{ "meta": { "generated_at": "2026-05-17T12:34:45.618Z", "schema_version": "1.0", "total_count": 243, "source": "https://fieldwork.news", "license": "CC-BY-SA 4.0" }, "data": [ { "name": "1Password", "slug": "1password", "url": "https://1password.com", "tagline": "Password manager with free access for journalists.", "category": "security", "whoItsFor": "Every journalist. Password management is the single most impactful security improvement most reporters can make. Also essential for researchers, activists, and anyone handling sensitive sources.", "pricing": "Individual: $3.99/month (up from $2.99, March 2026 increase). Families: $5.99/month. Teams Starter Pack: $19.95/month flat for up to 10 users. Business: $7.99/user/month. Enterprise: custom pricing. All prices with annual billing.", "journalistDiscount": "Free Teams plan for verified journalists via 1Password for Journalists program. Apply at 1password.com/for-journalists. Freelancers without org email can apply with their work email.", "freeOption": true, "editorialTake": "1Password is the default recommendation for journalists, and the free journalist program makes it a no-brainer. Zero-knowledge architecture means 1Password cannot access your passwords even under legal compulsion. The Secret Key — a 34-character key unique to your device — adds a layer Bitwarden and most competitors lack: even if someone steals your master password, they cannot decrypt your vault without it. Travel Mode lets you strip sensitive vaults from your device at border crossings. The 2023 Okta incident touched 1Password's internal Okta tenant but never reached user vaults — a real-world stress test of their architecture. Bitwarden is the credible open-source alternative (and cheaper), but 1Password's UX, passkey support, and journalist program tip the balance for most newsrooms. The March 2026 price hike on consumer plans doesn't affect the journalist program.", "bestFor": "Everyone. Password management, passkey storage, 2FA codes, secure credential sharing with colleagues, Travel Mode for border crossings.", "notFor": "If you need self-hosted infrastructure for compliance or airgap requirements, Bitwarden's self-host option is better. Otherwise, there is no good reason for a journalist not to use a password manager.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Canada (AgileBits Inc. headquarters in Toronto). Data stored in region of user's choice: US, EU, Canada, or Australia.", "privacyPolicyTldr": "Zero-knowledge architecture. 1Password cannot access, read, or share your vault data. Decryption requires both your Master Password and a 34-character Secret Key that 1Password never holds. They collect minimal metadata (account info, usage analytics) but never vault contents. AES-256-bit encryption throughout.", "practicalMitigations": "Use a strong, unique Master Password (not reused anywhere). Store your Secret Key printout in a physical safe. Enable 2FA on your 1Password account. Use Watchtower to identify weak/reused/breached passwords. Share credentials via 1Password vaults, never email or Slack. Enable Travel Mode before crossing borders. Be alert to phishing: 1Password will never email you from non-@1password.com domains asking you to reset your password (targeted phishing campaigns hit users in March 2025).", "owner": "AgileBits Inc. (dba 1Password), Toronto, Canada", "fundingModel": "Venture-backed. $920M total raised across 3 rounds (Series A $200M in 2019, Series B $100M in 2021, Series C $620M in 2021). Last valuation $6.8B (2022). Investors include Accel, ICONIQ Growth, Tiger Global. Founded 2005, was profitable before raising VC. Hit $400M ARR in October 2025. Actively interviewing banks for IPO as of late 2024. Founders completed $100M secondary sale in October 2025.", "businessModel": "SaaS subscriptions across consumer, teams, business, and enterprise tiers. Expanding into Extended Access Management (XAM) — device trust, SaaS governance, and agentic AI credential brokering. Acquired Trelica (UK, SaaS management) in January 2025. Journalist program is goodwill/loss-leader under 1Password for Good initiative.", "knownIssues": "October 2023: Okta support system breach gave attackers access to 1Password's internal Okta tenant. No user vault data was accessed — the incident was contained to employee-facing admin systems. 1Password detected and stopped the intrusion within days. August 2024: macOS vulnerability (CVE) allowed local attackers to hijack inter-process communication and impersonate trusted 1Password integrations (browser extension, CLI). Patched in version 8.10.38. No evidence of exploitation in the wild. August 2025: DEF CON 33 presentation by researcher Marek Tóth disclosed browser extension vulnerabilities affecting multiple password managers including 1Password. March 2025: Targeted phishing campaign impersonated 1Password Watchtower breach alerts. VC funding and IPO trajectory raise long-term questions about whether the journalist program continues indefinitely, but $400M ARR and 150K+ business customers suggest the program is a rounding error on their P&L. Consumer price hike in March 2026 signals margin pressure.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "relatedPrograms": [ "1password-journalists" ], "securityRating": "strong", "securityRatingNote": "Zero-knowledge encryption with unique Secret Key, AES-256, SOC 2 Type 2, ISO 27001/27017/27018/27701 certified, regular pentests by Cure53 and Bishop Fox (reports on Trust Center since November 2025), regional data residency choice, passkey support across all platforms, and free for journalists. No user data has ever been compromised. The gold standard for journalist security tools." }, { "name": "Adobe Firefly", "slug": "adobe-firefly", "url": "https://www.adobe.com/products/firefly.html", "tagline": "AI image generation with Content Credentials baked in. Trained on Adobe Stock and licensed content. The closest thing to a defensible AI image tool for newsrooms.", "category": "visuals", "additionalCategories": [ "ai" ], "openSource": false, "builtForJournalism": false, "whoItsFor": "Newsrooms and journalists who need illustration, photo composites, or generative fill for editorial graphics and want a clear provenance trail. Visual editors who need to defend AI use to lawyers, audiences, and standards desks. Adobe Creative Cloud customers who already have Photoshop and want generative tools that don't poison their commercial work with copyright risk.", "pricing": "Free tier: 25 generative credits per month (no commercial indemnification). Firefly Standard: $9.99/month (2,000 credits). Firefly Pro: $29.99/month (7,000 credits, video generation). Firefly Premium: $199.99/month for heavy video work. Bundled into Creative Cloud All Apps ($59.99/month) with 4,000 credits per user. Enterprise plans include IP indemnification — Adobe will defend customers against copyright claims arising from Firefly outputs.", "freeOption": true, "editorialTake": "Firefly is the AI image tool you can defend in an editorial meeting. Adobe trained it on Adobe Stock, openly licensed content, and public domain — not the open web — which sidesteps the lawsuits hitting Midjourney, Stability, and Runway. Every generation gets Content Credentials embedded as C2PA metadata: model used, prompt history, edit history. That provenance trail is what compliance teams, ad platforms, and standards editors increasingly require. Firefly was first released in March 2023 and has shipped four model generations since. Image Model 4 and 4 Ultra arrived in 2025 with photorealistic output that finally competes with Midjourney and Flux on quality. Video generation launched in 2024 and has expanded through 2025 and 2026 — Firefly now also routes to third-party models (Google Veo, OpenAI, Runway) inside the same interface, with Adobe-style guardrails. Output quality still trails Midjourney for stylized work, but for editorial illustration where the legal story matters more than the aesthetic, Firefly is the rational choice. The catch: Adobe's pricing is deliberately tangled with Creative Cloud. Standalone Firefly plans exist, but Adobe wants you on the $60/month bundle. And the credit system means heavy users can blow through allocations fast, especially on video.", "bestFor": "Editorial illustrations and concept art where you need to show how the image was made. Generative fill and expand inside Photoshop for legitimate photo retouching (extending backgrounds, removing distractions). Stock-style hero images for explainers and newsletters. Any AI image use where C2PA Content Credentials are a publication requirement. Newsrooms that have committed to provenance standards (BBC, NYT, Reuters guidance).", "notFor": "Photojournalism. News photos. Anything depicting real events or real people in factual contexts — AI imagery in news has clear editorial limits and Firefly does not change that. Stylized or surreal output where Midjourney still wins on aesthetic. Any workflow where you can't accept Adobe's credit system and Creative Cloud lock-in. Generating images of identifiable public figures (Adobe blocks most of this anyway).", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (Adobe Inc., headquartered in San Jose, California). Data processed across Adobe's global infrastructure. Adobe is SOC 2 Type II, ISO 27001, and FedRAMP authorized for some products.", "privacyPolicyTldr": "Adobe ID account required. Prompts and generated outputs are stored on Adobe servers. Adobe does NOT train Firefly on Creative Cloud customer content — this is a contractual commitment, not just a default setting. Free-tier user prompts may be reviewed for safety and abuse. Enterprise plans include IP indemnification covering copyright claims on Firefly outputs. Content Credentials are attached automatically and survive most export workflows.", "practicalMitigations": "Use a paid plan (Standard or Creative Cloud) if you need commercial rights and indemnification — the free tier does not cover commercial use. Keep Content Credentials enabled on export so downstream publishers can verify provenance. Don't upload sensitive source photos for generative fill — they sit on Adobe's servers. For purely editorial illustration, Firefly is fine; for anything depicting a real person or event, don't use generative AI at all. Document AI use in your captions and corrections policy. If you're an enterprise, get the indemnification clause in writing.", "owner": "Adobe Inc. (NASDAQ: ADBE). Public company headquartered in San Jose, California. CEO Shantanu Narayen. Market cap roughly $200B as of early 2026.", "fundingModel": "Public company. Adobe reported $21.5B in fiscal 2024 revenue and roughly $23B in fiscal 2025. Firefly is part of the Digital Media segment, which is the larger of Adobe's two reporting segments.", "businessModel": "Subscription SaaS. Creative Cloud is the core business. Firefly is sold standalone, bundled into Creative Cloud, and licensed to enterprises with IP indemnification. Adobe also licenses Firefly models through APIs to enterprise customers including newsrooms, marketing platforms, and ad networks.", "knownIssues": "Adobe acknowledged in 2024 that a small portion of Firefly training data included AI-generated images from Midjourney and other models that had been uploaded to Adobe Stock — undermining the 'trained only on licensed content' marketing claim. Adobe says the affected images were a small fraction and the contractual indemnification still holds. Pricing structure is opaque — Adobe steers users toward Creative Cloud bundles rather than standalone Firefly plans, and credit allocations have been quietly changed multiple times. Image quality on Image Model 3 trailed Midjourney significantly; Image Model 4 narrows the gap but stylized output is still weaker. Generative credit system can be exhausted quickly on video work.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-07", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "Adobe is a mature enterprise software company with SOC 2 Type II, ISO 27001, and FedRAMP authorizations across various products. The contractual commitment not to train on customer content and the IP indemnification on enterprise plans are meaningful protections that competitors do not match. Content Credentials provide a verifiable provenance chain. The 'adequate' rating reflects Adobe's overall security posture and the unresolved questions about training data composition — not a specific concern about Firefly itself." }, { "name": "Adobe Podcast Enhance", "slug": "adobe-podcast", "url": "https://podcast.adobe.com/enhance", "tagline": "Free AI audio cleanup that makes any recording sound studio-quality. The single best rescue tool for noisy interviews. Upload, wait, download.", "category": "visuals", "additionalCategories": [ "ai" ], "openSource": false, "builtForJournalism": false, "whoItsFor": "Reporters who recorded an interview in a coffee shop, on a sidewalk, in a moving car, or over a bad phone line and need to make it broadcastable. Podcast producers cleaning up remote guest audio. Documentary teams rescuing field recordings. Anyone whose field recorder picked up traffic, HVAC, or room echo and who can't go back and re-record.", "pricing": "Free with an Adobe ID. No credit card. Free tier currently allows about 1 hour of enhancements per day, files up to 500MB, individual file length up to 30 minutes. Premium tier (bundled with Creative Cloud or Adobe Express subscriptions) raises file length to about 2 hours and increases daily processing. Adobe has not committed to keeping the free tier free indefinitely.", "freeOption": true, "editorialTake": "Adobe Podcast Enhance is the rare AI tool that does one thing absurdly well and asks nothing in return. Upload an audio file, wait, download a version that sounds like it was recorded in a treated studio. The model removes background noise, room echo, hum, hiss, and microphone proximity problems while preserving the speaker's voice with surprising fidelity. It is not subtle — Enhance applies a strong, consistent processing chain — but for journalism the trade-off is almost always worth it. A 60-second clip from a noisy press conference becomes usable broadcast audio. A phone interview becomes a podcast segment. Released in 2022 and continuously updated since, Enhance v2 (rolled out in late 2024 and refined through 2026) handles longer files, preserves more speech texture, and ships in both web and mobile interfaces. Adobe Podcast also includes recording, editing, and transcription tools, but Enhance is the one journalists actually use. Two real limits: it processes audio in the cloud, so sensitive recordings leave your machine; and the free tier could disappear or shrink at any time, since Adobe has been steadily moving Adobe Podcast features toward paid tiers. For now, it's free and it works. The closest alternatives are Auphonic (cheap, good, less aggressive), Krisp (real-time, weaker), and Descript Studio Sound (built into Descript, very good). For pure rescue work on a recorded file, Adobe still wins.", "bestFor": "Rescuing interviews recorded in noisy environments. Cleaning up phone or Zoom audio for podcast use. Removing room echo from speakers recorded with built-in laptop mics. Salvaging field recordings from press conferences, courtrooms, protests. Quick cleanup of voice memos before transcription. Documentary recording rescue when re-shooting isn't possible.", "notFor": "Music or anything that isn't speech — Enhance is tuned aggressively for voices and will mangle music. Sensitive source audio you can't legally upload to a third-party cloud service. Subtle audio work where the broadcast-style processing is too heavy-handed (try Auphonic or DaVinci Resolve Fairlight). Real-time call cleanup (use Krisp or NVIDIA Broadcast). Workflows that need to stay fully local — Enhance is cloud-only.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (Adobe Inc., headquartered in San Jose, California). Audio processed in Adobe's cloud infrastructure. Adobe is SOC 2 Type II and ISO 27001 certified across its product lines.", "privacyPolicyTldr": "Adobe ID required. Uploaded audio is processed on Adobe servers. Adobe's general policy is not to use Creative Cloud customer content for AI training, and that commitment extends to Adobe Podcast. Files are retained temporarily for processing and then deleted on a schedule that Adobe documents in its product privacy notes. The free product is governed by Adobe's general terms of service rather than an enterprise contract.", "practicalMitigations": "Don't upload unpublished investigative recordings, source identity audio, or anything covered by a confidentiality agreement — it all leaves your machine. Download and delete the enhanced file from Adobe's servers as soon as you have it. For sensitive material, use a local alternative like iZotope RX (paid, much more capable) or DaVinci Resolve Fairlight (free, requires more skill). For routine field interviews where the content is destined for publication anyway, the cloud upload risk is minimal. Watch for pricing changes — the free tier is generous now but is not contractually guaranteed.", "owner": "Adobe Inc. (NASDAQ: ADBE). Public company headquartered in San Jose, California. CEO Shantanu Narayen.", "fundingModel": "Public company. Adobe reported around $23B in fiscal 2025 revenue. Adobe Podcast sits inside the Digital Media segment as a standalone web product, separate from the Creative Cloud bundle (though Premium features tie back to Creative Cloud subscriptions).", "businessModel": "Free with Adobe ID, with a paid tier bundled into Creative Cloud and Adobe Express subscriptions. Adobe Podcast is positioned as an audience and funnel product for Creative Cloud — get journalists and podcasters into the Adobe ecosystem with a free tool that solves a real problem, then upsell into Audition, Premiere, and the wider bundle.", "knownIssues": "Aggressive processing can introduce artifacts on already-clean audio — running good audio through Enhance often makes it sound worse. The free tier limits (file length, daily processing) have been tightened multiple times since launch and could change again. Cloud-only architecture means no offline workflow and no local control over sensitive audio. Adobe has not committed to keeping the free tier free, and other Adobe Podcast features have already moved behind paywalls. Occasional service outages during high-load periods. Mobile app has fewer controls than the web version.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-07", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "Adobe is a mature enterprise vendor with SOC 2 Type II and ISO 27001 across its product lines, and the contractual commitment not to train on customer content applies to Adobe Podcast. Files are processed in Adobe's US cloud and deleted on a documented schedule. The 'adequate' rating reflects standard Adobe security posture and the cloud-only architecture — fine for routine field audio destined for publication, not appropriate for confidential source material that should never leave your machine." }, { "name": "Airtable", "slug": "airtable", "url": "https://airtable.com", "tagline": "Relational database with a spreadsheet interface. The go-to for editorial calendars, source tracking, and investigation management in newsrooms.", "category": "data", "openSource": false, "whoItsFor": "Newsrooms managing editorial workflows, tracking sources across investigations, or building custom databases without code. Used by Time, the Minneapolis Star Tribune, and dozens of local outlets for everything from story budgets to FOIA logs.", "pricing": "Free: 1,000 records/base, 5 editors, 1,000 API calls/month. Team: $20/seat/month (50K records/base). Business: $45/seat/month (125K records/base). Enterprise: custom. AI credits bundled into all plans; overage via Credit Packs. Prices jumped sharply in 2024-2025 — Team rose 67% (from $12) and Business rose 87% (from $24).", "freeOption": true, "editorialTake": "Airtable is the best tool for journalists who need structured, relational data without touching SQL. Editorial calendars, source tracking, FOIA management, tipline intake, investigation databases — it handles all of these better than spreadsheets because it links records across tables. The Minneapolis Star Tribune used it to analyze 2,000 police reports for an investigative series. Time uses it to track production expenses and freelancer payments. The relational model is the real differentiator over Google Sheets: you can link articles to sources, photos, newsletters, and social posts in one base. Notion databases are more flexible for docs but weaker for structured data workflows. Google Sheets is free and familiar but has no relational features, no granular permissions, and no automation. The downside: Airtable is cloud-hosted, not zero-knowledge. The company can access your data. AI features (field agents, document analysis, sentiment tagging) are now bundled into all plans but consume credits. And the free tier got worse — API calls capped at 1,000/month as of January 2025, which kills most integrations. Encrypted in transit and at rest (AES-256), SOC 2 Type II and ISO 27001 certified.", "bestFor": "Editorial calendars, source databases, FOIA tracking, investigation management, reader engagement tracking, grant management, any structured relational workflow.", "notFor": "Storing confidential source identities — this is cloud-hosted and not zero-knowledge. The free tier's 1,000-record limit and 1,000 API calls/month cap make it impractical for large datasets or integration-heavy workflows. If you need local-only storage, use a SQLite database or spreadsheet.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States by default (AWS). Enterprise Scale plan offers EU data residency (Frankfurt/Dublin).", "privacyPolicyTldr": "Airtable encrypts data in transit (TLS) and at rest (AES-256). Not zero-knowledge — the company can access your data for service operation. AI features process data through Airtable's infrastructure but do not retain customer data with third-party AI vendors, and Airtable does not use customer data to train models. GDPR-compliant with EU Standard Contractual Clauses. Privacy policy updated February 2026; DPA updated December 2025. No HIPAA BAA available on standard plans.", "practicalMitigations": "Never store sensitive source identities in Airtable. Review sharing permissions carefully — shared views expose data to anyone with the link, and even read-only collaborators can copy cell data or download full pages via browser tools. Password-protect shared views when possible (paid plans only). Use strong passwords and enable 2FA. Free tier limits revision history to 2 weeks. Disable link-sharing on bases containing unpublished investigation data.", "owner": "Formagrid Inc. (dba Airtable)", "fundingModel": "Venture-backed. Raised $1.4B across 7 rounds. Peak valuation $11.7B (2021), now ~$4B on secondary markets. CEO says roughly half of capital remains and the company is cash-flow positive as of late 2024. Investors include Thrive Capital, Coatue, D1 Capital.", "businessModel": "Freemium SaaS. Revenue from Team, Business, and Enterprise subscriptions. Launched Superagent (multi-agent AI research product) in January 2026 as a separate product line ($20-$200/user/month). Potential IPO in 2026. Laid off ~27% of workforce (500 people) in 2022-2023 to refocus on enterprise.", "knownIssues": "Free plan API calls capped at 1,000/month since January 2025 — breaks most integrations and automations for free users. Shared views have a structural security gap: read-only collaborators can copy all visible cell data and download page contents via browser DevTools. October 2025 billing change eliminated prorated refunds for mid-cycle seat removals. No major public data breaches on record, but Airtable API keys are among the most commonly leaked secrets on GitHub (per GitGuardian). Record limits (1K free, 50K Team, 125K Business) can become a hard ceiling for large investigations.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "relatedPrograms": [ "airtable-nonprofits" ], "securityRating": "adequate", "securityRatingNote": "Strong encryption and compliance certifications (SOC 2 Type II, ISO 27001). Cloud-hosted and not zero-knowledge. Shared view permissions have structural limits — read-only users can still extract data. No HIPAA BAA on standard plans. Adequate for editorial workflows, not for sensitive source material." }, { "name": "Aleph (OCCRP)", "slug": "aleph-occrp", "url": "https://aleph.occrp.org", "tagline": "Search 1 billion+ records across 180+ countries — corporate registries, leaked databases, sanctions lists, court records. The investigative journalist's follow-the-money search engine.", "category": "newsgathering", "additionalCategories": [ "data" ], "openSource": true, "builtForJournalism": true, "whoItsFor": "Investigative journalists doing cross-border financial investigations. Researchers tracking beneficial ownership, shell companies, and sanctions evasion. NGOs and civil society groups working on corruption, money laundering, or kleptocracy. Also useful for due-diligence analysts at nonprofits and compliance teams — though commercial access tiers are coming in 2026.", "pricing": "Free for journalists, researchers, and the public at aleph.occrp.org. Nonprofit journalism organizations get full Aleph Pro access at no cost. Public interest groups (civic tech, civil society) get access at cost. Commercial tiers launching 2026.", "freeOption": true, "editorialTake": "Aleph is the single most important open database for cross-border financial investigations. OCCRP built it to power their own reporting — Panama Papers, FinCEN Files, Troika Laundromat — then opened it to everyone. It indexes 1 billion+ records from 300+ datasets across 180+ countries: corporate registries, sanctions lists, court records, leaked databases, land registries, air and maritime registries. The entity cross-referencing is the killer feature — upload your own data, and Aleph will find matches against its entire corpus. In December 2025, OCCRP migrated to Aleph Pro, a ground-up rebuild with faster search, better data ingestion, automated risk scoring, and knowledge graph generation. The open-source original lives on as OpenAleph, maintained by the Data and Research Center (DARC). One major caveat: OCCRP lost 38% of its funding when USAID was gutted in early 2025, laid off a fifth of its staff, and cut 80% of sub-grants to partner newsrooms. The organization is surviving on European government funding and a pivot to earned revenue through Aleph Pro's commercial tiers. The platform is not going away, but the funding instability is real and worth understanding.", "bestFor": "Cross-border corporate investigations. Tracing beneficial ownership through shell company networks. Cross-referencing your source data against leaked databases, sanctions lists, and corporate registries from 180+ countries. Finding connections between people, companies, and addresses that no single national database would reveal. Investigating money flows across jurisdictions.", "notFor": "US-only investigations with no international angle — use OpenSecrets, PACER, SEC EDGAR, or state-level databases. Not a general-purpose search engine. Not a real-time monitoring tool. Coverage is strongest in Eastern Europe and former Soviet states; some countries have thin or outdated records.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "OCCRP infrastructure, primarily Europe. Aleph Pro runs on OCCRP-managed servers. User accounts, uploaded investigation data, and search queries are stored on these servers.", "privacyPolicyTldr": "OCCRP is a nonprofit journalism organization. Account data is minimal — email and name. Search queries are logged for system performance and may be visible to OCCRP staff. OCCRP does not sell data or serve advertising. Protected datasets (leaks, sensitive archives) require case-by-case access approval. The platform exists to support investigative journalism, not to monetize users.", "practicalMitigations": "Register with a professional journalism email for faster access approval. Your search queries are logged on OCCRP servers — if investigating entities that might monitor their own exposure, your search pattern could reveal your interest. Consider what queries you run and when. Use Aleph's cross-referencing feature to batch-compare your data against the full corpus rather than running individual name searches. For sensitive investigations, consider running OpenAleph on your own infrastructure — it's fully open source and self-hostable. Be aware that leaked datasets are not always complete; always verify findings against primary sources.", "owner": "OCCRP (Organized Crime and Corruption Reporting Project)", "fundingModel": "Historically grant-funded, primarily by USAID (52% of budget from 2014-2023), European governments, and journalism foundations. After USAID cuts in early 2025, OCCRP lost 38% of operational funds. Now diversifying: European government grants, small-dollar donations ($375K raised), $3M in emergency pledges from major grantors, and forthcoming Aleph Pro commercial revenue tiers in 2026.", "businessModel": "Nonprofit transitioning to hybrid model. Aleph Pro is free for nonprofit journalism, at-cost for public interest groups, and will offer paid commercial tiers in 2026. This earned-revenue strategy is explicitly designed to reduce dependence on government grants after the USAID crisis.", "knownIssues": "OCCRP's funding crisis is the elephant in the room. The organization lost 38% of its budget when USAID funding was frozen in early 2025, laid off 40 staff (20%), cut salaries, and eliminated 80% of sub-grants to partner newsrooms. European governments and emergency donations have stabilized operations, but long-term sustainability depends on Aleph Pro commercial revenue that hasn't launched yet. On the platform side: coverage is uneven — Eastern Europe and former Soviet states are deep, but some regions have thin records. Leaked datasets are incomplete by nature. The original open-source Aleph codebase will no longer be maintained by OCCRP after December 2025 — it continues as OpenAleph under DARC. New account registrations and extended data access requests have been temporarily unavailable during the Aleph Pro migration. UX research found persistent issues with information architecture: users struggle to understand what data sources they're searching, how to interpret results, and how to verify provenance of records.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "Nonprofit-operated, open-source platform built specifically for investigative journalists. Strong institutional commitment to source protection — OCCRP has a decade-plus track record on major leak investigations. Search queries are logged and visible to OCCRP staff, which is a consideration for sensitive investigations. The Aleph Pro rebuild modernizes the security stack, but the funding instability introduces organizational risk: a nonprofit under financial pressure is inherently less predictable than a well-capitalized one. For maximum control, self-host OpenAleph. For most journalists, the free hosted version at aleph.occrp.org remains the best option." }, { "name": "Amnesty MVT (Mobile Verification Toolkit)", "slug": "amnesty-mvt", "url": "https://github.com/mvt-project/mvt", "tagline": "Open-source forensic toolkit from Amnesty International's Security Lab. Scans iOS and Android backups for traces of Pegasus and other mobile spyware. The tool the Pegasus Project used to confirm infections.", "category": "security", "openSource": true, "builtForJournalism": true, "threatLevel": "high-risk", "whoItsFor": "Journalists, human rights defenders, lawyers, and activists in hostile environments who have reason to believe their phones may be targeted by state-grade spyware. Forensic investigators and digital security trainers supporting at-risk reporters. Anyone covering authoritarian regimes, organized crime, or surveillance abuses who needs to check whether their device has been compromised.", "pricing": "Free. Open source, MIT-licensed-with-restrictions (custom Mozilla Public License variant prohibiting non-consensual use).", "freeOption": true, "editorialTake": "MVT is the tool Amnesty International's Security Lab used to confirm Pegasus infections in the Pegasus Project — the 2021 investigation that found NSO Group spyware on the phones of journalists, activists, and heads of state across at least 50 countries. It is the most credible publicly available forensic tool for detecting mobile spyware, and there is nothing comparable in the commercial market. The job MVT does: take an encrypted iTunes backup of an iPhone, or a logical extraction of an Android device, and scan it against a library of indicators of compromise (IOCs) — file hashes, suspicious process names, known command-and-control domains, anomalous SMS and iMessage records — published by Amnesty and other research groups. If MVT finds a match, you have probable evidence of infection. If it finds nothing, you have meaningful but not absolute reassurance. The honest limits: MVT detects what we already know about. Zero-day exploits and unknown spyware families will not appear in any IOC list until researchers find them. Pegasus operators have repeatedly updated their malware to evade prior detection signatures. MVT is also a command-line tool that requires comfort with the terminal, Python, and an understanding of mobile forensics — this is not a one-click app for nervous users. Amnesty explicitly recommends working with a digital security professional rather than self-diagnosing. For high-risk reporters in countries that buy commercial spyware (Mexico, Saudi Arabia, India, Hungary, Morocco, UAE, and dozens more documented by Citizen Lab), MVT is essential infrastructure. For everyone else, the realistic answer is: you almost certainly do not need this, and if you think you might, you need a trained investigator running it for you, not a tutorial.", "bestFor": "Confirming or ruling out known Pegasus, Predator, and other commercial mercenary spyware on a specific device. Forensic baselining when an at-risk journalist suspects targeting. Training and capacity-building for digital security helpdesks at press freedom organizations. Building IOC libraries from new spyware research. Documenting infections for legal and advocacy work.", "notFor": "Real-time protection — MVT is forensic, not preventive. It does not block or remove spyware. Detecting unknown or zero-day spyware that has no published IOCs. Self-diagnosis by users without a forensics background — interpreting results requires expertise, and false positives are common. Routine personal threat modeling for journalists who are not specifically targeted by state actors. Replacing a security helpdesk like Access Now's Digital Security Helpline, which can run MVT for you.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Software is open source, hosted on GitHub (Microsoft, US). The toolkit runs locally on your machine — there is no server-side component, no telemetry, no data sent to Amnesty or anyone else. Your forensic data stays on the device you run it on. Indicators of compromise (STIX2 files) are downloaded from public Amnesty and partner repositories.", "privacyPolicyTldr": "No privacy policy needed — MVT does not collect or transmit data. It is a local command-line tool. The only network calls are to fetch updated IOC files from public GitHub repositories. Your phone backups, scan outputs, and findings never leave your computer unless you choose to share them.", "practicalMitigations": "Run MVT on an air-gapped or trusted forensics workstation, never on the suspect device itself. Always use encrypted iOS backups (set a backup password in Finder/iTunes) — MVT requires this to extract iMessage and other encrypted records. For Android, follow Amnesty's documentation carefully — the Android extraction process is more limited and more invasive. Update IOC files from the official mvt-project and Amnesty repositories before each scan. Do not interpret results yourself if your safety depends on it — contact Access Now Digital Security Helpline (free, 24/7, multilingual), Citizen Lab, or Amnesty's Security Lab for analysis. Document everything: scan outputs, timestamps, device serial numbers, and chain of custody if findings might be used legally. Assume that running MVT does not make your phone secure going forward — if you find an infection, treat the device as permanently compromised and replace it.", "owner": "Amnesty International — Security Lab (mvt-project on GitHub, with contributions from independent researchers)", "fundingModel": "Funded by Amnesty International as part of its Security Lab program. Amnesty is a nonprofit funded by individual donations, foundation grants, and member contributions. Receives no government funding for its core human rights work.", "businessModel": "Not a business. MVT is a public-interest research tool released free under an open source license. Amnesty's Security Lab also publishes IOC reports, technical writeups, and helps coordinate international forensic investigations. Paid commercial use, especially for surveillance or against the consent of device owners, is explicitly prohibited by the license.", "knownIssues": "Detection is signature-based — only finds spyware with published indicators. Updated NSO and Intellexa malware variants have evaded prior MVT signatures until new IOCs are published. Android support is significantly weaker than iOS support because Android's forensic surface is fragmented across manufacturers and harder to extract from non-rooted devices. Command-line interface is a real barrier for non-technical users. Encrypted iOS backups are mandatory for full results, which trips up first-time users. False positives happen and require expert interpretation. Citizen Lab and Amnesty have warned repeatedly that absence of evidence is not evidence of absence — a clean MVT scan does not mean a phone is uninfected, only that no known signatures matched.", "reviewedBy": "Editorial assessment by Mike Schneider — based on public security research and audits", "lastReviewedDate": "2026-04-07", "relatedPrograms": [], "securityRating": "strong", "securityRatingNote": "MVT is the gold standard for publicly available mobile spyware forensics. Built and maintained by Amnesty International's Security Lab, used in the Pegasus Project, peer-reviewed by Citizen Lab and independent researchers, fully open source, runs locally with no telemetry. The 'strong' rating reflects the tool itself — its provenance, transparency, and technical quality. It does not mean MVT will catch everything: signature-based detection is inherently limited, and unknown spyware will not appear in any IOC list. The right mental model is a smoke detector, not a force field. If you are a high-risk journalist who thinks you may be targeted, MVT is the right tool — but run it through a trained forensic investigator at Access Now, Citizen Lab, or Amnesty rather than going it alone." }, { "name": "Apify", "slug": "apify", "url": "https://apify.com", "tagline": "Web scraping and automation platform. 20,000+ pre-built scrapers, managed proxy infrastructure, and a complete data pipeline — code optional.", "category": "data", "openSource": false, "whoItsFor": "Data journalists and newsroom developers who need web scraping at scale — monitoring government websites, tracking price changes, aggregating public records, or building automated data pipelines. Apify offers 20,000+ pre-built scrapers (called Actors) for common sites, plus a platform for building custom scrapers in JavaScript or Python. More technical than Octoparse or ParseHub, but more powerful and transparent.", "pricing": "Free: $5 in monthly platform credits, no credit card required. Starter: from $29/month. Scale and Enterprise tiers available. Pay-as-you-go model — you buy credits and spend them on compute (GB RAM x hours). Some Store Actors add per-result fees. Pricing can be unpredictable for large-scale projects because costs depend on compute usage, not flat rates.", "freeOption": true, "editorialTake": "Apify is the developer-friendly scraping platform. Where Octoparse and ParseHub are visual point-and-click tools, Apify gives you a full platform: pre-built scrapers for 20,000+ sites, a code editor for custom scrapers (JavaScript/Python), managed proxies with IP rotation, cloud execution, and integrations with everything (Google Sheets, Slack, webhooks, APIs). For newsrooms with even basic developer resources, it's the most capable scraping platform available. The pre-built Actor store is the killer feature. Need to scrape Google Maps listings, Twitter/X profiles, Amazon products, or government websites? Someone has probably already built and shared an Actor for it. You configure parameters, run it, and get structured data. For custom work, you write scrapers using Apify's SDK (built on Puppeteer/Playwright) and deploy them to their cloud. The company is based in Prague, Czech Republic — EU jurisdiction, which matters for data protection. Apify is SOC 2 Type II, GDPR, and CCPA compliant. Revenue doubled from $6.4M to $13.3M between 2023 and 2024 with a profitable business model, suggesting financial stability. The pricing model is the main friction point: credit-based billing tied to compute usage is harder to budget than flat monthly rates. A scraping job that costs $2 one week might cost $20 the next if the target site's structure changes and requires more retries.", "bestFor": "Automated, repeatable web scraping at scale. Monitoring government websites for changes. Building data pipelines from web sources. Teams with some developer capability who want a managed platform rather than running their own infrastructure. The pre-built Actor store for common scraping targets.", "notFor": "Non-technical journalists who need pure point-and-click simplicity (use Octoparse or Instant Data Scraper instead). Predictable monthly budgeting — credit-based pricing fluctuates with usage. One-off quick scrapes that don't justify platform setup. Sensitive scraping where you need full control over infrastructure (run Scrapy locally instead).", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "European Union (Czech Republic). Apify is headquartered in Prague. SOC 2 Type II, GDPR, and CCPA compliant. EU jurisdiction provides stronger data protection baseline than U.S.-based alternatives.", "privacyPolicyTldr": "Apify is SOC 2 Type II certified, GDPR compliant, and CCPA compliant. Based in the EU (Czech Republic). Claims 99.95% uptime. Enterprise-grade security posture. Scraped data is stored on Apify's cloud infrastructure with configurable retention. Standard account data collected. Data processing agreements available for enterprise customers.", "practicalMitigations": "For sensitive investigations, run Apify Actors locally using the open-source Apify SDK rather than the cloud platform — this keeps scraped data on your machine. Use Apify's data retention settings to auto-delete scraped data after export. Review Actor source code before running third-party Actors from the Store — they execute on your account. For the most sensitive work, write your own scrapers with Scrapy or Playwright locally instead of using any cloud platform.", "owner": "Apify Technologies s.r.o. (private, Prague, Czech Republic). Founded in 2015 by Jakub Balada and Jan Curn.", "fundingModel": "VC-backed. $3.29M raised from J&T Ventures, Reflex Capital, and Y Combinator. Relatively lean funding for a company generating $13.3M revenue — suggests capital efficiency and a path to sustainability.", "businessModel": "Usage-based SaaS. Free tier with $5 monthly credits. Revenue from subscription plans (Starter from $29/mo) plus compute usage billing. Pre-built Actor marketplace where developers earn revenue from their scrapers. 155 employees. Revenue reached $13.3M in 2024, profitable at EUR 0.8M profit in 2023.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "SOC 2 Type II certified, GDPR and CCPA compliant, headquartered in the EU (Czech Republic). Stronger compliance posture than most scraping tools. Scraped data passes through their cloud infrastructure, but the EU jurisdiction and SOC 2 certification provide meaningful assurance. The open-source SDK lets you run scrapers locally for sensitive work. Adequate for most journalism scraping; use local tools for the most sensitive investigations." }, { "name": "Arc Search", "slug": "arc-search", "url": "https://arc.net", "tagline": "AI-powered mobile browser from The Browser Company. 'Browse for Me' reads multiple pages and synthesizes answers. Ad-free. Now owned by Atlassian.", "category": "newsgathering", "whoItsFor": "Journalists who want a fast, AI-assisted mobile browser for quick research on the go. Reporters who need to synthesize information from multiple sources quickly without opening dozens of tabs. Anyone curious about AI-powered browsing who wants a clean, ad-free mobile experience.", "pricing": "Free", "freeOption": true, "editorialTake": "Arc Search is a stripped-down, AI-first mobile browser built by The Browser Company. Its headline feature, 'Browse for Me,' takes a query, reads multiple web pages simultaneously, and generates a synthesized summary with citations — effectively doing the first pass of research for you. For quick backgrounding (who is this person, what happened at this event, what does this company do), it saves real time. The summaries cite their sources, so you can click through to verify. The browser itself is fast, ad-free, and minimal. No tab clutter, no visual noise. It does one thing well: get you to information quickly. The critical context: The Browser Company stopped active development on Arc (both desktop and mobile) in May 2025 to focus entirely on Dia, its next-generation AI browser. Atlassian acquired The Browser Company in September 2025 for $610 million. The company says Arc Search will continue to function but is in maintenance mode — no new features are coming. Dia launched for Mac in October 2025 with the URL bar doubling as an AI chatbot. For journalists, Arc Search remains useful today but is a dead-end product. The AI summaries are convenient for backgrounding but are not a substitute for reading primary sources. 'Browse for Me' can hallucinate, merge facts from different sources incorrectly, or miss critical context that a human researcher would catch. Use it as a starting point, not a conclusion. The bigger question: do you want to build workflows around a product that is no longer being developed? If you are already using it and it works for you, fine. If you are evaluating new tools, watch Dia instead.", "bestFor": "Quick mobile research and backgrounding. Getting fast synthesized answers to factual questions while on the go. Ad-free, distraction-free mobile browsing. Scanning multiple sources quickly when you do not have time to open each one individually.", "notFor": "Primary research for published reporting (always verify AI summaries against original sources). Desktop browsing (Arc desktop is also in maintenance mode — use Firefox, Brave, or Chrome). Journalists who need a stable, actively developed tool with a long-term roadmap. Privacy-sensitive work (the AI features require sending your queries to The Browser Company's servers). Any workflow where you need to trust AI output without verification.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (The Browser Company, New York — now subsidiary of Atlassian, headquartered in Sydney, Australia, with US operations in San Francisco). Firebase backend encrypted at rest. 'Browse for Me' queries are processed server-side.", "privacyPolicyTldr": "The Browser Company states it will never sell user data and has no advertising business. Anonymized telemetry is collected via Segment (no PII). Browsing history, bookmarks, searches, and autofill data are not logged. Crash reports are collected via Sentry. The 'Browse for Me' feature sends your queries to The Browser Company's servers for AI processing — the privacy implications of this under Atlassian ownership are unclear. Firebase data is encrypted at rest.", "practicalMitigations": "Treat 'Browse for Me' summaries as leads, not facts — always click through to verify against original sources before publishing. Be aware that your AI queries are processed server-side; do not use 'Browse for Me' for sensitive investigative queries that could reveal your reporting interests. For privacy-sensitive browsing, use Firefox with strict tracking protection or Tor Browser instead. Monitor Atlassian's privacy policy updates — the acquisition may change data handling practices. Consider whether investing time in a maintenance-mode product makes sense for your workflow.", "owner": "The Browser Company (subsidiary of Atlassian since September 2025)", "fundingModel": "Acquired. The Browser Company raised $128 million total ($50M Series A at $550M valuation in March 2024, led by Pace Capital). Atlassian acquired the company for $610 million in cash in September 2025. Investors included Jeff Weiner (LinkedIn), Ev Williams (Medium), Dylan Field (Figma), and Jason Warner (GitHub).", "businessModel": "Free product with no direct revenue model. The Browser Company's strategy was to build a large user base before monetizing. Under Atlassian ownership, the company is focused on Dia (the successor browser), not Arc Search. Arc Search has no monetization path.", "knownIssues": "Arc Search and Arc desktop are in maintenance mode — no new features are being developed. The Browser Company publicly stated in May 2025 that all engineering resources are focused on Dia. Atlassian acquired the company in September 2025, introducing uncertainty about long-term data handling, product direction, and whether Arc Search will eventually be sunset. 'Browse for Me' AI summaries can contain inaccuracies, merged facts, or miss critical context — this is inherent to AI summarization and is not unique to Arc but is especially important for journalists who might rely on these summaries. The product requires an internet connection for AI features (no offline fallback). iOS only for the mobile app; Android availability is limited.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "Standard browser security practices: TLS in transit, Firebase encryption at rest, no advertising or data sales. The privacy posture is better than Chrome (no ad-tracking business model) but weaker than Firefox or Brave (not open source, AI queries are processed server-side). The Atlassian acquisition introduces governance uncertainty — Atlassian's enterprise data practices may eventually supersede The Browser Company's original privacy commitments. Rating is 'adequate' because the tool works as claimed and handles data responsibly today, but the maintenance-mode status and ownership change warrant monitoring." }, { "name": "Arc XP", "slug": "arc-xp", "url": "https://www.arcxp.com", "tagline": "Enterprise CMS built by The Washington Post. Powers hundreds of newsrooms worldwide. Cloud-native, API-first, very expensive.", "category": "publishing", "builtForJournalism": true, "whoItsFor": "Large newsrooms and media companies that need an enterprise-grade publishing platform with integrated subscriptions, video, and commerce. Organizations publishing at scale across web, mobile, and apps that can justify six-figure annual contracts. Publishers migrating off legacy CMSes who want a modern API-first architecture.", "pricing": "Custom enterprise pricing only — not publicly listed. Industry reports estimate contracts start at $150K-300K/year for mid-size publishers, scaling to $1M+ for large organizations. Pricing based on page views, content volume, and modules selected. No free tier. No self-service signup.", "freeOption": false, "editorialTake": "Arc XP is the CMS The Washington Post built for itself and then commercialized. It now powers The Boston Globe, Reuters, The Dallas Morning News, The Globe and Mail, Chicago Tribune, and hundreds of other publications worldwide. The platform is genuinely built for news — editorial workflows, real-time publishing, story budgets, and collaborative editing are native, not bolted on. The architecture is cloud-native and API-first (headless), meaning content is decoupled from presentation. You can publish to web, mobile apps, AMP, Apple News, and custom frontends from a single editorial interface. Modules include the core CMS (PageBuilder Composer), a video platform (Video Center), identity and subscription management (Subscriptions), and commerce tools. AI features for content tagging, SEO optimization, and audience analytics are integrated. The strengths are real: purpose-built newsroom workflows, battle-tested scale (WaPo publishes 1,200+ pieces/day), enterprise-grade infrastructure on AWS, and a roadmap shaped by actual journalism needs. The weaknesses are equally real. Cost is the defining constraint. This is enterprise software priced for enterprise budgets. Small and mid-size newsrooms are priced out entirely. Vendor lock-in is significant — migrating off Arc XP is a major project. And despite being built by a news organization, Arc XP is a commercial product of The Washington Post, which is owned by Jeff Bezos and runs on AWS. Your content and audience data sit on Amazon infrastructure under US jurisdiction. Compared to WordPress/Newspack: Arc XP is more polished for large-scale news but orders of magnitude more expensive. Compared to Superdesk: Arc XP is turnkey but closed-source and proprietary. For newsrooms that can afford it, Arc XP is among the best purpose-built publishing platforms available. For everyone else, WordPress with Newspack or Ghost are more realistic options.", "bestFor": "Large newsrooms publishing hundreds of stories per day. Media companies needing integrated subscriptions and identity management. Multi-platform publishing (web, mobile, apps, feeds) from a single CMS. Organizations migrating from legacy systems (Methode, CCI, custom platforms) to modern infrastructure.", "notFor": "Small or mid-size newsrooms — the cost is prohibitive. Independent journalists or startups. Organizations that need data sovereignty outside US/AWS infrastructure. Anyone who wants to self-host or own their CMS. Newsrooms on a budget — WordPress with Newspack starts at $750/month vs. Arc XP's six-figure minimums.