considerations are organizational: TRAC is a small operation dependent on grant funding, and the domain migration introduces a transition period. For the nature of the data and the use case, security is adequate.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Transistor.fm", "slug": "transistor", "url": "https://transistor.fm", "tagline": "Professional podcast hosting with unlimited shows per account. Multi-show support, analytics, private podcasting, and distribution to all directories.", "category": "publishing", "securityRating": "adequate", "securityRatingNote": "Bootstrapped indie company with straightforward business model — revenue from subscriptions, not advertising or data. No known data breaches. IAB 2.1 compliant analytics. US-hosted infrastructure. No advertising trackers on the platform. The simplicity of the business model is a security positive: Transistor has no incentive to monetize your listener data. Adequate for journalism podcast hosting. The main consideration is that it's a small independent company — no SOC 2 certification mentioned, and long-term viability depends on continued subscription revenue.", "threatLevel": null, "freeOption": false, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Tresorit", "slug": "tresorit", "url": "https://tresorit.com", "tagline": "End-to-end encrypted cloud storage. Swiss jurisdiction. Zero-knowledge architecture. Owned by Swiss Post since 2021.", "category": "security", "securityRating": "strong", "securityRatingNote": "AES-256 client-side encryption with RSA-4096 key exchange. Zero-knowledge architecture — Tresorit cannot decrypt file contents even under court order. ISO 27001:2022 certified by TUV Rheinland. GDPR, HIPAA, CCPA, NIS2, TISAX compliant. Swiss jurisdiction under Federal Data Protection Act. Non-convergent encryption prevents content matching across users. Primary limitation: closed-source code with no publicly available independent security audit of the encryption implementation. Business recovery master key feature creates a potential access path for designated administrators. Metadata (IP, device info, account data) is not encrypted and can be disclosed under Swiss legal process.", "threatLevel": "sensitive-reporting", "freeOption": false, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03" }, { "name": "TrialWatch", "slug": "clooney-trialwatch", "url": "https://cfj.org/trialwatch/", "tagline": "Free legal aid and trial monitoring for journalists facing criminal prosecution in 40+ countries.", "category": "legal", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Preliminary assessment by Fieldwork", "lastReviewedDate": "2026-04-12" }, { "name": "TrustLaw", "slug": "trustlaw", "url": "https://trfoundation.my.site.com/trustlaw/s/login/SelfRegister", "tagline": "Pro bono legal assistance from 550+ law firms in 170 countries for nonprofit newsrooms.", "category": "legal", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Preliminary assessment by Fieldwork", "lastReviewedDate": "2026-04-12" }, { "name": "Turboscribe", "slug": "turboscribe", "url": "https://turboscribe.ai", "tagline": "Fast AI transcription with multiple engine options. Free tier available. Cloud-processed with speaker labels, timestamps, and export formats.", "category": "visuals", "securityRating": "adequate", "securityRatingNote": "Standard cloud transcription service with HTTPS in transit. States it doesn't train on user data. However, no ISO certification, no SOC 2, no published DPA, no auto-delete, and limited transparency about data handling. Adequate for non-sensitive transcription work but not recommended for confidential source material. Good Tape and local Whisper are better choices when privacy matters.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "uBlock Origin", "slug": "ublock-origin", "url": "https://ublockorigin.com", "tagline": "Open-source content blocker. Blocks ads, trackers, and malware domains locally in your browser with zero data collection.", "category": "security", "securityRating": "strong", "securityRatingNote": "Open source, zero data collection, zero monetization, zero financial conflicts. 39M+ combined users across Chrome (29M) and Firefox (10M+) as of late 2025. Code is publicly auditable on GitHub with cryptographically signed releases. One low-severity CVE in 2025, promptly patched. The developer's decade-long refusal of all money is unmatched in the extension ecosystem. Firefox version retains full MV2 capability; Chrome MV3 version is functional but reduced. The biggest real risk isn't the extension itself — it's installing a malicious clone by mistake.", "threatLevel": "baseline", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Upscayl", "slug": "upscayl", "url": "https://upscayl.org", "tagline": "Open-source AI image upscaler — enhance low-resolution photos locally on your machine, no cloud required.", "category": "visuals", "securityRating": "strong", "securityRatingNote": "Open-source under AGPL-3.0, fully local processing via Vulkan GPU, no network connections, no accounts, no telemetry. Images never leave your machine. One of the few AI image tools that runs entirely offline. The separate Upscayl Cloud product does not share these properties — this rating applies only to the desktop app.