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (AWS infrastructure). The Washington Post is a US company. Content and audience data are processed and stored on AWS. International data residency options may be available for enterprise contracts but are not standard.", "privacyPolicyTldr": "Arc XP processes content and audience data on AWS US infrastructure. Enterprise contracts include data processing agreements. The platform collects audience analytics, identity data, and subscription information as core features. SOC 2 Type II certified. Subject to US legal process. Washington Post / Arc XP does not use customer content to train AI models per their enterprise agreements.", "practicalMitigations": "Negotiate data processing and retention terms in your enterprise contract. Understand that audience identity and subscription data sits on US infrastructure — factor this into coverage of sensitive topics. Review which Arc XP modules access audience data and configure analytics collection to match your editorial policies. Maintain content export capabilities to avoid complete vendor lock-in. Keep local backups of published content via the API.", "owner": "Arc XP (subsidiary of The Washington Post, owned by Jeff Bezos via Nash Holdings)", "fundingModel": "Subsidiary of The Washington Post. Arc XP was built internally at WaPo starting around 2014, then commercialized as a separate business line. No independent venture funding. Revenue from enterprise SaaS contracts with publishers worldwide.", "businessModel": "Enterprise SaaS. Revenue from multi-year contracts with publishers for CMS, video, subscriptions, and commerce modules. Pricing scales with usage (page views, content volume, active subscribers). No advertising revenue from the platform itself. The Washington Post uses Arc XP internally, making it both the developer and the largest customer.", "knownIssues": "Cost is the dominant issue — contracts in the six-to-seven-figure range price out most newsrooms. Vendor lock-in is significant; migrating content, templates, and workflows off Arc XP is a major engineering effort. Owned by Jeff Bezos via The Washington Post — some newsrooms may have editorial independence concerns about their publishing infrastructure being controlled by a tech billionaire's media company. The platform runs entirely on AWS, creating a dependency on Amazon infrastructure. Arc XP has faced criticism for sales practices that lock publishers into long-term contracts. Some mid-market publishers have reported that the platform's complexity exceeds their editorial team's capacity to use it fully.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "Enterprise-grade infrastructure on AWS with SOC 2 Type II certification, encryption in transit and at rest, and dedicated security teams. The platform is well-maintained and battle-tested at Washington Post scale. Rating is 'adequate' rather than 'strong' because it is closed-source, US-jurisdiction-only by default, and your content and audience data are controlled by a third party. No self-hosting option means no path to full data sovereignty." }, { "name": "Archive.today", "slug": "archive-today", "url": "https://archive.ph", "tagline": "Snapshot any web page and preserve it permanently, independent of the original site.", "category": "verification", "openSource": false, "whoItsFor": "Journalists preserving evidence of web content, researchers creating permanent citations, and anyone who needs a point-in-time snapshot before a page gets edited or pulled.", "pricing": "Free", "freeOption": true, "editorialTake": "Archive.today was the go-to for on-demand web snapshots — instant, permanent, no account required. That changed in early 2026. The operator weaponized visitors' browsers in a DDoS attack against a security blogger, tampered with archived page content, and threatened the blogger with AI-generated pornography. Wikipedia banned all 695,000 archive.today links in February 2026. The FBI subpoenaed the domain registrar Tucows in October 2025 to unmask the anonymous operator. Cloudflare flagged it as botnet infrastructure. The service still works, but trust is broken. Use Wayback Machine as your primary archive. If you still use archive.today, cross-reference every snapshot against the live page — you can no longer assume fidelity.", "bestFor": "On-demand snapshots of web pages. Preserving social media posts before deletion. Capturing content behind paywalls (cached copies render full pages). Creating permanent URLs for citations.", "notFor": "Sole-source evidence preservation (use Wayback Machine or Pagefreezer for that). Private archiving (all snapshots are public). Bulk or scheduled archiving (no API). Legal-grade evidence (no chain-of-custody certification).", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "Likely Europe — infrastructure runs on OVH hosting with two data centers, at least one confirmed in France. Operator identity unknown, so true jurisdiction is opaque.", "privacyPolicyTldr": "No accounts, no login. All snapshots are publicly accessible and permanent — the service does not honor deletion requests. No formal privacy policy exists. The operator is anonymous and has demonstrated willingness to embed malicious JavaScript (DDoS code) in pages served to visitors.", "practicalMitigations": "Use the Wayback Machine as your primary web archive, not archive.today. If you use archive.today, cross-reference every snapshot against the original — the operator has tampered with archived content. Don't archive pages that reveal your investigative targets (all snapshots are public). Use Tor or a VPN if archiving sensitive material. Switch DNS to Google (8.8.8.8) or OpenDNS if archive.ph won't load — Cloudflare DNS blocks it. For legal-grade evidence, use a certified tool like Pagefreezer or Page Vault instead.", "owner": "Unknown — registered to 'Denis Petrov' in Prague, Czech Republic (believed to be a pseudonym). Online alias 'Nora' may be appropriated from a real person. FBI subpoena to Tucows (October 2025) sought to unmask the operator; outcome not yet public.", "fundingModel": "Unknown and opaque. Appears to be a one-person operation with no disclosed revenue source.", "businessModel": "Free service with no visible monetization. No ads, no subscriptions, no API licensing. Funding source undisclosed.", "knownIssues": "Wikipedia banned all archive.today links in February 2026 after the operator tampered with archived content and launched DDoS attacks via embedded JavaScript. Operator identity unknown — registered to 'Denis Petrov' in Prague, widely believed to be a pseudonym. FBI subpoenaed registrar Tucows in October 2025; criminal investigation ongoing. Cloudflare DNS (1.1.1.1) has blocked or degraded archive.today since 2019 because the operator refuses to resolve for DNS services that don't leak user geolocation via EDNS. In March 2026, Cloudflare flagged it as C&C/Botnet. OVH Strasbourg fire in 2021 damaged one of two known data centers. Domain has cycled through .today, .is, .li, .fo (revoked 2019), .vn, .md, and .ph — currently using archive.ph as primary.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "caution", "securityRatingNote": "Downgraded from 'adequate' to 'caution' in April 2026. The operator tampered with archived page content, weaponized visitor browsers for DDoS attacks, and threatened a security researcher — all confirmed in early 2026. Wikipedia banned all links. FBI investigation ongoing. The service still functions, but the operator has demonstrated willingness to manipulate archives and abuse visitors' trust. Use as a secondary reference only, never as sole-source evidence." }, { "name": "Audacity", "slug": "audacity", "url": "https://www.audacityteam.org", "tagline": "Free, open-source audio editor. 20+ years of development. Runs entirely offline.", "category": "visuals", "openSource": true, "whoItsFor": "Journalists editing podcasts, cleaning interview audio, cutting tape for broadcast, or doing audio post-production on a budget of zero dollars.", "pricing": "Free and open-source (GPLv2+). No subscription, no account required to use the desktop app.", "freeOption": true, "editorialTake": "Audacity is the Swiss Army knife of audio editing — not the sharpest blade for any single task, but astonishingly capable for free software. The 2021 Muse Group acquisition introduced telemetry concerns that were partially resolved, but Muse Group keeps pushing boundaries. As of 2025, the download page funnels users toward MuseHub and audio.com cloud accounts via dark patterns. The actual standalone installer still exists — you just have to hunt for it. Once installed with telemetry disabled, Audacity processes everything locally and is fully functional offline. Intel's OpenVINO AI plugins add local noise suppression and Whisper-based transcription (Windows only for now; macOS coming). For journalists who need to clean up a phone interview, trim a field recording, or edit a podcast episode, Audacity remains the right tool at the right price. Just skip the MuseHub installer and disable telemetry on first launch.", "bestFor": "Podcast editing, interview cleanup, noise reduction, tape cutting for broadcast, basic audio enhancement. Intel OpenVINO plugins add local AI transcription and noise suppression.", "notFor": "Real-time multi-track recording (limited to one track at a time). Professional multi-track mixing (use a DAW like Reaper or Logic). Non-destructive editing workflows. Adobe Audition has spectral analysis, Essential Sound panel, and multi-input recording that Audacity lacks.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "All local unless you opt into telemetry or audio.com cloud features. Telemetry data (if enabled) goes to servers in the Netherlands. audio.com cloud storage jurisdiction unclear.", "privacyPolicyTldr": "Audacity processes audio locally. Optional telemetry collects OS/CPU info and anonymized IP (stored 24 hours). UUIDs for opt-in error reports stored on servers in the Netherlands, not linked to personal information. No account required. With telemetry off and audio.com cloud features unused, no data leaves your machine. The 2021 privacy policy fiasco led to a full rewrite — current policy is GDPR- and CCPA-compliant.", "practicalMitigations": "Download the standalone installer (skip MuseHub — look for 'Download Audacity without MuseHub' on the download page). Disable telemetry in Preferences > Privacy on first launch. Decline the audio.com cloud setup prompt. Disable update checking if you want zero network activity. Keep updated for security patches — CVE-2024-7264 affected curl in older versions.", "owner": "Muse Group (Limassol, Cyprus; acquired Audacity May 2021). Also owns Ultimate Guitar, MuseScore, Hal Leonard, StaffPad, Tonebridge. Founded by Ultimate Guitar's Eugene Naidenov; CEO Michael Trutnev. Backed by Francisco Partners (private equity) since Hal Leonard acquisition in Dec 2023.", "fundingModel": "Muse Group revenue from Ultimate Guitar subscriptions, Hal Leonard music publishing, MuseHub marketplace, and audio.com cloud subscriptions", "businessModel": "Audacity is free; Muse Group monetizes through MuseHub app marketplace, audio.com cloud storage subscriptions, and cross-selling across its portfolio. The push toward audio.com integration is the monetization vector for Audacity users specifically.", "knownIssues": "Muse Group (2021 acquirer) introduced dark patterns in 2025: the main download button redirects to audio.com and pushes MuseHub/cloud accounts. A standalone installer exists but is de-emphasized. Opening Audacity 3.7+ shows a cloud setup screen that appears mandatory but is skippable. Muse Group also owns Ultimate Guitar, MuseScore, and Hal Leonard (acquired 2023 with Francisco Partners PE backing) — the pattern across all properties is aggressive upselling. Community fork Tenacity (tenacityaudio.org) rebased on Audacity 3.7 in late 2025 but development has been intermittent. Temporary file permission vulnerability (Ubuntu USN-7211-1) patched in recent versions.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Open-source, local-only audio processing. No account required. Telemetry is opt-in and disableable. The security model is solid — the concern is Muse Group's pattern of dark patterns and upselling, not data exfiltration. Download the standalone installer, disable telemetry, skip cloud features, and you have a fully offline tool with no network dependencies." }, { "name": "AudioPen", "slug": "audiopen", "url": "https://audiopen.ai", "tagline": "Voice notes to structured text. Speak naturally, get clean notes, summaries, or emails — no editing required.", "category": "writing", "openSource": false, "builtForJournalism": false, "whoItsFor": "Field reporters who capture ideas, observations, and interview notes by speaking into their phone. Journalists who think better out loud and need rambling voice memos turned into structured notes, email drafts, or bullet points. Writers who want to dictate first drafts without worrying about filler words or organization.", "pricing": "Free tier available (limited features, no credit card required). 3-Month Pass: $33 ($11/month). 1-Year Pass: $99 ($8.25/month). 2-Year Pass: $159 ($6.63/month). One-time payments — no subscriptions or auto-renewals.", "freeOption": true, "editorialTake": "AudioPen does one thing and does it well: you talk, it gives you clean text. Not a transcript — a restructured, polished version of what you said. Speak for 5 minutes in a rambling, disorganized way about what you observed at a city council meeting, and AudioPen returns structured notes with the key points organized. This is different from transcription tools like Whisper or Good Tape that give you verbatim text. AudioPen uses AI to understand your intent and restructure accordingly. You can choose output styles: formal email, bullet points, legal prose, or create custom styles. For field reporters, the workflow is powerful: record observations on your phone between interviews, get structured field notes without typing. The SuperSummaries feature combines multiple voice notes into a single coherent document — useful for synthesizing a day of reporting into a briefing. Privacy posture is better than most: voice notes are auto-deleted from servers after processing. Data encrypted at rest. Not used to train AI models. Built by Louis Pereira, a solo founder (Nicheless Inc.) — no VC, no data monetization incentive. The one-time payment model (no recurring subscription) is refreshingly honest. 200,000+ users, 4.8/5 rating from 500+ reviews. Works on iOS, Android, Chrome extension, Mac app, and web. Integrates with Zapier, Gmail, Slack, Notion, Google Docs via export. The 15-minute recording limit per note is the main constraint — fine for observations and quick notes, too short for full interview transcription. For verbatim transcription, use Whisper or Good Tape instead. AudioPen is for turning thoughts into text, not audio into transcripts.", "bestFor": "Capturing field observations and turning them into structured notes. Drafting emails and messages by voice. Combining multiple voice memos into a single summary (SuperSummaries). Journalists who think out loud and want clean output without editing. Quick note-taking between interviews.", "notFor": "Verbatim interview transcription — AudioPen restructures and summarizes rather than transcribing word-for-word. Long recordings over 15 minutes. Journalists who need exact quotes preserved. Anyone who needs speaker diarization or timestamps. Workflows that require precise source attribution.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Not prominently documented. Nicheless Inc. is the corporate entity.", "privacyPolicyTldr": "Voice notes auto-deleted from servers after processing. Data encrypted at rest. Never shared with other users or AI providers. Not used to train AI models. No subscription means no ongoing data relationship beyond active use.", "practicalMitigations": "Do not record sensitive source names or confidential information in voice notes — while auto-deleted after processing, audio is still uploaded to servers during processing. Use for general observations and non-sensitive note-taking. For sensitive field notes, type them manually or use a fully local tool. The restructuring means your exact words are not preserved — if you need verbatim records, use a transcription tool instead.", "owner": "Nicheless Inc. Founded by Louis Pereira (solo founder).", "fundingModel": "Bootstrapped. No known venture capital. One-time payment model suggests sustainable unit economics without growth-at-all-costs pressure.", "businessModel": "One-time payment passes (3-month, 1-year, 2-year). No subscriptions or auto-renewals. Free tier for basic usage. 200,000+ users.", "knownIssues": "15-minute recording limit per voice note — not suitable for full interview transcription. Output is restructured/summarized, not verbatim — exact phrasing and quotes are not preserved. Audio is uploaded to servers for AI processing (auto-deleted after). Company jurisdiction and server locations not prominently documented. No ISO certification, SOC 2, or published security audit. Limited integrations compared to full productivity suites. Custom styles require some experimentation to get right. No speaker diarization — single-speaker input only.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "Voice notes auto-deleted after processing. Encrypted at rest. Not used for AI training. No data sharing with third parties. Bootstrapped with no VC data monetization pressure. However, audio is still uploaded to cloud for processing, company jurisdiction is unclear, and no formal security certifications are published. Adequate for general note-taking but not for sensitive source material." }, { "name": "Auphonic", "slug": "auphonic", "url": "https://auphonic.com", "tagline": "Automated audio post-production: leveling, noise reduction, and loudness normalization in one pass. 2 hours/month free.", "category": "visuals", "openSource": false, "builtForJournalism": false, "whoItsFor": "Podcasters, video journalists, and audio producers who need broadcast-quality audio without learning a DAW. Field reporters who record in imperfect environments and need noise reduction, leveling, and loudness compliance in a single automated pass.", "pricing": "Free: 2 hours/month of processed audio (includes jingle watermark on exports). Paid plans (monthly recurring credits): S (9 hrs), M (21 hrs), L (45 hrs), XL (100 hrs). One-time credit packs also available (5-100+ hours, never expire). Billing based on audio duration with 3-minute minimum per production.", "freeOption": true, "editorialTake": "Auphonic solves a real problem for journalists who produce audio: getting from raw recording to broadcast-ready without spending hours in a DAW. Upload your file, set a loudness target, and it handles leveling between speakers, noise/reverb reduction, filtering, and normalization in one automated pass. The Intelligent Leveler is genuinely good — it balances a quiet interviewee against a loud host without crushing dynamics. For field recordings with background noise, the adaptive noise reduction works better than most one-click solutions. The 2 hours/month free tier is enough to process 4-8 interview segments, making it viable for freelancers. Paid tiers remove the jingle watermark and unlock batch processing, watch folders, and priority support. The speech-to-text and automatic chapter generation are useful but not best-in-class — you'll want a dedicated transcription tool for that. The API is well-documented and supports automation workflows (Zapier, CLI, watch folders). The main limitation: it's cloud-only. Your audio files are uploaded to Auphonic's servers for processing. For routine podcast production this is fine. For sensitive source interviews, process locally first (Whisper for transcription, a DAW for audio) and only send non-sensitive audio to Auphonic. Multitrack processing handles up to 8 tracks with automatic ducking and noise gates — useful for multi-mic setups. Founded by Georg Holzmann, an Austrian audio engineer with a PhD in machine learning applied to audio. The company (Auphonic GmbH, Austria) has been operating since 2012 — over a decade of stability without VC funding.", "bestFor": "Automated podcast and interview post-production. Leveling between multiple speakers. Loudness normalization for broadcast/podcast standards. Noise reduction on field recordings. Batch processing large audio backlogs.", "notFor": "Sensitive source material that cannot be uploaded to cloud servers. Real-time audio processing during live broadcasts. Detailed manual audio editing (use a DAW). Users who need fully local/offline processing.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "Austria/EU (Auphonic GmbH is based in Austria). GDPR applies.", "privacyPolicyTldr": "Audio files are uploaded to Auphonic servers for processing. The company is GDPR-compliant as an Austrian/EU entity. Two-factor authentication available. Specific data retention periods and deletion policies are not prominently documented — check their terms before uploading sensitive material. No indication that audio is used for AI training.", "practicalMitigations": "Do not upload sensitive source interviews or recordings that could identify confidential sources. Use Auphonic only for routine production audio (podcasts, packages, non-sensitive interviews). For sensitive material, use local tools like a DAW with plugins. Enable two-factor authentication on your account. Export and delete productions from the platform after download. Review their terms of service for data retention specifics before committing to a workflow.", "owner": "Auphonic GmbH (Austria). Founded by Georg Holzmann.", "fundingModel": "Bootstrapped. Operating since 2012 with no known venture capital funding.", "businessModel": "Freemium SaaS. Free tier (2 hrs/month with jingle) converts to paid monthly subscriptions or one-time credit packs. Also offers a white-label API for enterprise integrations.", "knownIssues": "Cloud-only processing — no local/offline option. Free tier adds a jingle watermark to exports. Multitrack productions limited to under 20 minutes on the free tier. Billing is duration-based with a 3-minute minimum charge per production regardless of actual length. Speech-to-text quality is serviceable but not competitive with dedicated transcription tools (Whisper, Good Tape). No real-time processing capability. Privacy documentation could be more specific about retention periods and deletion policies.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "Austrian/EU company subject to GDPR. Two-factor authentication available. Over a decade of stable operation. However, audio is uploaded to cloud servers for processing, specific data retention policies are not prominently documented, and encryption-at-rest status is unclear. Adequate for routine production audio but not recommended for sensitive source material." }, { "name": "Authory", "slug": "authory", "url": "https://authory.com", "tagline": "Auto-imports and permanently archives all your published work. Self-updating portfolio with full-text backups — not screenshots.", "category": "publishing", "builtForJournalism": true, "whoItsFor": "Journalists, freelance writers, and content creators who publish across multiple outlets and need a single archive of everything they have written. Especially useful for reporters at risk of losing bylines when publications fold, restructure, or delete archives. SPJ members get a 30% discount through a seven-year partnership.", "pricing": "Free plan: up to 10 portfolio items, no auto-import. Standard: $15/month or $12/month billed annually ($144/year) — unlimited items, auto-import, archive, analytics, blog, newsletter. Professional: $24/month or $18/month billed annually ($216/year) — adds custom domain, Zapier integration, API access, highest update frequency. 14-day free trial on paid plans. SPJ members get 30% off all plans.", "freeOption": true, "editorialTake": "Authory's core value is archival. Point it at your byline sources, and it auto-imports every past article, podcast, and video, then monitors for new work going forward. The backups are full-text — not screenshots — so your archive is searchable and exportable as XML or HTML. That matters when publications disappear. McClatchy, BuzzFeed News, Deadspin — journalists at all three lost online bylines. Authory is the insurance policy. The SPJ partnership (seven years running, 30% member discount) adds institutional credibility that competitors lack. The tradeoff is price. At $144/year (Standard) or $216/year (Professional), Authory costs 3x what Journo Portfolio charges for a Pro plan. You are paying for automation and archival depth, not design flexibility. The portfolio templates are functional but limited compared to a custom WordPress site or even Journo Portfolio's layout options. Analytics track social shares across Facebook, Twitter, and Pinterest — useful for freelancers pitching editors with engagement data. The newsletter feature supports up to 500 subscribers on all plans. For journalists who publish frequently across multiple outlets, the auto-import alone justifies the cost. For someone with a handful of clips who just needs a portfolio page, it is overkill.", "bestFor": "Prolific journalists publishing across multiple outlets who need automated archival. Freelancers building a searchable clip library. Writers who have lost work to publication shutdowns and want permanent backups. SPJ members who can use the 30% discount.", "notFor": "Writers who publish infrequently and just need a simple portfolio page — the automation is wasted at this price point. Designers or photographers who need visual-first layouts. Anyone who wants granular design control over their portfolio site. Budget-conscious freelancers — Journo Portfolio or a free WordPress.com site covers basic portfolio needs at a fraction of the cost.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "Germany (EU). Authory GmbH is registered in Potsdam, Brandenburg. IP anonymization occurs within the EU/EEA. Google Analytics data processed per EU standards.", "privacyPolicyTldr": "Authory collects account data, IP addresses, device info, and browser details. Uses Google Analytics (pseudonymous data deleted after 14 months, IP anonymized within EU). Uses Intercom for customer support chat — processor agreement in place. Google Web Fonts load from Google servers, exposing IP addresses. Does not sell data to PR firms or AI companies. Full GDPR compliance with rights to access, correction, erasure, portability, and objection. Archived content remains private — only the portfolio owner can access full-text backups.", "practicalMitigations": "Export your archive regularly using the XML or HTML export. Keep a local backup of your most important clips. Use the custom domain option (Professional plan) so your portfolio URL is portable if you leave. Understand that Google Analytics tracks visitor behavior on your portfolio page. The newsletter subscriber list is yours — export it before canceling. Test the auto-import on a few sources before committing to a paid plan to verify it finds your bylines accurately.", "owner": "Authory GmbH (Germany). Founded by Eric Hauch (CEO) and Emanuel Jöbstl (CTO). Headquartered in Potsdam, Brandenburg. Approximately 8 employees.", "fundingModel": "Bootstrapped / privately held. No disclosed venture funding rounds. Revenue-funded with an estimated $4M in annual revenue.", "businessModel": "SaaS subscription. Revenue comes from Standard ($144/year) and Professional ($216/year) plans. No advertising, no data sales, no AI training on user content. SPJ partnership provides distribution channel and institutional credibility.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "Standard web platform security with TLS in transit. German/EU jurisdiction provides GDPR protections. Authory does not sell data to PR firms or AI companies — a meaningful differentiator from platforms like Muck Rack. The privacy policy is straightforward but does not detail encryption at rest or infrastructure specifics. Google Analytics and Intercom are the main third-party data processors. The archival model is the real trust signal: full-text backups are private to the account holder, and data is exportable in XML or HTML. For journalists, the risk is not data exposure — it is platform dependency on a small company. Export regularly." }, { "name": "Baserow", "slug": "baserow", "url": "https://baserow.io", "tagline": "Open-source Airtable alternative you can self-host. Relational databases with a spreadsheet interface, MIT-licensed community edition.", "category": "data", "openSource": true, "whoItsFor": "Journalists and newsrooms who need Airtable's relational database features but want to own their data. Investigative teams tracking sources, documents, and FOIA requests on infrastructure they control. Small outlets priced out of Airtable's Team plan ($20/seat/month). Anyone who wants a no-code database without sending their data to a US cloud provider.", "pricing": "Self-hosted Community: free, unlimited rows and users, MIT license. Cloud Free: 3,000 rows, unlimited bases, up to 5 users. Cloud Premium: €5/user/month (billed annually) or €7/user/month (monthly) for 100K rows, row coloring, premium views, and export options. Cloud Advanced: €15/user/month (annual) for 1M rows, advanced permissions. Enterprise: custom pricing with SAML SSO, audit logs, and priority support.", "freeOption": true, "editorialTake": "Baserow is what Airtable would look like if it were open source and self-hostable. Founded in Amsterdam, it offers a spreadsheet-style interface backed by a real relational database (PostgreSQL). The MIT-licensed community edition is genuinely free — unlimited rows, unlimited users, no API call caps. That alone solves Airtable's biggest pain points: the 1,000-record free limit, the 1,000 API calls/month cap, and the $20/seat/month Team pricing. For journalism, the use cases are identical to Airtable: editorial calendars, source tracking, FOIA logs, investigation databases, reader engagement tracking. The relational model links records across tables — connect articles to sources, photos, and publication dates in one base. Baserow supports forms (for tip intake), Kanban views, calendars, galleries, and a REST API. The self-hosted version runs on Docker and stores everything in your PostgreSQL database. No data leaves your infrastructure. For investigative teams handling sensitive source information, this is a real advantage over Airtable's cloud-only model. The cloud-hosted version is EU-based (Netherlands), which matters for GDPR-conscious newsrooms. The trade-off is ecosystem maturity. Airtable has thousands of templates, deeper integrations, and a more polished UI. Baserow's plugin ecosystem is smaller. Automations exist but are less developed than Airtable's. If you need Airtable's breadth of integrations or AI features, Baserow isn't there yet. But if data ownership and cost are priorities, Baserow delivers the core relational database experience at a fraction of the price — or free.", "bestFor": "Investigation databases where data ownership matters. Source tracking and FOIA logs on self-hosted infrastructure. Newsrooms priced out of Airtable. Editorial calendars and production workflows. Any structured data project where you need relational linking without sending data to a US cloud.", "notFor": "Teams that need Airtable's deep integration ecosystem or AI features. Journalists who want zero setup — Airtable's cloud is more polished out of the box. Newsrooms already invested in Airtable with complex automations and hundreds of connected apps. Users who need mobile apps — Baserow's mobile experience is limited compared to Airtable's native apps.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Self-hosted: wherever you deploy it. Cloud: Netherlands (EU). Baserow BV is a Dutch company. Cloud infrastructure hosted on EU servers. Subject to GDPR and EU data protection law.", "privacyPolicyTldr": "Self-hosted Baserow sends no data to Baserow BV by default — telemetry is opt-in. Cloud version stores data on EU infrastructure. GDPR-compliant. Does not sell user data. Cloud data encrypted at rest and in transit. Self-hosted users control their own encryption, backups, and data retention entirely.", "practicalMitigations": "Self-host for any database containing sensitive source identities or investigation data. Use PostgreSQL with encryption at rest on your server. Restrict Baserow's web interface behind a VPN or reverse proxy. Keep self-hosted instances updated. On the cloud version, review sharing permissions on forms and views — public forms expose intake data to anyone with the link. Use strong passwords and enable two-factor authentication on cloud accounts.", "owner": "Baserow BV (Amsterdam, Netherlands)", "fundingModel": "Venture-backed. Raised a $7.4M seed round in 2023. Backed by Gradient Ventures (Google's AI fund), Target Global, Spark Capital. Previously bootstrapped with support from the Dutch government's innovation programs.", "businessModel": "Open-core. MIT-licensed community edition is free and self-hostable with no restrictions. Revenue from cloud hosting subscriptions (Premium, Advanced, Enterprise) and enterprise self-hosted licenses with advanced features (RBAC, SSO, audit logs). No advertising. No data resale.", "knownIssues": "Smaller integration ecosystem than Airtable — fewer native connections to third-party tools. Automations are functional but less mature than Airtable's. No native mobile apps — the web interface works on mobile browsers but isn't optimized. The cloud free tier's 3,000-row limit is generous but still a ceiling for large investigations. Self-hosting requires Docker and basic server administration knowledge. Community is growing but significantly smaller than Airtable's, meaning fewer templates, tutorials, and third-party plugins.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "relatedPrograms": [], "securityRating": "strong", "securityRatingNote": "MIT-licensed, self-hostable, EU-based company. Self-hosted Baserow keeps all data on your own PostgreSQL database with no third-party access. Cloud version is GDPR-compliant on EU infrastructure. The self-hosting option with full data control is what earns 'strong' — cloud-only use would rate 'adequate.' For journalism, the ability to run an Airtable-equivalent on your own server with no record limits is a genuine security and cost advantage." }, { "name": "beehiiv", "slug": "beehiiv", "url": "https://www.beehiiv.com", "tagline": "Newsletter platform built by the Morning Brew team. Referral programs, ad network, A/B testing, and analytics — no revenue cut on subscriptions.", "category": "publishing", "whoItsFor": "Independent journalists and publishers who want growth tools without surrendering subscription revenue. Writers who need referral programs, A/B testing, audience segmentation, and engagement analytics built in. Newsrooms experimenting with ad-supported models alongside paid subscriptions.", "pricing": "Free (Launch: up to 2,500 subscribers, unlimited sends, custom domains, API access). Scale: from $49/month (adds monetization, surveys, A/B testing, AI tools). Max: from $109/month (removes beehiiv branding, priority support, NewsletterXP course). Enterprise: custom pricing for 100K+ subscribers. Annual billing saves roughly 20%.", "freeOption": true, "editorialTake": "beehiiv is the growth-oriented alternative to Substack. It takes 0% of paid subscription revenue (Substack takes 10%), includes referral programs and an ad network, and ships features fast. The free tier is generous — 2,500 subscribers with custom domains and API access. The ad network (beehiiv Ad Network) brokers sponsorships and pays based on engagement, which is a real revenue stream for mid-size newsletters. The Boosts program lets newsletters cross-promote for cash. The trade-off: beehiiv is VC-funded ($49.7M raised, $225M valuation) and growing aggressively — $30M ARR by mid-2025. Shared sending infrastructure means one bad actor's spam complaints can hurt everyone's deliverability. Multiple users reported unexplained open rate declines in late 2025 and early 2026. The Media Collective program offers health insurance, legal support, and waived hosting for qualifying journalists — a direct shot at Substack's creator economy. SOC 2 Type 1 certified as of October 2025. For journalists who want to own their audience economics, beehiiv is the strongest option that isn't self-hosted.", "bestFor": "Newsletter growth and audience building. Writers who want referral programs, Boosts cross-promotion, and detailed engagement analytics. Publications monetizing through both subscriptions and ad sponsorships. Journalists who refuse to give up 10% to Substack.", "notFor": "Journalists who need self-hosted infrastructure (use Ghost). Publications with sensitive source contacts where shared sending infrastructure is a concern. Writers who want the simplest possible publishing experience — beehiiv has more features than most people need. Anyone who needs reliable Stripe integration without friction (payment bugs are documented).", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. beehiiv Inc. is based in New York. All data stored on Amazon Web Services (AWS) regions in the US. No EU data residency option.", "privacyPolicyTldr": "beehiiv collects subscriber data, engagement metrics (opens, clicks, read time), and website analytics. Subscriber data is shared with publication owners. beehiiv uses engagement data to power its Ad Network and recommendation engine (Boosts). Third-party integrations include standard analytics and payment processors (Stripe). GDPR and CCPA compliant with cookie consent and unsubscribe tools. Annual third-party penetration testing. SOC 2 Type 1 certified (October 2025). No EU data residency — all data stored in US AWS regions.", "practicalMitigations": "Export your subscriber list regularly (CSV export available in Quick or Full format — download links expire after 24 hours). Use a custom domain so your publication URL is portable if you leave. Understand that beehiiv's Ad Network uses engagement data to match sponsors. Review beehiiv's data practices if your subscribers include sensitive contacts. Monitor your open rates — shared infrastructure deliverability issues are documented. Enable GDPR cookie banner and privacy policy settings if you have EU readers.", "owner": "beehiiv Inc. (New York, United States)", "fundingModel": "VC-funded. Total raised: $49.7M. Series B: $33M (April 2024) led by NEA with Sapphire Ventures and Lightspeed Venture Partners. Additional $1M via Wefunder crowdfunding (May 2024) at $192M valuation. 2025 valuation: $225M. $30M ARR as of mid-2025.", "businessModel": "Freemium SaaS. Revenue from paid plans (Scale, Max, Enterprise), beehiiv Ad Network (brokered sponsorships with revenue share), and Boosts (cross-promotion marketplace). Takes 0% commission on subscriber payments — only Stripe processing fees apply.", "knownIssues": "Shared sending infrastructure means spam complaints from other beehiiv users can degrade deliverability for everyone on the platform. Multiple users reported gradual open rate declines in late 2025/early 2026 even with low bounce and spam rates. Stripe integration has documented payment bugs: payments not appearing despite active Stripe connection, subscribers showing as free in beehiiv despite paying in Stripe, checkout failures. Customer support response times are inconsistent — some users report unanswered tickets. Service outage on March 12, 2026. Feature stability complaints: some users report core editing features breaking after updates.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "relatedPrograms": [ "beehiiv-media-collective" ], "securityRating": "adequate", "securityRatingNote": "SOC 2 Type 1 certified (October 2025). GDPR/CCPA compliant. Annual penetration testing. Data stored on US AWS infrastructure — no EU residency option. VC-funded with ad network model — subscriber engagement data is part of the business. Shared email sending infrastructure is a deliverability risk, not a security risk per se, but it matters for operational reliability. Adequate for most publishing use cases. Subscriber data is exportable." }, { "name": "Bellingcat Auto Archiver", "slug": "bellingcat-auto-archiver", "url": "https://github.com/bellingcat/auto-archiver", "tagline": "Automates web and social media archiving for evidence preservation. Captures posts, videos, and images in a verifiable format.", "category": "newsgathering", "openSource": true, "builtForJournalism": true, "whoItsFor": "Investigative journalists and OSINT researchers who need to preserve social media evidence before it's deleted. War correspondents and human rights documenters archiving conflict-related content. Newsrooms building systematic evidence archives. Fact-checkers who need verifiable copies of online claims.", "pricing": "Free. Open source under MIT license. Self-hosted — you provide your own storage (local filesystem, AWS S3, or Google Drive).", "freeOption": true, "editorialTake": "Auto Archiver solves a real problem: social media posts get deleted, edited, or made private — often right when they become newsworthy. Bellingcat built this Python tool to automatically capture and preserve web content in a verifiable way. Feed it URLs from a CSV, Google Sheet, or command line, and it archives the content to local storage, AWS S3, or Google Drive. It handles social media posts, videos, images, and general web pages. The tool runs via Docker or pip install, with configuration through YAML files. As of April 2026, it's at v1.2.6 with 1,100+ GitHub stars, 101 forks, and active development (1,536 commits, 45 releases). The latest release added a ghost archive enricher. The real value is systematization — instead of manually screenshotting posts, you can set up automated archiving workflows that capture content with metadata intact. For evidence that might end up in court or a published investigation, verifiable archiving matters more than screenshots. The limitation: this is a technical tool that requires comfort with Python, Docker, and YAML configuration. It's not a click-and-archive browser extension. For simpler archiving needs, use Wayback Machine, archive.today, or Hunchly. Auto Archiver is for when you need industrial-scale, automated preservation.", "bestFor": "Systematic archiving of social media evidence before deletion. Automated preservation workflows using Google Sheets as input. Building verifiable evidence archives for investigations. Capturing content from multiple platforms in a consistent format. Newsrooms that need to archive at scale.", "notFor": "Non-technical users who need simple one-click archiving (use archive.today or Wayback Machine). Real-time monitoring — this archives URLs you already have, not new posts as they appear. Legal-grade evidence preservation without additional chain-of-custody documentation. Archiving behind login walls or paywalls without appropriate access credentials.", "encryptionInTransit": "yes", "encryptionAtRest": "partial", "dataJurisdiction": "Self-hosted — you control where archived data is stored. Local filesystem, AWS S3 (your region choice), or Google Drive (US-based). No data is sent to Bellingcat.", "privacyPolicyTldr": "Auto Archiver is a self-hosted tool — it runs on your infrastructure and stores data where you configure it. No data is transmitted to Bellingcat or any third party (unless you configure third-party storage). The tool accesses public URLs you provide. Your archived data, your storage, your responsibility. MIT license with no telemetry or analytics.", "practicalMitigations": "Run Auto Archiver on a dedicated machine or VM — archiving social media content from hostile actors could expose your IP address to the platforms being archived. Use a VPN if archiving content related to state actors or criminal networks. Store archives on encrypted storage (encrypted S3 buckets or encrypted local drives). Back up your Google Sheets input files — they contain your investigation's URL targets. If using Google Drive for storage, understand that Google can access stored content. For the highest-security archiving, use local storage with full-disk encryption. Review archived content for personally identifiable information before sharing archives with others.", "owner": "Bellingcat (Stichting Bellingcat, Netherlands-registered foundation, KvK 72136030). Maintained by Bellingcat's technology team. Open-source community contributions welcome.", "fundingModel": "Nonprofit. Auto Archiver is maintained as part of Bellingcat's open-source toolkit. Bellingcat is funded by nonprofit grants (51%), earned income from workshops (13%), individual donors (13%), corporate donations (9%), and other sources.", "businessModel": "Free open-source tool. No commercial revenue from Auto Archiver. Part of Bellingcat's mission to make investigation tools accessible. MIT license allows unrestricted use, modification, and distribution.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "Open-source (MIT license) with active development and community review. Self-hosted architecture means you control your data — nothing is sent to Bellingcat. Security posture depends entirely on your deployment: encrypted storage, VPN usage, and access controls are your responsibility. The tool itself is well-maintained (1,500+ commits, regular releases) with no known vulnerabilities in the codebase. The main risk is operational — archiving content from adversarial actors can expose your infrastructure if not properly isolated. Adequate for journalism use with appropriate deployment practices." }, { "name": "Bellingcat Online Investigation Toolkit", "slug": "bellingcat-toolkit", "url": "https://bellingcat.gitbook.io/toolkit", "tagline": "Comprehensive dashboard of hundreds of OSINT tools organized by category. Maintained by Bellingcat investigators.", "category": "verification", "openSource": true, "builtForJournalism": true, "whoItsFor": "OSINT researchers, investigative journalists, and fact-checkers who need a curated directory of open-source investigation tools. Beginners learning OSINT methodology.", "pricing": "Free", "freeOption": true, "editorialTake": "Bellingcat rebuilt this toolkit from scratch in September 2024, designed by Johanna Wild during her Nieman-Berkman Klein Fellowship at Harvard. The old version was a static Google Sheet. The new one is a GitBook-hosted directory covering 12 categories — geolocation, satellite imagery, social media, corporate records, transport, conflict documentation, archiving, and more — with in-depth descriptions, use cases, and honest limitations for each entry. The real differentiator is provenance: these are tools tested by investigators who identified the Skripal poisoning unit, geolocated MH17 evidence, and documented 2,500+ civilian harm incidents in Ukraine since February 2022. Compared to OSINT Framework (osintframework.com), which is a sprawling link tree with minimal context, Bellingcat's toolkit provides editorial judgment on each tool. The tradeoff: OSINT Framework lists more tools; Bellingcat's are better vetted. Community volunteers now maintain entries monthly, fixing the stale-links problem that plagues every OSINT directory. Over 1,000 daily visitors as of late 2024. This is the single best starting point for any OSINT investigation.", "bestFor": "Finding the right OSINT tool for a specific investigation task. Learning investigation methodologies from practitioners. Discovering tools you didn't know existed across geolocation, social media, corporate research, and more.", "notFor": "A tool itself — it's a directory. Does not provide training (see Bellingcat's workshops for that). Not a substitute for understanding investigation methodology.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "Hosted on GitBook (US-based hosting). The toolkit is a public resource with no user data collection beyond standard web analytics.", "privacyPolicyTldr": "The toolkit itself collects no user data — no accounts, no logins. GitBook's standard analytics track page views and referrers. The February 2026 incident showed Bellingcat's main WordPress site leaks author metadata through default sitemaps and REST API endpoints, but the GitBook-hosted toolkit is a separate platform with no user-facing data exposure. Individual tools linked from the toolkit have their own privacy policies — evaluate each one before uploading sensitive material.", "practicalMitigations": "Use a VPN when browsing the toolkit if you're investigating hostile state actors — your ISP logs will show Bellingcat access. Before using any linked tool for sensitive work, check whether it requires uploading data, creating an account, or granting API access — several social media analysis tools in the directory collect uploaded content. Bookmark the GitBook URL (bellingcat.gitbook.io/toolkit), not bellingcat.com — the GitBook instance has no WordPress metadata leakage. For high-risk investigations, cross-reference toolkit recommendations with your own security assessment; tools that were safe in 2024 may have changed ownership or terms. If you're in a jurisdiction where Bellingcat is banned or surveilled (Russia, Belarus), access through Tor or a trusted VPN. The toolkit's GitHub mirror (github.com/bellingcat/toolkit) is an alternative access point.", "owner": "Bellingcat (Stichting Bellingcat, Netherlands-registered foundation since July 2018, KvK 72136030). US entity: Bellingcat US Inc. (EIN 92-0346579, registered November 2022).", "fundingModel": "Nonprofit. 2024 funding breakdown: 51% nonprofit grants, 13% earned income (workshops, speaking), 13% individual donors, 9% corporate, 8% lottery (Nationale Postcode Loterij contributed EUR 500,000 in 2019), 1% government, 1% legacies. Key grant funders include NED (National Endowment for Democracy — EUR 112,524 in 2020), Adessium Foundation, Sigrid Rausing Trust, and PAX for Peace. Executive director and operations director each earn EUR 90,000/year. Advisory board includes Francis Fukuyama.", "businessModel": "Free public resource. Bellingcat's revenue comes from grants, donations, and paid workshops/training programs — not from the toolkit itself.", "knownIssues": "February 2026: Security researcher exposed 173 Gravatar email hashes from Bellingcat's WordPress sitemap; 89 were cracked into email addresses and 32 yielded full Gravatar profiles with real names and locations of investigators. Bellingcat did not publicly respond — ironic for an organization that teaches OPSEC. Toolkit is self-described as 'work-in-progress' — some categories have sparse entries and tool count is growing but not yet comprehensive across all 12 categories. Some linked tools have their own privacy or security issues (e.g., social media scrapers that require API keys or upload user data). The toolkit flags limitations but users must evaluate each tool independently. Bellingcat was designated a 'foreign agent' in Russia (October 2021) and banned entirely (July 2022). Accessing Bellingcat resources from Russia or allied states may attract attention. Investigator Christo Grozev was placed on Russia's most-wanted list in December 2022.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "The toolkit itself is a read-only GitBook directory — it doesn't process your data, store credentials, or require authentication. The security consideration is with the individual tools it links to, not the directory itself. One legitimate concern: Bellingcat's main WordPress site (bellingcat.com) leaked investigator metadata through default sitemaps in February 2026, exposing 89 email addresses and 32 full profiles. That's an OPSEC failure for the parent organization, but the GitBook-hosted toolkit runs on separate infrastructure with no user data exposure. Rating reflects that the directory itself is low-risk; users should independently assess each linked tool." }, { "name": "BillTrack50", "slug": "billtrack50", "url": "https://www.billtrack50.com", "tagline": "Legislative bill tracking across all 50 US states, DC, and Congress — with AI summaries and executive order mapping.", "category": "newsgathering", "openSource": false, "whoItsFor": "Political and policy reporters covering legislation across multiple states. Advocacy organizations tracking bills by issue. Newsrooms that need to monitor what's moving through state legislatures and Congress without checking 51 separate websites. Also used by lobbyists, nonprofits, and university researchers.", "pricing": "Free tier for unlimited bill search and viewing in current session, including AI summaries. Paid Pro subscriptions: $1,000/state/year for legislation tracking, $500/state/year for regulation tracking. Automatically upgrades to Unlimited national pricing at 6+ states. Annual billing required; monthly payment option available by credit card. API access included at all paid tiers. Pricing restructured November 2024 — all products bundled into per-state price.", "freeOption": true, "editorialTake": "BillTrack50 aggregates legislative data from all 50 state legislatures, DC, and Congress into one searchable database going back to 2011. Founded in Denver by Karen Suhaka (previously built oil-and-gas production databases), the platform is a small-team operation — not VC-backed. The free tier lets anyone search and view unlimited bills in the current session with AI-generated plain-English summaries. Paid plans unlock saved searches, daily email alerts, historical data, committee staff directories, and embeddable bill lists. The 2025 additions matter: an Executive Order Tool maps presidential orders to responsive state legislation using AI similarity scoring, and a regulation tracking module covers state and federal rulemaking from 2024 onward. For journalists, the core value is cross-state keyword monitoring — set an alert for 'book ban' or 'AI regulation' and get daily digests instead of checking 51 legislature sites. The API (5 req/sec, 5,000/day cap) is adequate for data journalism but won't support real-time dashboards. Competitors like Plural offer real-time alerts and slicker UI; LegiScan has deeper API access and international coverage. BillTrack50's edge is price: the free tier is genuinely useful, and per-state pricing is cheaper than enterprise competitors for newsrooms covering a handful of states.", "bestFor": "Tracking bills across multiple state legislatures simultaneously. Setting keyword alerts for policy beats (education, healthcare, AI, gun legislation). Monitoring committee actions and floor votes. Building legislative databases for reporting projects. Mapping executive orders to responsive state legislation. Regulation tracking for rulemaking in specific states.", "notFor": "Real-time legislative alerts (BillTrack50 sends daily digests, not instant notifications — use Plural for that). Historical research before 2011 (coverage varies by state even after that). Bill text analysis or legal interpretation. Lobbying and campaign finance data (use OpenSecrets/FollowTheMoney). Non-US legislation (use LegiScan for some international). Sophisticated policy analytics or AI-driven trend forecasting.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. LegiNation Inc. is a Colorado corporation based in Denver.", "privacyPolicyTldr": "Collects name, email, postal address, phone number, IP address, browser type, and OS. Uses analytics cookies but no third-party advertising trackers. Does not store credit card data in its own systems. Does not collect or process what it classifies as 'sensitive information.' The underlying legislative data is public record. Your tracked bills, saved searches, and alert keywords are stored on LegiNation servers — this reveals your reporting interests to the company.", "practicalMitigations": "The free tier requires email registration — use a non-personal address if you want to obscure your identity. Cross-reference BillTrack50 data with official legislature websites for the most current status; there can be a 24-hour lag since data updates nightly. Use keyword alerts strategically to avoid notification overload. The API has a hard cap of 5,000 requests/day — plan data pulls accordingly. For sensitive investigations, remember that your tracked bills and search patterns are visible to LegiNation.", "owner": "LegiNation Inc.", "fundingModel": "Bootstrapped. No known VC funding. Founded by Karen Suhaka, who previously built and exited two data companies in the oil-and-gas sector.", "businessModel": "Freemium SaaS. Free individual accounts with unlimited search and AI summaries for current session bills. Paid per-state subscriptions ($1,000/state/year) for saved searches, alerts, historical data, API access, embeddable widgets, and team collaboration. Regulation tracking is an add-on at $500/state/year. Revenue comes from subscriptions — no advertising, no data brokerage.", "knownIssues": "Daily alerts only — no real-time notifications when bills move, which puts you behind competitors like Plural. The UI is dated and cluttered; finding specific features takes trial and error. Bill sheets have row limits and can lose data during connectivity issues. Search results can feel incomplete or stale compared to state legislature sites. Regulation coverage only begins in 2024, so no historical regulatory data. API rate limits (5 req/sec, 5,000/day) are tight for serious data journalism. Mobile app (iOS/Android) works but has limited reviews and basic functionality. State data quality varies — BillTrack50 is only as good as the feeds each legislature publishes.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "Standard SaaS platform with HTTPS throughout. Account required for most features. The data you're searching is public legislative information, but your tracked bills, saved searches, and alert keywords are stored on LegiNation's servers and reveal your reporting interests. No third-party ad trackers, which is good. No published SOC 2 or independent security audit. Bootstrapped small team means security practices are likely proportional to company size — adequate for public legislative data, but don't assume enterprise-grade protections for your usage patterns." }, { "name": "Bitwarden", "slug": "bitwarden", "url": "https://bitwarden.com", "tagline": "Open-source password manager with zero-knowledge encryption. Free tier with no meaningful limits. Self-hostable. Passkey support across all plans.", "category": "security", "openSource": true, "threatLevel": "baseline", "whoItsFor": "Every journalist. If you are not using a password manager, start with Bitwarden or 1Password. Bitwarden is the better choice if you want open-source transparency, a genuinely free tier, or the option to self-host.", "pricing": "Free for individuals (unlimited passwords, unlimited devices). Premium: $19.80/year (raised from $10 in January 2026 — first price increase in 10 years). Families: $47.88/year (6 users). Teams: $4/user/month. Enterprise: $6/user/month. Enterprise includes a complimentary Families plan for every employee.", "freeOption": true, "editorialTake": "Bitwarden is the strongest free password manager available and one of the most trustworthy tools we evaluate. Open-source under GPL 3.0, independently audited annually by Cure53 and Insight Risk Consulting, zero-knowledge encryption (AES-256 + Argon2id by default). The company cannot access your vault even under legal compulsion. The free tier has no meaningful limitations. Self-hosting is available for full data sovereignty. The January 2026 price hike (Premium nearly doubled to $19.80/year) stung longtime users, but it is still half the cost of 1Password ($35.88/year). Bitwarden now stores and syncs passkeys across all plans, including free — a genuine differentiator. The main tradeoff vs. 1Password: Bitwarden's UI is more utilitarian, and it lacks 1Password's Travel Mode for border crossings. But the code is public, the audits are public, and the free tier is real.", "bestFor": "Password management, passkey storage, 2FA code storage, secure credential sharing. Anyone who wants open-source transparency and a free tier that actually works.", "notFor": "If you want the most polished UI and Travel Mode for border crossings, 1Password is better. If your newsroom already has 1Password through their journalist program, switching may not be worth the friction.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (Bitwarden, Inc. based in Santa Barbara, CA). Cloud-hosted on Microsoft Azure. Self-hosting option available for full jurisdiction control — this is the single best mitigation for jurisdiction concerns.", "privacyPolicyTldr": "Zero-knowledge architecture. Bitwarden cannot access, read, or decrypt your vault data. Master password and encryption key never leave your device. Vault data is encrypted locally before transmission. Compliant with SOC 2 Type 2, SOC 3, HIPAA, and GDPR. Annual third-party audits published publicly.", "practicalMitigations": "Use a strong, unique master password (16+ characters). Enable 2FA on your Bitwarden account — hardware keys (YubiKey, etc.) are strongest; TOTP is adequate. Use the password generator for all new accounts. Set up passkey login for your vault if your browser supports it. Self-host if you need full control over your data. Review the Vault Health Report regularly to find weak or reused passwords. On Premium, you can store up to 10 security keys for 2FA.", "owner": "Bitwarden, Inc.", "fundingModel": "Growth equity. $100M Series B from PSG Equity in September 2022, with participation from Battery Ventures. No additional rounds disclosed since. Estimated revenue $5M–$25M annually (private company, not confirmed).", "businessModel": "Freemium. Revenue from Premium, Families, Teams, and Enterprise subscriptions. Free tier is fully functional for individual use. Enterprise tier adds SSO, SCIM provisioning, directory sync, and Access Intelligence.", "knownIssues": "In May 2024, an unauthorized third party accessed a Bitwarden production environment via a compromised employee credential. Customer metadata (email addresses, display names) was exposed, but encrypted vaults were not accessed. CVE-2025-5138 allowed XSS via malicious PDF uploads (patched — PDFs now force-download instead of rendering in-browser). In late 2024, community backlash over a proprietary SDK license led Bitwarden to re-license the SDK under GPL 3.0 — the resolution was commendable, but the initial move raised trust questions. The January 2026 Premium price hike (98% increase) drew criticism for how it was communicated, though the price remains competitive.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Open-source (GPL 3.0), independently audited annually (Cure53, Insight Risk Consulting, Fracture Labs), zero-knowledge encryption, SOC 2 Type 2 certified. Self-hostable for full data control. Passkey support across all plans. The May 2024 metadata exposure was limited in scope and did not compromise encrypted vaults. One of the most trustworthy tools in our evaluation set." }, { "name": "Blacklight", "slug": "blacklight", "url": "https://themarkup.org/blacklight", "tagline": "Real-time website privacy inspector by The Markup. Enter any URL and see exactly which trackers, cookies, keyloggers, and session recorders are watching visitors. Free, instant, no installation required.", "category": "security", "openSource": false, "whoItsFor": "Journalists investigating corporate surveillance, ad-tech, and privacy violations. Reporters who need to quickly assess whether a website is tracking users in ways that contradict its privacy claims. Data journalists building datasets of tracking prevalence across industries. Any journalist who wants to understand what a website is doing to its visitors before recommending it, linking to it, or using it for research.", "pricing": "Free", "freeOption": true, "editorialTake": "Blacklight is investigative journalism as a tool. The Markup built it to make the invisible surveillance infrastructure of the web visible to anyone — no technical expertise required. Enter a URL, wait 30-60 seconds, and Blacklight scans the site in a real browser environment, cataloging every tracker, cookie, fingerprinting script, session recorder, and keylogger it finds. The results are specific: not just 'this site has trackers' but exactly which advertising companies are collecting data, whether the site uses canvas fingerprinting to identify you even without cookies, whether session-recording scripts (like FullStory or Hotjar) are capturing your mouse movements and keystrokes, and whether Facebook, TikTok, or X/Twitter pixels are reporting your visit back to those platforms. For journalists, Blacklight is useful in three ways. First, as a research tool: before you visit a website for reporting, check what it will do to you. Second, as an investigative tool: compare a company's privacy claims against what Blacklight actually finds on their site. Third, as a source-protection consideration: if you are sending a source to a website, know what tracking they will be exposed to. The Markup also released Blacklight Query as an open-source command-line tool (October 2024) for batch scanning — useful for data journalists who need to scan hundreds of sites for a story about industry-wide tracking practices. Limitations: Blacklight scans what loads on the initial page visit. It does not log in, navigate through multi-page flows, or detect server-side tracking that leaves no client-side fingerprint. Dynamic consent banners may alter what loads depending on simulated location (Blacklight offers Ohio, California, and Europe location options). It is a snapshot, not continuous monitoring.", "bestFor": "Quick privacy audits of any website before visiting or recommending it. Investigating whether companies' tracking practices match their privacy policies. Building datasets of surveillance prevalence across industries or sectors. Checking whether a source-facing page (tipline, whistleblower portal) has inappropriate tracking. Verifying that your own publication's website is not running trackers that compromise reader privacy.", "notFor": "Continuous website monitoring (it is a one-time scan, not ongoing surveillance detection). Detecting server-side tracking or analytics that do not load client-side scripts. Scanning sites behind login walls or paywalls. Network-level surveillance detection (packet inspection, ISP monitoring). Mobile app tracking analysis. Replacing a full security audit of a website's infrastructure.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (The Markup, nonprofit newsroom, New York). Blacklight runs scans from The Markup's infrastructure. The URLs you scan and results generated are processed on their servers. The Markup's privacy policy governs what they retain. No account required to use the tool.", "privacyPolicyTldr": "Blacklight requires no account and no personal information to use. You enter a URL and receive results. The Markup is a nonprofit newsroom committed to investigating technology's impact on society — they do not sell data or run advertising. The URLs you scan are processed on their servers; The Markup's general privacy policy applies. No tracking pixels or advertising on the Blacklight tool page itself (The Markup practices what it preaches).", "practicalMitigations": "Blacklight shows you what is happening — acting on it is your responsibility. If a site has extensive tracking, access it through Tor Browser or a privacy-focused browser with strict blocking (Firefox with uBlock Origin in strict mode). Use Blacklight before sending sources to any URL — if a whistleblower portal has Facebook pixels, that is a serious source-protection failure. For data stories, use Blacklight Query (open-source CLI tool) to batch-scan sites and build structured datasets. Remember that Blacklight shows a snapshot: sites change their tracking over time, and consent banners may alter results by simulated geography. Run scans from multiple location options (Ohio, California, Europe) to see how tracking varies by jurisdiction.", "owner": "The Markup (US nonprofit investigative newsroom)", "fundingModel": "The Markup is a nonprofit newsroom funded by foundations (including Craig Newmark Philanthropies, the John S. and James L. Knight Foundation, and the Ford Foundation), individual donations, and reader support. No advertising revenue. No corporate sponsorship of editorial tools.", "businessModel": "Free public-interest tool. No revenue generated from Blacklight. The Markup operates as a nonprofit — Blacklight exists as part of their investigative mission to reveal how technology impacts society. The open-source Blacklight Query CLI extends this mission by enabling other journalists and researchers to build on the tool.", "knownIssues": "Scans only the initial page load — does not navigate through sites, click consent banners, or log in. Dynamic content that loads after user interaction may not be captured. Some tracking technologies are entirely server-side and leave no client-side fingerprint for Blacklight to detect. Sites using sophisticated consent management platforms may load different trackers based on the simulated location, making results location-dependent. Scan results are a snapshot in time — sites update their tracking infrastructure frequently. Very slow-loading sites may timeout before all trackers initialize. The tool cannot detect tracking embedded in mobile apps, only websites. Canvas fingerprinting detection may flag legitimate uses of the Canvas API (though this is rare in practice).", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "strong", "securityRatingNote": "Blacklight is not a tool that handles your data — it is a tool that reveals how other sites handle visitor data. The 'strong' rating reflects The Markup's credibility (Pulitzer-finalist nonprofit newsroom), the tool's transparency (Blacklight Query is open source), the absence of tracking on the tool itself, and the public-interest mission behind it. There is no meaningful security risk in using Blacklight: you enter a URL, it scans the site, you read the results. No account, no personal data, no tracking. The only consideration is that The Markup's servers process the URLs you scan — if your scan targets reveal your investigative interests, that is a minor operational security consideration, though The Markup has no incentive or history of disclosing such information." }, { "name": "Blender", "slug": "blender", "url": "https://www.blender.org", "tagline": "Free, open-source 3D suite used by newsrooms for visual investigations, scene reconstructions, and data visualization.", "category": "visuals", "additionalCategories": [ "data", "verification" ], "openSource": true, "whoItsFor": "Visual investigation teams reconstructing crime scenes, documenting human rights abuses, or building 3D data stories. Also useful for newsroom motion graphics and animated explainers. Bellingcat lists Blender in its OSINT toolkit. The NYT Visual Investigations team uses 3D modeling (including Blender) for projects like the Tulsa Race Massacre and the Battle of Kyiv.", "pricing": "Free. No tiers, no feature gates, no subscriptions. GPL v2+ license.", "freeOption": true, "editorialTake": "Blender is overkill for most daily journalism work. But when a story demands 3D reconstruction — a missile trajectory, a building collapse, a disputed shooting scene — nothing free comes close. The NYT, Bellingcat, and Forensic Architecture all use it for visual investigations. The learning curve is steep (weeks, not hours), but the payoff is broadcast-quality output at zero cost. Version 5.1 (March 2026) is the current release; the tool has matured dramatically since 4.0, with real-time rendering (EEVEE), geometry nodes for procedural data viz, and a much-improved video sequence editor. The Blender Foundation's nonprofit model (Dutch, €3.1M revenue in 2024, backed by Epic Games, NVIDIA, AMD, Apple, Meta, Netflix) keeps it genuinely free — no rug-pull risk.", "bestFor": "3D scene reconstructions for investigations. Animated data visualizations. Motion graphics and explainer animations. Forensic analysis (missile matching, building modeling, spatial geometry). Video editing via built-in sequence editor.", "notFor": "Quick 2D graphics (use GIMP or Figma). Simple video cuts (DaVinci Resolve is faster to learn). Real-time 2D motion graphics (After Effects is still the industry standard for that). If you need results in hours, not days, Blender is the wrong tool.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "All local. No cloud, no accounts, no server connection required. Your .blend files never leave your machine.", "privacyPolicyTldr": "Blender is fully local software. Zero telemetry, zero data collection, zero network calls. No account required. Extensions platform (extensions.blender.org) enforces a no-telemetry policy for approved add-ons. The website uses first-party cookies only. Best-in-class privacy for any creative tool.", "practicalMitigations": "Steep learning curve — budget 2-4 weeks of focused training before deadline work. BlenderVisualInvestigation.com offers forensic-specific courses. Be cautious with third-party add-ons from outside the official extensions platform; they could introduce telemetry or vulnerabilities. Keep Blender updated — 27 historical CVEs exist (most pre-2022, related to malicious .blend files), so don't open untrusted .blend files from unknown sources.", "owner": "Blender Foundation (nonprofit, registered in the Netherlands)", "fundingModel": "Blender Development Fund: €3.1M revenue in 2024 (21% YoY growth). Corporate Patrons (€120K-240K/year each): Epic Games, NVIDIA, AMD, Intel, Qualcomm, Netflix Animation Studios, Apple, Meta. Individual contributors now provide over half of total revenue. Foundation operated at a small loss in 2024 due to hiring — salary spend was €2.7M.", "businessModel": "Free software, funded by corporate sponsorships and individual donations. No paid tiers. No ads. No data monetization. GPL v2+ license means the code stays open permanently.", "knownIssues": "27 historical CVEs, mostly buffer overflows and code execution via crafted .blend files (last CVE: 2022). Opening untrusted .blend files from unknown sources is a real risk — treat them like executables. GPU rendering can be unstable with older or mismatched drivers. The video sequence editor, while improved in 5.0, still lags behind dedicated NLEs like DaVinci Resolve or Premiere. Performance on Apple Silicon is good but NVIDIA GPUs still have the edge for Cycles rendering.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Open-source (GPL v2+), fully local, zero telemetry, no accounts. Backed by a Dutch nonprofit with transparent finances. 27 historical CVEs are all patched; active security team tracks vulnerabilities. The only real attack surface is opening malicious .blend files — standard hygiene for any file-based tool." }, { "name": "Bluesky", "slug": "bluesky", "url": "https://bsky.app", "tagline": "Decentralized social network built on the AT Protocol. Open-source, no link demotion, domain-as-handle verification. 43M+ users. No ads.", "category": "publishing", "additionalCategories": [ "newsgathering" ], "openSource": true, "whoItsFor": "Journalists building audience on a platform that does not suppress links or manipulate reach. Reporters whose publications can issue domain-based verification (e.g., @name.nytimes.com). Newsrooms that want algorithmic transparency and custom feeds for beat coverage. Researchers and activists who need public-by-default posting with portable data.", "pricing": "Free. No paid tier yet. Bluesky+ subscriptions (profile customizations, higher-quality video) expected to launch in 2026. Core features will remain free.", "freeOption": true, "editorialTake": "Bluesky is the only major social platform where links are not algorithmically demoted. That single fact matters more to journalists than any other feature. On X, Meta, and Threads, posting a link to your article means fewer people see it. On Bluesky, a link is a link. The platform has 43 million users as of early 2026, with roughly 1.5-3.5 million daily active users. Growth hit 302% between September 2024 and November 2025, driven by Brazil's X ban and the US election. The verification system is elegant: set your handle to your domain (e.g., @nytimes.com), and your identity is cryptographically tied to your publication. The New York Times and WIRED are Trusted Verifiers who can badge their own journalists directly in the app. Over 309,000 accounts use domain-handle verification. Custom feeds let users build or subscribe to topic-specific algorithms — Bluesky launched Attie in 2025, an AI tool that lets anyone create a feed in plain language. The AT Protocol means your data is portable: you can move your account to a self-hosted Personal Data Server without losing followers. The tradeoff is scale. Bluesky's daily active users are a fraction of X's or Threads'. The audience skews tech-forward and US/Brazil-heavy. Engagement is real but reach is limited compared to legacy platforms. CEO Jay Graber stepped down in March 2026; interim CEO is Toni Schneider (ex-Automattic). The leadership transition adds uncertainty. Jack Dorsey, who funded the original project at Twitter, cut ties in 2024. Revenue is zero — the company has raised $123M but has no monetization in production. Composable moderation (stackable labelers, open-source Ozone tool) is architecturally interesting but under-resourced: roughly 100 moderators for 43M accounts. Pro-Russian bot networks and AI deepfakes have been documented on the platform. The fundamental tension: the AT Protocol's openness means all public posts are fully accessible via API. Anyone can scrape them. There is no privacy for public content. That is a feature for open journalism and a risk for journalists covering sensitive topics.", "bestFor": "Journalists who want to share links without algorithmic penalty. Reporters at publications willing to set up domain-handle verification. Beat reporters who benefit from custom feeds (e.g., a climate feed, a courts feed). Newsrooms building direct audience relationships outside Meta and X. Open-source investigators who want API access to public discourse.", "notFor": "Journalists who need to reach mass audiences today — Bluesky's daily active user base is 1.5-3.5M vs. X's 250M+. Reporters covering sensitive topics who need post-level privacy controls — all public posts are API-accessible. Anyone who needs DM encryption — Bluesky DMs are not end-to-end encrypted. Organizations that require stable, well-funded platform governance — Bluesky has zero revenue and just changed CEOs.", "encryptionInTransit": "yes", "encryptionAtRest": "partial", "dataJurisdiction": "United States. Bluesky Social, PBC is headquartered in Seattle. Primary infrastructure runs on US-based servers. The AT Protocol allows self-hosted Personal Data Servers in any jurisdiction, but the default Bluesky PDS and Relay are US-hosted. No EU data residency option for standard accounts.", "privacyPolicyTldr": "Bluesky collects account data, IP addresses, device identifiers, and usage analytics. All public posts are accessible via the AT Protocol Firehose API — any third party can read, index, or scrape them. DMs are not end-to-end encrypted; Bluesky can access them. The privacy policy permits sharing data with service providers and in response to legal requests. Bluesky does not sell personal data. The federated architecture means third-party PDS operators set their own data retention policies. Bluesky has acknowledged it cannot enforce consent mechanisms for public data externally. Account deletion removes your data from Bluesky's servers but cannot guarantee removal from third-party indexes or Relay caches.", "practicalMitigations": "Do not use Bluesky DMs for sensitive source communications — they are not encrypted. Assume all public posts are permanently archived and API-accessible by anyone. Use domain-handle verification to prove institutional affiliation. Consider self-hosting a Personal Data Server for full data sovereignty. Export your data regularly via Settings. Use a separate, hardened platform (Signal, SecureDrop) for confidential source contact. Enable two-factor authentication. Review which third-party apps have access to your account via Settings > App Passwords. If you leave Bluesky, your handle (domain) stays with you — no platform lock-in on identity.", "owner": "Bluesky Social, PBC (Public Benefit Corporation). Founded 2019 as a project within Twitter by Jack Dorsey. Spun off as an independent company in 2021. Jay Graber led as CEO from 2021 until March 2026. Toni Schneider (ex-CEO of WordPress.com parent Automattic) is interim CEO. Graber moved to Chief Innovation Officer. Dorsey departed the board and deleted his account in 2024. Approximately 20-person core team plus contract moderators. Headquartered in Seattle.", "fundingModel": "VC-funded. $8M seed (2023, led by Neo), $15M Series A (October 2024, led by Blockchain Capital), $100M Series B (April 2025, led by Bain Capital Crypto). Total raised: $123M. Other investors include Alumni Ventures, True Ventures, Bloomberg Beta, Knight Foundation, Anthos Capital. Twitter provided ~$13M in initial project funding (2019-2022) before the spinoff.", "businessModel": "No revenue as of early 2026. Planned monetization: Bluesky+ subscriptions (profile customizations, higher-quality video uploads — not algorithmic boost), custom domain sales, and creator payment tools. Bluesky has explicitly rejected advertising and algorithmic pay-to-play models. The company's $123M in funding provides runway, but long-term sustainability is unproven. The PBC structure legally requires balancing profit with public benefit.", "knownIssues": "All public posts are fully accessible via the AT Protocol Firehose API. Researchers extracted 1M+ posts including metadata and reply relationships with minimal effort. Bluesky cannot prevent third-party scraping of public content and has acknowledged this openly. DMs are not end-to-end encrypted. Moderation is under-resourced: ~100 moderators for 43M accounts. AFP documented pro-Russian bot networks using AI deepfakes on the platform in early 2025. Security researchers reported multiple vulnerabilities to security@bsky.app with slow or no response — only one report received a single reply. The federated architecture distributes security responsibility across PDS operators with inconsistent standards. CEO transition in March 2026 (Graber to interim CEO Schneider) introduces governance uncertainty at a critical growth phase. Zero revenue and no monetization in production raises long-term sustainability questions. The platform's content moderation philosophy relies on composable labelers — powerful in theory, but most users do not customize their moderation stack.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "TLS encryption in transit. Partial encryption at rest — Bluesky has not published details on at-rest encryption for its managed PDS infrastructure. The real risk for journalists is not a data breach but architectural transparency: every public post is API-accessible by design. This is a feature of the AT Protocol, not a bug, but it means public Bluesky content has zero access friction for scrapers, AI trainers, or surveillance actors. DMs lack end-to-end encryption. The moderation team is small relative to the user base. Security vulnerability response has been criticized as slow. Domain-handle verification is a genuine trust innovation — it is cryptographically grounded and does not require platform approval. Data portability via self-hosted PDS is strong in theory but requires technical sophistication. For standard journalism use (sharing work, building audience, monitoring public discourse), the security posture is adequate. For sensitive source communication or any content that should not be public, Bluesky is the wrong tool." }, { "name": "Botometer", "slug": "botometer", "url": "https://botometer.osome.iu.edu", "tagline": "Bot detection scores for Twitter/X accounts. Built by Indiana University researchers, frozen in archival mode after X cut off free API access in 2023.", "category": "verification", "openSource": true, "builtForJournalism": false, "whoItsFor": "Researchers, journalists, and disinformation analysts looking up automation likelihood scores for Twitter/X accounts. Originally served hundreds of thousands of queries daily; now operates as Botometer X in archival mode using historical data.", "pricing": "Free for the public web interface and bulk API at botometer.osome.iu.edu. Botometer Pro is also listed on RapidAPI for higher-volume programmatic access.", "freeOption": true, "editorialTake": "Botometer was the standard public bot detector for a decade, built by the Indiana University Observatory on Social Media (OSoMe) under researchers including Filippo Menczer. It used a machine learning model to score the likelihood that a Twitter account was automated, drawing on profile metadata, posting patterns, network features, and content. Then in May 2023 X (formerly Twitter) ended free API access for researchers and the original Botometer service went dark — it could no longer fetch live data to score accounts on demand. OSoMe rebuilt it as Botometer X, an archival service that returns pre-computed scores for accounts based on data collected before June 2023. The web interface and API still work, but no account created or active only after May 31, 2023 will return a score, and the existing scores reflect a snapshot of behavior years old. The Python client (botometer-python on GitHub) still works against the archival API and no longer requires a Twitter developer account. For journalism today, Botometer is useful for retrospective analysis of historical disinformation campaigns, longitudinal academic research, and as one signal in a broader OSINT workflow on accounts that existed before the cutoff. It is not useful for real-time analysis of current X activity, for accounts that postdate the cutoff, or for any platform other than Twitter/X. The shutdown of Botometer is one of the clearest examples of how X's API changes broke a generation of public-interest research tooling. OSoMe continues to maintain other open-source tools (Hoaxy, OSoMeBT, the BotAmp Twitter manipulation detector) and publishes its methodology openly.", "bestFor": "Retrospective bot scoring of accounts active before June 2023. Academic research and longitudinal studies of historical Twitter manipulation. Cross-checking accounts referenced in older disinformation reporting. Programmatic bulk lookups via the open Python client.", "notFor": "Real-time bot detection on current X/Twitter activity. Any account created after May 31, 2023. Bot detection on Bluesky, Threads, Mastodon, TikTok, Facebook, or Instagram. Single-source verdicts — bot detection has always been probabilistic and Botometer scores are now also stale.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. Hosted by Indiana University, Bloomington (osome.iu.edu domain). Subject to U.S. and Indiana state law and university research data policies.", "privacyPolicyTldr": "Public research tool from a U.S. university. Queries lookup pre-computed scores against an archival dataset. No Twitter/X developer account required. Standard academic research data handling under Indiana University policies.", "practicalMitigations": "Treat scores as historical snapshots, not current state — the underlying data is from before June 2023. Cross-reference with other OSINT signals (registration date, posting cadence, network analysis) and direct examination of the account. Do not name or accuse a real person of being a bot based on a single Botometer score, especially one this old. For programmatic use, the open-source botometer-python client lets you keep query logs local.", "owner": "Indiana University Observatory on Social Media (OSoMe), Bloomington, Indiana. Principal investigators include Filippo Menczer and the OSoMe research group. Open source code published under the osome-iu GitHub organization.", "fundingModel": "Academic research. Funded historically through NSF, DARPA, the Knight Foundation, the Democracy Fund, and Indiana University internal support across various OSoMe projects. Specific Botometer maintenance funding not publicly broken out.", "businessModel": "Free public research tool. No commercial product. A separate listing on RapidAPI (Botometer Pro) provides paid programmatic access for higher-volume users; the public web interface and Python client remain free.", "knownIssues": "Original Botometer disabled in 2023 after X ended free researcher API access. Replacement Botometer X operates in archival mode only — no scores for accounts created or active after May 31, 2023, and existing scores are based on pre-June 2023 data. No equivalent replacement has emerged for live X bot detection. Bot detection in general is probabilistic; high scores are signals to investigate further, not proof of automation. No support for non-Twitter platforms.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-07", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "Public university research tool. Open-source client, transparent methodology, U.S. academic jurisdiction. The honest limitation is not security but staleness — Botometer X is a historical archive, not a live detector. Use it for what it is: a retrospective lookup against pre-June 2023 Twitter data, useful for reporting on historical campaigns and longitudinal research." }, { "name": "Brave Browser", "slug": "brave-browser", "url": "https://brave.com", "tagline": "Privacy-first Chromium browser with built-in ad/tracker blocking. 100M monthly users. Chrome extensions work out of the box.", "category": "security", "openSource": true, "threatLevel": "baseline", "whoItsFor": "Journalists who want stronger default privacy without switching away from the Chrome extension ecosystem. Researchers and activists who need tracker blocking without configuring anything. Anyone tired of feeding browsing data to Google.", "pricing": "Free. Optional paid tiers: Brave VPN ($9.99/mo), Brave Search Premium ($3/mo), Brave Firewall+VPN bundle.", "freeOption": true, "editorialTake": "Brave is the fastest path to meaningfully better privacy for most journalists. Shields blocks ads, trackers, and fingerprinting by default — no extensions, no configuration. Pages load 21% faster on Android because the junk never loads in the first place. Brave Search runs its own 40-billion-page index (100% independent since dropping Bing fallback), so you get private results without Google's profiling. The Tor-routed private windows are useful for light sensitive research, though they are not a substitute for Tor Browser. The elephant in the room: BAT crypto integration. It is opt-in, ignorable, and earns users almost nothing (2-6 BAT/month at ~$0.21/BAT). But the crypto wallet, Brave Rewards prompts, and past partnerships with FTX and Gemini undercut the privacy-pure branding. The 2020 affiliate-link injection scandal — where Brave silently rewrote URLs to add referral codes — was a real trust breach. They fixed it, but it happened. CEO Brendan Eich's 2008 Prop 8 donation and combative social media presence remain polarizing. None of this changes the technical reality: Brave's default privacy protections are among the strongest of any mainstream browser, and it consistently tops PrivacyTests fingerprinting and tracking benchmarks.", "bestFor": "Daily browsing with strong privacy defaults. Journalists who want tracker blocking without configuring extensions. A Chrome alternative that keeps your data local. Mobile reporting — 14% less data usage and 40% better battery life from blocking ads.", "notFor": "Maximum anonymity (use Tor Browser for full onion routing). Newsrooms with Chrome-managed enterprise policies. Users who want a non-Chromium engine — Firefox/Gecko is the only independent alternative. People uncomfortable with a crypto-adjacent company building their browser.", "encryptionInTransit": "yes", "encryptionAtRest": "partial", "dataJurisdiction": "Local device. Brave collects no browsing history server-side. Optional Brave Sync uses end-to-end encryption with a sync chain code — Brave cannot read synced data. Brave Search earned SOC 2 Type II attestation, confirming no query logging.", "privacyPolicyTldr": "Brave collects no browsing history and sells no data. Shields block third-party trackers and cookies by default (since 2016). Brave Rewards, Sync, VPN, and wallet are all opt-in. Brave Search does not log queries or personalize results. The Web Discovery Project (anonymous browsing data to improve search) is opt-in only.", "practicalMitigations": "Disable Brave Rewards on first launch if you do not want crypto/ad features — it prompts but is optional. Use Private Window with Tor for sensitive research (but not for high-risk sources — use Tor Browser instead). Review Shields settings per-site if pages break. Brave Sync is E2E encrypted but adds attack surface; disable if not needed. On Windows, Brave blocks Microsoft Recall screenshots (v1.81+). Keep auto-update enabled — Brave merges Chromium security patches regularly.", "owner": "Brave Software Inc.", "fundingModel": "Venture-backed, $252M total funding. Founded 2015 by Brendan Eich (JavaScript creator, Mozilla co-founder) and Brian Bondy. $35M raised via BAT initial coin offering (2017). Surpassed $100M annualized revenue in 2025. 100M monthly active users as of September 2025.", "businessModel": "Free browser. Revenue from Brave Ads (opt-in; Brave takes 30% of user ad revenue, 15% of publisher-integrated ads), Brave Search Premium ($3/mo), Brave VPN ($9.99/mo), and Brave Search API (billions of weekly calls from AI companies and developers). Brave Ads use on-device matching — ad targeting happens locally, not on servers.", "knownIssues": "2020: Brave auto-completed URLs with affiliate referral codes (Binance, Coinbase, others) without user consent. Fixed after public backlash, but a genuine trust violation. 2021: Private Window with Tor leaked DNS queries to the ISP, defeating anonymity. Patched. BAT/crypto integration requires KYC via Uphold or Gemini to cash out, undermining the privacy premise. Brave promoted FTX (collapsed 2022) and partnered with Gemini (SEC charges for unregistered securities, 2023). CEO Brendan Eich's $1,000 donation to California Prop 8 (2008 same-sex marriage ban) led to his 2014 departure from Mozilla; remains a recurring controversy. In February 2026, Eich dismissed user-tracking allegations as 'fake news' after a report accused Brave Ads of behavioral profiling. CVE-2025-23086: origin spoofing in file dialogs let malicious sites impersonate trusted domains (fixed v1.74.48). Brave is Chromium-based, so it inherits any Chromium zero-days (e.g., CVE-2025-2783 Mojo exploit). January 2026 confusion over 'Brave Origin' (a stripped-down telemetry-free build) caused user concern before Eich clarified it was optional.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Open-source (MPL-2.0) Chromium fork with the strongest default privacy protections of any mainstream browser. Shields block trackers, ads, and fingerprinting out of the box. No server-side data collection from browsing. Brave Search operates an independent index with SOC 2 Type II attestation. Tor integration adds an anonymity layer. Regular Chromium merges keep security patches current. The crypto layer and past trust incidents (affiliate links, DNS leak) are real concerns but do not weaken the browser's core security architecture. Consistently top-ranked in PrivacyTests and PCMag privacy benchmarks." }, { "name": "Briar", "slug": "briar", "url": "https://briarproject.org", "tagline": "P2P encrypted messaging over Tor. Works when the internet doesn't.", "category": "messaging", "openSource": true, "threatLevel": "high-risk", "whoItsFor": "Journalists operating in hostile environments where Signal is blocked or internet infrastructure is unreliable. Activists coordinating during shutdowns. Anyone whose threat model includes state-level adversaries targeting communication infrastructure.", "pricing": "Free. Open source (GPLv3).", "freeOption": true, "editorialTake": "Briar is the most resilient messenger available. When Iran shut down the internet on January 8, 2026 — cutting off 85 million people mid-protest — Briar kept people connected via Bluetooth and WiFi mesh. No other messenger can do that. It routes over Tor when internet exists, falls back to Bluetooth/WiFi/USB when it doesn't, and stores nothing on any server because there are no servers. The Bramble protocol suite provides E2E encryption with forward secrecy across every transport layer. Two independent security audits (Cure53 in 2017, Radically Open Security in 2023) found no critical vulnerabilities. The tradeoffs are real: Android-only on mobile, no iOS (and none planned), both devices must be online simultaneously to sync unless you run Briar Mailbox. Desktop is still beta. But Briar isn't trying to replace Signal for daily use — it's the tool you need when Signal's servers are blocked or the internet is gone entirely.", "bestFor": "Communication during internet shutdowns. Reporting in countries where Signal, WhatsApp, and Telegram are blocked. Bluetooth/WiFi mesh coordination at protests. Source communication when metadata protection matters more than convenience.", "notFor": "Daily messaging (no iOS, limited desktop). Large group coordination (sync requires both devices online). Anyone unwilling to accept UX friction for security gains.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Local only. No servers exist. Data never leaves participating devices. Messages stored in encrypted database on-device.", "privacyPolicyTldr": "No servers means no data collection, no metadata, no logs. Messages sync directly between devices over Tor, WiFi, or Bluetooth. Nothing is stored anywhere except on participants' devices in an encrypted local database. Contact lists are encrypted on-device. Even the Briar Mailbox (asynchronous relay) only buffers encrypted messages between a user and their contacts — no third-party access.", "practicalMitigations": "Exchange contacts in person when possible — Briar uses QR codes for contact verification, which is the strongest authentication model. Understand that messages only sync when both devices are online simultaneously, unless you set up Briar Mailbox on a spare Android device for asynchronous delivery. Keep the app updated; the small team ships critical fixes promptly (three CVEs in 2023 were patched within weeks). For desktop use, Briar Desktop 0.6.5-beta is available for Linux, Windows, and macOS but limited to 1:1 messaging — no groups or forums yet.", "owner": "Briar Project (open-source community, founded 2011 by Michael Rogers and Eleanor Saitta)", "fundingModel": "Grants from Open Technology Fund ($361K as of 2018), NLnet Foundation (NGI Assure/NGI Zero), Access Now, Small Media Foundation, Internews, Prototype Fund, ISC Project, eQualit.ie. No corporate backing.", "businessModel": "None. Volunteer and grant-funded open-source project. No revenue model, no ads, no data monetization. Sustainability depends entirely on continued grant funding — a real risk for a tool this important.", "knownIssues": "No iOS app, and the project has stated none is planned — iOS background restrictions make Briar's architecture fundamentally incompatible. Briar Desktop (0.6.5-beta as of February 2026) supports only 1:1 messaging; no forums, groups, or blogs. Three CVEs disclosed in 2023: CVE-2023-33980 (message duplication in forums/groups, fixed in 1.4.22), CVE-2023-33981 (crash via invalid messages, fixed in 1.4.22), CVE-2023-33982 (Bramble Handshake Protocol not forward-secure when adding contacts via links, fixed in 1.5.3 — impractical to exploit because BHP runs over Tor v3 hidden services). Radically Open Security audit (Sept-Oct 2023) found six additional issues: one moderate (overlay attack on Android <12), five low-risk. Four of six resolved by March 2024 retest. Grant-dependent funding model creates long-term sustainability risk. Small development team — roughly 3-5 core contributors. Both devices must be online simultaneously for message sync without Briar Mailbox.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Fully decentralized architecture eliminates server-side attack surface entirely. Bramble protocol suite provides E2E encryption with forward secrecy across Tor, Bluetooth, WiFi, and USB transports. Tor routing by default hides metadata (who talks to whom). Two independent audits — Cure53 (2017, 12 findings, no critical) and Radically Open Security (2023, 6 findings, no critical) — confirm strong implementation. Three CVEs in 2023 were responsibly disclosed by ETH Zurich and patched quickly. Open source, reproducible builds via F-Droid. 3.6M+ Google Play downloads. No comparable tool exists for internet-shutdown resilience." }, { "name": "Buttondown", "slug": "buttondown", "url": "https://buttondown.com", "tagline": "Privacy-first newsletter platform. Markdown editor. 0% platform fee on paid subscriptions. API-first. Built and operated by a single founder.", "category": "publishing", "whoItsFor": "Independent journalists and writers who want a clean, no-nonsense newsletter tool that respects both their workflow and their subscribers' privacy. Writers who prefer Markdown over drag-and-drop editors. Anyone who wants paid subscriptions without surrendering a cut to the platform.", "pricing": "Free: up to 100 subscribers, rich text or Markdown editor, custom domain sending, hosted archives. Basic: $9/month (up to 1,000 subscribers). Standard: $29/month (up to 5,000). Professional: $79/month (up to 10,000). Advanced: $139/month (up to 20,000). Enterprise: custom pricing. Features are modular add-ons: tagging, paid subscriptions, analytics, automations, RSS-to-email, comments, and teams each cost $9–$79/month extra. Pricing assumes at most one email per day to your full list — higher volume requires custom arrangement.", "freeOption": true, "editorialTake": "Buttondown is what happens when a single engineer builds the newsletter tool he actually wants. Justin Duke started it in 2018 while working at Stripe, grew it without outside funding, and still runs it as a small bootstrapped team. The result is a tool that does less than Substack or Beehiiv — and does it better for the people who care about simplicity and privacy. The Markdown-first editor is genuinely good. Analytics are off by default. Subscriber data is never sold. There is no ad network, no recommendation algorithm, no growth hacking toolkit. Paid subscriptions run through Stripe with 0% platform commission — Buttondown takes nothing. Substack takes 10%. Beehiiv takes 0% but requires a $49/month plan to unlock paid subscriptions at all. Buttondown's paid subscription add-on is $9/month. The trade-off is real: Buttondown has no discovery network. No built-in audience. No referral programs or cross-promotion marketplace. You bring your own readers. The modular pricing can add up — if you want tagging, paid subscriptions, analytics, and automations, that is $36/month in add-ons on top of your base plan. Beehiiv's free tier includes more features out of the box. The API is comprehensive — everything in the UI is available via REST. GDPR compliance is documented. Data deletion is immediate on request. The Open Source Pledge commitment ($5,000 per developer per year to open-source dependencies) is a concrete signal about values, not a marketing gesture. For journalists who want to own their newsletter without platform entanglements, Buttondown is the leanest credible option.", "bestFor": "Writers who prefer Markdown and want a distraction-free editor. Journalists who want 0% platform commission on paid subscriptions. Privacy-conscious publishers who want analytics off by default. Developers and technical writers who need full API access. Small publications that want modular pricing instead of bloated feature bundles.", "notFor": "Writers who need built-in audience discovery or recommendation networks (use Substack). Publications that want referral programs, A/B testing, or ad sponsorship tools (use Beehiiv). Teams that need a full CMS with memberships, pages, and ActivityPub federation (use Ghost). Anyone who needs extensive design customization — Buttondown's templates are intentionally minimal.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States. Buttondown is a US-based company. Email delivery handled via third-party providers (Mailgun, Postmark) with US and EU infrastructure. Payment data stored by Stripe. No EU-only data residency option disclosed.", "privacyPolicyTldr": "Buttondown collects only what you provide: email address, subscriber list, newsletter content, and (for paid authors) billing info via Stripe. Analytics are off by default — open tracking, click tracking, and subscriber analytics are opt-in. Subscriber data is never sold, never shared with advertisers, never used for ad targeting. Third-party data sharing is limited to email delivery (Mailgun, Postmark) and payments (Stripe). GDPR compliant with immediate data deletion on request. Privacy policy is written in plain English. No cookies beyond session management.", "practicalMitigations": "Keep analytics disabled unless you have a specific reason to track opens and clicks — this protects your subscribers by default. Use a custom domain from day one so your newsletter URL is portable. Export your subscriber list regularly via the built-in export tool. Enable multi-factor authentication (TOTP or passkeys supported). Understand that email content passes through third-party delivery providers (Mailgun, Postmark) — do not use newsletters to transmit sensitive source material. Review Buttondown's sub-processor list if your subscribers include contacts in sensitive jurisdictions.", "owner": "Buttondown LLC (United States). Founded and operated by Justin Duke.", "fundingModel": "Bootstrapped. No venture capital, no external investors. Revenue-funded since 2018. Justin Duke built it while working at Stripe and grew it independently. Contributes at least $5,000 per full-time developer per year to open-source dependencies via the Open Source Pledge.", "businessModel": "SaaS subscriptions. Revenue from base plans ($9–$139/month) and modular feature add-ons ($9–$79/month each). 0% commission on subscriber payments — only Stripe processing fees apply. Concierge migration offered free to new customers. No advertising, no data sales, no sponsorship marketplace.