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "US Journalist Assistance Network", "slug": "journalist-assistance-network", "url": "https://cpj.org/us-journalist-assistance-network/", "tagline": "Coordinated legal, safety, immigration, and digital security resources for US journalists.", "category": "legal", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Preliminary assessment by Fieldwork", "lastReviewedDate": "2026-04-12" }, { "name": "USAFacts", "slug": "usafacts", "url": "https://usafacts.org", "tagline": "Non-partisan government data platform founded by Steve Ballmer — spending, demographics, outcomes, and trends from 100+ government databases.", "category": "data", "securityRating": "strong", "securityRatingNote": "No account required. No personal data collected for basic use. HTTPS throughout. No advertising or commercial tracking. Nonprofit with well-capitalized funding. The data is entirely derived from public government sources. From a privacy and security perspective, this is one of the lowest-risk tools in the directory — you are reading public data on a nonprofit website with no tracking.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "USASpending.gov", "slug": "usaspending", "url": "https://usaspending.gov", "tagline": "The official source for federal spending data — contracts, grants, loans, and direct payments, searchable by agency, recipient, and location.", "category": "newsgathering", "securityRating": "strong", "securityRatingNote": "Federal government website operated by the U.S. Treasury on government infrastructure. HTTPS throughout. Subject to federal cybersecurity standards (FISMA). No account required. No commercial tracking or advertising. All data is public record. One of the most straightforward government data tools from a security and privacy perspective.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "VeraCrypt", "slug": "veracrypt", "url": "https://veracrypt.fr", "tagline": "Full-disk and volume encryption. The successor to TrueCrypt.", "category": "security", "securityRating": "strong", "securityRatingNote": "Two independent security audits (QuarksLab 2016 for EU-FOSSA, Fraunhofer SIT 2020 for German BSI) found no serious cryptographic vulnerabilities. FBI has stated in court it cannot break VeraCrypt and has no backdoor. No publicly documented case of VeraCrypt encryption defeated through cryptanalysis. Supports AES, Serpent, Twofish, and cascaded combinations with 500,000+ PBKDF2 iterations. RAM encryption for master keys available on 64-bit Windows (since v1.24). Active development: v1.26.24 released May 2025 with screen capture protection and ARM64 SHA-256 acceleration. Hidden volume feature provides plausible deniability unique among encryption tools, though with forensic limitations.", "threatLevel": "sensitive-reporting", "freeOption": true, "openSource": true, "reviewedBy": "Deepened editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "VesselFinder", "slug": "vessel-finder", "url": "https://www.vesselfinder.com", "tagline": "Real-time ship tracking via terrestrial and satellite AIS — affordable alternative to MarineTraffic with global coverage, 90-day history on top tier, and no-account browsing.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "EU-based company operating under GDPR with HTTPS encryption in transit. The underlying data is publicly broadcast AIS information — low sensitivity. Free browsing without an account minimizes data exposure for casual lookups. Limited corporate transparency about infrastructure and security practices compared to larger competitors. No public record of data breaches. Main journalist concern is search-history exposure if using a logged-in account during sensitive investigations, not the vessel data itself.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Violation Tracker", "slug": "violation-tracker", "url": "https://violationtracker.goodjobsfirst.org", "tagline": "700,000+ corporate penalties totaling over $1 trillion since 2000. The largest free corporate misconduct database in the world.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Public database of public records operated by an established 501(c)(3) nonprofit since 2015. No account required for basic searches. Minimal data collection. No tracking concerns for journalist use. The only privacy consideration is that paid subscribers provide payment information through the subscription system.