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "GDPR compliant with immediate data deletion. Analytics off by default — a meaningful privacy-first design choice. Multi-factor authentication via TOTP and passkeys. Content Security Policy implemented. Payment data handled exclusively by Stripe. No disclosed security certifications (no SOC 2, no ISO 27001). No public vulnerability disclosure program or bug bounty. Encryption at rest is not documented. Bootstrapped structure eliminates data monetization incentives. Third-party email delivery (Mailgun, Postmark) means content transits external infrastructure. Adequate for newsletter publishing. Not designed for high-risk communications." }, { "name": "Canva", "slug": "canva", "url": "https://www.canva.com", "tagline": "Design tool for social media graphics, presentations, and basic video. Free tier is genuinely useful. AI features expanding fast.", "category": "visuals", "openSource": false, "whoItsFor": "Journalists and newsrooms that need social media graphics, presentation slides, infographics, and basic video editing without a dedicated designer. Freelancers who need professional-looking visuals fast. Nonprofit newsrooms that qualify for free Pro access.", "pricing": "Free tier (250,000+ templates, basic features). Canva Pro: $15/month or $120/year. Canva Business (replaced Teams for new signups): $20/user/month or $200/user/year. Enterprise: custom pricing. Canva for Nonprofits: free Pro access for up to 50 users for qualifying 501(c)(3) organizations. Note: Canva raised Teams pricing by up to 300% in late 2024, then partially reversed after backlash. Existing Teams subscribers kept legacy rates.", "freeOption": true, "editorialTake": "Canva is the practical choice for journalists who need visuals but don't have design skills or Adobe subscriptions. The free tier is genuinely useful. Since 2024, Canva has been on an acquisition tear — Leonardo AI for image generation, Affinity for professional photo/vector/layout editing (now free), Flourish for data visualization, Cavalry for animation. The result is a platform that keeps absorbing capabilities that used to require separate tools. The AI features (Magic Studio) are aggressive: 800 million AI tool uses per month as of 2025, up 700% year-over-year. For public-facing graphics and presentations, it's hard to beat the speed. But the 2024 pricing debacle — a 300% hike announced via quiet emails, then walked back after backlash — reveals a company that will test how much it can extract from locked-in users. With 265 million MAUs, 31 million paying, and $3.5B in 2025 revenue, Canva has scale. Use it for what it's good at. Don't store sensitive material on it.", "bestFor": "Social media graphics and story cards. Presentation slides for events or pitches. Quick infographics when Datawrapper or Flourish are overkill. Newsletter header images. Basic video editing for social clips. Data visualization via built-in Flourish integration.", "notFor": "Complex data visualization (use Flourish standalone or Datawrapper). Print design with precise typography (use Affinity Publisher or InDesign). Complex video editing (use DaVinci Resolve). Work where template aesthetics are a concern — Canva output is recognizable. Anything involving confidential source material or sensitive documents.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Australia (Canva Pty Ltd, headquartered in Sydney). Data stored across multiple regions including US and EU. SOC 2 Type II compliant and ISO 27001 certified.", "privacyPolicyTldr": "Account required (email or Google/Facebook login). Designs stored on Canva servers, private by default unless shared. For individual free/Pro users, Canva does NOT use your content to train AI by default — you can opt in via Privacy preferences. For Teams, Business, Enterprise, and Education accounts, content is never used for AI training and this cannot be toggled on. Canva Creators can opt out of AI training. Canva committed $200M in content and AI royalties to creators over three years.", "practicalMitigations": "Don't upload sensitive or confidential images — they're stored on Canva's servers. Verify your account's AI training setting in Privacy preferences (should be off by default for individuals, always off for Teams/Business/Enterprise). Use the download feature to keep local copies of everything. For sensitive presentations, use a local tool like Affinity or LibreOffice Impress instead. If your newsroom qualifies as a 501(c)(3), apply for Canva for Nonprofits — free Pro for up to 50 users.", "owner": "Canva Pty Ltd (Australian private company, headquartered in Sydney). Not publicly listed — IPO expected on NASDAQ in second half of 2026. Last private valuation: US$42B (August 2025 employee share sale). Co-founders Melanie Perkins (CEO), Cliff Obrecht, Cameron Adams.", "fundingModel": "Venture-backed, pre-IPO. Major investors: Sequoia, Blackbird Ventures, Felicis, T. Rowe Price. August 2025 secondary share sale at $42B valuation. Blackbird has told LPs to expect a 2H 2026 NASDAQ listing.", "businessModel": "Freemium SaaS. $3.5B revenue in 2025. 265M monthly active users, 31M paid subscribers. B2B segment (25+ seats) hit $500M ARR with 100% growth. Enterprise tier, Canva Print for physical products. Acquisitions expanding the platform: Leonardo AI (image generation), Affinity (professional editing suite, now free), Flourish (data viz), MagicBrief (ad intelligence), Cavalry (animation), MangoAI (ad performance).", "knownIssues": "2019 data breach exposed 139 million user records (usernames, emails, bcrypt-hashed passwords). Canva forced password resets. In 2025, a third-party AI company (My Jedai) exposed survey data from 571 Canva Creators — not a Canva breach, but a reminder that ecosystem partners handle your data too. Late 2024 pricing crisis: Canva attempted a 300% price hike on Teams plans with minimal notice, communicated via quiet emails rather than public announcements. Reversed after significant subscriber backlash, but the move signaled willingness to squeeze locked-in users. Canva output is visually identifiable — the 'Canva look' can undermine credibility for outlets that want a distinctive visual identity.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "relatedPrograms": [ "canva-journalists", "canva-nonprofits" ], "securityRating": "adequate", "securityRatingNote": "SOC 2 Type II and ISO 27001 certified. Canva Shield provides enterprise-grade AI governance, SSO, SCIM provisioning, and audit logs. AI training policy is clear and favorable: off by default for individuals, always off for Teams/Business/Enterprise. The 2019 breach (139M records) is old but large. Current security posture is standard for a company at this scale. Not suitable for confidential source material, but fine for public-facing production work." }, { "name": "CapCut", "slug": "capcut", "url": "https://www.capcut.com", "tagline": "Free-to-start video editor from ByteDance (TikTok's parent). Fast, capable, massively adopted — and carrying the same data governance questions as TikTok itself.", "category": "visuals", "additionalCategories": [], "openSource": false, "whoItsFor": "Video journalists and social media editors who need quick turnaround on short-form video. Freelancers producing TikTok, Reels, and Shorts content on deadline. Student journalists and small newsrooms with no budget for professional editing software. Anyone already in the TikTok ecosystem who wants native integration with trending effects and templates.", "pricing": "Free tier: basic editing, limited effects, watermark on some exports. Pro: $9.99/month or $74.99/year (auto-captions, premium effects, cloud storage, no watermark). Team plans available. Most AI features (dynamic captions, advanced effects) moved behind the Pro paywall in mid-2024. Desktop app is free to download.", "freeOption": true, "editorialTake": "CapCut is a video editor built by ByteDance, the Beijing-headquartered company that owns TikTok. It launched in 2020 and crossed 200 million monthly active users by 2023. The editor is genuinely good: timeline editing, keyframing, motion tracking, AI background removal, auto-captions, and a weekly-updated effects library synced to TikTok trends. For short-form social video, it is faster than DaVinci Resolve and more capable than most free alternatives. The privacy story is the problem. CapCut's June 2025 Terms of Service grant ByteDance a perpetual, irrevocable, royalty-free, fully transferable license to all uploaded content — including private drafts. A 2023 class-action lawsuit alleged illegal harvesting of biometric information and geolocation data without consent. The same national security concerns that triggered the US TikTok ban apply here: ByteDance is subject to Chinese national security law, which can compel data sharing with state intelligence. CapCut was banned in the US alongside TikTok on January 19, 2025, under the Protecting Americans from Foreign Adversary Controlled Applications Act. Service resumed within days after a presidential enforcement delay, and as of April 2026 CapCut is available in the US including app stores. But the legal framework enabling a ban remains in place. For journalists handling sensitive source material, pre-publication footage, or any content with operational security implications, CapCut is not appropriate. For public-facing social clips with no sensitive content, it remains fast and effective — if you accept the data governance trade-off.", "bestFor": "Quick-turnaround social video edits for TikTok, Reels, and Shorts. Templated content with trending effects. Auto-captioned clips where speed matters more than privacy. Student journalists learning video editing with zero budget.", "notFor": "Any footage containing sensitive sources, unpublished investigations, or confidential material. Journalists subject to source protection obligations. Newsrooms with data sovereignty requirements. Anyone uncomfortable with ByteDance's perpetual license to uploaded content. US-based journalists who need guaranteed platform continuity (ban risk remains). Editing involving whistleblower footage, protest documentation, or material that could endanger sources if exposed.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "ByteDance Ltd., headquartered in Beijing, China. US user data reportedly stored on Oracle Cloud Infrastructure in the US (similar to TikTok's Project Texas arrangement), but ByteDance's corporate structure means Chinese national security law applies to the parent entity. Data processing jurisdiction remains ambiguous.", "privacyPolicyTldr": "Account optional for basic use, required for cloud features. June 2025 ToS grant ByteDance perpetual, irrevocable, royalty-free, fully transferable license to all user content including private drafts. Collects device identifiers, usage data, and content metadata. Subject to Chinese national security law through parent company ByteDance. Class-action lawsuit alleging biometric data collection without consent (filed 2023, Northern District of Illinois). No public SOC 2 or ISO 27001 certification.", "practicalMitigations": "Never upload footage containing sensitive sources, unpublished investigative material, or content with operational security implications. Use the desktop app in offline mode for editing when possible to limit data transmission. Do not connect a work account — use a disposable email if account is needed. Strip metadata from exports before publishing. Consider DaVinci Resolve (free, no cloud dependency, no data governance concerns) for anything beyond public social clips. If you use CapCut, treat it as a public platform: assume anything you upload is accessible to ByteDance.", "owner": "ByteDance Ltd. Private company headquartered in Beijing, China. Founded 2012 by Zhang Yiming. Parent company of TikTok, Douyin, Lark, and CapCut. Valued at approximately $220B (2024 secondary market transactions). Over 110,000 employees globally.", "fundingModel": "Subsidiary of ByteDance, which has raised over $8B from investors including Sequoia Capital, KKR, SoftBank, and General Atlantic. CapCut operates as a growth product within ByteDance's ecosystem, not as an independent entity.", "businessModel": "Freemium with Pro subscription. Primary business value is user acquisition and retention within ByteDance's content ecosystem (TikTok integration drives both platforms). Subscription revenue is secondary to strategic ecosystem value.", "knownIssues": "June 2025 ToS grant perpetual license to all uploaded content. Class-action lawsuit over biometric data collection (2023). Temporarily banned in US January 2025 under PAFACA — legal framework for ban remains active. Permanently banned in India since 2020. Auto-captions and premium effects moved behind paywall in mid-2024, reducing free tier value. No public security certifications. Subject to Chinese national security law through ByteDance parent entity.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "relatedPrograms": [], "securityRating": "caution", "securityRatingNote": "The 'caution' rating reflects ByteDance's data governance structure: Chinese national security law applies to the parent company, the ToS grant a perpetual license to all uploaded content, a biometric data class-action is pending, and the legal framework for a US ban remains in place. CapCut has not published SOC 2, ISO 27001, or equivalent security certifications. For public social video with no sensitive content, the risk is manageable. For any journalistic material involving sources, unpublished work, or operational security, CapCut is inappropriate." }, { "name": "CARTO", "slug": "carto", "url": "https://carto.com", "tagline": "Enterprise geospatial analytics platform. Cloud-native spatial analysis for large datasets — used by newsrooms, governments, and Fortune 500 companies.", "category": "data", "openSource": false, "whoItsFor": "Data journalists and newsroom data teams working with large, complex geographic datasets — election analysis across thousands of precincts, environmental monitoring over time, demographic pattern analysis, or any project where you need to query, analyze, and visualize spatial data at scale. CARTO connects directly to cloud data warehouses (Snowflake, BigQuery, Databricks, Postgres, Redshift), so you can analyze datasets too large for desktop tools without moving the data.", "pricing": "Free 14-day trial with full platform access including demo datasets. Three enterprise pricing tiers — specific pricing requires contacting sales. Free tier available with public data, shared resources, and limited data services. Enterprise plans include custom packaging for multiple teams. No publicly listed monthly price.", "freeOption": true, "editorialTake": "CARTO (originally CartoDB) is the enterprise end of the journalism mapping spectrum. Where Felt is Google Docs for maps and Datawrapper handles quick chart-to-map conversions, CARTO handles the hard stuff: analyzing millions of spatial data points, connecting directly to cloud warehouses, building automated geospatial workflows. The Washington Post, The Guardian, and other major data journalism operations have used CartoDB/CARTO for election maps, crisis tracking, and interactive geographic features. The platform now supports AI-driven analysis and MCP (Model Context Protocol) integration, letting teams build automated geospatial workflows. The catch for most newsrooms: CARTO is enterprise software with enterprise pricing. The free trial is 14 days. After that, you're talking to a sales team. For a large newsroom data team or a university journalism program, the power is real — you can analyze geospatial patterns across datasets that would crash QGIS. For a solo reporter or small outlet, Felt or QGIS will handle 90% of mapping needs at a fraction of the cost (or free). CARTO's strength is scale and integration with modern data infrastructure. If your newsroom already uses Snowflake or BigQuery, CARTO queries the data where it lives instead of requiring exports and uploads.", "bestFor": "Large-scale geospatial analysis. Election mapping across thousands of precincts. Environmental monitoring over time. Demographic pattern analysis. Any project requiring spatial queries against cloud data warehouses. Newsroom data teams with existing cloud data infrastructure.", "notFor": "Solo reporters or small newsrooms without data engineering resources. Quick one-off maps (use Felt or Datawrapper). Budget-constrained organizations — enterprise pricing is not transparent. Projects that don't require spatial analysis beyond basic mapping.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States and Spain. Headquarters in New York with offices in Madrid, Seville, and Washington DC. Cloud-native architecture — data stays in your own cloud warehouse (Snowflake, BigQuery, etc.) and CARTO queries it in place. This is a meaningful privacy advantage: your data never leaves your infrastructure.", "privacyPolicyTldr": "CARTO's cloud-native architecture means your spatial data stays in your own data warehouse — CARTO connects to it rather than ingesting it. The platform processes queries but the underlying data remains under your control. Standard account data (name, email, usage) is collected. CARTO complies with GDPR. The 'data never leaves your cloud' model is a genuine security differentiator for sensitive geographic analysis.", "practicalMitigations": "The cloud-native model is inherently more privacy-friendly than tools that ingest your data. Ensure your underlying data warehouse has appropriate security controls. Use the free trial to evaluate before committing to enterprise pricing. For sensitive investigations, the fact that CARTO queries data in place rather than copying it to their servers is a real advantage. Review CARTO's access permissions to your data warehouse carefully.", "owner": "CARTO (formerly CartoDB). Private company founded in 2012, headquartered in New York. Originally founded in Madrid, Spain by Sergio Alvarez Leiva and Javier de la Torre.", "fundingModel": "VC-backed. $92M total raised across 5 rounds. $61M Series C led by Insight Partners with European Innovation Council Fund, Accel, Salesforce Ventures, Hearst Ventures, and Earlybird. Revenue reached $28.9M in 2024, up from $18.6M in 2023.", "businessModel": "Enterprise SaaS. Revenue from subscription plans sold through sales team. Free tier with limited features for adoption. 2,500+ customers including Mastercard, Vodafone, Bain & Company, Coca-Cola. 350,000+ users.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "strong", "securityRatingNote": "CARTO's cloud-native architecture is a genuine security advantage — your spatial data stays in your own data warehouse and CARTO queries it in place, rather than copying it to their servers. Encryption in transit and at rest. GDPR compliant. Well-funded company with enterprise security posture. The 'data never leaves your cloud' model makes this one of the more privacy-friendly options for large-scale geospatial analysis. Appropriate for sensitive data journalism if your underlying data infrastructure is properly secured." }, { "name": "Census Reporter", "slug": "census-reporter", "url": "https://censusreporter.org", "tagline": "Makes US Census data accessible and visual. Demographic profiles, charts, and comparisons for any geography.", "category": "data", "openSource": true, "builtForJournalism": true, "whoItsFor": "Journalists writing stories that need demographic context — income, race, housing, education, commuting patterns. Local news reporters profiling a community. Researchers who need ACS data without wrestling with data.census.gov. Anyone who needs to quickly compare two ZIP codes or congressional districts.", "pricing": "Free. No account required.", "freeOption": true, "editorialTake": "The US Census Bureau's own interface, data.census.gov, is powerful but hostile to casual users. Census Reporter fixes that. Search any geography — city, county, ZIP code, congressional district, census tract — and get a clean demographic profile with charts, tables, and side-by-side comparisons. Built by journalists (Joe Germuska at Northwestern's Knight Lab, with IRE/NICAR roots), funded by a $450K Knight News Challenge grant. The data comes directly from the American Community Survey. Census Reporter only serves the most recent ACS release — currently 2024 1-year and 2020-2024 5-year estimates. If you need historical data, use data.census.gov or IPUMS. This tool matters more now than ever: the 2025 federal shutdown took data.census.gov offline, and DOGE has terminated five Census Bureau surveys. Census Reporter runs independently on its own infrastructure, so it stays up when government sites go dark.", "bestFor": "Quick demographic profiles for any US geography. Comparing communities side by side. Embedding responsive charts in stories (copy two lines of HTML). Getting a narrative overview of a place — population, income, race, housing, education — without knowing Census table codes. Providing demographic context for local reporting.", "notFor": "Non-US demographics. Historical Census data (only the latest ACS release). Highly specialized Census tables — data.census.gov or IPUMS cover more. Real-time population data — ACS estimates lag 1-2 years. Geographies smaller than census tracts. Decennial census microdata.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States.", "privacyPolicyTldr": "No account required. No login. Open-source project hosted by Northwestern's Knight Lab. Standard web hosting logs. The underlying data is public Census Bureau data. No user tracking beyond basic analytics. No advertising. No data sales.", "practicalMitigations": "No account needed — zero data exposure risk. Always check the margin of error on ACS estimates. Small geographies (census tracts, small towns under 65K population) can have margins of error larger than the estimate itself — the Census Bureau recommends 'extreme caution' when MOE exceeds 10% of the estimate. Use 5-year estimates for small areas (more reliable than 1-year). Use the 'compare' feature to provide context in stories. Download CSV data tables for your own analysis. Embeddable charts are responsive and include source attribution automatically.", "owner": "Knight Lab, Northwestern University (Joe Germuska, project lead). Originally an IRE/NICAR project.", "fundingModel": "Knight News Challenge grant ($450K initial). Reynolds Journalism Institute funded the predecessor project (census.ire.org). Maintained largely by volunteer effort — Ian Dees donates time annually to update data with new ACS releases.", "businessModel": "Grant-funded open-source project. Free public resource. No advertising, no data sales, no premium tier. Runs on donated maintenance time, which is both admirable and a sustainability risk.", "knownIssues": "Only serves the most recent ACS release — no historical data access. Margins of error on small geographies can make estimates unreliable (a Census-wide problem, not Census Reporter's fault, but the tool doesn't prominently warn users). The 2020 ACS collection had reduced response rates due to COVID, inflating margins of error by 15-20% in the 2016-2020 and 2017-2021 5-year estimates. Depends on volunteer maintenance — data updates can lag weeks behind Census Bureau releases. South Africa's Wazimap forked the codebase, but the US version has no equivalent community development momentum. No programmatic bulk download — the API exists (api.censusreporter.org) but is lightly documented and not designed for high-volume use.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Open-source, grant-funded, no account required, no login, no PII collected. The data is public Census Bureau information. Minimal server-side data collection. One of the lowest-risk tools a journalist can use — you're querying public data on an open-source platform with no authentication surface." }, { "name": "ChangeDetection.io", "slug": "changedetection", "url": "https://changedetection.io", "tagline": "Open-source website change monitoring with 85+ notification channels. Self-host for free via Docker or use the hosted service. Tracks text changes, visual diffs, JSON APIs, and pages behind logins.", "category": "newsgathering", "openSource": true, "threatLevel": "baseline", "whoItsFor": "Investigative journalists monitoring government websites, court filings, corporate pages, or any web source that changes without announcement. Beat reporters tracking agency websites for policy updates. OSINT researchers watching target pages for edits or deletions. Any journalist who has ever thought 'I wish I knew the moment that page changed.'", "pricing": "Self-hosted: completely free (MIT-licensed, Docker deployment). Hosted SaaS: $8.99/month for unlimited checks and watches, includes one Chrome browser instance for JavaScript-rendered pages. No per-check fees on either tier.", "freeOption": true, "editorialTake": "ChangeDetection.io solves a specific, high-value journalism problem: knowing when a web page changes before anyone else notices. Government agencies quietly edit policy pages. Companies update terms of service. Court dockets add new filings. This tool watches them all and alerts you through any of 85+ notification channels (email, Slack, Telegram, webhooks, custom APIs). The self-hosted option is the headline feature for journalists — run it on a $5/month VPS or a Raspberry Pi at home, and your monitoring activity stays entirely under your control. No third party knows which pages you're watching. That's a meaningful privacy advantage for investigative work. The visual selector lets you pinpoint specific page sections to monitor, reducing false positives from layout changes. It handles JavaScript-rendered pages through browser automation and can log into sites before checking for changes. The limitation is that it's a technical tool — Docker deployment requires comfort with the command line, and configuring complex watches (login flows, XPath selectors) takes patience. The hosted SaaS plan at $8.99/month removes the technical overhead but means the service knows which pages you're monitoring. Created by dgtlmoon (pseudonymous developer), actively maintained on GitHub with regular releases. The project has strong community adoption and is well-documented.", "bestFor": "Monitoring government websites for policy changes, document additions, or quiet edits. Tracking court dockets, regulatory filings, or corporate disclosure pages. Watching competitor or subject websites for content changes. OSINT research requiring evidence of when pages were modified. Self-hosted deployment where no third party sees your monitoring targets.", "notFor": "Real-time social media monitoring (use CrowdTangle alternatives or Meltwater). Full-text search across the web (this watches specific URLs, not topics). Non-technical journalists who aren't comfortable with Docker or command-line tools (the SaaS option works but has fewer customization options). Monitoring thousands of pages simultaneously without significant server resources.", "encryptionInTransit": "yes", "encryptionAtRest": "partial", "dataJurisdiction": "Self-hosted: wherever you run it — your jurisdiction, your servers, your data. Hosted SaaS: infrastructure details not publicly specified but likely US/EU cloud hosting. The self-hosted model is the privacy-optimal choice for sensitive monitoring.", "privacyPolicyTldr": "Self-hosted: no data leaves your infrastructure. You control everything — which pages you watch, what changes are logged, where notifications go. Hosted SaaS: the service necessarily knows which URLs you're monitoring and stores page snapshots for diff comparison. Open-source code is fully auditable on GitHub. No advertising model. No user data monetization.", "practicalMitigations": "Self-host if your monitoring targets are sensitive — the service seeing which government or corporate pages you're watching is itself a privacy consideration. Use a VPN or Tor exit for the monitoring server if you don't want your IP associated with page requests. Set reasonable check intervals to avoid being rate-limited or blocked. Use the visual selector to reduce false positives from irrelevant page changes. Back up your watch list and configuration regularly.", "owner": "dgtlmoon (pseudonymous open-source developer)", "fundingModel": "Open-source project sustained by hosted SaaS revenue ($8.99/month subscriptions), GitHub sponsors, and community contributions. No venture funding. No corporate backing. Classic open-source sustainability model.", "businessModel": "Freemium open-source: self-hosted is free forever, hosted SaaS provides revenue. No advertising. No data monetization. Revenue comes from users who want managed hosting without Docker overhead.", "knownIssues": "Self-hosting requires Docker knowledge and ongoing server maintenance. JavaScript-heavy pages need a browser instance (Playwright/Chrome), which increases resource requirements. High-frequency monitoring of many pages can strain modest hardware. The hosted SaaS option means the service knows your monitoring targets — relevant for sensitive investigative work. Pseudonymous maintainer — healthy project community, but single-developer dependency risk. Complex login flows and dynamic pages may require troubleshooting. No native mobile app.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "relatedPrograms": [], "securityRating": "strong", "securityRatingNote": "Open-source (MIT license), fully auditable code, self-hostable with zero third-party data exposure. When self-hosted, this is one of the strongest privacy stories in the journalism tool landscape — no one else knows what you're watching, when pages changed, or what the changes were. The code is actively maintained with regular releases. For the hosted SaaS version, the rating drops to 'adequate' since the service necessarily knows your monitoring targets. Self-hosted deployment is the recommended approach for any sensitive monitoring work." }, { "name": "ChatGPT", "slug": "chatgpt", "url": "https://chat.openai.com", "tagline": "OpenAI's general-purpose AI assistant — the most widely adopted LLM, with serious privacy trade-offs journalists need to understand.", "category": "ai", "whoItsFor": "Journalists using AI for research, drafting, brainstorming, summarization, or data analysis. Also used by researchers, activists, and newsroom managers.", "pricing": "Free (GPT-4o mini). Go: $8/month. Plus: $20/month (GPT-4o, DALL-E, Advanced Data Analysis). Team: $25/user/month (annual) or $30/month. Enterprise: ~$60/user/month (150-seat minimum, negotiated). Pro: $200/month (unlimited access to all models).", "journalistDiscount": "None known. OpenAI runs an academy and grant programs for newsrooms but no individual journalist pricing.", "freeOption": true, "editorialTake": "ChatGPT is the default AI assistant for most journalists. That ubiquity is both its strength and its biggest risk. By default, free and Plus conversations train OpenAI's models. You must manually opt out — and even then, OpenAI retains data for 30 days. The memory feature, expanded in April 2025 to reference all past conversations, compounds this: it builds a persistent profile of your interests, sources, and work patterns.\n\nThe hallucination problem is getting worse, not better. OpenAI's own benchmarks show o3 hallucinating 33% of the time and o4-mini at 48% on person-related queries. On general knowledge, o4-mini hit 79% hallucination rates. A 2025 sycophancy update made the model agree with users regardless of accuracy — OpenAI had to roll it back. For journalism, where factual precision is non-negotiable, this is disqualifying for any fact-dependent task without human verification.\n\nOpenAI completed its for-profit restructuring in October 2025. Microsoft holds ~27% of the new public benefit corporation. In February 2026, OpenAI signed a $200M Pentagon contract for classified military AI systems — hours after the Trump administration effectively blocked competitor Anthropic from the same deal. Sam Altman called the deal \"rushed\" and \"sloppy.\" Some OpenAI staff protested publicly. This matters for journalists covering defense, intelligence, or national security: your tool vendor now has classified government contracts and financial incentives aligned with military clients.\n\nFor routine research on public information, ChatGPT with opt-out enabled is acceptable. For anything involving confidential sources, unpublished findings, or sensitive editorial work, use Team/Enterprise (which contractually exclude training) or a local model. For research requiring citations, Perplexity is more reliable. For long-form editorial work, Claude handles nuance and accuracy better.\n\nDisclosure: This site was built with Anthropic's Claude. We flag this because we review Claude as a competing tool. Our assessment of ChatGPT is based on documented facts, public benchmarks, and disclosed policies.\n", "bestFor": "Brainstorming, first-draft writing, summarization of public documents, data analysis with Code Interpreter, image generation with DALL-E, general research on non-sensitive topics.", "notFor": "Processing confidential source communications, unpublished investigative findings, any content that could identify protected sources, or fact-dependent tasks without human verification. Do not use the memory feature if you work on sensitive beats.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States", "privacyPolicyTldr": "Free, Go, and Plus tiers: OpenAI uses your conversations to train models by default. You must manually opt out via Settings > Data Controls > 'Improve the model for everyone.' Even with opt-out, OpenAI retains conversations for 30 days for abuse monitoring. If you give thumbs-up/down feedback on any response, the entire conversation may be used for training regardless of your opt-out setting.\n\nTeam, Business, and Enterprise tiers: conversations are contractually excluded from model training. Enterprise includes SOC 2 Type II compliance, GDPR-compatible DPA, and configurable data retention. These tiers provide the only legally binding data protection.\n\nMemory feature (expanded April 2025): ChatGPT now references all past conversations to personalize responses, building a persistent profile. This is a significant risk for journalists — it can cross-reference your queries about sources, investigations, and editorial decisions. Disable it in Settings if you work on sensitive beats.\n\nTemporary Chats: not saved to history, don't create memories, and aren't used for training. Use these for any sensitive one-off queries.\n\nPrivacy Watchdog gave OpenAI a privacy score of 48/100 (Grade D) in 2026.\n", "practicalMitigations": "Turn off model training immediately: Settings > Data Controls > 'Improve the model for everyone' (toggle off). Turn off Memory if you work sensitive beats: Settings > Personalization > Memory (toggle off). Use Temporary Chats for any query involving sources, investigations, or unpublished work. Never paste confidential source identities, unpublished documents, or sensitive legal materials. Never give thumbs-up/down feedback on sensitive conversations — it overrides your opt-out. Use Team/Enterprise plans if your newsroom can afford it — they're the only tiers with contractual training exclusions and compliance certifications. For truly sensitive analysis, use a local LLM (Llama, Mistral) on your own hardware. Be aware that the SearchGPT web browsing feature has known prompt-injection vulnerabilities that can manipulate ChatGPT's persistent memory.\n", "owner": "OpenAI Group PBC (public benefit corporation since October 2025, controlled by the OpenAI Foundation nonprofit)", "fundingModel": "VC-backed. Microsoft holds ~27% (~$135B valuation). SoftBank invested $40B (half conditional on removing profit cap). Additional investors include Nvidia. OpenAI Foundation retains 26% ownership. Employees and other investors hold ~47%.", "businessModel": "Freemium SaaS + API licensing + enterprise contracts + government/military contracts. Go tier ($8/month) launched January 2026 to expand consumer base. $200M Pentagon contract signed February 2026.", "knownIssues": "Data training opt-in by default: Free, Go, and Plus users' conversations train OpenAI's models unless manually disabled. Most users never change this setting.\n\nWorsening hallucination rates: OpenAI's own benchmarks show newer reasoning models (o3, o4-mini) hallucinate more than predecessors. o4-mini hallucinated 79% on general knowledge tasks. OpenAI says \"more research is needed\" to understand why.\n\nSycophancy: A 2025 tuning update made ChatGPT agree with users regardless of factual accuracy. OpenAI rolled it back but the underlying RLHF tension between user satisfaction and accuracy persists.\n\nMemory and prompt injection: Security researchers demonstrated that attackers can manipulate ChatGPT's persistent memory via SearchGPT browsing, embedding exfiltration instructions that leak data in future sessions.\n\nPrivacy incidents: July 2025 — 4,500+ private conversations indexed by Google via misconfigured share links. November 2025 — Mixpanel breach exposed names and emails. July 2024 — macOS app stored conversations in plaintext. March 2023 — Redis bug leaked user chat histories and payment info.\n\nSamsung incident (March 2023): Engineers pasted proprietary source code and meeting transcripts into ChatGPT. Data entered the training set. Samsung subsequently restricted use and launched disciplinary investigations. This remains the canonical example of why journalists must never paste confidential material into default-tier ChatGPT.\n\nItaly/GDPR: Italy banned ChatGPT in March 2023, reinstated it a month later, then fined OpenAI €15M in December 2024 for GDPR violations including lack of legal basis for processing personal data, inadequate transparency, and no age verification.\n\nFabricated citations: A Deakin University study found GPT-4o fabricated ~20% of academic citations, with 56% containing errors. Journalists citing ChatGPT-generated references risk publishing fabricated sources.\n\nFor-profit conversion: OpenAI completed restructuring to a public benefit corporation in October 2025. The nonprofit retains control but investor pressure (SoftBank's $40B was conditional on removing profit caps) raises questions about future data policy decisions.\n\nMilitary contracts: $200M Pentagon contract (February 2026) for classified AI systems. The deal was signed hours after the Trump administration blocked Anthropic — Altman acknowledged it \"looked opportunistic.\" Internal staff protested. Journalists covering defense/intelligence should consider whether their AI tool vendor's military contracts create conflicts of interest.\n\nNews licensing deals: OpenAI has content licensing agreements with AP, Axios, Condé Nast, Financial Times, The Guardian, Washington Post, and others. ChatGPT displays summaries and links from these publishers. This creates a complex relationship where OpenAI is both a tool journalists use and a platform that intermediates their publishers' content.\n", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "relatedPrograms": [ "openai-nonprofits", "openai-academy-news" ], "securityRating": "caution", "securityRatingNote": "Strong infrastructure security (encryption in transit and at rest, SOC 2 for enterprise tiers) but the default data training opt-in is a serious risk for journalists. The expanding memory feature creates persistent user profiles. Worsening hallucination rates in newer models (o3: 33%, o4-mini: 48-79%) make ChatGPT unreliable for fact-dependent journalism tasks. Multiple privacy incidents in 2023-2025 demonstrate ongoing operational security gaps. The February 2026 Pentagon contract introduces new considerations for journalists covering national security. Opt out of training and memory immediately. Use Team/Enterprise for newsroom deployments. Never trust ChatGPT output without independent verification.\n" }, { "name": "Claude", "slug": "claude", "url": "https://claude.ai", "tagline": "Anthropic's AI assistant. Disclosure: this site was built with Claude.", "category": "ai", "whoItsFor": "Journalists, researchers, and analysts using AI for research, writing, document analysis, and brainstorming. Claude competes directly with ChatGPT and Gemini, with meaningfully different privacy defaults at the commercial tier and a distinct approach to AI safety — though that approach has faced recent scrutiny.", "pricing": "Free (Sonnet 4.6, limited usage). Pro: $20/month (higher limits, Opus access). Max: $100-200/month (extended thinking, highest limits). Team: $25/user/month. Enterprise: custom pricing.", "journalistDiscount": "None known. Anthropic invested $100M in a Claude Partner Network in 2025, but no journalism-specific programs.", "freeOption": true, "editorialTake": "Disclosure: this site was built with Claude. We have no financial relationship with Anthropic, but we cannot be fully objective about a tool we use daily. Read this evaluation with that in mind. Here is what we can say factually. Since September 2025, Claude's consumer tiers (Free, Pro, Max) train on conversations by default. Users who opt out get 30-day data retention. Users who don't opt out agree to five-year retention for training data — far longer than ChatGPT's equivalent. The meaningful privacy advantage is at the commercial tier: Claude for Work, Enterprise, Government, and Education conversations are never used for training, and API retention dropped to just 7 days in September 2025. Enterprise customers can get zero-data-retention agreements. On safety: Anthropic pioneered the Responsible Scaling Policy framework and was first to activate ASL-3 safeguards in May 2025. But in February 2026, Anthropic dropped its hard commitment to halt model training if safety measures weren't proven — a significant retreat from its founding promise. On government work: Anthropic offered Claude to all three branches of U.S. government for $1 in August 2025, then refused Pentagon demands to allow autonomous weapons and mass surveillance applications. The Pentagon designated Anthropic a supply chain risk in March 2026 — the first such designation for an American company. That decision cost Anthropic a $200M contract but demonstrated willingness to enforce use restrictions under pressure. On accuracy: independent benchmarks show Claude's hallucination rates between 3% and 10% depending on the model and methodology — comparable to competitors, not clearly better or worse. Claude does tend to admit uncertainty more readily than ChatGPT. Bottom line: at the commercial tier, Claude offers genuinely strong data isolation. At the consumer tier, the privacy story is mixed. The safety record is complicated — principled stances on weapons use, but weakened commitments on scaling safeguards.", "bestFor": "Research, long-document analysis (up to 1M tokens on Opus 4.6), writing assistance, code generation, structured data extraction. Commercial plans offer strong data isolation for newsrooms. Extended thinking mode useful for complex investigative analysis.", "notFor": "Do not paste confidential source identities, classified documents, or information that could endanger someone into any cloud AI service — including Claude. For truly sensitive analysis, use a local LLM. Consumer-tier users should assume their conversations may be used for training unless they actively opt out.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (Anthropic infrastructure on Google Cloud and AWS)", "privacyPolicyTldr": "Consumer tiers (Free, Pro, Max): conversations used for training by default since September 2025. Opt out in Settings > Privacy to get 30-day retention. Users who allow training agree to five-year data retention. Commercial tiers (Team, Enterprise, Government, Education): never trained on. API retention: 7 days, never used for training. Enterprise zero-data-retention available by agreement. Claude for Government supports FedRAMP High workloads.", "practicalMitigations": "Opt out of training immediately (Settings > Privacy) — this reduces retention from five years to 30 days. Use the Team plan ($25/user/month) or Enterprise for newsroom use — these are exempt from training with shorter retention. API access (7-day retention, no training) is available for developers. Don't paste confidential source identities or classified materials into any cloud AI. For the most sensitive analysis, use a local LLM like Llama or Mistral on your own hardware.", "owner": "Anthropic PBC (Public Benefit Corporation)", "fundingModel": "VC-backed. $30B Series G closed February 2026 at $380B valuation — the second-largest private tech financing ever, behind only OpenAI's $40B round. Total raised exceeds $40B. Major investors: Amazon (capped below 33% ownership), Google ($3B+), Sequoia, Goldman Sachs, and others. Amazon's stake is structurally capped to preserve Anthropic's independence. Google Cloud signed a deal worth tens of billions for 1M+ AI chips starting 2026.", "businessModel": "Freemium SaaS + API licensing. Revenue reportedly approaching $2B ARR. Consumer subscriptions, enterprise contracts, and API usage. A Long-Term Benefit Trust holds special shares to ensure board representation for Anthropic's safety mission — but the practical weight of that trust against $40B+ in VC pressure is untested. IPO preparations reportedly underway for 2026, though no timeline confirmed.", "knownIssues": "The September 2025 policy shift to train-by-default on consumer plans — with five-year retention for those who don't opt out — reversed Anthropic's key privacy differentiator. The February 2026 RSP v3.0 dropped the hard commitment to halt training if safety measures weren't proven, drawing criticism from AI safety researchers. The Pentagon's March 2026 supply chain risk designation creates uncertainty for government users and contractors. Amazon's and Google's multi-billion-dollar investments, combined with IPO pressure, raise questions about long-term independence. The PBC and Long-Term Benefit Trust structures are untested under real financial pressure.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "relatedPrograms": [ "claude-nonprofits" ], "securityRating": "caution", "securityRatingNote": "Consumer tiers (Free/Pro/Max) train on conversations by default with up to five-year retention — opt-out available but not the default. Commercial tiers (Team/Enterprise/Government) offer genuinely strong data isolation with no training and optional zero-data-retention. API retention is 7 days, never trained on. Rating reflects the consumer-tier defaults; commercial tiers alone would rate 'strong.' Disclosure: this site was built with Claude." }, { "name": "ClinicalTrials.gov", "slug": "clinicaltrials-gov", "url": "https://clinicaltrials.gov", "tagline": "NIH clinical trial registry. 530,000+ studies from 230 countries. Free. The primary public record of what drugs and treatments are actually being tested — and what the results show.", "category": "newsgathering", "builtForJournalism": false, "whoItsFor": "Health reporters covering drug development, treatment efficacy, and pharmaceutical industry accountability. Investigative journalists tracking whether companies follow through on announced trials. Science journalists who need to verify clinical claims against registered protocols. Patient advocates and researchers.", "pricing": "Free", "freeOption": true, "editorialTake": "ClinicalTrials.gov is the public ledger of medical research. When a pharmaceutical company announces a promising drug, the trial should be registered here — with its protocol, endpoints, enrollment targets, and (eventually) results. When the company later announces only the favorable findings, ClinicalTrials.gov has the original protocol showing what they actually set out to measure. This gap between registered endpoints and reported results is one of the most important stories in health journalism. The database holds over 530,000 studies from 230 countries, with 2 million unique monthly visitors. It was launched in 2000, and the FDAAA (2007) and Final Rule (2017) strengthened requirements for registration and results reporting — though compliance remains imperfect, which is itself a story. NLM completed a major modernization in 2024-2025, rebuilding the platform from the ground up. The new interface is a significant improvement: cleaner design, better search, and a modernized Protocol Registration System (PRS) that now supports results entry and study document uploads. For journalists, the most valuable features are: trial status tracking (see whether a study is recruiting, completed, or terminated — and why), results reporting (companies are required to post summary results within one year of completion, though many do not), outcome measures (compare what was originally planned against what was reported), and sponsor/collaborator information (follow the money). The API provides programmatic access for monitoring specific companies or therapeutic areas at scale. Critical limitation: ClinicalTrials.gov is a registry, not a quality assessment. Registration does not mean a trial is well-designed, and posted results are sponsor-submitted summaries, not independent analysis. The database tells you what was done and what was found; evaluating whether the methodology was sound is your job.", "bestFor": "Verifying pharmaceutical company claims about drug trials. Tracking whether announced trials actually completed and reported results. Comparing registered primary endpoints against published results (detecting outcome switching). Monitoring which companies are running trials for specific diseases or treatments. Finding trial locations and principal investigators for source development. Investigating compliance — which sponsors fail to report results on time.", "notFor": "Evaluating trial quality or methodology (registration does not equal rigor). Getting full published results (ClinicalTrials.gov has summary results; full papers are in PubMed/journals). Tracking preclinical or animal studies (only human clinical trials are registered). Real-time drug safety alerts (check FDA MedWatch for adverse event reports). Understanding what results mean clinically — the database has numbers, not interpretation.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (National Library of Medicine, National Institutes of Health, US Department of Health and Human Services). Hosted on US government infrastructure.", "privacyPolicyTldr": "US government service. No account required for searching. If you create an account (for saving searches or receiving alerts), NIH collects your email under federal privacy practices. No advertising, no data sales, no third-party tracking. All trial data is public record. Standard government web analytics apply.", "practicalMitigations": "No account needed for searching — use without logging in for maximum privacy. For ongoing coverage of a therapeutic area or company, set up email alerts for new registrations matching your criteria. Use the API for systematic monitoring of trial status changes. Cross-reference ClinicalTrials.gov entries with PubMed to find published results that may contain more detail than the registry summaries. Check the 'History of Changes' tab on any study to see protocol amendments — changes to primary endpoints after enrollment begins can indicate outcome switching. Use the 'Results' tab to see summary data even before full papers are published.", "owner": "National Library of Medicine (NLM), National Institutes of Health (NIH), US Department of Health and Human Services", "fundingModel": "US federal government. Funded through congressional appropriations to NIH/NLM. ClinicalTrials.gov is a mandated service under FDAAA Section 801 (2007) and the 42 CFR Part 11 Final Rule (2017).", "businessModel": "Free public service. No revenue model. ClinicalTrials.gov exists as a legal requirement — FDAAA mandates that applicable clinical trials be registered and results reported. Sustained by US taxpayer funding.", "knownIssues": "Compliance with results reporting requirements is imperfect. Studies have found that 30-50% of applicable trials fail to report results within the required one-year window. Penalties for non-compliance (up to $10,000/day per FDAAA) have rarely been enforced by NIH or FDA — this is a known accountability gap. Not all trials are required to register: Phase 1 trials, many device studies, and trials of unapproved products have narrower requirements. Sponsor-submitted results are not independently verified by NLM — they are posted as received, with basic quality checks but no methodological review. The modernized platform (2024-2025) is a major improvement but some users report search behavior differences from the legacy system. International trial registries (EU Clinical Trials Register, ISRCTN, WHO ICTRP) may contain trials not registered on ClinicalTrials.gov, especially for non-US sponsors.