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "VirusTotal", "slug": "virustotal", "url": "https://www.virustotal.com", "tagline": "Scan suspicious files and URLs against 70+ antivirus engines before opening them.", "category": "security", "securityRating": "adequate", "securityRatingNote": "Strong scanning coverage across 70+ engines — best-in-class for multi-engine file and URL analysis. The privacy model is the weak point: free-tier uploads are permanently stored and shared with vendors and premium subscribers. The 2023 customer data leak demonstrated operational security gaps. Google ownership provides infrastructure reliability but means Google's data practices apply to account data. Rating stays 'adequate' because the tool works exactly as designed — the risk is users not understanding what 'upload' means here.", "threatLevel": "baseline", "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Watch Duty", "slug": "watch-duty", "url": "https://www.watchduty.org", "tagline": "Real-time wildfire tracking from 150+ trained volunteer monitors. Faster than official alerts. Critical for western US journalists covering fire.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Nonprofit with no advertising or data monetization model. Encrypted in transit. Requires location data for core functionality, which is a standard trade-off for a geolocation-based alert app. No known data breaches or privacy incidents. Rating reflects a straightforward utility app from a mission-driven nonprofit — adequate for its purpose with no unusual trust concerns.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Wayback Machine", "slug": "wayback-machine", "url": "https://web.archive.org", "tagline": "Access archived versions of web pages going back to 1996. Over 1 trillion pages captured.", "category": "verification", "securityRating": "caution", "securityRatingNote": "Downgraded from 'adequate' after the October 2024 breach exposed 31 million user records. The Archive is a trusted nonprofit with a 28-year track record, but its security posture failed under sustained attack. Browsing is logged, no E2EE for searches. Use Tor for sensitive queries. The publisher-blocking trend is a reliability concern, not a security one — but it means the archive's coverage of news content is shrinking in real time.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "WhatsApp", "slug": "whatsapp", "url": "https://www.whatsapp.com", "tagline": "E2E encrypted messaging owned by Meta. Strong encryption, hostile metadata environment. Use Signal instead.", "category": "messaging", "securityRating": "caution", "securityRatingNote": "Strong message encryption (Signal protocol with Curve25519, AES-256, perfect forward secrecy) undermined by Meta's metadata collection, cross-platform data sharing, lack of sealed sender, whistleblower allegations of 1,500 engineers with unaudited metadata access, documented spyware targeting of journalists (Paragon Graphite, NSO Pegasus), and forced Meta AI integration. Cloud backups unencrypted by default. 89% of journalists in democratic countries use Signal instead. WhatsApp is a fallback, not a recommendation.", "threatLevel": "sensitive-reporting", "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Whisper", "slug": "whisper", "url": "https://github.com/openai/whisper", "tagline": "Local speech-to-text transcription that never sends audio to the cloud.", "category": "visuals", "securityRating": "strong", "securityRatingNote": "Runs entirely locally with no network dependency. MIT-licensed open-source model with full code and weight transparency. No telemetry, no data collection, no cloud requirement. Audio never leaves your device. The hallucination problem is an accuracy concern, not a security concern — it does not compromise confidentiality. The strongest privacy posture of any transcription tool available: zero data exposure by design.", "threatLevel": "sensitive-reporting", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Wire", "slug": "wire", "url": "https://wire.com", "tagline": "E2E encrypted messaging with MLS protocol, enterprise group features, and European data sovereignty. Now backed by Schwarz Group.", "category": "messaging", "securityRating": "strong", "securityRatingNote": "First messenger with full MLS (IETF RFC 9420) production implementation. Open-source clients independently audited by Kudelski Security and X41 D-Sec. E2E encryption on by default for all content types including calls and file sharing. No phone number required for registration. Stores more metadata than Signal (contact lists, 72-hour connection logs) but well above industry average. Ownership changes and Swiss surveillance law evolution warrant monitoring.", "threatLevel": "sensitive-reporting", "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "WireGuard", "slug": "wireguard", "url": "https://www.wireguard.com", "tagline": "Modern VPN protocol built into the Linux kernel. Fast, minimal, auditable. The cryptographic foundation under Mullvad, many commercial VPNs, and custom setups.", "category": "security", "securityRating": "strong", "securityRatingNote": "Formally verified cryptographic protocol with ~4,000 lines of auditable code. Built into the Linux kernel. Uses modern, opinionated cryptography with no legacy cipher negotiation. No central infrastructure, no data collection, no accounts. The minimal attack surface and formal verification by INRIA put WireGuard in a different class than most VPN solutions. Rating reflects the protocol itself — your overall VPN security also depends on server configuration and operational practices.