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "strong", "securityRatingNote": "US government service operated by NIH/NLM with no advertising, no data sales, and no third-party tracking. No account required for searching. All data is public record. Minimal data collection. The 'strong' rating reflects institutional credibility, federal security standards, absence of commercial incentives, and the fact that using this service exposes no meaningful personal data." }, { "name": "Consensus", "slug": "consensus", "url": "https://consensus.app", "tagline": "AI-powered academic search engine. Ask a question, get evidence-based answers from 200 million peer-reviewed papers with a Consensus Meter showing scientific agreement.", "category": "ai", "openSource": false, "whoItsFor": "Journalists who need quick, evidence-based answers to scientific questions — does this drug work, is this environmental claim supported, what does the research say about a policy proposal. Consensus searches 200M+ peer-reviewed papers and returns synthesized answers with citations. The Consensus Meter shows the degree of scientific agreement on a topic, which is especially useful for reporters covering contested claims.", "pricing": "Free: 25 Pro searches/month (20 papers each), 3 Deep searches/month (50 papers each), 10 GPT-4 Pro Analyses/month, 10 Study Snapshots/month. Pro: $15/month ($120/year) — unlimited core research features, monthly allotment of Deep searches. Enterprise and institutional plans available at custom pricing.", "freeOption": true, "editorialTake": "Consensus and Elicit occupy similar territory — AI-powered academic search — but take different approaches. Elicit is the researcher's tool: deep extraction, data tables, systematic review support. Consensus is the reporter's tool: ask a plain-language question, get a synthesized answer with citations and a visual meter showing how much the research agrees or disagrees. That Consensus Meter is the standout feature. When a politician claims 'studies show X,' you can type the claim into Consensus and see whether the weight of evidence actually supports it, partially supports it, or contradicts it. For fact-checking and science reporting, that's immediately useful. Consensus covers 200M+ papers — larger than Elicit's 138M — and returns results grounded in real research with direct citations. The Deep Search mode reviews up to 50 papers per query for thorough analysis. The company raised $19.2M including an $11.5M Series A from Union Square Ventures, Nat Friedman (former GitHub CEO), and Daniel Gross. Starting in the 2025-26 academic year, Consensus integrates with LibKey, letting university-affiliated users access paywalled articles through their library subscriptions. The limits: like any AI synthesis tool, it can oversimplify nuanced findings. The Consensus Meter works well for well-studied topics with large bodies of research but can be misleading for topics with only a handful of papers. Always read the actual studies it cites. The free tier is generous enough for most journalism use — 25 Pro searches and 3 Deep searches per month covers typical beat reporting needs.", "bestFor": "Fact-checking scientific claims. Quick evidence synthesis on health, environmental, and policy topics. Assessing degree of scientific agreement on contested claims. Background research for science, health, and policy reporting. Verifying whether 'studies show' claims are real.", "notFor": "Deep systematic literature reviews (use Elicit for that). Topics with very few published studies — the Consensus Meter needs a body of research to be meaningful. Replacing your own reading of primary sources. Non-academic research questions (use general-purpose AI tools or web search).", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States. Consensus is headquartered in New York.", "privacyPolicyTldr": "Consensus collects standard account data and search queries. Your queries reveal what scientific topics and claims you're investigating. The company is VC-backed with standard startup data practices. No published transparency report or SOC 2 certification. LibKey integration for university users routes through institutional library systems. Specific data retention and sharing policies require reviewing their full privacy policy.", "practicalMitigations": "Your search queries reveal what scientific claims and topics you're investigating. For sensitive health or policy stories, consider whether query patterns could reveal an unpublished investigation angle. The free tier is generous enough that you can avoid creating an account for casual use. Verify every citation by reading the actual paper — AI synthesis can oversimplify nuanced findings. Don't treat the Consensus Meter as definitive for topics with few studies.", "owner": "Consensus NLP Inc. (private, New York). Co-founded by Eric Olson (CEO) and Christian Salem.", "fundingModel": "VC-backed. $19.2M total raised across 5 rounds. $11.5M Series A from Union Square Ventures, Nat Friedman (former GitHub CEO), and Daniel Gross. Additional Series B round in August 2024.", "businessModel": "Freemium SaaS. Free tier for adoption (25 Pro searches/month). Revenue from Pro subscriptions ($15/mo or $120/year) and enterprise/institutional plans. Revenue reached $1M in 2024 with a 29-person team. LibKey integration expanding university distribution.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "HTTPS encryption in transit. U.S. jurisdiction. VC-backed startup with standard security practices. No published SOC 2 certification or independent security audit. Search queries reveal your research interests, which is the primary privacy consideration for journalists. Adequate for academic background research and fact-checking. Be mindful that query patterns could reveal story angles for sensitive investigations." }, { "name": "Content Credentials (C2PA)", "slug": "content-credentials", "url": "https://contentcredentials.org", "tagline": "Open standard for cryptographic content provenance. A nutrition label for media — when it survives the trip.", "category": "verification", "openSource": true, "builtForJournalism": true, "whoItsFor": "Photojournalists, video journalists, newsrooms, camera manufacturers, software vendors, and platforms attaching tamper-evident provenance to images and video. Now embedded in cameras from Leica, Nikon, Sony, Canon, Fujifilm, and Panasonic, and in tools from Adobe, Microsoft, and Google.", "pricing": "Free open standard. Implementation costs depend on the camera, software, or signing infrastructure used.", "freeOption": true, "editorialTake": "Content Credentials is the public-facing name for C2PA — the Coalition for Content Provenance and Authenticity, a Joint Development Foundation project hosting the open standard for cryptographic media provenance. Founding members include Adobe, Microsoft, Intel, BBC, Truepic, Sony, Publicis, with later additions from OpenAI, Google, Meta, and Amazon. The coalition has 500+ members and the broader Content Authenticity Initiative passed 5,000 in 2025. The standard attaches a signed manifest to an image or video describing how it was created and edited — what camera, what software, what edits, optionally who. Verifiers like verify.contentauthenticity.org read the manifest and show a tamper-evident chain of custody. The momentum is real: Leica M11-P (2023) and SL3-S shipped with built-in Content Credentials. Sony's PXW-Z300 became the first C2PA video camcorder in 2025 with BBC R&D validating workflows. Cloudflare became the first major CDN to preserve credentials at scale, covering roughly 20% of the web. Google added Content Credentials to Pixel 10. The Associated Press, BBC, NYT, and Reuters are all collaborators. The catch — and it is a big catch — is metadata stripping. Most social platforms (Facebook, Instagram, X, YouTube) strip metadata on upload, and so does WhatsApp, Telegram, Signal, and even saving to the iPhone camera roll. The content most in need of provenance is precisely the content most likely to lose it. RAND's June 2025 analysis warned that C2PA depends on end-to-end ecosystem compliance that doesn't yet exist. World Privacy Forum and a September 2025 Fortune investigation flagged a separate concern: provenance metadata can dox the creator, which matters for whistleblowers, activists, and journalists in authoritarian environments. Nikon's Z6 III C2PA firmware was suspended in 2025 after a signing-key vulnerability forced certificate revocation. Treat Content Credentials as a powerful upstream signal in editorial workflows — when you receive a credentialed file directly from a photographer or wire, it tells you something real. Don't expect it to survive the open web.", "bestFor": "Verifying camera-original files received from staff photographers, freelancers, and wires. Documenting edit history inside Adobe and other CAI-integrated tools. Election observation and human rights documentation where chain of custody matters. Newsroom workflows that handle credentialed files end to end.", "notFor": "Verifying images pulled from social media — credentials are almost always stripped on upload. Protecting source identity when the creator should remain anonymous (manifests can leak identity). Treating presence-or-absence of credentials as a binary truth signal. Replacing reverse image search and contextual reporting.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Open standard hosted by Joint Development Foundation Projects, LLC (Linux Foundation umbrella). Implementations run in cameras, desktop software, cloud services, and CDNs across many jurisdictions. Verification at verify.contentauthenticity.org runs on Adobe-operated infrastructure.", "privacyPolicyTldr": "C2PA itself is a specification, not a service. Privacy depends on which implementation you use and what optional fields are populated. Manifests can include creator identity, location, device serial, edit history — much of it optional. Default Adobe Photoshop credentials can include name and edit list unless the user redacts. The verify.contentauthenticity.org service is operated by Adobe under Adobe's privacy terms.", "practicalMitigations": "Before sharing a credentialed file, inspect the manifest with verify.contentauthenticity.org to see what identifying data is attached — name, location, device serial may all be present. Strip or redact identity fields when publishing on behalf of sources who need anonymity. Do not assume social-media versions of an image are the same file as the credentialed original; almost all platforms strip the manifest on upload. For high-stakes verification, treat the credential as one chain-of-custody signal alongside reverse image search, EXIF analysis, and direct contact with the photographer. Watch for revocations — Nikon Z6 III certificates were revoked in 2025 after a signing-key vulnerability.", "owner": "Coalition for Content Provenance and Authenticity (C2PA), a Joint Development Foundation project under the Linux Foundation umbrella. Steering committee includes Adobe, Microsoft, BBC, Intel, Truepic, Sony, Publicis Groupe, and others. The broader Content Authenticity Initiative (CAI) is led by Adobe and counts 5,000+ members.", "fundingModel": "Member-funded standards body. Costs covered by C2PA member companies. CAI activities funded by Adobe and partners. The verify.contentauthenticity.org tool is operated by Adobe at no cost.", "businessModel": "Open standard. The standard is free; vendors monetize implementations (cameras, software subscriptions, signing services like Truepic). No fees to publish or verify credentials.", "knownIssues": "Metadata stripped by nearly all social platforms (Facebook, Instagram, X, YouTube) and messengers (WhatsApp, Telegram, Signal). Saving to iPhone camera roll destroys credentials. Nikon Z6 III C2PA firmware suspended in 2025 after signing-key vulnerability; certificates revoked. RAND June 2025 analysis warned end-to-end ecosystem compliance is unrealistic in an open web. World Privacy Forum and September 2025 Fortune investigation documented doxing risk for creators whose identity is automatically attached to manifests. Standard does not prevent forged content with technically valid manifests if a signing key is compromised.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-07", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "The cryptography is sound and the standard is open and inspectable. The weakness is the ecosystem: metadata stripping on upload, optional identity fields that can dox creators, and recent certificate revocations show the trust chain is still maturing. Strong as a chain-of-custody signal inside controlled newsroom workflows. Limited as a public-facing truth signal until platforms preserve credentials end to end." }, { "name": "Copyscape", "slug": "copyscape", "url": "https://www.copyscape.com", "tagline": "Plagiarism detection service that checks text against the open web. Pay-per-search model, batch processing, API access, and automated monitoring for content theft.", "category": "verification", "openSource": false, "threatLevel": "baseline", "whoItsFor": "Editors and publishers who need to verify that submitted content is original before publication. Newsrooms checking freelancer submissions for plagiarism. Journalists protecting their own published work from unauthorized reproduction. Content teams at media organizations running originality checks at scale via API.", "pricing": "Free tier: basic URL-based search (limited results). Copyscape Premium: 3 cents per search for up to 200 words, plus 1 cent per additional 100 words. Pay-per-use with pre-purchased credits — no monthly subscription required. Copysentry (automated monitoring): from $5/month for daily scans of up to 10 pages. Copyscape Enterprise: custom pricing for on-premises deployment. API access available at same per-search rates.", "freeOption": true, "editorialTake": "Copyscape has been the default plagiarism checker since 2004 and it still works well for its core job: finding duplicate content on the open web. The pay-per-search model is honest — you spend 3-5 cents per check instead of committing to a monthly subscription you might not use. For a newsroom editor spot-checking freelancer submissions, the cost is negligible. The free tier is genuinely useful for quick URL checks. The limitation is scope: Copyscape only checks against publicly indexed web content. It won't catch plagiarism from paywalled sources, academic databases, or unpublished documents. It also doesn't assess AI-generated content as a category (though Copyscape Enterprise claims to detect AI content). For comprehensive originality verification, you'd pair it with Turnitin (academic) or Originality.ai (AI detection). But for the basic editorial question — 'has this text appeared elsewhere on the web?' — Copyscape remains the fastest, cheapest, most straightforward answer. The company (Indigo Stream Technologies, Israel) has been stable for 20+ years with no venture funding, no pivots, no drama. That's a trust signal.", "bestFor": "Pre-publication originality checks on freelancer or contributor submissions. Monitoring your published articles for unauthorized copying. Batch checking large content libraries for duplicate content. API integration into editorial workflows and CMS systems. Quick, cheap verification when you just need to know if text appeared elsewhere.", "notFor": "Detecting AI-generated content specifically (use Originality.ai or GPTZero). Checking against paywalled or academic sources (use Turnitin). Real-time collaborative editing with plagiarism alerts. Deep investigative verification of claims or sources — this checks text duplication, not factual accuracy.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "Israel (Indigo Stream Technologies Ltd, privately held). Servers and data processing likely US/Israel. Subject to Israeli data protection law. No GDPR-specific documentation publicly available, though the service processes minimal personal data — primarily the text you submit for checking.", "privacyPolicyTldr": "Text submitted for plagiarism checking is processed to return results. Copyscape states it does not store or share submitted content beyond what's needed for the search. Private Index feature lets you store your own content for comparison without it being exposed to other users. Minimal personal data collected — primarily account email and billing information. No advertising model. No social features.", "practicalMitigations": "Don't submit unpublished investigative material or source-identifying text for plagiarism checking — the content is transmitted to Copyscape's servers for processing. Use the Private Index feature to store your own published work for future comparison rather than re-submitting it. For highly sensitive pre-publication checks, consider running text against Google manually instead of through a third-party service. Keep API keys secure if integrating into your CMS.", "owner": "Indigo Stream Technologies Ltd", "fundingModel": "Bootstrapped and privately held since 2004. No known venture funding. Sustained on product revenue for 20+ years. Also operates Siteliner and Giga Alert services. Co-founded by Gideon Greenspan.", "businessModel": "Pay-per-use credits (3 cents per search) plus subscription monitoring (Copysentry from $5/month). Enterprise licensing for on-premises deployment. API access at per-search rates. No advertising, no freemium upsell pressure — straightforward utility pricing.", "knownIssues": "Only checks against publicly indexed web content — misses paywalled sources, academic databases, and unpublished material. Does not specifically identify AI-generated text (Enterprise version claims this capability but it's unverified independently). Interface is dated but functional. No real-time collaboration features. Limited to English-language web for best results — international coverage varies by language. Free tier results are limited and may miss matches that Premium finds.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "Long-established service (2004) with a simple, stable business model and no known breaches. Encryption in transit confirmed. The main consideration is that submitted text is transmitted to their servers for processing — don't submit sensitive unpublished investigative material. For its intended use case (checking if text appeared elsewhere on the web), the privacy risk is minimal. Bootstrapped company with 20-year track record — no investor pressure to monetize user data." }, { "name": "Coral", "slug": "coral-project", "url": "https://coralproject.net", "tagline": "Open-source commenting platform built for newsrooms, now maintained by Vox Media.", "category": "publishing", "additionalCategories": [ "messaging" ], "openSource": true, "builtForJournalism": true, "whoItsFor": "Newsrooms that want to own their comment infrastructure. Publications replacing Disqus or Facebook Comments with something that keeps reader data in-house.", "pricing": "Free self-hosted (Apache 2.0). Vox Media offers a managed hosting tier with setup, SSO integration, and strategy support — pricing is quote-based, not published.", "freeOption": true, "editorialTake": "Coral is the only serious open-source commenting system built specifically for news. 120+ newsrooms in 18 countries use it, including the Wall Street Journal, Washington Post, The Intercept, and New York Magazine. That adoption matters: it means the moderation UX has been shaped by actual newsroom workflows, not blog comment culture. The Perspective API integration (Google Jigsaw) catches toxic comments before they publish — a McClatchy experiment showed 36-40% of warned commenters edited their comment to reduce toxicity. Expert badges, journalist highlighting, Q&A mode, and subscriber-only commenting are features Disqus doesn't touch. The tradeoff: self-hosting requires Docker, Node.js, and MongoDB ops knowledge. The managed hosting option removes that burden but locks you into Vox Media's pricing. Development is active — v9.11.2 shipped January 2025 with consistent monthly releases throughout 2024. For any newsroom serious about community, this is the tool.", "bestFor": "Running moderated comments on news sites. Replacing Disqus or Facebook Comments. Building subscriber-gated community. Live Q&A sessions with reporters. Any publication that treats reader data as an asset, not an afterthought.", "notFor": "Small blogs or solo publishers (self-hosting overhead is real). Sites that want comments with zero technical setup — Disqus is simpler. Publications without any moderation capacity — comments without moderation are worse than no comments.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Self-hosted: you choose the jurisdiction. Managed hosting: Vox Media infrastructure — confirm data residency before signing.", "privacyPolicyTldr": "Self-hosted Coral stores all reader data on your servers. No telemetry to Vox Media. The one exception: if you enable the Perspective API toxic comment filter, comment text is sent to Google's servers for scoring. Managed hosting means Vox Media holds your data — review their DPA.", "practicalMitigations": "Host in a jurisdiction appropriate for your audience. If you enable Perspective API, know that comment text leaves your infrastructure. Configure pre-moderation on high-risk stories. Set up the toxic comment threshold before launch — the default is permissive. Have a moderation staffing plan for breaking news spikes.", "owner": "Vox Media (acquired 2019, originally a Mozilla / NYT / WaPo / Knight-Mozilla OpenNews collaboration)", "fundingModel": "Knight Foundation grants (2015-2019). Now funded by Vox Media as internal infrastructure — they run it on all SB Nation, The Verge, and Vox.com properties.", "businessModel": "Open-source core (Apache 2.0). Revenue from managed hosting and consulting. Vox Media uses Coral across its own properties, which guarantees continued development — they're a customer of their own product.", "knownIssues": "Self-hosting requires Docker + MongoDB + Node.js ops — not trivial for small teams. A 2021 GraphQL vulnerability (issue #3600) leaked user emails via unauthenticated queries; patched within 24 hours but disclosed publicly after maintainers were slow to respond to the private report. SB Nation community rollout (2020-2021) drew user complaints: no new-comment highlighting, limited threading, mobile comment truncation, aggressive auto-spam flagging. Perspective API toxicity scoring has known bias issues with African-American English and identity terms — Google has improved this but it's not solved. Quote-based pricing for managed hosting means no public cost comparison is possible. 48 open issues on GitHub as of early 2025.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "Open-source (Apache 2.0), 2K GitHub stars, active development (v9.11.2, Jan 2025). Self-hosted model gives full data control — a genuine advantage over Disqus. The 2021 email leak vulnerability was serious but patched fast. TypeScript codebase (71%) with verified GPG-signed releases. Main risk: Perspective API sends comment text to Google, and self-hosting security depends entirely on your own infrastructure. Adequate for most newsrooms; strong if you have competent DevOps." }, { "name": "Corporate Prosecution Registry", "slug": "corporate-prosecution-registry", "url": "https://corporateprosecutionregistry.com", "tagline": "Searchable database of every federal corporate criminal prosecution in the United States since 1990 — built by UVA Law, free, and continuously updated.", "category": "newsgathering", "additionalCategories": [ "data" ], "builtForJournalism": false, "whoItsFor": "Investigative journalists covering corporate crime, white-collar prosecutions, regulatory enforcement, and corporate accountability. Business reporters researching a company's criminal history. Legal scholars studying prosecution patterns and enforcement trends. Policy researchers analyzing DOJ priorities over time. Defense attorneys benchmarking plea agreements and penalties. Compliance professionals assessing industry risk.", "pricing": "Free. Fully open access with no registration required. Maintained as an academic research project at the University of Virginia School of Law.", "freeOption": true, "editorialTake": "The Corporate Prosecution Registry is the only comprehensive public database of federal corporate criminal prosecutions in the United States. It contains every case since 1990 where the Department of Justice charged a business entity (not just individuals) with a federal crime — including deferred prosecution agreements (DPAs), non-prosecution agreements (NPAs), guilty pleas, and trial convictions. The database is searchable by company name, industry, charge type, district, year, outcome, and penalty amount.\n\nThe project was created and is maintained by Professor Brandon Garrett at the University of Virginia School of Law. Garrett is a leading legal scholar on corporate crime whose book \"Too Big to Jail\" (2014) drew heavily on this data to document how major corporations avoided criminal conviction through deferred prosecution agreements. The registry makes that underlying research data publicly accessible and continuously updated.\n\nFor journalists, this is a first-stop resource when writing about any company facing criminal charges or any company with a history of federal enforcement actions. Search a company name and you get every federal criminal case against them — charges, dates, jurisdiction, outcome, fine amount, whether they got a DPA or NPA, and the monitor appointed (if any). Search by industry and you can identify patterns: which sectors face the most prosecutions, which types of crimes dominate, how penalties have changed over time.\n\nThe data reveals stories that press releases miss. A company announcing a DPA as \"resolving\" an investigation may have three prior DPAs in the registry — a pattern of repeat offending that prosecutors rewarded with leniency each time. A fine that sounds large in a press release may be small relative to the company's revenue or relative to fines in comparable cases. The registry gives you the denominator for context.\n\nThe database covers federal cases only — not state prosecutions, SEC civil enforcement, EPA administrative actions, or international enforcement. This is a significant limitation: many corporate enforcement actions happen at the state level or through civil/administrative channels that this registry does not capture. For complete enforcement history, supplement with SEC EDGAR enforcement releases, EPA enforcement databases, state attorney general press releases, and the FCPA Clearinghouse for foreign bribery cases.\n\nThe registry is updated by research assistants at UVA Law who monitor DOJ press releases, court filings, and PACER records. Update frequency is generally monthly. Very recent cases (within the last few weeks) may not yet be in the database.\n", "bestFor": "Researching a company's federal criminal prosecution history. Identifying patterns of corporate recidivism (repeat DPAs). Contextualizing a new prosecution against historical enforcement trends. Comparing penalties across similar cases. Investigating DOJ enforcement priorities by industry, district, or time period. Finding deferred and non-prosecution agreements that companies may not publicize. Academic research on corporate criminal law enforcement.", "notFor": "State-level corporate prosecutions — federal only. Civil enforcement (SEC, FTC, EPA civil actions) — this is criminal cases only. Individual executive prosecutions — this tracks corporate entities, not people. International enforcement — US federal jurisdiction only. Real-time case monitoring — updates are monthly, not daily. Private litigation or class action lawsuits — criminal prosecutions only.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States. Hosted by the University of Virginia School of Law. The underlying data is public US federal court records and DOJ press releases — entirely public information. University of Virginia is a public university in Charlottesville, Virginia.", "privacyPolicyTldr": "No account required. No registration, no login, no personal data collection beyond standard web server logs and any university-standard analytics. The database contains public federal court records and DOJ announcements — no personal or proprietary information. Operated under University of Virginia's institutional policies. Minimal privacy footprint for users.", "practicalMitigations": "No login required — search freely without creating any account or digital trail on the platform. The data is entirely derived from public federal court records, so there are no access restrictions or sensitivity concerns. Cross-reference registry entries against original court filings on PACER for full case documents. Supplement with SEC enforcement actions (sec.gov), state AG databases, and the FCPA Clearinghouse for complete corporate enforcement history. Verify fine amounts against company financial filings to calculate penalties as percentage of revenue. For very recent cases, check DOJ press releases directly if the registry hasn't been updated.\n", "owner": "University of Virginia School of Law. The project is led by Professor Brandon Garrett, a corporate criminal law scholar and author of 'Too Big to Jail' (Harvard University Press, 2014). Maintained by UVA Law research staff and students.", "fundingModel": "Academic institutional funding. The registry is a research project housed at UVA School of Law, supported by university resources. No external commercial funding, no advertising, no data licensing revenue. May receive supplemental support from academic grants.", "businessModel": "Academic public service. No revenue model. The registry exists as a scholarly resource and public service — freely accessible, no ads, no premium tier, no data licensing. Sustained by UVA Law's institutional commitment to the project and Professor Garrett's ongoing research program.", "knownIssues": "Federal only: Does not include state criminal prosecutions, which can be significant (state AG cases against pharmaceutical companies, environmental crimes prosecuted at state level, banking violations). For complete corporate criminal history, state databases must be searched separately.\n\nCriminal only: Excludes civil enforcement (SEC actions, FTC consent orders, EPA administrative penalties) and regulatory settlements that may involve larger financial penalties than criminal cases. Many corporate enforcement actions are civil, not criminal.\n\nUpdate lag: The registry is updated by research staff, typically monthly. Very recent DOJ announcements may not appear for several weeks. For breaking enforcement news, check DOJ press releases directly.\n\nCorporate entities only: Tracks cases against business entities (corporations, LLCs, partnerships), not individual executives. For executive prosecutions, search PACER directly or use DOJ press releases.\n\nHistorical completeness: While coverage back to 1990 is the goal, some older cases — particularly sealed agreements or cases without public press releases — may be missing. The further back you go, the less complete the record.\n\nSingle-institution dependency: The registry depends on one professor's research program at one law school. If Professor Garrett moves institutions or the project loses support, continuity could be affected. No formal governance structure beyond the academic appointment.\n", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "strong", "securityRatingNote": "Hosted by a major US public university with institutional IT infrastructure and security. No user accounts, no personal data collection, no login required. The data is entirely public federal court records with zero sensitivity. No advertising, no tracking beyond standard university analytics. The threat model is essentially zero — you are searching public court records on a university website. No record of security incidents. Rating reflects the combination of zero-sensitivity public data, no authentication requirements, and institutional hosting." }, { "name": "CryptPad", "slug": "cryptpad", "url": "https://cryptpad.org", "tagline": "End-to-end encrypted collaborative office suite — docs, spreadsheets, slides, forms, kanban, whiteboard. The server never sees your content.", "category": "writing", "additionalCategories": [ "messaging", "security" ], "openSource": true, "threatLevel": "high-risk", "whoItsFor": "Journalists collaborating on sensitive documents who need a Google Docs alternative where the server operator — and anyone who breaches it — cannot read their files. Also useful for researchers, activists, and NGOs handling confidential material.", "pricing": "Free (1GB) on cryptpad.fr. Individual paid plans 5-100 euros/month for more storage. Enterprise: 3,000-25,000 euros/year (50-1,000 users, 100GB-1TB). Nonprofits and education get 50% off enterprise tiers.", "freeOption": true, "editorialTake": "CryptPad is what Google Docs would be if Google couldn't read your documents. Zero-knowledge encryption means the server operator cannot access your content — period. The cryptographic keys live in document URLs, never on the server. XWiki SAS (France) builds it with EU funding, and it ships under AGPL. The 2026.2.0 release upgraded to OnlyOffice 9 for office-format editing, and the team completed post-quantum cryptography research using ML-KEM and ML-DSA. Performance is slower than Google Docs — encryption has a cost — and there's no offline mode or mobile app. But for sensitive collaborative work, nothing open-source comes close. Revenue hit 608K euros in 2025 with 1,540 paying accounts on cryptpad.fr, up 60% year-over-year. The project is real, funded, and growing.", "bestFor": "Collaborative editing on sensitive stories where content must stay private. Shared notes and source documents where you can't trust the cloud provider. Encrypted forms for confidential surveys or tip lines. Quick anonymous collaboration — no registration required for pad access.", "notFor": "Heavy formatting or complex spreadsheet work (OnlyOffice integration helps but still lags Google Sheets). Teams deeply embedded in Google/Microsoft ecosystems who won't switch. Anyone who needs offline access or native mobile apps. Long-term archival — export regularly.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "cryptpad.fr hosted in France (EU/GDPR). Self-hosted instances: your jurisdiction. Enterprise cloud instances available in EU. No data leaves the EU on the flagship instance.", "privacyPolicyTldr": "Zero-knowledge architecture — the server never sees plaintext content. No tracking, no analytics on the open-source version. Account registration requires only a username and password, no email. Cryptographic keys derived client-side from credentials; the server never sees your password. The United Nations used CryptPad Forms for open-source principles endorsements — that's the trust level.", "practicalMitigations": "Use cryptpad.fr for EU-hosted, GDPR-compliant collaboration. Self-host for full control (Docker images available, now Alpine-based). Share documents via links with passwords for additional access control. Export regularly — CryptPad is not a long-term archival solution. Enable 2FA on your account (added in 2024). Note: once you share a document link, you cannot revoke access without destroying the original and creating a copy — plan sharing carefully. If you lose your username and password, there is no account recovery. Write them down.", "owner": "XWiki SAS (French company, est. 2004). CryptPad team is ~9 FTE as of 2026.", "fundingModel": "EU research grants (NGI Zero Commons Fund, NLnet/NGI ASSURE, BPI France), XWiki SAS revenue, subscriptions (121K euros in 2025, +60% YoY), donations (29K euros, +80% YoY), enterprise contracts (41.5K euros). Total 2025 revenue: 608K euros. The ELFA project (3-year, starting H2 2026) brings additional EU funding. Team estimates needing 400K euros in subscriptions and donations by 2027 to be self-sustaining without research grants.", "businessModel": "Freemium hosted instance at cryptpad.fr (1GB free, paid plans from 5 euros/month). Enterprise on-premise or cloud from 3,000 euros/year. 50% nonprofit/education discount. Self-hosting is free under AGPL. 1,540 paying accounts as of January 2026.", "knownIssues": "2FA bypass vulnerability (GHSA-xq5x-wgcm-3p33, high severity) and XSS in link bouncer (GHSA-vq9h-x3gr-v8rj, low-medium) found by Lachlan Davidson of Carapace in version 2024.12.0 — both fixed in 2025.3.0. No comprehensive third-party security audit has been published. Sharing is irrevocable: document URLs contain decryption keys, so anyone with the link has permanent access unless you destroy and recreate the document. No offline mode — browser-only, no desktop or mobile apps. Performance noticeably slower than Google Docs due to client-side encryption overhead. French tax law changes in 2025 eliminated 37K euros in subsidies, adding pressure to the sustainability model. Only ~50% of revenue is reliably recurring.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Zero-knowledge end-to-end encryption by default — the server never sees plaintext. Open-source (AGPL), auditable code on GitHub. EU-funded, French-hosted under GDPR. Post-quantum cryptography research completed (ML-KEM, ML-DSA) with crypto-agility refactor for easy algorithm switching. Two vulnerabilities disclosed and patched in 2025 (2FA bypass and sandboxed XSS). No full third-party audit published, which is the one gap. The architecture is sound; the disclosure process is transparent." }, { "name": "Dangerzone", "slug": "dangerzone", "url": "https://dangerzone.rocks", "tagline": "Converts potentially malicious documents into known-clean PDFs by rendering in a sandbox. Pixel-based sanitization — no signature detection to evade.", "category": "security", "openSource": true, "builtForJournalism": true, "threatLevel": "baseline", "whoItsFor": "Any journalist who opens documents from unknown or untrusted sources. Investigative reporters handling leaked files. Newsrooms processing tips and submissions.", "pricing": "Free. Open source (AGPLv3).", "freeOption": true, "editorialTake": "Every journalist receives documents from unknown sources. Dangerzone is the hygiene step that should be automatic — drop in a suspicious PDF, get back a clean version with any embedded malware neutralized. Created by Micah Lee at First Look Media, now maintained by Freedom of the Press Foundation. Version 0.10.0 (December 2025) eliminated the Docker Desktop dependency on macOS and Windows by embedding Podman directly into the application — a major usability win that removes the biggest adoption barrier. The sanitization approach is deliberately simple and paranoid: convert the document to raw pixel data inside a gVisor sandbox, then reconstruct a clean PDF from those pixels outside the sandbox. No parsing, no heuristics, no signature database. If malicious code executes during conversion, it's trapped in a container with no network access, no filesystem mount, and a gVisor layer intercepting every syscall. Include Security audited Dangerzone in December 2023 (funded by Open Technology Fund) and found zero critical, high, or medium issues — only three low-risk and seven informational findings. Optional OCR restores a searchable text layer after conversion. Inspired by Qubes trusted PDF but works on standard operating systems. The only real competitor is Entrusted, a Rust-based alternative with less institutional backing. Dangerzone is the document sanitizer journalists should use.", "bestFor": "Opening documents from unknown sources. Sanitizing leaked files, emailed documents, and newsroom tip submissions before viewing. Batch processing document dumps.", "notFor": "Documents you already trust (adds 30-60 seconds of processing time). Very large files. Audio, video, or zip archives — only handles PDFs, Office docs, ODF, and images. Won't preserve spreadsheet formulas or Word macros (by design — that's the point).", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Local only. Documents never leave your computer. No cloud processing, no upload, no telemetry.", "privacyPolicyTldr": "All processing happens locally in a sandboxed container. No documents are uploaded, transmitted, or stored anywhere except on your machine. No telemetry, no analytics, no network calls. The container itself has networking disabled — even a compromised sandbox cannot phone home.", "practicalMitigations": "Make it a habit to run every document from an unknown source through Dangerzone before opening. Since 0.10.0, Docker Desktop is no longer required on macOS/Windows — Podman is bundled. Update regularly; new document exploit techniques emerge constantly and FPF updates the container image (now Debian-based with current LibreOffice). On first run, expect ~10GB of disk usage for the container image. Use the new CLI tool (dangerzone-machine) to manage the Podman VM if needed. Enable OCR for searchable output. For Qubes OS users, Dangerzone has native integration using disposable VMs instead of containers.", "owner": "Freedom of the Press Foundation (nonprofit)", "fundingModel": "Donations, grants, and institutional support through Freedom of the Press Foundation. Security audit funded by Open Technology Fund. FLOSS/Fund listed.", "businessModel": "Nonprofit. Free. No monetization path — sustained entirely by FPF's broader funding model.", "knownIssues": "Requires ~10GB disk space for the container image — a real barrier on older machines or constrained environments. Output is always a flat PDF; spreadsheet formulas, macros, and interactive elements are destroyed (intentionally, but users expecting editable output are surprised). Does not handle audio, video, or compressed archives — only PDFs, Office docs (.docx, .doc, .xlsx, .xls), ODF (.odt, .ods, .odp), and images (.jpg, .png). Cannot detect or neutralize steganography or printer tracking dots embedded in visual content. Processing time is noticeable (30-60 seconds per document depending on page count and system). No mobile version — desktop only (macOS, Windows, Linux, Qubes OS). The 2023 Include Security audit flagged that the macOS application itself could be further hardened, though attackers cannot directly target it. No batch processing UI yet (FPF has acknowledged demand from newsrooms).", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Pixel-based sanitization eliminates embedded malware without relying on signature detection — fundamentally stronger than antivirus scanning. gVisor sandbox (memory-safe Go) intercepts every syscall between the conversion process and the host kernel. Container has no network access and no filesystem mounts. December 2023 audit by Include Security found zero critical/high/medium issues. Local-only processing means zero data exposure. Open source (AGPLv3), 4.8K GitHub stars, 21+ contributors. Backed by Freedom of the Press Foundation with active development — 0.10.0 shipped December 2025 with Podman bundled, eliminating Docker Desktop dependency." }, { "name": "darktable", "slug": "darktable", "url": "https://www.darktable.org", "tagline": "Open-source RAW photo processor and photography workflow manager — a free Lightroom alternative.", "category": "visuals", "openSource": true, "whoItsFor": "Photojournalists and newsroom photographers who need professional RAW processing without Adobe subscriptions. Also useful for any journalist who shoots in RAW and wants non-destructive editing with full metadata control.", "pricing": "Free", "freeOption": true, "editorialTake": "darktable 5.4.1 (February 2026) is a genuinely capable Lightroom alternative. Non-destructive editing, GPU-accelerated processing via OpenCL, and a database-driven lighttable for managing thousands of images. The tone mapping options — Filmic RGB, Sigmoid, and the new AgX-based mapper in 5.4 — give serious color science control. Multiple workspace support lets you maintain separate databases for different projects. It runs fully offline, collects nothing, requires no account. The learning curve is steep compared to Lightroom, and the UI still feels more technical than polished. But for journalists who need RAW processing that respects source protection and costs nothing, darktable delivers. Original files are never modified — all edits are stored as sidecar XMP files.", "bestFor": "RAW photo development. Non-destructive editing workflows. Tethered shooting. Batch processing and export. Managing large photo libraries with tagging and metadata. Controlling exactly what EXIF metadata gets exported.", "notFor": "Quick phone photo edits (too heavy). Pixel-level retouching or compositing (use GIMP). AI-powered edits like object removal or generative fill. Beginners who want one-click presets — the learning curve is real.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "All local — darktable makes no network connections. Images, edits, and the database all stay on your machine.", "privacyPolicyTldr": "darktable collects nothing. No accounts, no telemetry, no analytics, no cloud sync. It never modifies your original files. Metadata export is granular — you control exactly which EXIF fields are included when exporting.", "practicalMitigations": "Strip EXIF metadata on export when source protection matters — darktable's export module lets you deselect individual metadata categories. Keep darktable updated to patch any file-parsing vulnerabilities in supported RAW formats. Use XMP sidecars rather than embedded edits for maximum portability.", "owner": "darktable community project (no corporate owner)", "fundingModel": "Community donations. Travel expenses for developer meetups funded through donation campaigns. No corporate sponsor or foundation.", "businessModel": "None — volunteer-driven open source under GPL-3.0. No paid tier, no premium features, no data monetization.", "knownIssues": "Steep learning curve — the scene-referred workflow (Filmic RGB, color calibration) requires understanding concepts that Lightroom hides. Some Wayland display issues persist on Linux, though 5.4 improved compatibility. Cannot edit non-RAW images as effectively as dedicated editors like GIMP. Limited plugin ecosystem compared to Lightroom. Bus factor is a concern for a project this important — core team is small.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "reviewDepth": "editorial", "lastReviewedDate": "2026-04-11", "securityRating": "strong", "securityRatingNote": "Fully local, open-source under GPL-3.0, no accounts or telemetry. All processing happens on your machine with no network connections. Original files are never modified. Granular metadata export controls support source protection workflows. One of the strongest privacy stories in photo software." }, { "name": "Data.gov", "slug": "data-gov", "url": "https://data.gov", "tagline": "The US government's central open data portal — 370,000+ datasets from federal agencies, searchable and downloadable in machine-readable formats.", "category": "data", "whoItsFor": "Data journalists building stories from federal datasets. Researchers who need machine-readable government data without filing FOIA requests. Newsrooms covering policy, environment, health, education, or economics at a national scale. Civic technologists building applications on top of government data. Students and academics doing quantitative research with official sources.", "pricing": "Completely free. All datasets are public domain or open license.", "freeOption": true, "editorialTake": "Data.gov is the federal government's central catalog for open data — over 370,000 datasets from dozens of agencies, required by statute under the OPEN Government Data Act. It is a catalog, not a database. Data.gov indexes metadata and links to datasets hosted on individual agency servers. You search here, but the actual data lives on agency sites (census.gov, EPA, NOAA, etc.). This matters because data quality, format, and update frequency vary enormously by agency. Some datasets are clean CSVs updated daily; others are PDFs from 2014. The search interface is functional but basic — filtering by agency, format, and topic works, but discovery is hit-or-miss for niche datasets. The real value is as a starting point: if you know a federal dataset exists but do not know which agency publishes it, Data.gov will find it. For data journalism, the most useful datasets tend to come from Census, BLS, EPA, NOAA, and USDA — and you will often end up going directly to those agency portals for the actual download. The 2025 presidential administration has introduced uncertainty about the long-term availability of some datasets, making it worth downloading and archiving data you depend on rather than assuming permanent access.", "bestFor": "Finding federal datasets by topic, agency, or format. Discovering datasets you did not know existed across agencies. Downloading bulk government data in machine-readable formats (CSV, JSON, XML, API). Building data journalism projects on official government sources. Cross-referencing data from multiple federal agencies.", "notFor": "State or local government data (use individual state data portals). Real-time or frequently updated data (most datasets update monthly or less). Data analysis — Data.gov is a catalog and search engine, not an analysis tool. Pre-cleaned or journalism-ready datasets (quality varies wildly). Historical data that agencies have removed from their servers.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. Operated by the General Services Administration (GSA). Hosted on federal government infrastructure.", "privacyPolicyTldr": "Federal government website subject to federal privacy laws. Collects standard web analytics. No account required to search or download datasets. The datasets themselves are public government data — no personal information is collected through browsing or downloading. No commercial tracking or advertising.", "practicalMitigations": "No account required for most functionality — you can search and download anonymously. The datasets are public records, so there is no sensitivity in accessing them. The main risk is data reliability: always verify dataset currency, check the 'last modified' date, and cross-reference with the source agency. Download and archive datasets you depend on — federal data availability can change with administrations. For large-scale data work, use the CKAN API rather than manual downloads.", "owner": "U.S. General Services Administration (GSA)", "fundingModel": "Federally funded. Operated by GSA as a statutory requirement under the OPEN Government Data Act (Title II of the Foundations for Evidence-Based Policymaking Act of 2018).", "businessModel": "Government service. No revenue model. Exists to fulfill the federal mandate for open government data publication.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "strong", "securityRatingNote": "Federal government website operated by GSA on government infrastructure. HTTPS throughout. Subject to federal cybersecurity standards. No account required for core functionality. No commercial tracking. The datasets themselves are public records. The only consideration is data provenance — always verify that a dataset is current and sourced from the authoritative agency, since Data.gov is a catalog pointing to external agency servers." }, { "name": "Dataminr", "slug": "dataminr", "url": "https://www.dataminr.com/products/dataminr-for-news/", "tagline": "AI-powered real-time alert platform that processes 1M+ public data sources to detect breaking news before it hits the wire.", "category": "newsgathering", "builtForJournalism": true, "whoItsFor": "Breaking news reporters, assignment editors, and newsroom managers at organizations with budget for enterprise tools. Also used by researchers and media monitors tracking global events.", "pricing": "Enterprise pricing, not publicly listed. Third-party estimates range from ~$10,000/month for a single seat to ~$200,000/month for 100 users. Contracts are negotiated per organization. Implementation fees of $5,000-$50,000 reported depending on scale.", "freeOption": false, "editorialTake": "Dataminr was founded in 2009 by Yale graduates Ted Bailey, Sam Hendel, and Jeff Kinsey. The company built its reputation on one asset: exclusive access to the Twitter firehose, the unfiltered real-time stream of every public tweet. Twitter granted that access in 2012 and took a 5% equity stake in the company. Dataminr famously alerted users to the Osama bin Laden raid 23 minutes before major news outlets reported it.\n\nToday Dataminr processes 43+ terabytes of public data daily from over 1 million sources across 150+ languages. Sources include X (formerly Twitter), regional and alternative social media platforms, government advisories, corporate disclosures, industry blogs, and sensor data. The platform uses what Dataminr calls \"Multi-Modal Fusion AI\" to analyze text, audio, image, video, and sensor inputs simultaneously. A newer \"Agentic AI\" feature deploys autonomous Intel Agents that surface event details without manual queries.\n\nAdoption is real. Dataminr serves 1,500+ newsrooms and approximately 30,000 journalists. Customers include CNN, Washington Post, Deutsche Welle, Getty Images, Radio Free Europe/Radio Liberty, Reach PLC, and Patch. The Associated Press and WolfTech have built direct integrations. For breaking news speed, nothing else competes at this scale.\n\nThe controversy is also real. In 2020, The Intercept reported that Dataminr provided alerts to law enforcement during Black Lives Matter protests, tipping off police to demonstrators' locations and Twitter handles. Twitter's terms prohibited using its data for surveillance, but Dataminr's arrangement continued. A 2023 Secret Service email confirmed Dataminr's contract provided \"real-time access to the full stream of all publicly available Tweets\" and that \"the whole point of this contract is to use the information for law enforcement purposes.\" Under Elon Musk's ownership, X maintained the partnership. Project Censored flagged Dataminr's anti-gang monitoring for racial bias, noting predominantly white former law enforcement officials were coaching analysts to interpret language from communities of color.\n\nDataminr holds a $259 million Air Force contract (awarded 2020) for push alerts and open-source intelligence. A separate $12.2 million DoD contract covers force protection alerting across all authorized military users. The company serves dozens of law enforcement agencies at local, state, and federal levels. This dual use — newsroom tool and government surveillance platform — is the central tension. The same AI that alerts a reporter to an earthquake also alerts police to a protest.\n\nFinancially, Dataminr has raised $1.53 billion total. A 2021 round valued the company at $4.1 billion. In 2025, Fortress invested $100 million and NightDragon/HSBC added $85 million. Revenue approaches $200 million ARR. The company has ~760 employees across six continents.\n\nAlternatives are limited. Google Alerts is free but slow and shallow. CrowdTangle, which many newsrooms relied on for social media monitoring, was shut down by Meta in August 2024. Its replacement (Meta Content Library) excludes journalists entirely. NewsWhip and Meltwater offer social listening but lack Dataminr's real-time speed. For newsrooms that can afford it, Dataminr remains the dominant breaking news alert tool. The question is whether you accept the company's simultaneous role as a law enforcement surveillance vendor.\n", "bestFor": "Breaking news detection at scale, real-time event monitoring across global sources, newsroom alerting for assignment desks, tracking natural disasters and armed conflicts, monitoring multiple regions and languages simultaneously.", "notFor": "Individual freelancers or small outlets without enterprise budgets. Journalists who object to using a platform that simultaneously serves law enforcement surveillance. Newsrooms needing social media analytics or engagement metrics — Dataminr detects events, it does not measure audience performance.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (headquarters: New York). Data stored in the U.S., Europe, and Australia. International transfers use standard contractual clauses.", "privacyPolicyTldr": "Dataminr collects contact information, account preferences, search parameters, IP addresses, device data, and geolocation (if opted in). Data is retained for as long as your account is active. Dataminr shares data with service providers, analytics partners, and payment processors. The platform processes publicly available social media content — your alert queries and search patterns are logged. No journalist-specific privacy protections are mentioned in the policy. EU/UK users have GDPR rights. California residents can request deletion and opt out of data sales. Dataminr's privacy policy does not address whether alert histories or search queries could be subject to law enforcement subpoena.\n", "practicalMitigations": "Understand that your alert configurations and search patterns reveal your reporting interests. Do not configure alerts that could expose confidential source identities or unpublished investigation targets — if subpoenaed, Dataminr's logs could reveal what you were tracking. Use a newsroom organizational account rather than personal credentials. Review alert settings regularly and delete configurations for completed stories. Ask your organization's legal team whether your Dataminr contract includes provisions for resisting law enforcement data requests. For sensitive monitoring needs, consider supplementing with RSS feeds, direct source relationships, or tools you control locally.\n", "owner": "Dataminr Inc. (private). Founded by Ted Bailey (CEO), Sam Hendel, and Jeff Kinsey. Headquartered at 6 East 32nd Street, New York, NY.", "fundingModel": "VC-backed. Raised $1.53 billion total. Last major valuation: $4.1 billion (2021). Recent rounds: $100 million from Fortress Investment Group (April 2025), $85 million from NightDragon and HSBC (March 2025). Key investors include Eldridge, Valor Equity Partners, MSD Capital, IVP, Morgan Stanley Tactical Value, and ArrowMark Partners. Twitter/X held a 5% equity stake from the original firehose partnership.", "businessModel": "Enterprise SaaS subscriptions. Revenue segments: news media, corporate security, financial services, public sector (law enforcement, military, intelligence). Government contracts include a $259 million Air Force deal and a $12.2 million DoD contract. Approaching $200 million ARR as of 2024.", "knownIssues": "Law enforcement surveillance: Dataminr provided real-time alerts to police during 2020 Black Lives Matter protests, including demonstrators' locations and social media handles. The Intercept documented this in detail. A 2023 Secret Service email confirmed the surveillance purpose of the contract.\n\nRacial bias in monitoring: Project Censored reported that Dataminr's anti-gang monitoring relied on racial stereotypes, with predominantly white former law enforcement officials interpreting language from communities of color.\n\nX/Twitter data dependency: Dataminr's core advantage — firehose access — depends on a single commercial partnership with X. If X revokes or reprices access, Dataminr's product degrades. The company has diversified to 1M+ sources but X remains central.\n\nPricing opacity: No public pricing. Enterprise contracts are individually negotiated. Third-party estimates suggest costs of $10,000-$200,000/month depending on seats, making it inaccessible to most independent journalists and smaller outlets.\n\nDual-use tension: The same platform and AI serve journalists and law enforcement simultaneously. Dataminr's government revenue creates a financial incentive to maintain surveillance capabilities that may conflict with press freedom interests.\n\nNo journalist-specific privacy protections: The privacy policy does not address whether journalist alert histories or search queries receive any special protection from law enforcement data requests.\n", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "Strong technical security: AES-256 encryption at rest, TLS 1.2+ in transit, SOC 2 Type II certified, ISO 27001 and ISO 27701 certified, 24/7/365 security operations center. The infrastructure is enterprise-grade. The rating reflects the dual-use concern, not a technical weakness. Dataminr simultaneously serves newsrooms and law enforcement/military clients using the same platform and data sources. Your alert configurations and search patterns could theoretically be relevant to law enforcement interests. The privacy policy does not address journalist-specific protections. For breaking news detection, the technical security is strong. For journalists covering protests, civil liberties, or law enforcement, the company's documented history of providing surveillance alerts to police is a material consideration.\n" }, { "name": "Datawrapper", "slug": "datawrapper", "url": "https://www.datawrapper.de", "tagline": "The newsroom standard for charts, maps, and tables — no code, no trackers, no cookies.", "category": "data", "whoItsFor": "Journalists creating charts, maps, and tables for publication. Used by The Washington Post, The New York Times, The Economist, Bloomberg, Reuters, The Texas Tribune, The Straits Times, and Aftenposten, among hundreds of other newsrooms. No coding required. Free API access for automation.", "pricing": "Free (unlimited charts with Datawrapper branding, PNG export, full API access). Custom: $599/month or $5,990/year (custom branding, themes, PDF/SVG export, 10 user licenses, additional seats $21/user/month). Enterprise: custom pricing (SSO, SLAs, self-hosting option). 20% discount on Custom plans for NGOs. Free PDF/SVG export for students, teachers, and academic researchers.", "journalistDiscount": "The free tier is effectively the journalist tier — fully functional with no feature gating. NGOs get 20% off Custom plans. Academic users get free PDF/SVG export.", "freeOption": true, "editorialTake": "Datawrapper is the default for newsroom data visualization, and nothing else comes close on the privacy side. Embedded charts set zero cookies, run zero trackers, use zero third-party scripts — GDPR and CCPA compliant out of the box. That matters when your readers are in authoritarian contexts. The free tier is genuinely unlimited. The team is ~25 people generating ~$3-5M in revenue with no VC funding, which means no growth-at-all-costs pressure to monetize your data. The main competitor, Flourish, was acquired by Canva in February 2022 — meaning your data viz tool now reports to an ad-tech-adjacent company. Datawrapper remains founder-controlled and independent. ISO 27001 certified, annual pen tests, all data stays in the EEA. For journalism, this is the right tool.", "bestFor": "Charts, maps, and tables for publication. Election results, data journalism, any story that needs a visual. Quick turnaround data viz. PowerPoint presentations via the Microsoft add-in. Small multiples for comparative analysis.", "notFor": "Complex interactive storytelling (Flourish has more creative chart types like timelines and bubble visualizations). Datawrapper is a visualization tool — it doesn't store or analyze sensitive datasets. If you're working with sensitive data, the concern is what you upload to create the chart, not Datawrapper itself. No native data connectors — CSV upload or API only.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "European Economic Area. Two AWS datacenters: Frankfurt, Germany and Stockholm, Sweden. User data never leaves the EEA.", "privacyPolicyTldr": "One of the strongest privacy postures in our evaluation set. Embedded visualizations set zero cookies, run zero trackers, use zero third-party scripts — DNT by default. GDPR and CCPA compliant. Data controller is Mirko Lorenz (Berlin). Datawrapper processes but does not store end-user IP addresses when viewing charts (standard HTTP behavior). Payment data retained 10 years per German tax law, restricted to compliance-only processing after 2 years. Internal data protection officer reviews processes quarterly.", "practicalMitigations": "Datawrapper's data practices are reasonable for most use cases. If you're creating charts from sensitive datasets: (1) upload only the columns needed for the visualization, not the full dataset, (2) delete charts you no longer need, (3) be aware that published charts are publicly accessible by URL, (4) use the PowerPoint add-in to create visualizations that stay private and never publish to the web, (5) Enterprise tier offers self-hosting for maximum data control.", "owner": "Datawrapper GmbH (Berlin, Germany). Founded 2011. Data controller: Mirko Lorenz.", "fundingModel": "Bootstrapped and profitable. Originally incubated at ABZV (German journalism training institute). Zero VC funding. ~$3-5M annual revenue from ~25-30 employees. An M&A offer was reported in April 2025, but the company remains independent and founder-controlled as of April 2026.", "businessModel": "Freemium SaaS. Free tier for individual journalists and small newsrooms. Revenue from Custom tier ($599/month for newsroom branding, exports) and Enterprise tier (SSO, SLAs, self-hosting). No advertising, no data selling, no tracker monetization. The absence of VC funding is a meaningful trust signal — no board pressure to extract value from user data.", "knownIssues": "No security breaches or privacy incidents on record. No CVEs. Main limitations are cosmetic and functional: free tier shows Datawrapper branding on charts. No native data connectors — all data must be uploaded via CSV or pushed via API. The April 2025 M&A offer is worth monitoring; an acquisition could change the privacy calculus (as it did when Canva acquired competitor Flourish in 2022).", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "relatedPrograms": [ "datawrapper-free" ], "securityRating": "strong", "securityRatingNote": "ISO 27001 certified with annual audits. Annual third-party penetration testing. All code peer-reviewed. German-based, GDPR-compliant, all data in EEA. Zero cookies, zero trackers, zero third-party scripts on embedded charts. No VC funding means no data monetization pressure. Upgraded from 'adequate' to 'strong' based on verified ISO 27001 certification, pen testing program, and exceptional embed privacy posture." }, { "name": "DaVinci Resolve", "slug": "davinci-resolve", "url": "https://www.blackmagicdesign.com/products/davinciresolve", "tagline": "Professional video editing, color grading, VFX, and audio post — with a genuinely free tier that has no watermarks or time limits.", "category": "visuals", "openSource": false, "whoItsFor": "Journalists and newsrooms producing video stories, documentaries, investigative packages, or podcasts. Also researchers and activists who need local-only editing with no cloud dependency.", "pricing": "Free version with no watermarks or export limits up to 4K/60fps. Studio version $295 one-time (lifetime updates included). No subscription.", "freeOption": true, "editorialTake": "DaVinci Resolve is the only professional NLE where the free version is genuinely production-ready. Hollywood colorists use it. Fairlight is a real DAW built in. Fusion handles motion graphics. The free tier lacks some AI tools (Magic Mask, Voice Isolation, IntelliTrack) and caps at 4K/60fps — but for journalism work, that's rarely a limitation. Blackmagic sells cameras and capture cards, so the software exists to drive hardware sales. That business model is why the free version stays free without enshittification. The $295 Studio license is a one-time purchase with lifetime updates — a stark contrast to Premiere Pro's $23/month subscription that never stops. Learning curve is real: the node-based compositing and six-page interface intimidate newcomers. But the Cut page (simplified editing) was built specifically for fast turnaround work like news packages.", "bestFor": "Full video editing for documentaries, news packages, and multimedia stories. Color correction (industry-leading). Audio post-production via Fairlight. AI-assisted subtitle generation and multicam editing (Studio only).", "notFor": "Quick social clips where you need to be editing in 30 seconds (CapCut or Canva are faster). Machines with under 8GB RAM or no dedicated GPU — Resolve is hardware-hungry. Teams already embedded in the Adobe ecosystem with established Premiere Pro workflows.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "All local. Projects, media, and AI processing stay on your machine. Blackmagic Cloud collaboration is opt-in and separate. Registration with a Blackmagic account is required to download the software, but the editor itself phones home minimally.", "privacyPolicyTldr": "All editing, rendering, and AI inference happens locally — no media is uploaded to Blackmagic servers. Registration data (name, email) is collected at download. Blackmagic's privacy policy covers marketing communications. If you use the built-in YouTube upload feature, Google's privacy policy applies once the video reaches YouTube. Blackmagic Cloud (optional collaboration feature) stores project data on their servers only if you explicitly enable it.", "practicalMitigations": "Use a dedicated email for Blackmagic registration. Decline Blackmagic Cloud — all editing is local by default. Disable the YouTube upload feature if you want zero external connections. On macOS, use Little Snitch or LuLu to verify no unexpected outbound connections. For sensitive projects, work offline entirely — Resolve functions fully without internet after installation.", "owner": "Blackmagic Design Pty Ltd (private Australian company, founded 2001 by Grant Petty, headquartered in South Melbourne). ~$500M+ annual revenue as of 2025. No VC funding, no public shareholders — Petty controls the company.", "fundingModel": "Hardware sales: cameras (URSA, Pocket Cinema Camera), capture cards (DeckLink), converters, video switchers (ATEM). Software drives hardware adoption.", "businessModel": "Free version + paid Studio version ($295 one-time, lifetime updates). Blackmagic Cloud collaboration is a separate paid service. The company's primary revenue is professional video hardware.", "knownIssues": "Demands real GPU power — 8GB RAM and 2GB VRAM is the stated minimum, but 16GB RAM and 6-8GB dedicated VRAM is the realistic floor for HD work. Resolve 20.x has reported stability issues: random crashes on some systems, particularly during color space changes on Mac. H.264/H.265 render glitches can appear silently in long-form projects (always spot-check exports). AI transcription spell-check corrections don't persist for proper nouns. Audio channel routing resets unpredictably when switching headphones or opening projects. The six-page interface (Media, Cut, Edit, Fusion, Color, Fairlight) is powerful but overwhelming for occasional users — most journalists only need Cut or Edit plus Fairlight.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "Closed-source but fully local processing — all AI inference runs on-device via the DaVinci Neural Engine, no cloud round-trips. No telemetry concerns reported. Registration required for download, but the application itself operates independently. Blackmagic's hardware-first business model (cameras, capture cards) means minimal incentive to monetize user data. Optional Blackmagic Cloud collaboration is the only feature that transmits project data, and it's explicitly opt-in. For journalists handling sensitive footage, the local-only architecture is a meaningful advantage over cloud-dependent editors." }, { "name": "DeepL", "slug": "deepl", "url": "https://www.deepl.com", "tagline": "Best-in-class machine translation with real privacy guarantees on paid tiers. Now 100+ languages, plus AI writing and real-time voice translation.", "category": "writing", "openSource": false, "whoItsFor": "Journalists working across languages — translating sources, foreign-language documents, press releases, or publishing for multilingual audiences. Also useful for researchers reading foreign-language academic papers or activists communicating across borders.", "pricing": "Free web/app: 500K characters/month with ads and data caveats. API Free: 500K characters/month. Individual: $8.74/month (translator only) or $17.49/month (with Write Pro). Team: $28.74/user/month (translator) or $35.39/user/month (with Write Pro). Business: $57.49/user/month. API Pro: $5.49/month base + $25 per million characters.", "freeOption": true, "editorialTake": "DeepL still produces the most natural translations for European languages — better than Google Translate, and more consistent than ChatGPT for straightforward text. Its 2025 next-gen LLM model claims 2x fewer edits needed versus Google and 3x fewer versus GPT-4. The critical privacy distinction: free tier text may be stored and used for training. Pro tiers delete text after translation and never train on it. If you're translating sensitive source material, leaked documents, or whistleblower communications, pay for Pro or use the API Free tier. DeepL Write is a solid grammar/style tool but only covers 6 languages. DeepL Voice (real-time meeting translation) is genuinely useful for multilingual newsrooms but requires a separate subscription. The company is German, GDPR-native, and holds ISO 27001, SOC 2 Type II, and C5 Type 2 — stronger compliance credentials than any competitor in translation.", "bestFor": "Translating interviews, documents, and source material. Drafting foreign-language correspondence. Reading news in languages you don't speak fluently. Polishing grammar and tone in supported languages via DeepL Write. Real-time translated captions in multilingual meetings via DeepL Voice.", "notFor": "Languages outside DeepL's strongest set — its 100+ language expansion is recent and quality varies for non-European languages. Real-time voice interpretation in the field without internet. Content you need to keep completely off third-party servers (use local models instead). Creative or marketing copy where ChatGPT's contextual rewriting may outperform.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "European Union (Germany). DeepL SE is headquartered in Cologne. All infrastructure subject to EU data protection law. Enterprise customers get Bring Your Own Key (BYOK) encryption for additional control.", "privacyPolicyTldr": "Free tier: text may be stored to improve the service, including model training. Pro tiers: text is deleted immediately after translation and never used for training. API Free tier also does not train on your data. DeepL is GDPR-compliant, does not sell user data, and supports SSO (OIDC/SAML), MFA, and role-based access for enterprise accounts.", "practicalMitigations": "Use Pro or API Free tier for any sensitive material — the free web translator may retain and train on your text. Never paste confidential source documents, leaked files, or whistleblower communications into the free web version. For maximum control, use the API with your own integration. Enterprise customers can enable BYOK encryption and network access restrictions.", "owner": "DeepL SE (Cologne, Germany)", "fundingModel": "Venture-backed. Raised $536M total. $300M Series D in 2024 led by Index Ventures at $2B valuation. Earlier investors include Benchmark and IVP.", "businessModel": "Freemium SaaS. Revenue from Pro subscriptions, API usage fees, and enterprise contracts. $185M revenue in 2024 with 500K+ customers.", "knownIssues": "Desktop app has persistent stability complaints — freezing, high memory usage, and crashes reported across review platforms. Customer support for paid tiers is slow; multiple Trustpilot complaints about billing disputes and difficult cancellations. Free tier UI is cramped, with limited text editing space. DeepL Write only supports 6 languages (English, German, French, Italian, Portuguese, Spanish) — far fewer than the translator. The 70+ new languages added in 2025 are newer and less battle-tested than the core European language set. Some users report occasional source-to-source language translation errors. Mobile Write functionality is limited.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "German-headquartered, GDPR-native. Holds ISO 27001:2022, SOC 2 Type II, and C5 Type 2 attestation. Pro tier explicitly deletes text after translation and never trains on it. Enterprise features include BYOK encryption, SSO (OIDC/SAML), MFA, network access restrictions, and detailed audit logs. Regular internal and external penetration testing. The only meaningful gap: the free tier's data handling is opaque compared to Pro, and the tool is not open source." }, { "name": "DeepSeek", "slug": "deepseek", "url": "https://chat.deepseek.com", "tagline": "Chinese open-source LLM with strong reasoning capabilities. Free web interface. Open-weight models (MIT license) can be run locally to avoid Chinese data jurisdiction entirely.", "category": "ai", "openSource": true, "threatLevel": "sensitive-reporting", "whoItsFor": "Developers and technical journalists who want to run a capable open-weight model locally without sending data to any cloud provider. Researchers comparing AI model capabilities across geographies. Anyone who needs a free, powerful reasoning model and is willing to navigate the jurisdiction considerations — or who runs the model locally and sidesteps them entirely.", "pricing": "Web interface (chat.deepseek.com): completely free, no usage limits publicly stated. API: significantly cheaper than OpenAI — roughly $0.14 per million input tokens, $0.28 per million output tokens for DeepSeek-V3. Local deployment: free (MIT-licensed open weights available on Hugging Face). Hardware costs for local inference vary by model size.", "freeOption": true, "editorialTake": "DeepSeek is the most controversial entry in this directory, and the nuance matters. There are two entirely different products here: the web chat interface (chat.deepseek.com), and the open-weight models you can download and run locally. They have radically different privacy profiles. The web interface stores all data on servers in mainland China, subject to Chinese cybersecurity and intelligence laws that require companies to cooperate with state intelligence efforts. Italy banned the app. Multiple EU data protection authorities launched investigations. The US, Australia, and others banned it from government devices. For journalists — especially those covering China, human rights, or geopolitics — using the web interface is a clear risk. Your prompts, your research patterns, and your outputs are stored in a jurisdiction with no independent judicial oversight of surveillance requests. But the open-weight models (DeepSeek-R1, DeepSeek-V3) are MIT-licensed and can run entirely on your own hardware. When you run DeepSeek locally via Ollama or similar, no data leaves your machine. Zero jurisdiction risk. Zero surveillance exposure. The model itself doesn't phone home. This is the same privacy story as running Llama locally — the weights are just math. DeepSeek-R1 has genuinely strong reasoning capabilities that compete with GPT-4 and Claude on many benchmarks, at a fraction of the cost (or free if run locally). The technical achievement is real. The question is purely about how you deploy it.", "bestFor": "Local deployment via Ollama for privacy-sensitive AI assistance with zero cloud dependency. Developers building journalism tools who need a capable open-weight model. Cost-sensitive API usage where DeepSeek's pricing (10-50x cheaper than OpenAI) matters. Technical researchers comparing model capabilities. Anyone who wants GPT-4-class reasoning without paying GPT-4 prices and is comfortable with local deployment.", "notFor": "Any journalist covering China, human rights, Hong Kong, Taiwan, Xinjiang, or related topics — do not use the web interface. Non-technical users who can't run models locally and would rely on the Chinese-hosted web interface. Anyone subject to organizational policies banning Chinese AI services. Newsrooms where IT policy prohibits Chinese-jurisdiction data processing. Journalists who need web-grounded responses with current information (DeepSeek's web interface has limited search integration compared to Copilot or ChatGPT).", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "Web interface: People's Republic of China (DeepSeek, registered in Hangzhou, Zhejiang Province). All data stored on mainland Chinese servers, subject to Chinese Cybersecurity Law, Data Security Law, and National Intelligence Law. No GDPR compliance until late May 2025 (EU representative appointed months after Italian ban). Local deployment: your jurisdiction — data never leaves your hardware.", "privacyPolicyTldr": "Web interface: DeepSeek collects prompts, outputs, device information, and usage patterns. Data stored in China. Under Chinese National Intelligence Law (Article 7), all organizations must support and cooperate with state intelligence work. No independent judicial oversight of government data access requests. DeepSeek appointed an EU representative in May 2025 after regulatory pressure. Local deployment: no data collection whatsoever — open weights run entirely offline with no telemetry.", "practicalMitigations": "Do not use the web interface (chat.deepseek.com) for any journalism work involving sensitive sources, investigative research, or topics the Chinese government considers sensitive. If you want DeepSeek's capabilities, run the open-weight models locally via Ollama, LM Studio, or similar tools — this eliminates all jurisdiction and surveillance concerns. Use a VPN if accessing the web interface for non-sensitive testing. Never input source identities, unpublished findings, or confidential information into the web interface. For organizational use, deploy the open-weight model on your own infrastructure.", "owner": "DeepSeek (深度求索), a subsidiary of High-Flyer Capital Management (quantitative hedge fund), Hangzhou, China", "fundingModel": "Backed by High-Flyer Capital Management, a Chinese quantitative trading firm reportedly managing $8B+ in assets. DeepSeek operates as a research lab funded by High-Flyer's profits. No traditional venture funding rounds. Significant compute investment (reportedly thousands of Nvidia A100/H100 GPUs before export controls).", "businessModel": "Loss-leader research lab funded by parent hedge fund. Web interface is free. API pricing dramatically undercuts Western competitors. Revenue model appears secondary to research prestige and talent recruitment. Open-weight model release builds ecosystem adoption. Long-term business model unclear — possibly API revenue, possibly strategic value to parent fund's trading operations.", "knownIssues": "Chinese data jurisdiction with mandatory intelligence cooperation laws. Banned on government devices in US, Australia, and multiple other countries. Italian data protection authority banned the web app entirely (January 2025). EU investigations ongoing in 13+ jurisdictions. Did not have GDPR-required EU representative until May 2025. Content moderation aligned with Chinese government positions — the model will refuse or deflect on Tiananmen Square, Taiwan independence, and similar topics. Unclear long-term viability as an independent entity vs. potential regulatory restrictions on Chinese AI. Training data provenance questions (some researchers allege OpenAI output was used in training). Export control implications may limit future model development.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "relatedPrograms": [], "securityRating": "caution", "securityRatingNote": "This rating applies to the web interface (chat.deepseek.com). Chinese data jurisdiction with mandatory intelligence cooperation laws, no independent judicial oversight, banned by multiple governments, and subject to ongoing EU regulatory action. For journalists, using the web interface with any sensitive material is inadvisable. However: the open-weight models (DeepSeek-R1, V3) run locally with zero data exposure and would rate 'strong' on privacy — the math doesn't phone home. The rating reflects the product most users will encounter (the web interface), not the self-hosted deployment that technical users can configure." }, { "name": "Descript", "slug": "descript", "url": "https://www.descript.com", "tagline": "AI-powered audio and video editing with text-based editing.", "category": "visuals", "whoItsFor": "Journalists who edit audio or video. Descript lets you edit media by editing a transcript — delete a word from the text and it disappears from the audio. Built for podcast producers, video journalists, and anyone cutting interview tape on deadline.", "pricing": "Free (60 media minutes/month, 100 one-time AI credits). Hobbyist: $16/month (annual) or $24/month. Creator: $24/month (annual) or $35/month. Business: $50/month (annual) or $65/month. Enterprise: contact sales. Pricing overhauled September 2025 — now meters both media minutes (uploads/recordings) and AI credits (Studio Sound, Eye Contact, filler removal, etc.). Unused minutes and credits do not roll over.", "journalistDiscount": "None known.", "freeOption": true, "editorialTake": "Descript's text-based editing genuinely changes how you work with audio and video — edit a transcript like a Google Doc and the media follows. The AI features (filler word removal, eye contact correction, Studio Sound noise reduction) save hours on deadline. But your media uploads to Descript's cloud for processing. For a podcast about public policy, fine. For audio of a confidential source describing corporate fraud, no. Descript is independently owned (not Spotify — that was rumor, not fact), VC-backed with $101M raised, and now doing $55M ARR with 75% year-over-year growth under new CEO Laura Burkhauser. The product is excellent for non-sensitive production. Just know what you're uploading and where it goes.", "bestFor": "Podcast editing, video journalism, interview tape cutting, content repurposing, fast-turnaround spoken-word content. Non-sensitive media production where speed matters more than operational security.", "notFor": "Editing audio or video containing confidential source material, whistleblower recordings, or any content where the existence of the recording itself is sensitive. Use DaVinci Resolve (free, local processing) or Audacity for that.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (AWS infrastructure)", "privacyPolicyTldr": "Descript processes media on cloud servers (AWS). SOC 2 Type II compliant, GDPR and CCPA aligned. States it does not use your content to train production AI models. Internal R&D models only use data from users who opt in — opt-in is disabled by default. Voice cloning training audio may be used to improve their technology after being disassociated from your account. Descript employees may listen to audio samples for internal QA. Has agreements with sub-processors (including OpenAI) that your data won't be used for third-party model training. Content retained until you delete your project.", "practicalMitigations": "For non-sensitive content, Descript is fine as-is. For somewhat sensitive material: (1) delete projects immediately after exporting final cuts, (2) never upload raw source audio that includes identifying information about confidential sources, (3) disable the data-sharing opt-in in settings, (4) use DaVinci Resolve (free, fully local) or Audacity for anything sensitive. For voice cloning: understand that your consent recording and training audio may be used for Descript's R&D even after disassociation from your account.", "owner": "Descript, Inc. (independent, private). Founded 2017 by Andrew Mason (former Groupon CEO). Mason stepped aside to Executive Chairman in 2025; Laura Burkhauser (ex-Twitter Director of Product) became CEO.", "fundingModel": "VC-backed. $101M raised across 4 rounds. Series C ($50.6M, Nov 2022) led by OpenAI Startup Fund. Other investors: Andreessen Horowitz, Redpoint Ventures, Spark Capital. $55M ARR as of 2025 with 75% YoY growth. No Spotify acquisition — that was industry rumor, never materialized.", "businessModel": "Freemium SaaS. Free tier for adoption; paid tiers gate AI credits, media minutes, 4K export, and team features. September 2025 pricing overhaul introduced metered usage (media minutes + AI credits) replacing flat transcription hours.", "knownIssues": "Consumer Reports (March 2025) assessed Descript's voice cloning safeguards as 'somewhat effective' — better than most competitors (requires recording a consent statement) but bypassable via cloning the consent statement through another service. Pricing overhaul in September 2025 forced migration to metered media minutes + AI credits, frustrating some long-time users on legacy plans. Voice cloning training audio is used for R&D after disassociation from accounts. OpenAI is both an investor and a sub-processor — potential conflict of interest worth noting. No public data breaches or security incidents found.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "SOC 2 Type II compliant. AES-256 at rest, TLS 1.2 in transit. GDPR/CCPA aligned. AI training opt-in disabled by default. No breaches on record. Rating reflects cloud-only processing model — all media must leave your machine. Fine for non-sensitive production; not appropriate for confidential source material." }, { "name": "Disconnect", "slug": "disconnect", "url": "https://disconnect.me", "tagline": "Open-source anti-tracking browser extension from ex-Google and ex-NSA engineers. Blocks 2,000+ third-party trackers. Powers tracker protection in Firefox, Edge, and Samsung Internet.", "category": "security", "openSource": true, "whoItsFor": "Journalists who want a lightweight, set-and-forget tracker blocker. Reporters working on sensitive stories who need to reduce their tracking footprint without configuring complex tools. Anyone who wants to browse without advertising networks, analytics services, and social media platforms following them across the web.", "pricing": "Free (browser extension). Premium VPN service available separately.", "freeOption": true, "editorialTake": "Disconnect is the quiet backbone of browser privacy. Its tracker protection list powers Firefox's Enhanced Tracking Protection, Microsoft Edge's tracking prevention, and Samsung Internet's Smart Anti-Tracking. The standalone extension blocks advertising, analytics, social, and fingerprinting trackers across 2,000+ domains, and independent tests show pages load up to 44% faster with 39% less bandwidth as a result. The founders have unusual credibility: co-founder Brian Kennish was an engineer at Google and DoubleClick (the ad-tracking infrastructure itself), and CTO Patrick Jackson is former NSA — he built surveillance systems before switching to building defenses against them. The extension is open source under GPL v3, so the blocking logic is auditable. Compared to Privacy Badger (EFF's heuristic-based blocker), Disconnect uses a curated list approach — it blocks known trackers by domain rather than learning from behavior. This means it works immediately on install with no training period, but it will not catch novel trackers that are not yet on the list. Compared to uBlock Origin (the most powerful content blocker available), Disconnect is narrower in scope: it blocks trackers but not ads that do not track, and it has no cosmetic filtering or custom filter lists. The tradeoff is simplicity — Disconnect requires zero configuration and rarely breaks pages. Named best privacy tool by The New York Times and Innovation Award winner at SXSW. The main concern: the extension was last updated in early 2025, and the company's focus has shifted toward its enterprise privacy products and VPN service. The core tracker list still receives updates, but the extension itself shows its age compared to newer tools.", "bestFor": "Lightweight tracker blocking with zero configuration. Reducing your tracking footprint across advertising, analytics, and social media networks. Pairing with other security tools (use Disconnect for tracking protection, a separate ad blocker for cosmetic filtering). Understanding which trackers are present on any page you visit (the extension shows a real-time breakdown by category).", "notFor": "Comprehensive ad blocking (uBlock Origin is better for that). Blocking novel or unknown trackers through behavioral analysis (Privacy Badger's approach). Replacing a VPN or Tor for network-level privacy. Journalists facing state-level adversaries who need stronger protections than browser-level tracker blocking.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States (Disconnect, Inc., based in California). The extension runs locally in your browser. Tracker blocking happens on-device — no browsing data is sent to Disconnect's servers. The optional Disconnect VPN routes traffic through servers in multiple jurisdictions.", "privacyPolicyTldr": "The browser extension processes everything locally. No browsing data, blocked tracker logs, or page content leaves your device. Disconnect states it will never sell user data. The extension collects no personal information. The company's revenue comes from licensing its tracker protection technology to browser vendors (Mozilla, Microsoft, Samsung) and from its premium VPN product — not from user data.", "practicalMitigations": "Pair Disconnect with uBlock Origin for comprehensive protection — Disconnect handles tracker blocking, uBlock Origin handles ads, cosmetic filtering, and custom filter lists. Check the extension's popup on sensitive pages to see which trackers are attempting to load. If a page breaks, you can whitelist individual sites (click the Disconnect icon and toggle). For high-risk reporting, Disconnect alone is insufficient — use Tor Browser or a hardened Firefox profile with multiple layered protections. Keep the extension updated; tracker lists evolve as companies change domains.", "owner": "Disconnect, Inc.", "fundingModel": "Venture-backed (early stage). Raised $3.5 million in 2013. Revenue from licensing tracker protection technology to Mozilla (Firefox), Microsoft (Edge), and Samsung (Samsung Internet), plus premium VPN subscriptions.", "businessModel": "Freemium. The browser extension is free and open source. Revenue from enterprise licensing (tracker list and blocking technology licensed to major browser vendors) and a premium VPN/privacy service.", "knownIssues": "Extension last updated January 2025 — development pace has slowed as the company focuses on enterprise licensing and its VPN product. The curated tracker list approach means Disconnect may miss brand-new tracking domains until they are added to the list (lag time unknown). Some users report the extension feels dated compared to Privacy Badger and uBlock Origin in terms of UI and feature set. The Disconnect VPN service (separate from the free extension) has received mixed reviews, with some reviewers noting slow speeds and limited server locations. The extension was briefly removed from the Chrome Web Store in 2014 over a dispute with Google (it was restored), highlighting the tension between a tracker-blocking tool and a company that runs the largest ad-tracking network.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "Open source (GPL v3), runs entirely locally in the browser, collects no user data. The tracker protection technology is trusted enough that Mozilla, Microsoft, and Samsung license it for their browsers — that is a meaningful signal. Rating is 'adequate' rather than 'strong' because the extension's development has slowed, the curated list approach has inherent lag against new trackers, and the company's focus has shifted toward enterprise products. The tool does what it claims, but journalists needing maximum protection should pair it with uBlock Origin and other layered defenses." }, { "name": "DocumentCloud", "slug": "documentcloud", "url": "https://www.documentcloud.org", "tagline": "Upload, analyze, annotate, and publish source documents for investigations.", "category": "data", "additionalCategories": [ "verification" ], "openSource": true, "builtForJournalism": true, "whoItsFor": "Investigative journalists publishing source documents alongside stories. Newsrooms collaborating on document review and annotation. FOIA-heavy reporters who need OCR, redaction, and public embedding of primary sources.", "pricing": "Free tier: 100 pages/month for verified news organizations. Professional plans include 2,000 AI credits/month. Organization plans include 5,000 AI credits/month for the first 5 users, plus 500 per additional user. AI credits power premium OCR (Textract, Azure, Google Vision) and GPT-based add-ons.", "freeOption": true, "editorialTake": "DocumentCloud is how major investigations show their work. ProPublica, The New York Times, and hundreds of newsrooms use it to upload court filings, leaked memos, and government records, annotate key sections, then embed them directly in stories. The platform's add-on ecosystem now includes GPT-4 Vision table extraction, PII detection, and entity extraction via Google Cloud NLP — real AI tooling, not vaporware. MuckRock's nonprofit stewardship (since the 2018 merger) keeps it journalist-focused, and the October 2025 merger with Sunlight Research Center added hands-on research support for local newsrooms. The January 2025 UI redesign is noticeably faster. Biggest gap versus Google Pinpoint: no semantic search or knowledge-graph entity matching. Biggest advantage over Pinpoint: public embedding, collaborative annotation, and self-hosting via open source.", "bestFor": "Publishing annotated source documents alongside stories. OCR on scanned PDFs (Tesseract free, Textract/Azure/Google Vision premium). Collaborative document review across a newsroom. Embedding primary sources in articles via responsive viewer. Bulk processing large FOIA dumps with add-ons.", "notFor": "Semantic search across large document sets — Google Pinpoint is stronger there. Not a private document vault by default (check access levels before uploading). Not for audio/video transcription. Limited entity-matching compared to Pinpoint's knowledge graph.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "AWS US. All documents stored on Amazon Web Services infrastructure in the United States.", "privacyPolicyTldr": "Operated by MuckRock, a 501(c)(3) nonprofit. Three access levels: private (only you), organization (your newsroom), and public (anyone, indexed and searchable). Default is private. MuckRock does not sell user data. Public documents are fully indexed by search engines. Organization members can edit any org-shared document, including changing ownership.", "practicalMitigations": "Verify the access level before every upload — organization members can edit org-shared documents. Redact before uploading, not after (originals may persist in processing pipeline). Strip metadata from files before upload. Use private access for pre-publication documents. Notes can be set independently to private, collaborator-only, or public. If a journalist leaves an organization, they lose edit access to public documents owned by that org.", "owner": "MuckRock Foundation (501(c)(3) nonprofit, merged with DocumentCloud in 2018, merged with Sunlight Research Center in October 2025)", "fundingModel": "Knight Foundation grants, Google News Initiative, Democracy Fund, News Integrity Initiative, individual donations, and paid premium plans.", "businessModel": "Freemium nonprofit. Free tier for verified journalists (100 pages/month). Paid professional and organization tiers fund AI credits and premium OCR. Gateway grants available for newsrooms needing bulk document processing.", "knownIssues": "Default access level has changed over the years — always verify before uploading sensitive documents. OCR quality with free Tesseract engine is mediocre on noisy scans; premium Textract is significantly better but costs AI credits. No semantic search or entity-matching — if you need to find connections across thousands of documents, use Google Pinpoint alongside DocumentCloud. Embed viewer below 200px width degrades to a thumbnail link. Organization permission model is coarse: any org member can edit any org-shared document, including reassigning ownership. Open-source self-hosting option exists but documentation is sparse and the codebase has diverged from the hosted version.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Nonprofit-operated, open-source, hosted on AWS US. Three-tier access controls (private, organization, public). Built specifically for journalism with source document publishing as the core use case. No tracking or advertising. The coarse org-level permissions and the risk of accidentally publishing private documents are the main concerns — both mitigated by verifying access levels before upload." }, { "name": "DuckDuckGo", "slug": "duckduckgo", "url": "https://duckduckgo.com", "tagline": "Privacy-focused search engine. No search history tracking, no personalized results, no ad profiling. Now expanding into AI chat, VPN, and identity protection.", "category": "security", "openSource": false, "threatLevel": "baseline", "whoItsFor": "Journalists who don't want their research interests tracked and profiled. Investigators who need search queries that can't be subpoenaed from a provider. Anyone who wants results based on keywords, not a behavioral dossier. With Duck.ai, also useful for reporters who need private access to Claude, GPT, and Llama without creating accounts with those providers.", "pricing": "Free for search, browser, extensions, and basic Duck.ai. Privacy Pro Plus: $9.99/month ($99.99/year) — adds VPN, advanced AI models, personal info removal from 50+ data brokers, identity theft restoration. Privacy Pro: $19.99/month ($199.99/year) — adds Claude Opus, 2x AI usage limits, highest reasoning effort. US only for paid plans.", "freeOption": true, "editorialTake": "DuckDuckGo doesn't track your searches, doesn't build a profile, and doesn't personalize results. For journalists, this matters — your search history is a map of your investigations. Google search is a surveillance tool that happens to find web pages. DuckDuckGo is a search tool that happens to not surveil you. The 2022 Microsoft tracker controversy was real and damaging: DuckDuckGo's browser was quietly allowing Microsoft tracking scripts on third-party sites due to a Bing syndication deal. They fixed it after being caught, not before. That dented trust. But the search engine itself — the core product — never logged queries or built profiles. The fix shipped, Microsoft trackers are now blocked, and independent audits have confirmed the changes. The bigger story in 2025-2026 is Duck.ai: a privacy-preserving gateway to Claude, GPT-4o, GPT-5, Llama, and Mistral models. Your IP is stripped before prompts reach the model provider. No conversations are stored. For journalists who need AI assistance without creating accounts that tie their identity to their prompts, this is genuinely useful. Results quality: good enough for 85% of searches. Weaker than Google for local, breaking news, and deep technical queries. The !bang shortcuts remain the best power-user feature in any search engine.", "bestFor": "Daily web searching without building a surveillance profile of your investigations. Research on sensitive topics where you don't want interest logged. The !bang shortcuts (e.g., !w for Wikipedia, !g for Google, !a for Amazon) make it a universal search launcher — over 13,000 shortcuts. Duck.ai for private AI chat across multiple models without account creation. Email Protection (@duck.com addresses) for hiding your real email from sources and services.", "notFor": "Results are weaker than Google for local searches, very recent breaking news, and highly specific technical queries — use !g bang to fall back. Not a replacement for specialized investigative databases (PACER, corporate registries, etc.). The VPN is fine but not best-in-class — Mullvad or Proton VPN are stronger choices for high-risk reporting. Bang shortcuts redirect you to the target site with no privacy protection once you land there — !g sends you to Google, where Google tracks you normally.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (DuckDuckGo Inc., Paoli, Pennsylvania). Paid Privacy Pro plans currently US-only. Subject to US legal process, but the company's minimal data retention means there's little to hand over — they don't have your search history to produce.", "privacyPolicyTldr": "Does not store search histories. Does not create user profiles. Does not track users across the web. IP addresses are used transiently for security and content delivery, never logged to disk or linked to queries. Ads are keyword-based on the current search, not profile-based. Anonymous aggregate search trends are retained for index improvement. Duck.ai strips all personal metadata (including IP) before forwarding prompts to model providers — chats appear to come from DuckDuckGo, not from you. The privacy policy is short and readable — unusual for a tech company of this size.", "practicalMitigations": "Set DuckDuckGo as your default search engine in all browsers. Use !bang shortcuts to query other engines through DuckDuckGo when needed. Combine with a VPN or Tor for full privacy — DuckDuckGo doesn't log your searches, but your ISP can still see you visited duckduckgo.com. Use Email Protection (@duck.com) to create disposable forwarding addresses for source communications. Use Duck.ai instead of creating personal accounts with OpenAI or Anthropic when you need AI assistance on sensitive topics. On Android, enable App Tracking Protection to block third-party trackers across all apps.", "owner": "DuckDuckGo Inc.", "fundingModel": "Advertising revenue (privacy-respecting keyword-based ads via Microsoft ad network) plus subscription revenue from Privacy Pro Plus and Pro plans. Venture-backed — raised $172.5M from investors including OMERS Ventures and Union Square Ventures.", "businessModel": "Non-tracking keyword-based advertising remains the core revenue stream. Ads are based on what you're searching right now, not a profile of who you are. No user data is sold. Privacy Pro subscriptions ($9.99-$19.99/month) add VPN, AI model access, personal info removal, and identity theft restoration. The Bing syndication deal provides both search results and ad inventory — this is the same deal that caused the 2022 Microsoft tracker controversy.", "knownIssues": "2022 Microsoft tracker controversy: Security researcher Zach Edwards discovered DuckDuckGo's browser allowed Microsoft tracking scripts (Bing, LinkedIn) on third-party sites due to the Bing syndication contract. CEO Gabriel Weinberg confirmed it. Fix shipped mid-2022 — Microsoft trackers are now blocked. But the episode revealed that DuckDuckGo's ad/search partnership with Microsoft created a structural conflict with its privacy mission. The core search engine was never affected (no query logging), but trust took a hit. Search results depend on Bing's index — not independent like Brave Search, which builds its own. Approximately 100 million daily searches and ~0.9% global market share (1.8% US) — growth has plateaued since 2021, suggesting the privacy-search market may be saturated at current awareness levels. Bang shortcuts provide zero privacy protection on the destination site. Duck.ai is useful but the free tier has usage caps, and advanced models require a paid subscription.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "No search tracking, no user profiles, no ad targeting based on history. Privacy-first by design and confirmed by independent audits. Browser apps and extensions are open source (Apache 2.0, GitHub). Core search engine is proprietary. The 2022 Microsoft tracker issue was a real failure, but it was in the browser's tracker blocking — not in the search engine itself — and it has been fully remediated. Duck.ai's privacy architecture (IP stripping, no conversation storage, proxied requests) is well-designed for private AI access. Rating remains strong because the core privacy claims hold up: your searches are not logged, your profile is not built, and your data is not sold." }, { "name": "Element", "slug": "element", "url": "https://element.io", "tagline": "Decentralized encrypted messaging on the Matrix protocol. No single server to compromise.", "category": "messaging", "openSource": true, "threatLevel": "sensitive-reporting", "whoItsFor": "Newsrooms that need encrypted team communication with full infrastructure control. Organizations that want to own their messaging stack — not rent it from Slack or Microsoft.", "pricing": "Free (personal use on public Matrix servers). Element Business at $5/user/month. Element Enterprise at $10/user/month. On-premise from $3/monthly active user (minimum 250 seats). Custom pricing for government deployments.", "freeOption": true, "editorialTake": "Element is the most credible decentralized alternative to Slack and Teams, built on the Matrix protocol. E2E encryption is on by default for DMs and private rooms. The real advantage is federation: your newsroom runs its own Matrix server and still communicates with anyone on the network. The French government (Tchap), German Bundeswehr, NATO (NI2CE messenger), and 25+ national governments use Matrix-based systems. As of April 2026, only verified devices can send or receive E2E encrypted messages — a major security upgrade that eliminates the risk of unverified device eavesdropping. Element X, the ground-up Rust-based rewrite, is nearing feature parity with Element Classic and will become the primary client. The legacy client will be sunset. The tradeoff remains complexity: self-hosting Synapse requires real sysadmin effort, key verification still trips up non-technical users, and the ecosystem moves slower than Signal. For newsrooms willing to invest in setup, Element offers something no centralized tool can: no single entity controls your communications infrastructure.", "bestFor": "Newsroom team communication with full infrastructure control. Cross-organization collaboration where both sides use Matrix. Environments where no single provider should hold message history or metadata.", "notFor": "Quick source communication — Signal is simpler and sources already have it. Newsrooms without IT staff to manage self-hosted infrastructure. Journalists who need zero-friction onboarding for non-technical contacts.