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11" }, { "name": "Wispr Flow", "slug": "wispr-flow", "url": "https://www.wispr.ai/", "tagline": "AI voice dictation that formats text based on app context.", "category": "visuals", "securityRating": "caution", "securityRatingNote": "Screen capture and voice audio sent to third-party AI providers (OpenAI, Meta's Llama) is a significant privacy concern for journalism workflows. All processing is cloud-only — there is no local option. Privacy Mode prevents retention but not transmission. SOC 2 Type II, ISO 27001, and HIPAA certifications demonstrate real security investment, but the architecture is fundamentally incompatible with source protection. The tool is well-built and the company is increasingly transparent, but 17+ outages in Q1 2026 raise reliability questions for deadline-driven journalism.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "WordPress", "slug": "wordpress", "url": "https://wordpress.org", "tagline": "Powers 43% of the web. Self-hosted gives full control. Open source since 2003.", "category": "publishing", "securityRating": "adequate", "securityRatingNote": "WordPress core is well-maintained — only 7 vulnerabilities in 2024, none critical. The Abilities API in 6.9 improved permission granularity. But the plugin ecosystem is a minefield: 11,334 vulnerabilities in 2025, 43% exploitable without authentication. Self-hosted gives full data control but demands active maintenance. The Mullenweg/WP Engine dispute revealed a deeper issue: WordPress.org infrastructure is effectively controlled by one company, creating a single point of governance failure for 43% of the web. Rating reflects strong core security offset by ecosystem risk and governance concerns.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Zapier", "slug": "zapier", "url": "https://zapier.com", "tagline": "Workflow automation platform connecting 8,000+ apps. Move data between tools, trigger alerts, auto-publish, and stitch together newsroom workflows without code.", "category": "data", "securityRating": "adequate", "securityRatingNote": "SOC 2 Type II certified, GDPR-compliant, encryption in transit and at rest, OAuth-based connections to third-party apps. The structural issue is unavoidable: Zapier is a hub that sees everything flowing through your workflows, and task history stores payloads for up to 30 days. For routine newsroom automation that doesn't involve source identities or sensitive documents, this is fine. For anything you wouldn't put in plain email, use a self-hosted alternative like n8n instead.", "threatLevel": "baseline", "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-07" }, { "name": "Zoom", "slug": "zoom", "url": "https://zoom.us", "tagline": "Video conferencing with optional E2E encryption. Free tier: 40-minute group meetings.", "category": "messaging", "securityRating": "adequate", "securityRatingNote": "AES-256 GCM encryption by default, optional E2EE and post-quantum E2EE (Kyber-768) on all plans, SOC 2 Type II and ISO 27001 certified, under FTC consent order through ~2026 with mandatory third-party audits. E2EE is off by default and disables essential journalist features (recording, transcription) when enabled. High vulnerability volume (30+ CVEs in 2025, 36 in 2024) but responsive patching — critical CVE-2026-22844 (CVSS 9.9) was patched before exploitation. The 2023 AI training policy reversal and 2021 FTC settlement for false encryption claims are serious trust flags. France's 2026 government ban signals growing institutional skepticism. Adequate for routine use; enable E2EE for anything sensitive, or use Jitsi Meet/Signal.", "threatLevel": null, "freeOption": true, "openSource": false, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02" }, { "name": "Zotero", "slug": "zotero", "url": "https://www.zotero.org", "tagline": "Citation and research manager. Collect, organize, annotate, and cite sources across any publication style.", "category": "newsgathering", "securityRating": "adequate", "securityRatingNote": "Open-source code with full transparency. Nonprofit ownership with no financial incentive to monetize data. Local-first architecture means all data stays on your machine unless you opt into syncing. TLS for all sync traffic. At-rest encryption enabled on cloud services, but not end-to-end — Zotero servers can decrypt for web access. Funded by foundations and subscriptions, not advertising or data sales. The translation server (used by the browser connector to fetch metadata) logs URLs, which is a minor privacy consideration for sensitive research. Strong trust profile overall: open source, nonprofit, grant-funded, no tracking, 15+ years of operation.", "threatLevel": null, "freeOption": true, "openSource": true, "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03" } ] }