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Depends on homeserver. Default matrix.org server hosted in the UK by the Matrix.org Foundation. Self-hosted servers stay in your jurisdiction entirely. Element's managed hosting runs in AWS regions you select.", "privacyPolicyTldr": "Element the company cannot access E2E encrypted message content. On the default matrix.org server, metadata (who talks to whom, when) is stored by the Matrix.org Foundation (UK nonprofit). Self-hosting eliminates third-party metadata exposure. Federation means metadata can traverse multiple servers — each server operator sees the metadata for rooms their users participate in. Authenticated media (Matrix 1.11, June 2024) closed a gap where media files were accessible to anyone who knew the URL.", "practicalMitigations": "Self-host a Matrix server (Synapse) for full control over data and metadata. Verify device cross-signing keys with all contacts — as of April 2026, unverified devices are locked out of E2E encrypted rooms. Enable E2E encryption for all rooms, not just DMs. Use Secure Backup for encryption key recovery. Disable federation if your threat model requires it (turns Matrix into a private island). Keep Synapse updated — two high-severity federation vulnerabilities (CVE-2025-49090, CVE-2025-54315) required a coordinated cross-implementation patch in August 2025. Migrate any remaining libolm-based clients to vodozemac immediately — libolm was deprecated August 2024 with known timing side-channel vulnerabilities.", "owner": "Element (formerly New Vector Ltd, UK)", "fundingModel": "VC-funded with government contracts. $30M Series B (2021) led by Protocol Labs and Metaplanet, with participation from Automattic, Notion, and Skype co-founder Jaan Tallinn. Revenue from enterprise hosting and government deployments (France, Germany, NATO). Element describes itself as self-sufficient on recurring revenue. The Matrix.org Foundation is a separate UK nonprofit — most Foundation staff are Element employees under contract, though the Foundation is working toward greater independence.", "businessModel": "Open-source client with commercial server hosting. Revenue from Element Server Suite (managed Matrix hosting), Element Enterprise (on-premise deployments), support contracts, and government deployments. Element funds the majority of Matrix protocol development through its staffing of the Matrix.org Foundation. This creates a healthy but fragile dynamic: if Element falters, the protocol's development slows significantly.", "knownIssues": "Two high-severity federation vulnerabilities (CVE-2025-49090, CVE-2025-54315) discovered in 2025 allowed state resets that could give attackers unexpected control over room state. Patched in a coordinated release across all Matrix server implementations on August 11, 2025, requiring an off-cycle spec update (Matrix 1.16, Room Version 12). In February 2026, security researcher Soatok reported cryptographic issues in vodozemac (the Rust crypto library): the Olm 3DH handshake fails to reject all-zero Diffie-Hellman outputs, which could theoretically allow a participant to force predictable session keys. Matrix disputed the practical impact, noting that identity keys are signed and verified before session establishment, but agreed to add the check as defense-in-depth. Soatok also flagged truncated 64-bit MACs in Olm v1 as a legacy design weakness. Separately, libolm (the deprecated C crypto library) had AES cache-timing (CVE-2024-45191) and Base64 timing side-channel (CVE-2024-45192) vulnerabilities — all clients maintained by the Matrix core team have migrated to vodozemac, but only 19% of third-party Matrix clients have. Multiple CVEs in matrix-js-sdk and matrix-react-sdk during 2024 affected Element Web, including client-side path traversal (CVE-2024-47080) and thumbnail-based file download tricks. Synapse is resource-heavy (minimum 2GB RAM) and requires ongoing maintenance. Dendrite, the next-gen Go-based server, is in maintenance mode — only security fixes, no new features.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Open-source protocol and clients. E2E encryption via vodozemac (Rust implementation of Olm/Megolm, same Double Ratchet family as Signal). Audited by Least Authority (2022, funded by Germany's gematik), NCC Group (libolm), and Germany's BSI via the CAOS program. Formal cryptographic analysis published (2023). April 2026 mandate requires verified devices for all E2E rooms. Decentralized architecture eliminates single point of compromise. Government adoption by 25+ countries, NATO, and the European Commission validates the security model. The vodozemac cryptographic concerns raised in February 2026 are theoretical under current deployment constraints but highlight that Matrix's crypto layer receives less independent scrutiny than Signal's." }, { "name": "ElevenLabs", "slug": "elevenlabs", "url": "https://elevenlabs.io", "tagline": "The leading AI voice platform. Text-to-speech, voice cloning, dubbing, audio isolation. $11B valuation. Powerful and dangerous in the same breath.", "category": "visuals", "additionalCategories": [ "ai" ], "openSource": false, "builtForJournalism": false, "whoItsFor": "Podcasters and audio producers who need TTS narration, multilingual dubbing, or voice cloning for accessibility versions. Newsrooms producing audio explainers and article-to-audio features. Documentary teams using dubbing to localize interviews. Investigators using the audio isolator to clean noisy field recordings. Anyone whose editorial standards explicitly cover AI voice use.", "pricing": "Free: 10,000 characters/month, basic TTS, no commercial use. Starter: $5/month (30,000 characters, instant voice cloning, commercial license). Creator: $22/month (100,000 characters, professional voice cloning, dubbing, audio isolator, no Studio watermark). Pro: $99/month (500,000 characters). Scale: $330/month (2M characters). Business: $1,320/month (11M characters). Enterprise: custom, with HIPAA, SSO, and custom contracts. Pricing was restructured in January 2025 and unified again in August 2025 to be model-agnostic.", "freeOption": true, "editorialTake": "ElevenLabs is the audio AI company everyone uses and nobody quite trusts. Founded in 2022 by Piotr Dabkowski (ex-Google ML) and Mati Staniszewski (ex-Palantir), the company raised a $180M Series C in January 2025 at a $3.3B valuation, then a $500M Series D in February 2026 led by Sequoia at $11B. Investors include a16z, ICONIQ, Nvidia, Lightspeed, and Bond. The product is genuinely state of the art. v3 voices, released in 2025, are widely considered the most natural-sounding TTS available. The dubbing tool can translate and lip-sync interviews across 30+ languages. The audio isolator can rescue recordings that other tools give up on. Newsrooms use it for article-to-audio narration, podcast post-production, and source-protection voice modulation. The problem is the same thing that makes the product valuable: voice cloning that good is also voice cloning that scammers want. ElevenLabs voices have been used in election deepfakes (the 2024 New Hampshire fake-Biden robocall was traced to an ElevenLabs voice), in sextortion scams targeting parents, and in fraud calls impersonating CEOs. ElevenLabs has responded with identity verification for Professional Voice Cloning, a no-go list of public figures, an AI speech classifier to detect ElevenLabs-generated audio, and partnerships with content authentication groups. The safeguards are real but imperfect. For journalism, the editorial question is straightforward: if you use AI voice, label it; if you clone a real voice, get explicit consent in writing; if you publish synthetic audio of a real person, expect to defend it.", "bestFor": "Article-to-audio narration of long-form pieces. Multilingual dubbing for documentary and explainer video. Voice cloning of your own narrator (with consent and contract). Source voice modulation to protect identity in audio interviews. Audio isolator for cleaning up field recordings, courtroom audio, leaked tapes. Accessibility versions of written content. Podcast post-production cleanup.", "notFor": "Cloning anyone's voice without explicit, documented consent. Generating audio of public figures or sources without disclosure. Anything labeled or implied to be a real person speaking when it isn't. Newsrooms without an AI audio policy in place — adopt the policy first, the tool second. Sensitive interview audio you don't want stored on a third-party server.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (ElevenLabs Inc., headquartered in New York). UK and Poland engineering presence. SOC 2 Type II compliant. Enterprise plans offer HIPAA compliance and zero-retention options.", "privacyPolicyTldr": "Account required. Voice samples and generated audio are stored on ElevenLabs servers. Free and lower-tier plans may use audio for service improvement; Creator plan and above can opt out. Voice cloning requires identity verification (Professional Voice Cloning requires a verbal consent recording). ElevenLabs prohibits cloning voices without consent in its use policy and terminates accounts for abuse. The AI speech classifier lets users check whether an audio file was generated by ElevenLabs. Enterprise plans include zero-retention and contractual data protection terms.", "practicalMitigations": "Use the Creator plan or higher and disable training data sharing. For voice cloning, document consent in writing — ElevenLabs' click-through is not enough for editorial defensibility. Never clone a source voice without an explicit, recorded conversation about how it will be used. Disclose AI voice use in episode notes, captions, and on-air. For sensitive interview audio, use Enterprise with zero-retention or process audio locally. Don't upload unpublished investigative recordings — they live on ElevenLabs servers. Keep an internal log of every AI voice use for corrections and accountability.", "owner": "ElevenLabs Inc. Private company headquartered in New York. Co-founders Piotr Dabkowski (CTO) and Mati Staniszewski (CEO).", "fundingModel": "Venture-backed. Total funding over $700M as of February 2026. Series C (January 2025): $180M at $3.3B valuation, co-led by a16z and ICONIQ Growth, with NEA, Sequoia, Nvidia, and others. Series D (February 2026): $500M at $11B valuation, led by Sequoia with Lightspeed, Bond, a16z, and ICONIQ. Strategic investors include Deutsche Telekom, LG Technology Ventures, HubSpot Ventures, NTT DOCOMO Ventures, RingCentral. Reported to be eyeing an IPO.", "businessModel": "Subscription SaaS plus API. Consumer and creator plans from $5 to $99/month. Business plans up to $1,320/month. Enterprise contracts with HIPAA and zero-retention options. API revenue from developers and platforms embedding ElevenLabs voices in their own products. Strategic enterprise deals with telcos, gaming studios, and audiobook publishers.", "knownIssues": "January 2024: a fake-Biden robocall in the New Hampshire primary urging Democrats not to vote was traced to an ElevenLabs-generated voice. The political consultant responsible was fined $6M by the FCC and indicted. ElevenLabs banned the account and tightened verification on Professional Voice Cloning. 2024–2025: multiple reports of ElevenLabs voices used in sextortion scams, CEO impersonation fraud, and harassment campaigns. The company has since added identity verification, no-go lists for public figures, an AI speech classifier, and partnerships with C2PA and content authentication groups. Voice cloning quality continues to outpace detection tools, meaning safeguards are reactive. The Studio video export watermark drops at the Creator tier — meaning unwatermarked AI audio is broadly available for $22/month.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-07", "relatedPrograms": [], "securityRating": "caution", "securityRatingNote": "ElevenLabs is SOC 2 Type II compliant with HIPAA and zero-retention options on Enterprise plans. Technical security is appropriate for a company at this scale. The 'caution' rating is editorial, not technical: voice cloning misuse is documented and ongoing, the consent verification flow is weaker than newsroom standards require, and AI audio carries publication risk that the tool itself cannot mitigate. Use the product with a policy in place, not before." }, { "name": "Elicit", "slug": "elicit", "url": "https://elicit.com", "tagline": "AI research assistant for academic literature. Searches 138 million papers, extracts data, synthesizes findings — every claim linked to the source sentence.", "category": "ai", "openSource": false, "whoItsFor": "Journalists who need to quickly find, evaluate, and synthesize academic research — background for health reporting, policy analysis, environmental stories, or any beat where peer-reviewed evidence matters. Elicit searches 138M+ papers from Semantic Scholar and 545,000+ clinical trials from clinicaltrials.gov. Unlike general-purpose AI tools, every claim is linked to the specific sentence in the source paper it came from.", "pricing": "Basic (free): 5,000 one-time credits, unlimited search, summaries of 4 papers at once, chat with 4 papers. Plus: $12/month ($10/month annual) — 4 reports/month. Pro: $49/month ($41.58/month annual) — 12 reports/month, 10 concurrent research alerts. Team: $79/user/month ($65/user/month annual) — 20 reports/month per user (pooled), 2-seat minimum. Enterprise: custom pricing, contact sales.", "freeOption": true, "editorialTake": "Elicit is the best AI tool for finding and synthesizing academic research. Not the fastest, not the cheapest — the most trustworthy. Every claim it generates links to the exact sentence in the source paper. That traceability is the entire value proposition for journalists who need to cite evidence accurately. The workflow: ask a research question, Elicit searches its database of 138M+ papers, surfaces relevant results, and generates structured summaries with inline citations. You can extract specific data points across papers (sample sizes, methodologies, outcomes) and build comparison tables. The Research Agents feature (launched December 2025) automates multi-step research workflows: competitive landscapes, systematic reviews, broad topic exploration. The tool grew out of Ought, a nonprofit research lab focused on AI reasoning. It's now a public benefit corporation — legally required to balance profit with social benefit. That structure, combined with the $22M Series A led by Spark Capital and Footwork at a $100M valuation, suggests a company trying to build a sustainable business without abandoning its research integrity roots. The limits: the free tier gives 5,000 one-time credits (not monthly), so it runs out. A 2025 study found Elicit missed 15% of relevant studies in systematic review testing — it's good, not perfect. It covers Semantic Scholar's corpus, which skews toward STEM and biomedical research. Social science and humanities coverage is thinner. For journalism, use it to build background quickly, identify key papers and researchers, and extract data across studies. Then verify independently.", "bestFor": "Background research on scientific and medical topics. Finding peer-reviewed evidence for policy stories. Extracting data across multiple studies (sample sizes, outcomes, methodologies). Identifying key researchers and papers on a beat. Building evidence tables for fact-checking.", "notFor": "Breaking news research (use Perplexity or web search). Social science and humanities topics with thin Semantic Scholar coverage. Replacing your own reading of primary sources — always read the key papers yourself. Definitive systematic reviews (it misses ~15% of relevant studies).", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States. Elicit is a public benefit corporation based in San Francisco.", "privacyPolicyTldr": "Elicit collects standard account data (name, email) and research queries. The company is a public benefit corporation with a legal obligation to consider social impact alongside profit. Research queries reveal what topics you're investigating. No published transparency report. The company does not appear to sell user data, but specific data retention and sharing policies require reviewing their full privacy policy.", "practicalMitigations": "Your research queries reveal what topics and angles you're investigating. For sensitive stories, consider whether query patterns could reveal an unpublished investigation. Use Elicit for background research on public topics, then switch to direct database searches (PubMed, Google Scholar) for sensitive follow-up queries. Verify every citation by reading the actual paper — Elicit links to source sentences, but always confirm context. Don't rely solely on Elicit for systematic reviews; it misses approximately 15% of relevant studies.", "owner": "Elicit PBC (public benefit corporation, San Francisco). Incubated at Ought, a nonprofit AI research lab. Now operates independently.", "fundingModel": "VC-backed. $31M total raised. $9M seed led by Fifty Years (September 2023). $22M Series A co-led by Spark Capital and Footwork (February 2025) at $100M valuation.", "businessModel": "Freemium SaaS with credit-based and subscription tiers. Free tier for adoption (5,000 one-time credits). Revenue from Plus ($12/mo), Pro ($49/mo), Team ($79/user/mo), and Enterprise subscriptions. 400,000+ monthly active researchers. Launched Elicit API in March 2026 for programmatic access.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "Public benefit corporation structure provides some alignment of incentives. HTTPS encryption in transit. U.S. jurisdiction. Research queries reveal your investigative interests, which is the primary privacy consideration. No published SOC 2 certification or independent security audit. Adequate for academic background research. Be mindful that query patterns could reveal unpublished story angles for sensitive investigations." }, { "name": "ExifCleaner", "slug": "exifcleaner", "url": "https://exifcleaner.com", "tagline": "Drag-and-drop metadata removal. No network access, no telemetry. Open source.", "category": "security", "additionalCategories": [ "verification" ], "openSource": true, "whoItsFor": "Journalists, activists, and researchers who need to strip metadata from photos, videos, and PDFs before publishing or sharing — without using the command line. ExifCleaner is a desktop GUI built on Electron that wraps ExifTool. Drag files or folders onto the window and metadata is gone. No terminal commands, no configuration.", "pricing": "Free and open-source (MIT license).", "freeOption": true, "editorialTake": "ExifCleaner is ExifTool with a drag-and-drop interface. Built by szTheory (GitHub handle) as an Electron app wrapping Phil Harvey's ExifTool, it does one thing: strip metadata from files. Drag a photo onto the window and GPS coordinates, camera serial numbers, timestamps, and software version tags are removed instantly. It supports JPEG, PNG, WebP, TIFF, GIF, MP4, MOV, M4A, PDF, and other formats. All processing happens locally — no network connections, no telemetry, no cloud uploads, no account. The app shows a before-and-after comparison of removed metadata, supports batch processing of entire folders, includes 24+ language translations, and respects system dark mode. MIT-licensed, source on GitHub (szTheory/exifcleaner). The Electron dependency adds size (~200MB installed) but provides cross-platform support on macOS, Windows, and Linux. For journalists who already use ExifTool on the command line, ExifCleaner adds nothing. For everyone else — reporters in the field, editors on deadline, non-technical contributors — it removes the barrier entirely. The key use case: stripping GPS coordinates and device identifiers from photos before publishing stories that could expose a source's location or device.", "bestFor": "Batch stripping metadata from photos and documents before publishing. Removing GPS coordinates that could reveal a source's location. Cleaning device serial numbers and timestamps from images shared with sources or uploaded to social media. Non-technical journalists who need ExifTool's capability without the command line.", "notFor": "Reading or analyzing metadata for verification or OSINT purposes — ExifCleaner removes metadata, it does not display it for investigation. For metadata extraction and analysis, use ExifTool directly. Also not a substitute for verifying image authenticity or detecting AI-generated content — use FotoForensics or InVID for that. Does not handle C2PA content credentials or IPTC provenance data beyond stripping them.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Local only. ExifCleaner runs entirely on your machine. No network connections, no cloud processing, no data transmission. Files never leave your device.", "privacyPolicyTldr": "ExifCleaner is a local desktop application. It makes zero network connections. No account, no telemetry, no analytics, no crash reporting. Open-source under MIT license — anyone can verify the code on GitHub. Your files stay on your machine.", "practicalMitigations": "ExifCleaner strips metadata from the original file by default. (1) Work on copies if you need to preserve originals for evidentiary purposes — metadata is forensic evidence. (2) Verify removal by re-opening the cleaned file in ExifTool or ExifCleaner's own before-and-after view. (3) Social media platforms strip most EXIF data on upload, but not all — strip before uploading for certainty. (4) ExifCleaner wraps ExifTool internally — keep the app updated to get ExifTool security patches (CVE-2026-3102 affected ExifTool on macOS). (5) For bulk newsroom workflows, ExifTool's command line is faster and scriptable; ExifCleaner is best for individual use.", "owner": "szTheory (independent open-source developer, GitHub)", "fundingModel": "Community open-source. No formal funding.", "businessModel": "None. Free open-source tool. No commercial entity, no investors, no paid tiers.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03", "relatedPrograms": [], "securityRating": "strong", "securityRatingNote": "Fully local processing — no network connections, no telemetry, no data exfiltration path. Open-source under MIT license, independently auditable. Wraps ExifTool, the industry-standard metadata engine maintained for 23+ years. The only attack surface is Electron's dependency chain and ExifTool's file parsing — both mitigated by keeping the app updated. One of the most trustworthy tools for journalists handling sensitive files." }, { "name": "ExifTool", "slug": "exiftool", "url": "https://exiftool.org", "tagline": "Read, write, and strip metadata from photos and files. All processing happens locally — no data leaves your machine.", "category": "verification", "additionalCategories": [ "security" ], "openSource": true, "threatLevel": "high-risk", "whoItsFor": "Journalists verifying photos and documents. OSINT researchers extracting GPS coordinates, camera models, timestamps, and software versions from files. Newsrooms that need to strip metadata before publishing sensitive images. Digital forensics teams building evidentiary timelines. Anyone working with C2PA content credentials or IPTC AI-generation labels.", "pricing": "Free.", "freeOption": true, "editorialTake": "ExifTool is the definitive metadata tool — full stop. It reads and writes metadata for 170+ file formats including every major camera RAW format (Canon CR2/CR3, Nikon NEF, Sony ARW, Fuji RAF). Extract GPS coordinates from a photo, identify the camera and lens, check the timestamp chain, read C2PA content credentials, inspect IPTC AI-generation labels, or strip all metadata before publishing. Phil Harvey has maintained it solo since 2003 — over 23 years of continuous development. He retired from Queen's University in 2020 and continues active development from retirement, with version 13.53 released March 2026. Everything runs locally. No network connections. This is the tool that other metadata tools are built on — Jeffrey's EXIF Viewer (discontinued 2024) used ExifTool under the hood, as does EXIF.tools and most forensic analysis platforms. The single-maintainer model is both a strength (consistency, deep expertise) and a risk (bus factor of one, no succession plan). For now, the release cadence shows no signs of slowing.", "bestFor": "Extracting GPS coordinates and timestamps from photos for geolocation verification. Identifying camera model and lens for source authentication. Reading C2PA content credentials and IPTC AI-generation metadata (supported since v13.40, October 2025). Stripping metadata before publishing sensitive images. Batch processing metadata across large file sets. Building forensic timelines from file creation and modification dates.", "notFor": "People who need a graphical interface (ExifTool is command-line only, though GUI wrappers like jExifToolGUI exist). It reads metadata, not image content — it won't detect visual manipulation or AI-generated imagery from pixel analysis. For that, use FotoForensics or InVID. ExifTool can read but not write C2PA content credentials — use Adobe's c2patool for that. Not a substitute for cryptographic provenance verification.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Local only. ExifTool runs entirely on your machine. No network connections, no cloud processing, no data transmission. Files never leave your device.", "privacyPolicyTldr": "ExifTool is a local command-line application distributed as a Perl script. It makes zero network connections. No account, no telemetry, no analytics, no crash reporting. Your files stay on your machine. This is as privacy-respecting as software gets.", "practicalMitigations": "Learn the core commands: 'exiftool photo.jpg' shows all metadata. 'exiftool -gps:all photo.jpg' extracts GPS. 'exiftool -all= photo.jpg' strips all metadata. 'exiftool -a -G1 photo.jpg' shows duplicate tags grouped by source. Always work on copies when stripping metadata from original evidence files — use '-overwrite_original' only when you know what you're doing. For macOS users: update to v13.50+ immediately to patch CVE-2026-3102. Avoid processing untrusted images with the -n flag on older versions. Install via Homebrew ('brew install exiftool') for easy updates.", "owner": "Phil Harvey (independent developer, retired Queen's University faculty)", "fundingModel": "Community open-source. Donations accepted via PayPal on exiftool.org.", "businessModel": "None. Free open-source tool maintained by Phil Harvey since 2003. No commercial entity, no investors, no paid tiers. Donations fund continued development.", "knownIssues": "CVE-2026-3102 (March 2026): Critical macOS vulnerability — malicious shell commands embedded in DateTimeOriginal metadata field execute when ExifTool runs with the -n flag. Fixed in v13.50. Update immediately. CVE-2021-22204: Arbitrary code execution via crafted DjVu files, affecting versions 7.44 through 12.23. This CVE was exploited in the wild against GitLab servers (CVE-2021-22205). Fixed in v12.24. Social media platforms (Instagram, Facebook, WhatsApp compression mode) strip EXIF data during upload — metadata extracted before upload may not match what recipients see. Single-maintainer project with no published succession plan; bus factor of one.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Fully local processing — no network connections, no data exfiltration path. Open-source Perl script, independently auditable, maintained for 23+ years with prompt CVE response (v13.50 patched CVE-2026-3102 within days). The only attack surface is processing malicious files, which is inherent to any metadata tool. Keep it updated. One of the most trustworthy tools available for journalists handling sensitive files." }, { "name": "Expertise Finder", "slug": "expertise-finder", "url": "https://expertisefinder.com", "tagline": "Search engine for university experts. Find faculty sources by topic across North American institutions for interviews and commentary.", "category": "newsgathering", "whoItsFor": "Journalists who need expert sources for stories and are tired of quoting the same three people. Reporters on deadline who need a credentialed academic in a specific field. Producers booking guests for broadcast segments. Science, health, policy, and education reporters who rely on faculty expertise.", "pricing": "Free for journalists to search. Universities pay for faculty listings and Kosmos directory software. No journalist-facing subscription required.", "freeOption": true, "editorialTake": "Expertise Finder is a searchable directory of university faculty across North America, built specifically to connect journalists with academic experts. Co-founded in 2011 by Stavros Rougas (a former CBC Radio journalist who got frustrated finding the right academics for interviews) and Ebrahim Ashrafizadeh (software engineer). The business model is straightforward: universities pay to list their faculty; journalists search for free. Over 2 million annual visitors. The platform also sells Kosmos, a white-label directory software that institutions deploy on their own domains. The value for journalists is speed — instead of cold-emailing department heads or browsing university websites, you search by topic and get faculty profiles with contact info and expertise areas. The limitation is coverage: only universities that pay to be listed appear in results. You won't find every expert in every field — just the ones at participating institutions. This creates a selection bias toward universities with PR budgets. For comprehensive expert sourcing, pair Expertise Finder with SciLine (free AAAS service), ProfNet/Cision, and direct university media relations offices. Based in Toronto.", "bestFor": "Finding credentialed academic sources on deadline. Discovering experts you wouldn't find through your existing network. Booking faculty for broadcast interviews. Sourcing across disciplines — sciences, humanities, social sciences, law, medicine.", "notFor": "Finding non-academic experts (industry practitioners, independent researchers, community leaders). Comprehensive sourcing — only participating universities are listed. International reporting outside North America. Investigative work where you need to verify an expert's credentials independently.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "Canada. Expertise Finder is based in Toronto, Ontario. Privacy and terms governed by Canadian law.", "privacyPolicyTldr": "Expertise Finder collects standard web analytics from journalist visitors. Faculty profiles are published with institutional consent. The platform does not require journalist accounts to search. Detailed privacy policy available on site. Data practices are minimal for end users — the primary data collection is from universities listing their faculty.", "practicalMitigations": "Cross-reference any expert's credentials independently before quoting them — listed expertise areas are self-reported or institution-reported. Check for conflicts of interest (industry funding, consulting relationships) that won't appear in the profile. Remember that results are limited to paying institutions — search university media offices directly for experts at non-participating schools. No journalist account required for basic searches, which means minimal data exposure on your end.", "owner": "Expertise Finder (Toronto, Ontario, Canada). Co-founded by Stavros Rougas and Ebrahim Ashrafizadeh in 2011. Privately held.", "fundingModel": "Bootstrapped. Originated from the VeloCity Garage incubator at University of Waterloo (2010).", "businessModel": "B2B SaaS. Universities pay for faculty listing services and Kosmos white-label directory software. Free for journalist end users. Revenue comes from institutional subscriptions, not journalist fees.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "Low-risk tool for journalists — no account required for searching, minimal personal data collection. Faculty data is published with institutional consent. Canadian jurisdiction with standard privacy protections. The main concern is not security but completeness: results are limited to paying institutions, which could bias your sourcing if you rely on it exclusively. Adequate for its purpose as a sourcing aid." }, { "name": "Factiva", "slug": "factiva", "url": "https://www.dowjones.com/professional/factiva/", "tagline": "Dow Jones's premium news and business research database — 32,000+ licensed sources across 200 countries and 28 languages, with deep archives and company intelligence.", "category": "newsgathering", "additionalCategories": [ "verification" ], "whoItsFor": "Business and investigative journalists, financial reporters, M&A and competitive-intelligence researchers, corporate communications teams, and academic libraries that need licensed full-text access to global business news and company filings.", "pricing": "Opaque enterprise pricing — Dow Jones does not publish list rates. Press Gazette reported individual subscriptions around $432/month. Vendr data shows enterprise contracts negotiated by seat count, content packages, and term length. Most newsroom and corporate buyers go through annual contracts. Academic access is bundled into ProQuest library subscriptions.", "freeOption": false, "editorialTake": "Factiva is the closest direct competitor to LexisNexis Nexis, and the two products split the professional news-research market. Factiva's edge is business and financial journalism. It aggregates 32,000+ licensed sources including The Wall Street Journal, Barron's, MarketWatch, Reuters, AP, Dow Jones Newswires, the Financial Times archive, and trade publications across 200 countries in 28 languages. More than 600 newswires update continuously. Company snapshots pull executives, financials, ownership, and competitor lists from Dow Jones data partners.\n\nThe platform pays publishers royalties for licensed content — a meaningful distinction from scraping-based news search. Smart Summaries, launched in the redesigned interface, runs generative AI over the content library to produce natural-language answers from cited articles. The classic Boolean search remains for power users who need precise queries.\n\nThe strengths are content depth and licensing clarity. For business investigations, M&A backgrounding, executive history, or tracing how a story developed across the financial press over decades, Factiva is the standard. WSJ archive access alone justifies the subscription for many business desks.\n\nThe weaknesses are pricing and access. Dow Jones publishes no list prices. Individual seats run $400+/month, enterprise contracts run into five and six figures annually, and there is no freelancer-friendly tier comparable to ExpertAccess for Nexis. The interface, while improved, still rewards trained researchers over casual users. Coverage of non-business news is competent but thinner than Nexis.\n\nOwnership matters. Factiva is wholly owned by Dow Jones & Company, which is owned by News Corp — Rupert Murdoch's media holding company. Journalists covering News Corp properties, conservative media, or Murdoch family business should know that their search queries flow through infrastructure owned by the subject. There is no public evidence Dow Jones surfaces individual user queries to News Corp editorial, but the corporate relationship is worth noting for sensitive reporting.\n\nFor business and financial journalism, Factiva is essential. For general investigative work, Nexis usually wins on breadth of public records. Many large newsrooms subscribe to both.\n", "bestFor": "Business and financial investigations, M&A research, executive backgrounding, tracing coverage of companies across decades of WSJ and trade press, monitoring global business news in multiple languages, due diligence on private and public companies, and accessing Dow Jones Newswires and Reuters archives in one place.", "notFor": "Freelancers and small newsrooms without enterprise budgets — there is no affordable individual tier. Real-time social media monitoring. Deep US public records work (Nexis Accurint is stronger here). Journalists covering News Corp or Murdoch family business who want their research queries to live outside Murdoch-owned infrastructure.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. Dow Jones & Company is headquartered in New York City. News Corp is incorporated in Delaware. Factiva infrastructure runs on Dow Jones-managed cloud systems.", "privacyPolicyTldr": "Dow Jones collects account data, search queries, documents accessed, and usage analytics. Enterprise customers can negotiate data handling and retention terms in their contracts. The Dow Jones privacy policy permits sharing within News Corp affiliates for business purposes. Factiva does not publicly disclose SOC 2 Type II certification status. Search history persists in user accounts unless cleared.\n", "practicalMitigations": "Use a dedicated work email for your Factiva account, not a personal address. Enable multi-factor authentication if your institution offers single sign-on. Clear search history and saved searches periodically. Do not save sensitive source names or investigation targets in saved-search alerts. If you are reporting on News Corp, Dow Jones, or Murdoch family business, run your most sensitive queries through a different research database. For institutional accounts, ask your administrator about data retention terms in the contract and whether queries are logged at the seat level. Treat Factiva search activity as discoverable by your employer in any internal review.\n", "owner": "Dow Jones & Company, a wholly owned subsidiary of News Corp (NASDAQ: NWSA, NWS). News Corp is controlled by the Murdoch family through the Murdoch Family Trust. Factiva began in 1999 as a Reuters–Dow Jones joint venture; Dow Jones bought out Reuters in 2006, and News Corp acquired Dow Jones in 2007.", "fundingModel": "Subsidiary of a publicly traded media conglomerate. News Corp reported $9.6 billion in fiscal 2024 revenue. Dow Jones is News Corp's largest and most profitable segment. Factiva is one of Dow Jones's enterprise products alongside Dow Jones Risk & Compliance and Dow Jones Newswires.", "businessModel": "Enterprise SaaS subscriptions, per-seat licensing, and API access. Revenue from financial institutions, law firms, corporations, newsrooms, government agencies, and academic libraries. Factiva pays royalties to licensed publishers — a contractual revenue model rather than a scraping or fair-use model. Approximately 900,000 users globally.", "knownIssues": "Pricing opacity: Dow Jones publishes no standard pricing for Factiva. Costs are negotiated individually and vary widely by seat count, content packages, and contract term. This favors institutional buyers and excludes most independent journalists.\n\nNews Corp ownership: Factiva is owned by News Corp, controlled by the Murdoch family. There is no public evidence of editorial interference with research queries, but the corporate relationship creates a conflict for journalists investigating News Corp properties, Murdoch family business, or Dow Jones itself. Search activity flows through Murdoch-owned infrastructure.\n\nNo freelancer tier: Unlike Nexis, which has the ExpertAccess.org program at $26/month for journalists, Factiva offers no comparable individual access path. Independent reporters generally cannot afford it.\n\nInterface learning curve: The redesigned Factiva interface and Smart Summaries improve discoverability, but power users still need Boolean syntax and field operators to get the most out of the platform. Casual users often miss relevant content because their queries are too broad or too narrow.\n\nCoverage gaps: Factiva is strongest in business and financial news. Coverage of local US news, court records, and public records is thinner than Nexis. Many investigative newsrooms subscribe to both products to cover the gaps.\n\nNo public SOC 2 disclosure: Dow Jones maintains enterprise security controls but does not publicly disclose SOC 2 Type II certification status. Enterprise customers must request compliance documentation through sales.\n", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-07", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "Factiva runs on Dow Jones enterprise infrastructure with encryption in transit and at rest, role-based access, and standard logging. There is no public record of a major Factiva breach. The platform has not publicly disclosed SOC 2 Type II status, and pricing opacity makes it difficult for individual researchers to negotiate data handling terms. The bigger trust consideration is corporate: Factiva is owned by News Corp, which means search queries flow through Murdoch-controlled infrastructure. Rating reflects standard enterprise security with a meaningful corporate-conflict caveat for journalists covering News Corp or Murdoch family interests.\n" }, { "name": "Factiverse", "slug": "factiverse", "url": "https://factiverse.ai", "tagline": "AI-powered fact-checking and claim verification for newsrooms. Checks claims against source databases in real time, built specifically for editorial workflows.", "category": "verification", "openSource": false, "builtForJournalism": true, "threatLevel": "baseline", "whoItsFor": "Newsrooms, editors, and fact-checkers who need to verify claims at speed. Particularly useful for election coverage, live events, and high-volume publishing where manual fact-checking can't keep pace. Also relevant for researchers and NGOs monitoring misinformation.", "pricing": "Enterprise/newsroom licensing — pricing not publicly listed. Contact sales for quotes. Previously offered API access for integration into editorial workflows. Free trials available for evaluation.", "freeOption": false, "editorialTake": "Factiverse is one of the few AI fact-checking tools actually built for newsrooms rather than retrofitted from a content marketing product. Founded in Norway in 2019, it's been used by NRK (Norway's state broadcaster) for election coverage and by Viestimedia in Finland. The tool checks claims against a database of verified sources and flags potential misinformation with source citations. The journalism-specific angle is real — this isn't a generic AI wrapper. The limitation is that AI fact-checking still requires human judgment. Factiverse surfaces evidence and flags contradictions, but it cannot replace an experienced fact-checker's contextual understanding. It's a force multiplier, not an autopilot. The company has raised about $3.75M total through 2024, is based in Norway (good jurisdiction for data protection), and is expanding into automated research tools for journalists. Small team, niche focus, early-stage — which means you're betting on their continued existence. For newsrooms that process high volumes of claims (election desks, wire services), this fills a real gap. For a solo journalist checking one story a week, it's overkill.", "bestFor": "Newsroom fact-checking desks processing high claim volumes. Election coverage and live event verification. Editorial teams integrating automated claim-checking into CMS workflows. Wire services and aggregators that need to verify sourced claims at scale.", "notFor": "Solo journalists who fact-check manually and don't need automation. General plagiarism detection (use Copyscape instead). Source verification for investigative work where claims aren't the issue — documents and identities are. Anyone needing a free tool — this is enterprise-priced.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "Norway (Factiverse AS, registered in Stavanger). Data processed under Norwegian and EU data protection law (GDPR). Norwegian jurisdiction is among the strongest in Europe for privacy protection. No US legal exposure unless explicitly agreed.", "privacyPolicyTldr": "Norwegian company subject to GDPR. Claims submitted for verification are processed to return results — retention policies not publicly detailed. Enterprise contracts likely include custom data handling agreements. No advertising model. No indication of training on customer data, but confirm with vendor for sensitive editorial content.", "practicalMitigations": "Confirm data retention terms in your enterprise agreement before submitting sensitive unpublished claims. Don't submit source-identifying information through the verification pipeline. Use for published or near-published claims, not raw investigative material. Review the API integration terms if connecting to your CMS — understand what's logged.", "owner": "Factiverse AS", "fundingModel": "Venture-backed. Raised approximately $3.75M across 4 rounds through 2024, including a €1M seed round in June 2024. Investors include Defence Innovation Accelerator for the North Atlantic (DIANA), Herfo, and Stadiem among 17 total investors.", "businessModel": "Enterprise SaaS licensing to newsrooms and media organizations. API access for CMS integration. Revenue from subscription contracts with media companies. No advertising, no data resale.", "knownIssues": "Small company with limited funding — long-term viability depends on continued investment or revenue growth. AI fact-checking has inherent limitations: it can surface contradictions and source evidence, but cannot reason about context or intent the way a human editor can. Not widely adopted outside Nordics yet. Pricing opaque — no self-serve option for smaller newsrooms. Claims database coverage may be weaker for non-English, non-European sources.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "Norwegian company under GDPR jurisdiction — strong legal framework for data protection. Encryption in transit confirmed. Specific data retention and at-rest encryption details not publicly documented, which is typical for enterprise-only products. No known breaches or privacy incidents. The Norwegian jurisdiction and journalism-specific focus are positive signals, but the lack of public security documentation means you should verify terms contractually before submitting sensitive editorial content." }, { "name": "Fathom", "slug": "fathom", "url": "https://fathom.video", "tagline": "AI meeting recorder and note-taker. Free tier with unlimited recordings. HIPAA, SOC 2 Type II, and GDPR compliant.", "category": "writing", "openSource": false, "whoItsFor": "Journalists who conduct interviews over video calls and need accurate transcripts. Editors managing multiple meetings who want auto-generated summaries and action items. Newsroom managers who need searchable records of editorial meetings. Anyone tired of taking notes during calls.", "pricing": "Free: unlimited recordings, unlimited storage, AI summaries, transcription. Premium: $15/user/month annual ($19/month monthly) — CRM integrations, custom vocabulary, advanced AI features. Team Edition: $19/user/month annual — shared recordings, team-wide search, admin controls. Team Edition Pro: $29/user/month annual — advanced team features. Recent 27% price increase on paid tiers.", "freeOption": true, "editorialTake": "Fathom's free tier is unusually generous — unlimited recordings, unlimited storage, transcription, and AI summaries at no cost. That alone makes it worth evaluating. The tool records both audio and video during Zoom, Google Meet, and Microsoft Teams calls, then generates transcripts, summaries, and highlights you can share or clip. Fathom joins meetings as a visible bot participant, which means everyone in the meeting knows it's recording — that transparency is important for journalistic ethics, but it also means some sources may decline to speak freely. Founded by Richard White (CEO), Fathom has raised $30M including a $17M Series A in September 2024. The company is HIPAA, SOC 2 Type II, and GDPR compliant — a strong compliance posture for a tool in this category. Fathom states it does not train AI on your data. Recordings are private by default and only accessible to you unless shared. For on-the-record interviews where you need a searchable transcript, Fathom is excellent. For off-the-record or sensitive source conversations, don't use any cloud-based recorder.", "bestFor": "Transcribing on-the-record video interviews. Generating searchable meeting archives for editorial planning. Creating shareable highlights and clips from calls. Auto-summarizing editorial meetings and standups.", "notFor": "Off-the-record or sensitive source conversations (recordings are cloud-stored, and the bot is visible to all participants). Audio-only phone interviews (requires Zoom, Google Meet, or Teams). Environments where a recording bot would inhibit candid discussion. Situations requiring one-party consent recording — the visible bot announces its presence.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (Fathom Video, Inc.). HIPAA, SOC 2 Type II, and GDPR compliant. Has passed Zoom's security review process. Recordings stored on Fathom's cloud infrastructure.", "privacyPolicyTldr": "Account required. Recordings are private by default — only you can access them unless you share. Fathom does not train AI models on your meeting data. Data is deleted upon account closure. No third-party cookies. HIPAA, SOC 2 Type II, and GDPR compliant. Encryption in transit and at rest with continuous monitoring and regular third-party security testing. Not end-to-end encrypted — Fathom processes audio server-side for transcription.", "practicalMitigations": "Never use Fathom for off-the-record conversations or meetings with sensitive sources — recordings are cloud-stored. Inform all meeting participants that Fathom is recording (the bot is visible, but verbal confirmation is good practice). Review and delete recordings you no longer need. Use the sharing controls to limit who can access recordings. For sensitive interviews, record locally with a dedicated audio recorder instead.", "owner": "Fathom Video, Inc., United States. Founded by Richard White (CEO).", "fundingModel": "Venture-backed. $30.2M total raised from 75 investors. $17M Series A (September 2024) led by Telescope Partners, with Maven Ventures and Character participating. Earlier investors include FN Fund, ACTAI Ventures, and Sangha Capital.", "businessModel": "Freemium SaaS. Revenue from Premium, Team Edition, and Team Edition Pro subscriptions. The generous free tier drives adoption; paid tiers add CRM integrations, team features, and admin controls.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "Strong compliance posture: HIPAA, SOC 2 Type II, GDPR compliant, and Zoom-security-reviewed. Encryption in transit and at rest, no third-party cookies, no AI training on user data. Recordings are private by default. The main risk is inherent to the category — all recordings are cloud-stored, and a visible bot joins every call. Appropriate for on-the-record interviews and editorial meetings. Not appropriate for sensitive source conversations." }, { "name": "Felt", "slug": "felt", "url": "https://felt.com", "tagline": "Collaborative web mapping platform. Build, share, and analyze geographic data in the browser — no GIS degree required.", "category": "data", "openSource": false, "whoItsFor": "Journalists and newsroom teams who need to build maps collaboratively without desktop GIS software. Particularly useful for data reporters working on election maps, disaster coverage, environmental investigations, or any story where geography is central. Non-technical reporters can draw on maps and annotate; data journalists can upload shapefiles, GeoJSON, and CSVs for analysis.", "pricing": "Free: personal maps, limited features. Team: $200/month annually ($250/month monthly) — 25GB data hosting, up to 3 editors, teams up to 25 people. Enterprise: custom pricing — database connections (Postgres, Snowflake, AWS, Databricks), dashboards, API access, JavaScript SDK. Free for educational and classroom use. Discounted pricing for nonprofits.", "freeOption": true, "editorialTake": "Felt is the closest thing to Google Docs for maps. You open a browser, upload data or draw on the map, and share a link. That simplicity is the product. Traditional GIS tools like QGIS and ArcGIS are powerful but require installation, training, and patience. Felt skips all of that. It handles large datasets well, supports real-time collaboration, and produces clean, embeddable maps. The Washington Post lists Felt-style collaborative mapping among the skills its visual journalists need. For newsrooms covering elections, climate, or breaking disaster stories, the ability to have multiple reporters annotating a shared map simultaneously is genuinely useful. The tradeoff: Felt is cloud-only. Your geographic data lives on their servers (AWS, U.S.-hosted). For public data — election results, census tracts, environmental monitoring — that's fine. For sensitive investigations involving source locations or unpublished geographic intelligence, you want QGIS on a local machine instead. Felt is SOC 2 Type II certified and GDPR compliant, which puts it ahead of most mapping tools on the trust dimension.", "bestFor": "Collaborative newsroom mapping. Election results, disaster response, environmental data, census analysis, any project where multiple reporters need to view and annotate geographic data together. Embedding interactive maps in stories.", "notFor": "Sensitive investigations where geographic data reveals sources or unpublished story angles. Advanced spatial analysis that requires desktop GIS (raster processing, topology, complex geoprocessing). Offline work — Felt requires internet. Budget-constrained newsrooms that can't justify $200/month for the Team plan.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. Hosted on Render and Amazon Web Services (AWS). All servers are in the U.S. GDPR compliant for EU users. SOC 2 Type II certified.", "privacyPolicyTldr": "Felt collects name, email, and password. All data is encrypted in transit and at rest. Credentials are encrypted at rest. Employees use multi-factor authentication to access internal systems. Felt does not operate its own servers. The company has SOC 2 Type II certification and GDPR compliance. CCPA compliant. Limited personal data collection. No indication of selling user data to third parties.", "practicalMitigations": "For public data projects, Felt is well-suited as-is. For sensitive geographic data — source locations, unpublished investigation coordinates — use QGIS locally instead. Review sharing permissions before publishing maps. Use the Team plan's access controls for multi-reporter projects. Export and back up critical map data locally.", "owner": "Felt Inc. (private, San Francisco). Founded by Sam Hashemi (previously co-founded Remix, acquired by Via for $100M) and Can Duruk.", "fundingModel": "VC-backed. $34M total raised. $4.5M seed led by Bain Capital Ventures. $15M Series A led by Footwork with Bain Capital Ventures, Moxxie Ventures, Designer Fund. $15M additional round led by Energize Capital. Angel investors include Dylan Field (Figma CEO), Akshay Kothari (Notion COO), John Lily (former Firefox CEO).", "businessModel": "Freemium SaaS. Free personal tier for adoption. Revenue from Team ($200-250/month) and Enterprise plans. Free for education. Discounted for nonprofits.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "strong", "securityRatingNote": "SOC 2 Type II certified and GDPR compliant — unusual for a mapping tool at this stage. Encryption in transit and at rest. U.S. jurisdiction with AWS hosting. MFA required for employee access to internal systems. The cloud-only model means your data lives on their servers, but the security posture is genuinely strong for a Series A company. Appropriate for public data journalism. Use local GIS tools for investigations involving sensitive geographic intelligence." }, { "name": "Firefox", "slug": "firefox", "url": "https://www.mozilla.org/firefox/", "tagline": "The only major browser not built on Google's engine. Enhanced Tracking Protection, Total Cookie Protection, and fingerprint resistance on by default.", "category": "security", "openSource": true, "threatLevel": "baseline", "whoItsFor": "Every journalist. Firefox should be your default daily browser — the one non-Chromium option that doesn't require you to trust Google's rendering engine.", "pricing": "Free", "freeOption": true, "editorialTake": "Firefox is the last major browser independent of Google's Chromium engine. That alone makes it structurally important. Enhanced Tracking Protection blocks third-party trackers, fingerprinting scripts, and cryptominers by default. Total Cookie Protection isolates cookies per-site, killing cross-site tracking at the storage layer. Mozilla says it has blocked over 1 trillion tracking attempts. Firefox 142+ added canvas fingerprinting noise injection — randomizing image data so trackers can't build a unique profile from your GPU. That cut trackable users by roughly half. DNS over HTTPS encrypts domain lookups. HTTPS-Only Mode forces secure connections. Copy Clean Link strips tracking parameters from URLs you copy. These are real, measurable protections. But Mozilla is in trouble. Market share fell from 31.8% peak (2009) to roughly 2.5% globally in late 2025. Revenue depends almost entirely on a Google search deal (~$570M/year, 85% of revenue) that expires end of 2026. In December 2025, new CEO Anthony Enzor-DeMeo announced an 'AI-first' pivot that triggered immediate backlash from the privacy-focused user base. Mozilla promised an AI kill switch but delayed it to Q1 2026. Then in February 2025, updated Terms of Service removed the pledge 'we don't sell access to your data' and added broad data licensing language — Mozilla rewrote the terms after backlash but the trust damage was real. Firefox remains the right daily driver for journalists. But watch Mozilla's direction closely. If the AI pivot continues to erode the privacy-first identity, Brave becomes the obvious alternative.", "bestFor": "Daily web browsing with strong default privacy protections. The baseline browser recommendation for all journalists who want meaningful privacy without sacrificing usability.", "notFor": "High-risk anonymous browsing (use Tor Browser). If you want aggressive ad-blocking out of the box without extensions, Brave does that natively. Some Chromium-dependent web apps still work better in Chrome or Brave, though this is increasingly rare.", "encryptionInTransit": "yes", "encryptionAtRest": "partial", "dataJurisdiction": "United States (Mozilla Corporation, subsidiary of Mozilla Foundation). Firefox collects limited telemetry by default — interaction data and technical data. All telemetry can be disabled in Settings > Privacy & Security. No content data is collected without explicit opt-in.", "privacyPolicyTldr": "Mozilla collects limited telemetry for product improvement, which can be fully disabled. Enhanced Tracking Protection and Total Cookie Protection block cross-site tracking by default. Mozilla uses OHTTP to hide user IP addresses for search suggestions. Data retained for no more than 25 months. February 2025 Terms of Service update removed the 'we don't sell your data' pledge and added broad data licensing language. Mozilla rewrote the terms after backlash, clarifying the license covers only 'doing as you request with content you input.' Mozilla says it doesn't sell data in the traditional sense but acknowledged some jurisdictions define 'sell' more broadly.", "practicalMitigations": "Enable HTTPS-Only Mode (Settings > Privacy & Security). Install uBlock Origin — Firefox is the last major browser with full Manifest V2 extension support, which means uBlock Origin works at full capability here and nowhere else. Disable telemetry (Settings > Privacy & Security > Firefox Data Collection — uncheck all boxes). Use Firefox Multi-Account Containers to isolate work, personal, and source browsing. Enable DNS over HTTPS (Settings > Privacy & Security > DNS over HTTPS). Turn on Global Privacy Control. For password management, pair with Bitwarden or 1Password rather than the built-in manager.", "owner": "Mozilla Corporation (subsidiary of Mozilla Foundation, a 501(c)(3) nonprofit)", "fundingModel": "~85% of revenue (~$570M/year) comes from the Google default search deal, which expires end of 2026. Remainder from Mozilla VPN, Relay, and other paid services. Mozilla Foundation receives separate grants and donations. The Google deal creates an existential dependency — if it ends or shrinks, Mozilla's ability to fund Firefox development is directly threatened.", "businessModel": "Free browser. Revenue from search partnerships, Mozilla VPN ($4.99-9.99/mo), Firefox Relay, and MDN Plus. No advertising in the browser itself. The December 2025 AI-first pivot signals Mozilla is looking for new revenue streams, likely AI-powered features and services.", "knownIssues": "Mozilla's December 2025 AI-first pivot under new CEO Anthony Enzor-DeMeo triggered significant backlash from the privacy-focused user base. Users chose Firefox specifically to avoid AI integration in Chrome (Gemini), Edge (Copilot), and Arc. The promised AI kill switch was delayed to Q1 2026. February 2025 Terms of Service update removed Mozilla's pledge not to sell user data and added broad data licensing language — rewritten after backlash but trust was damaged. Market share has declined to ~2.5% globally (5.3% desktop), down from 31.8% peak. Google search deal (85% of revenue) expires end of 2026 — creates existential funding risk. Firefox 149 (March 2026) patched 37 vulnerabilities including 6 sandbox escapes and 16 high-severity CVEs. In February 2026, Anthropic's Claude found 22 Firefox vulnerabilities in two weeks, more than were reported in any single month of 2025. 2025 saw 187 total CVEs. The vulnerability count is high but Mozilla's patch cadence is fast — updates ship on a 4-week cycle.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Open-source, nonprofit-backed, strong default tracking protection with Total Cookie Protection and fingerprint resistance. The only major browser independent of Google's Chromium engine. Regular 4-week security update cycle. Full Manifest V2 extension support (uBlock Origin works here, not in Chrome). Rating holds despite Mozilla's AI pivot controversy and Terms of Service missteps — the browser's actual privacy architecture remains best-in-class for a mainstream daily driver. Watch the AI integration closely." }, { "name": "Flourish", "slug": "flourish", "url": "https://flourish.studio", "tagline": "Interactive data visualization and scrollytelling — 50+ templates, no code required.", "category": "data", "additionalCategories": [ "data" ], "openSource": false, "builtForJournalism": false, "whoItsFor": "Journalists and newsrooms building interactive charts, animated bar chart races, projection maps, and scrollytelling narratives without writing code. Used by BBC World Service, Sky News, and hundreds of newsrooms via the Google News Initiative partnership.", "pricing": "Free tier (public projects, Flourish branding). Presenter tier bundled with Canva Business/Enterprise. Publisher and Enterprise tiers are custom-quoted — contact sales. No posted per-seat prices.", "journalistDiscount": "Free premium accounts for qualifying newsrooms through Google News Initiative. Apply at flourish.studio/newsrooms with a registered Flourish account. Includes private projects, custom templates, and shared folders.", "freeOption": true, "editorialTake": "Flourish is the best no-code tool for interactive, narrative-driven data visualization. Datawrapper is faster for daily charts; Flourish is better for storytelling — scrollytelling, animated sequences, and guided narratives. The Google News Initiative partnership keeps it free for newsrooms, which is a genuine advantage. The Canva acquisition (2022) changed the ownership picture. Canva's default privacy settings opt free-tier users into AI training on uploaded content. That's a real concern for journalists uploading sensitive datasets. Teams/Business/Enterprise accounts are exempt from AI training, but free-tier users must manually opt out in Canva privacy settings. Free-tier projects are public and duplicable by any Flourish user — not acceptable for unpublished investigative data.", "bestFor": "Interactive charts, scrollytelling narratives, animated bar chart races, and projection maps. Turning a spreadsheet into a guided visual story without code.", "notFor": "Quick daily charts for article embeds (Datawrapper is simpler and faster). Custom or highly bespoke visualizations (use D3.js or Observable). Anything requiring data to stay private on the free tier — all free projects are public and duplicable.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "AWS (global). Flourish hosted on AWS Elastic Beanstalk with encrypted Postgres database. Canva's broader infrastructure spans AWS regions globally — no option to pin data to a specific jurisdiction.", "privacyPolicyTldr": "Canva's privacy policy governs Flourish. Free-tier users are opted into AI training on uploaded content by default — you must manually toggle this off in Canva privacy settings. Canva Teams, Business, Enterprise, and Education accounts are exempt from AI training and cannot be opted in. Deleted projects are soft-deleted with a grace period before hard removal; request permanent deletion via hello@flourish.studio. Free-tier visualizations are publicly discoverable and duplicable by other users.", "practicalMitigations": "Never upload raw source data to free-tier Flourish — aggregate or anonymize first, since all free projects are public and duplicable. Opt out of AI training immediately in Canva privacy settings (Settings > Privacy > toggle off both 'general usage' and 'content usage' for AI). For sensitive work, use a paid tier or the free GNI newsroom account, which provides private projects. Strip identifying columns before upload. Consider Datawrapper for quick charts with sensitive data — it has a cleaner privacy posture.", "owner": "Canva (acquired Flourish in 2022). Founded 2016 by Duncan Clark and Robin Houston in London. All 44 employees joined Canva at acquisition.", "fundingModel": "Canva revenue. Google News Initiative subsidizes free newsroom tier.", "businessModel": "Freemium. Free tier with Flourish branding and public projects. Presenter tier bundled with Canva Business/Enterprise subscriptions. Publisher and Enterprise tiers are custom-quoted with team collaboration, SSO, scrollytelling, live data API, and SLAs.", "knownIssues": "Free-tier projects are publicly discoverable and duplicable — any Flourish user can clone your visualization and its underlying data. Canva's default privacy settings opt free users into AI training on uploaded content; must be manually disabled. No WCAG AA certification — Flourish says conventional WCAG guidelines don't map well to interactive visualizations, so accessibility depends on user choices (color palette, alt text, annotations). Deleted data is soft-deleted with a retention period, not immediately purged. Scrollytelling is restricted to Publisher and Enterprise tiers. The flourishcharts open-source packages (Python/R, launched August 2024) are separate from the web editor and don't inherit its privacy model.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "relatedPrograms": [ "flourish-newsrooms" ], "securityRating": "adequate", "securityRatingNote": "Encrypted infrastructure on AWS with Postgres encryption at rest. The Canva ownership is the main concern: free-tier users are opted into AI training by default, and free projects are public and duplicable. Paid tiers and GNI newsroom accounts get private projects and are exempt from AI training. Adequate for most newsroom work on paid/GNI tiers; use caution on the free tier with any data you wouldn't publish." }, { "name": "FOIA.gov", "slug": "foia-gov", "url": "https://www.foia.gov", "tagline": "The federal government's centralized portal for submitting Freedom of Information Act requests to any federal agency.", "category": "newsgathering", "whoItsFor": "Journalists filing FOIA requests with federal agencies. Investigative reporters who need records from multiple agencies without navigating each one's separate request system. Researchers, lawyers, and advocacy organizations seeking federal government documents. Anyone who wants to find FOIA reading rooms where agencies post previously released records.", "pricing": "Completely free. FOIA requests themselves are free to submit, though agencies may charge duplication fees for large document productions. Fee waivers are available for journalists and news media representatives under the statute.", "freeOption": true, "editorialTake": "FOIA.gov is the Department of Justice's centralized portal for the Freedom of Information Act. It lets you submit requests to over 100 federal agencies from a single interface, search agency FOIA libraries for previously released records, and look up agency FOIA contacts and processing statistics. The portal itself is straightforward — pick an agency, describe what you want, submit. The hard part is not the portal; it is the federal bureaucracy behind it. Response times vary wildly by agency: some respond in weeks, others take years. The portal does not fix that. What it does fix is discoverability. Before FOIA.gov consolidated things, you had to find each agency's individual submission process, which ranged from web forms to fax numbers. Now there is one place. The annual report data is genuinely useful for journalists — you can see which agencies are the worst bottlenecks, how many requests are pending, and how often exemptions are invoked. For serious FOIA work, pair this portal with MuckRock (which tracks requests and handles appeals) and the FOIA Project from TRAC (which tracks FOIA litigation). FOIA.gov is the front door; those tools help you when the door gets stuck.", "bestFor": "Submitting FOIA requests to any federal agency from one portal. Finding agency FOIA reading rooms with previously released documents. Looking up agency FOIA contact information and submission requirements. Reviewing annual FOIA report data — processing times, backlogs, exemption usage by agency. Understanding which agencies handle requests fastest.", "notFor": "State and local public records requests (each state has its own process — use MuckRock for multi-state requests). Tracking your request status after submission (some agencies have their own tracking systems, but FOIA.gov does not provide unified status tracking). Speeding up slow agencies. FOIA litigation tracking (use the FOIA Project for that). Non-US government records.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. Operated by the Department of Justice, Office of Information Policy. Hosted on federal government infrastructure.", "privacyPolicyTldr": "Federal government website subject to federal privacy laws and OMB policies. Collects standard web analytics (IP address, browser type, pages visited). FOIA requests themselves become federal records — your name, the agency you filed with, and the subject of your request are logged. Agencies may publish logs of FOIA requests received. No commercial tracking or advertising.", "practicalMitigations": "Your FOIA request is a federal record and may be publicly logged by the receiving agency — this means anyone can see what you asked for. If investigating sensitive topics, consider whether the request itself reveals your reporting direction. Use general language in request descriptions where possible. For sensitive investigations, consider having a researcher or lawyer file on your behalf. Pair with MuckRock for request tracking, appeal templates, and collaboration features that FOIA.gov does not provide. Check agency reading rooms first — the records you need may already be publicly available.", "owner": "U.S. Department of Justice, Office of Information Policy", "fundingModel": "Federally funded. Operated by the Department of Justice as a statutory requirement under the OPEN Government Data Act.", "businessModel": "Government service. No revenue model. Exists to fulfill the federal government's obligation under the Freedom of Information Act (5 U.S.C. § 552) to provide public access to government records.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "strong", "securityRatingNote": "Federal government website operated by the Department of Justice on government infrastructure. HTTPS throughout. Subject to federal cybersecurity standards (FISMA, FedRAMP). No commercial tracking or advertising. The main consideration is not technical security but operational privacy: your FOIA requests are federal records that may be publicly logged, which can reveal your reporting interests to the agency you are investigating and to anyone who reviews FOIA logs." }, { "name": "FotoForensics", "slug": "fotoforensics", "url": "https://fotoforensics.com", "tagline": "Error-level analysis for detecting image manipulation. Upload a photo, see where it was edited.", "category": "verification", "whoItsFor": "Journalists, fact-checkers, and OSINT researchers who need to assess whether an image has been digitally altered. Verification desks doing triage on suspect photos. Newsroom trainers teaching image forensics basics.", "pricing": "Free public site. FotoForensics Lab (paid) uses prepaid upload credits: $5 for 10 uploads ($0.50 each) down to $100 for 800 uploads ($0.125 each). No monthly subscription.", "freeOption": true, "editorialTake": "FotoForensics is the most widely used free ELA tool on the web, and it does exactly one thing well: it highlights regions of a JPEG that were saved at different compression levels, which is a reliable indicator of copy-paste edits and composites. It also extracts full EXIF metadata — camera model, GPS coordinates, editing software — which is often more revealing than the ELA itself. Dr. Neal Krawetz built FotoForensics as an educational tool, and it shows: every analysis page explains what you're seeing, not just what the algorithm found. The critical limitation is that ELA was designed for a pre-AI world. It catches Photoshop edits to JPEGs. It does not reliably detect AI-generated images from DALL-E, Midjourney, or Stable Diffusion, because those images have uniform compression artifacts — there's nothing for ELA to flag. A 2026 comparative study of forensic tools found that FotoForensics and similar forensic platforms have high recall but poor specificity, meaning they catch edits but also produce false positives. AI classifiers show the inverse pattern. Neither category alone is reliable. Use FotoForensics as one step in a multi-tool verification workflow, never as the final word.", "bestFor": "Detecting Photoshop composites and copy-paste edits in JPEGs. Extracting EXIF metadata (camera, GPS, software). Training journalists in image forensics fundamentals. Quick triage on suspect images before deeper analysis.", "notFor": "Detecting AI-generated images — ELA cannot distinguish DALL-E/Midjourney/Stable Diffusion output from real photos. Batch processing. PNG-only files (ELA depends on JPEG compression artifacts). Definitive forensic conclusions — ELA is an indicator, not proof. High-volume newsroom workflows without Lab credits.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States. Operated by Hacker Factor Solutions (Colorado).", "privacyPolicyTldr": "The public site has no login and no privacy guarantee. All uploaded images become part of a research archive used to develop better algorithms. Uploads are viewable by site administrators and research partners. The paid Lab service is different: uploads are not shared, not used for research, and auto-deleted after one day of inactivity. Do not upload source-identifying images to the public site.", "practicalMitigations": "Strip EXIF metadata from sensitive images before uploading (use ExifTool locally). Use the paid Lab service for any source-sensitive material — it deletes files after 24 hours and excludes uploads from the research archive. Never upload images that could identify a confidential source to the public site. Cross-reference ELA results with at least one other technique (reverse image search, metadata analysis, or an AI classifier like Hive Moderation or Illuminarty).", "owner": "Hacker Factor Solutions (Dr. Neal Krawetz, Colorado, United States)", "fundingModel": "Self-funded independent project by Dr. Neal Krawetz, a computer security researcher and expert witness in digital forensics. No VC funding, no corporate parent.", "businessModel": "Free public tool subsidized by paid Lab upload credits, consulting, training, and expert witness services. No ads, no data sales.", "knownIssues": "ELA is fundamentally unable to detect AI-generated images (DALL-E, Midjourney, Stable Diffusion) because AI output has uniform compression — there are no spliced regions for ELA to find. A 2026 comparative study found forensic tools like FotoForensics have high recall but poor specificity (many false positives). ELA effectiveness drops on heavily re-compressed images, screenshots, and images that have been resized or re-saved multiple times. PNG files produce minimal ELA signal because PNG uses lossless compression. Google Pixel phones apply AI processing to every photo and label it as AI-modified in metadata, causing forensic tools including FotoForensics to flag legitimate photos. The public site stores all uploads indefinitely in a research archive — this is a privacy risk for sensitive journalism. File size limit is 10 MB; images must be between 100x100 and 10,000x10,000 pixels. Supports JPEG, PNG, WebP, HEIC, and AVIF.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "Useful triage tool with a clear scope. The public site's indefinite image retention and lack of privacy controls are the main concern — uploaded images join a research archive visible to administrators and partners. The paid Lab service addresses this with auto-deletion and no research sharing. Standard HTTPS in transit. For sensitive verification work, use offline ELA tools or the paid Lab service instead of the public site." }, { "name": "Gamma", "slug": "gamma", "url": "https://gamma.app", "tagline": "AI presentation builder. Generates slides from text prompts. 70M+ users, $100M ARR, $2.1B valuation.", "category": "writing", "openSource": false, "whoItsFor": "Journalists, editors, and newsroom managers who need to build presentations fast — pitch decks, story proposals, conference talks, training materials. Freelancers presenting to clients. Anyone who dreads PowerPoint but needs professional-looking slides.", "pricing": "Free: 400 AI credits, Gamma branding on exports. Plus: $8/month annual ($10/month monthly) — unlimited AI, no branding, advanced image models. Pro: $15/month annual ($20/month monthly) — premium AI models, custom branding, analytics, API access, 10 custom domains. Ultra: introductory pricing — most advanced AI models, 100 custom domains, Studio Mode, early access features.", "freeOption": true, "editorialTake": "Gamma turns text prompts into polished presentations using 'cards' — responsive content blocks that break from the rigid 16:9 slide format. It's genuinely fast: describe what you want, and Gamma produces a working deck in seconds. The 3.0 update (September 2025) added an AI agent that does web research with citations, instant restyling, and deck feedback. The founding team (Grant Lee, Jon Noronha, James Fox) all came from Optimizely, which shows in the product's polish. With 70M+ users and $100M ARR, Gamma is profitable and growing — a $2.1B valuation from a $68M Series B led by Andreessen Horowitz in 2025. The free tier gives you 400 AI credits with Gamma branding, which is enough to evaluate seriously. For journalism uses — pitching stories to editors, presenting at conferences, building training decks — Gamma is fast and capable. But every prompt and every piece of content you enter flows through Gamma's AI pipeline. Don't use it for anything you wouldn't publish.", "bestFor": "Quick pitch decks for story proposals or freelance clients. Conference presentations. Newsroom training materials. Internal presentations where speed matters more than pixel-perfect design. Turning research notes into visual summaries.", "notFor": "Confidential source material or unpublished investigations (content is processed through AI). Presentations requiring precise brand compliance (better served by Keynote or Figma). Offline use — Gamma is fully cloud-based. Print-ready design work.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States (Gamma Tech, Inc., San Francisco). All content is processed and stored on Gamma's cloud infrastructure. Content entered into Gamma passes through AI models for generation and styling.", "privacyPolicyTldr": "Account required. All content is cloud-stored and AI-processed. Gamma collects viewer information when presentations are shared, which has raised GDPR concerns among enterprise users. Default sharing settings and viewer tracking behavior should be reviewed before sharing externally. The privacy policy should be read carefully for data retention and AI training terms.", "practicalMitigations": "Do not enter confidential source material, unpublished story details, or sensitive information — all content passes through AI processing. Review sharing settings before distributing decks externally. Export and download finished presentations rather than relying solely on cloud links. Use Gamma for public-facing content only. For sensitive internal presentations, use Keynote, Google Slides, or LibreOffice Impress instead.", "owner": "Gamma Tech, Inc., San Francisco, CA. Co-founders: Grant Lee (CEO), Jon Noronha, James Fox. All three are former Optimizely employees.", "fundingModel": "Venture-backed. $87M total raised. Seed: $7M (2021, led by Accel). Series B: $68M at $2.1B valuation (2025, led by Andreessen Horowitz). Other investors include Zoom CEO Eric Yuan, former LinkedIn CEO Jeff Weiner, Uncork Capital, South Park Commons, Script Capital.", "businessModel": "Freemium SaaS. $100M ARR as of 2025. 70M+ users. Revenue from Plus, Pro, and Ultra subscriptions. API access on Pro tier and above. Profitable.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "Standard cloud SaaS with encryption in transit. All content is AI-processed, meaning everything you enter flows through Gamma's models. No published SOC 2 or ISO 27001 certifications found. GDPR concerns around viewer tracking have been raised by enterprise users. Adequate for public-facing content, but not appropriate for sensitive or confidential material." }, { "name": "GeoConfirmed", "slug": "geoconfirmed", "url": "https://geoconfirmed.org", "tagline": "Community-verified geolocations of conflict events — crowdsourced OSINT with rigorous multi-analyst verification, mapping incidents from Ukraine to Sudan to Myanmar.", "category": "verification", "additionalCategories": [ "newsgathering" ], "whoItsFor": "Conflict journalists verifying the location of attacks, strikes, troop movements, and military equipment from social media footage. OSINT researchers geolocating video evidence for accountability and documentation. War crimes investigators building evidentiary timelines. Newsroom verification desks needing reference geolocations. Researchers studying conflict patterns, weapons use, and civilian harm. Human rights organizations documenting violations.", "pricing": "Free. The platform and its geolocated data are freely accessible. No paid tier. Community contributors volunteer their time.", "freeOption": true, "editorialTake": "GeoConfirmed fills a specific gap in the conflict-verification ecosystem: it provides crowd-verified precise coordinates for events captured on social media video. When a video surfaces showing an airstrike, explosion, or military movement, GeoConfirmed's network of volunteer analysts independently geolocates the footage using satellite imagery matching, terrain analysis, shadow angles, visible landmarks, and other established OSINT geolocation techniques. Each submission requires verification by multiple independent analysts before publication.\n\nThe project launched in early 2022 in response to the Russian invasion of Ukraine, when social media was flooded with unverified combat footage. The founding team — led by a Dutch OSINT practitioner using the handle @GeoConfirmed — built a structured verification workflow: contributors submit geolocations, moderators review the evidence chain, and confirmed events are plotted on an interactive map with source links, coordinates, date/time, and event descriptions.\n\nCoverage has expanded well beyond Ukraine. As of 2025-2026, GeoConfirmed maps events in Sudan, Myanmar, Gaza/Israel, Syria, and other active conflicts. Each event entry includes the precise coordinates, the source video or image, the verification methodology, and the event category (airstrike, artillery, drone strike, troop movement, equipment spotted, etc.). The map interface allows filtering by date, event type, and region.\n\nFor journalists, GeoConfirmed serves two purposes. First, as a reference database: if you have footage you're trying to verify, check whether GeoConfirmed has already geolocated it. The community may have solved your problem already. Second, as a pattern-analysis tool: filter events by type, date range, and location to identify strike patterns, escalation timelines, or civilian-area targeting that might not be visible from individual reports alone.\n\nThe verification methodology is the project's core strength. Multiple independent analysts must agree on a geolocation before it's published. The evidence chain (satellite imagery comparison, Google Earth measurement, landmark identification) is documented. This multi-analyst approach reduces the risk of individual errors or deliberate manipulation that can plague single-source OSINT.\n\nThe limits: GeoConfirmed depends entirely on volunteer labor. Coverage is uneven — Ukraine has the deepest archive because that's where the project started and where contributor density is highest. Smaller or less-covered conflicts may have sparse entries. The platform verifies location, not necessarily the narrative attached to footage (who did what to whom). A confirmed location does not confirm attribution. Speed varies — some events are geolocated within hours, others take days or weeks depending on analyst availability and terrain complexity.\n", "bestFor": "Verifying the location of conflict footage from social media. Finding already-geolocated events without doing the work yourself. Pattern analysis of strikes or military activity in specific regions over time. Building evidence chains for war crimes documentation. Cross-referencing your own geolocation work against community-verified results. Teaching geolocation methodology by studying confirmed examples.", "notFor": "Attribution of attacks — GeoConfirmed verifies where, not who. Real-time breaking news verification (speed depends on volunteer availability). Non-conflict verification — the platform focuses on military and conflict events. Comprehensive conflict monitoring — coverage depends on volunteer density and interest. Events without visual media — if there's no photo or video, there's nothing to geolocate.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "Netherlands (European Union). The project is led from the Netherlands. Infrastructure details not publicly documented. The underlying data (geolocated coordinates, source links, event descriptions) is publicly accessible — not sensitive personal information. Source media links point to various platforms (Twitter/X, Telegram, etc.) in their respective jurisdictions.", "privacyPolicyTldr": "GeoConfirmed publishes geolocated conflict events derived from publicly posted social media. No user accounts required to browse the map and data. Contributors work through community channels (Discord, Twitter). The platform does not collect personal data from viewers. Source media is linked, not hosted — GeoConfirmed provides coordinates and verification, with links back to original posts on other platforms. Minimal data collection footprint for end users.", "practicalMitigations": "GeoConfirmed data is publicly accessible without login — browse freely without creating a digital trail on the platform itself. For sensitive investigations, note that the source media links point to other platforms (Twitter/X, Telegram) where your access may be logged. Save coordinates, screenshots, and source links locally — social media posts can be deleted, and GeoConfirmed links to originals rather than hosting copies. Always independently verify GeoConfirmed geolocations before publishing — the multi-analyst process is rigorous but not infallible. Cross-reference coordinates against satellite imagery (Google Earth, Sentinel Hub) yourself. When citing GeoConfirmed in published work, note it as a community-verified OSINT source and describe the verification methodology.\n", "owner": "GeoConfirmed is a volunteer-run OSINT project founded and led from the Netherlands. The lead organizer operates under the handle @GeoConfirmed. The project is not a registered company or nonprofit — it's a community initiative with structured verification workflows. No corporate ownership or institutional affiliation.", "fundingModel": "Volunteer-driven with no significant funding. The project runs on contributed labor from OSINT analysts. Infrastructure costs (website hosting, map platform) appear to be covered by the founding team or small community donations. No grants, no venture capital, no institutional funding publicly disclosed.", "businessModel": "Volunteer community project. No revenue model. No paid tiers, no advertising, no data licensing. All output is freely accessible. The project exists because volunteer analysts want to contribute to conflict documentation and verification. Sustainability depends entirely on continued volunteer engagement.", "knownIssues": "Volunteer dependency: Coverage quality and speed depend entirely on volunteer availability and interest. Ukraine coverage is deep (project origin); other conflicts may have sparse or delayed entries. If volunteer engagement declines, the platform has no paid staff to maintain output.\n\nLocation verification only: GeoConfirmed verifies where an event occurred, not who carried it out. A confirmed geolocation does not confirm attribution, intent, or the narrative attached to the footage. Journalists must do their own attribution work.\n\nSource media fragility: GeoConfirmed links to source videos/images on other platforms. Those posts can be deleted by the poster, removed by the platform, or blocked by geofencing. The coordinates survive but the visual evidence may disappear. Always archive source media independently (Internet Archive, Hunchly, local saves).\n\nNo institutional backing: The project has no formal legal entity, no board, no published governance structure. This means no institutional continuity guarantee — if the lead organizer steps away, the project's future is uncertain. For journalists relying on it as an ongoing reference, this is a consideration.\n\nPotential for manipulation: While the multi-analyst verification process is strong, a coordinated effort to submit false geolocations with fabricated evidence could theoretically succeed. The trust model depends on the integrity of the volunteer community and moderator vigilance.\n\nUneven temporal coverage: Some conflicts are documented from the start; others have GeoConfirmed entries beginning only when volunteers became engaged. Historical completeness cannot be assumed.\n", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "The platform publishes publicly available geolocation data derived from open-source social media. No accounts required to view data — minimal privacy exposure for users. The data itself is conflict documentation, not personal information. Netherlands-based operation within EU jurisdiction. The main considerations are source-media link fragility (not a security issue but an evidence-preservation issue) and the absence of formal organizational governance. Rating reflects low-risk data profile and no-login access, balanced against limited documentation of infrastructure security practices and no formal institutional backing." }, { "name": "GeoSpy", "slug": "geospy", "url": "https://geospy.ai", "tagline": "AI geolocation from photos. Upload an image, get predicted coordinates — no metadata required. Now restricted to law enforcement and enterprise clients.", "category": "verification", "openSource": false, "whoItsFor": "OSINT researchers, verification journalists, and law enforcement analysts who need to estimate where a photo was taken when EXIF data is missing. Used to geolocate social media images, conflict zone photos, unattributed press images, and disinformation content. Journalists used GeoSpy to debunk disinformation in Ghana and the U.S. But the free public version was pulled in January 2025 after 404 Media reported on stalking misuse — access now requires law enforcement or enterprise credentials.", "pricing": "Public demo shut down in January 2025. Current access is enterprise-only and law enforcement-only. Previous free tier allowed up to 20 image lookups. API pricing is usage-based ('Scale' plan) with enterprise tiers available. No publicly listed price for the law enforcement product.", "freeOption": false, "editorialTake": "GeoSpy is technically impressive and genuinely useful for verification work. Its AI analyzes architecture, vegetation, signage, terrain, road markings, and soil to predict a photo's location — no metadata needed. The standard model estimates within 1-25km; the SuperBolt VPR model claims meter-level accuracy using a 46-million-image training set with real-time reference database updates. It processes 200,000+ images daily across 120+ countries. But here's the problem: this is a dual-use surveillance tool that Graylark openly markets to police. 404 Media obtained internal emails showing Miami-Dade Sheriff's Office and LAPD purchased access. The founder told 404 Media that 'geospy.ai is a demo — the real work is the law enforcement models.' The company pulled public access only after press scrutiny, not proactively. For journalism, GeoSpy remains valuable for verification — but understand that you're using a tool whose primary customers are cops, and whose business model depends on making surveillance easier. Treat results as a starting hypothesis, not a conclusion. Always verify with Google Earth, street-level imagery, and local knowledge.", "bestFor": "Getting a starting location estimate for unattributed photos. Narrowing geographic region when you have zero clues. Batch-processing large image sets during verification projects. Debunking disinformation by confirming or refuting claimed photo locations.", "notFor": "High-confidence geolocation on its own — always cross-verify. Indoor photos with no exterior context. Heavily edited or AI-generated images. Sensitive or confidential material — images are uploaded to Graylark's servers and may be retained. Anyone without law enforcement or enterprise credentials (public access was removed in January 2025).", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States (Graylark Technologies, Boston, MA).", "privacyPolicyTldr": "Images are processed on Graylark's servers. The company states it retains images and location data 'only as long as necessary to provide its services or as required by law.' Users can request deletion. But Graylark's primary customers are law enforcement agencies, and the company has not disclosed whether law enforcement queries are logged, retained, or subject to different retention policies. No transparency report exists. The company also leaned into the controversy — both Heinen and GeoSpy's X accounts retweeted posts calling the tool 'absolutely terrifying,' treating privacy alarm as marketing.", "practicalMitigations": "Do not upload images containing faces, sensitive locations, or material that could identify sources. Strip metadata before uploading. Understand that images go to Graylark's servers with unknown long-term retention. Use GeoSpy results as a starting point — verify with Google Earth, Mapillary, street-level imagery, and local knowledge. For sensitive investigations, consider whether using a law-enforcement surveillance tool creates ethical or legal complications for your reporting.", "owner": "Graylark Technologies Inc.", "fundingModel": "Venture-backed. Investors include Recorded Future (threat intelligence company, CEO Christopher Ahlberg confirmed investment) and AI Grant (startup incubator). Funding amounts undisclosed.", "businessModel": "Enterprise SaaS sold to law enforcement agencies, government entities, and enterprise clients. Previously freemium with public demo. Revenue now comes from institutional contracts — 404 Media documented purchases by Miami-Dade Sheriff's Office and LAPD. API access available for integration into existing investigative workflows.", "knownIssues": "Public access removed in January 2025 after 404 Media investigation revealed stalking misuse — Graylark pulled the free demo within a day of being contacted by reporters, not proactively. Users had attempted to use GeoSpy to stalk women. The Electronic Frontier Foundation's Cooper Quintin flagged risks of wrongful accusations and privacy breaches. Graylark's founder Daniel Heinen and the GeoSpy X account repeatedly amplified posts calling the tool 'terrifying' and 'deeply concerning for privacy' — treating controversy as brand awareness. The company was founded by Heinen and his twin brothers in 2023; the team is small and the product is a black box with no independent audit of accuracy claims or data handling. SuperBolt's claimed meter-level accuracy has not been independently verified. The tool's dual-use nature is the central issue: the same technology that helps journalists verify photos helps police surveil people and could help stalkers locate targets.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "caution", "securityRatingNote": "Upgraded from 'adequate' to 'caution.' Images are uploaded to servers operated by a company whose primary customers are law enforcement. Data retention terms are vague. No transparency report. No independent audit. The tool was publicly available for months with documented stalking misuse before access was restricted — and only after press pressure, not internal policy. Graylark's business model is surveillance; journalists should weigh whether that alignment creates risks for their sources and reporting." }, { "name": "Ghost", "slug": "ghost", "url": "https://ghost.org", "tagline": "Open-source publishing platform. Nonprofit-operated. No revenue cut. Self-host or use managed hosting.", "category": "publishing", "openSource": true, "whoItsFor": "Independent journalists and publications that want full ownership of their content, audience, and revenue. Newsrooms that need a modern CMS with built-in subscriptions, newsletters, and native analytics — without giving up a cut to a platform.", "pricing": "Self-hosted: free (you pay for server and email delivery). Ghost(Pro) managed hosting: Starter $15/month (annual) or $18/month (monthly), Publisher $29/$35, Business $199/$239. All plans include 1,000-member base. No per-email charges on Ghost(Pro). 14-day free trial on all plans. Zero platform commission on paid subscriptions — you pay only Stripe processing fees.", "freeOption": true, "editorialTake": "Ghost is what Substack would be if it were open-source, nonprofit-operated, and took zero revenue cut. Publishers on Ghost have collectively earned over $100M in subscription revenue. Ghost's own ARR hit $10.4M in 2024 on roughly 20,000 customers — all reinvested into the product because there are no shareholders. Version 6.0 (August 2025) added native ActivityPub federation, first-party analytics, and 60+ language support. The ActivityPub integration connects publications to Mastodon, Threads, Bluesky (via Bridgy Fed), Flipboard, and WordPress — organic reach without algorithmic suppression. The tradeoff is real: Ghost has no built-in discovery network like Substack's recommendation engine. You build your own audience. That's a feature if you value independence, a limitation if you need network effects. Compared to Beehiiv ($49/month to unlock paid subscriptions), Ghost's Publisher plan at $29/month is cheaper and takes no revenue cut. Compared to WordPress, Ghost is far more opinionated — fewer plugins, less flexibility, but dramatically less maintenance. The nonprofit structure matters: Ghost Foundation is a Company Limited by Guarantee incorporated in Singapore, with a constitution defining charitable objectives. No acquisition risk, no pivot to ads, no enshittification incentive.", "bestFor": "Publications that want full content and revenue ownership. Journalists migrating off Substack who want 100% of subscription revenue. Newsrooms that need a modern CMS with newsletters, memberships, and analytics in one package. Publications that want to federate with the open social web via ActivityPub.", "notFor": "Writers who rely on platform-driven audience discovery. Solo journalists who want zero infrastructure responsibility and no monthly hosting cost. Publications that need Substack's recommendation network for growth. Anyone uncomfortable with light DevOps if self-hosting.", "encryptionInTransit": "yes", "encryptionAtRest": "partial", "dataJurisdiction": "Self-hosted: wherever you host it — full control. Ghost(Pro): servers in the US and EU, operated by Ghost Foundation. Data Processing Agreement available for GDPR compliance.", "privacyPolicyTldr": "Ghost the software collects no telemetry — it's open-source and runs on your server. Ghost(Pro): Ghost Foundation stores account and billing data. Member/subscriber data is controlled by the publication owner, not Ghost. No data selling, no advertising, no tracking pixels. Ghost Foundation is a nonprofit with no incentive to monetize user data. Ghost 6.0's native analytics are first-party, privacy-first: no cookies, no external trackers, no third-party scripts. Built on open-source ClickHouse via Tinybird partnership.", "practicalMitigations": "Self-host for maximum data control — you own the database, the server, and the backups. Use a custom domain from day one (portable if you switch hosts). Export your content and member list regularly via Ghost's built-in tools. If using Ghost(Pro), understand that Ghost Foundation operates the infrastructure but you own the data and can export anytime. Enable device verification and optional 2FA for all staff accounts. Keep Ghost updated — security patches are frequent. For self-hosted: use Ghost-CLI for automatic SSL via Let's Encrypt, and never run as root.", "owner": "Ghost Foundation (nonprofit, Company Limited by Guarantee, incorporated in Singapore)", "fundingModel": "Nonprofit foundation. Originally crowdfunded on Kickstarter (2013). Entirely self-sustaining through Ghost(Pro) hosting revenue — no external donations, grants, or VC funding. ARR reached $10.4M in 2024, up from $6.3M in 2023. Over $8.5M ARR reported as of August 2025. ~35 full-time employees. 100% of revenue reinvested into product development and community infrastructure.", "businessModel": "Open-source software, free to self-host. Revenue from Ghost(Pro) managed hosting subscriptions. Zero commission on member subscriptions (Substack takes 10%). Ghost Foundation reinvests all revenue into development. No shareholders, no investors, no exit incentive. Publishers on Ghost have collectively earned over $100M in subscription revenue.", "knownIssues": "CVE-2024-23724: Stored XSS via unsanitized SVG uploads in profile pictures — allowed low-privileged Contributors to take over Owner accounts. Patched. CVE-2024-43409: Improper authentication on member action endpoints in versions 4.46.0–5.89.5, enabling unauthorized access to member data. Patched. CVE-2025-9862: SSRF via oEmbed in versions 5.99.0–5.130.3 and 6.0.0–6.0.8 from improper URL validation. Patched. CVE-2026-22594: 2FA bypass in versions 5.105.0–5.130.5 and 6.0.0–6.10.3 allowed staff users to circumvent email-based 2FA. Patched. ActivityPub federation on self-hosted installs is rough: webhook secret errors, JWT auth failures, reverse proxy misconfigurations, and no ARM64 Docker images for the ActivityPub and Traffic Analyzer services. Ghost(Pro) ActivityPub has a 100-interaction-per-day limit. ActivityPub discovery on the front end is minimal — no obvious way for visitors to find or subscribe via federation. Ghost takes a Node.js-specific approach (requires Node 22, MySQL 8, Ubuntu 24 for production) that limits hosting flexibility compared to WordPress's PHP ubiquity.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Open-source with active security response. Nonprofit structure eliminates data monetization incentives. Passwords use bcrypt with salting per OWASP standards. No raw SQL — uses Bookshelf ORM and Knex query builder exclusively. Ghost-CLI runs without root privileges and auto-configures SSL via Let's Encrypt. Login attempts rate-limited to 5/hour/IP. Device verification on new staff logins. Optional email-based 2FA (though CVE-2026-22594 showed a bypass, now patched). Responsible disclosure program at security@ghost.org with defined response timelines (critical fixes within one month). Continuous dependency scanning via GitHub and yarn audit. Several CVEs in 2024–2026 (XSS, SSRF, auth bypass) were all patched promptly. Self-hosting option gives full infrastructure control. No compliance certifications (SOC 2, ISO 27001) claimed by Ghost Foundation directly, though third-party Ghost hosting providers like Elestio hold them." }, { "name": "GIMP", "slug": "gimp", "url": "https://www.gimp.org", "tagline": "Free image editor with non-destructive editing, now at version 3.2 after a decade-long overhaul.", "category": "visuals", "openSource": true, "whoItsFor": "Journalists who need to edit photos, create graphics, or inspect image metadata without paying Adobe $23/month. Also useful for verification — pixel-level analysis can flag manipulated images.", "pricing": "Free", "freeOption": true, "editorialTake": "GIMP 3.0 shipped in March 2025 after seven years of development. GIMP 3.2 followed in March 2026 with non-destructive vector layers, link layers, and SVG export. The gap with Photoshop has narrowed meaningfully: non-destructive editing, on-canvas text, and a modernized GTK3 interface finally make it feel like current software. It still can't open RAW files natively (you need a separate converter like darktable), and the learning curve is real. But for crop-resize-retouch-composite workflows — the 90% of what newsrooms do — GIMP handles it without subscriptions, cloud dependencies, or data collection. Zero telemetry. Zero accounts. Runs entirely offline.", "bestFor": "Photo editing and retouching. Creating social graphics. Image manipulation analysis for verification. Metadata inspection. Batch processing via Script-Fu or Python-Fu.", "notFor": "RAW photo development (use darktable or RawTherapee first). Vector graphics (use Inkscape). Quick template-based social graphics (Canva is faster). AI-assisted edits like generative fill.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "All local — no data sent anywhere. GIMP makes no network connections unless you explicitly open a remote file via FTP/HTTP.", "privacyPolicyTldr": "GIMP collects nothing. No accounts, no telemetry, no analytics, no ads. The official privacy policy states the software 'does not, in any way, collect, transmit, share or use any Personal Data.' One of the cleanest privacy stories in any software category.", "practicalMitigations": "Strip EXIF/metadata from images before publishing if source protection matters — GIMP's metadata viewer (Filters > Python-Fu > Console or Image > Metadata) lets you inspect what's embedded. Keep GIMP updated: file-parsing vulnerabilities in older versions (XWD, FLI, TGA, XCF formats) have been patched in 3.0+.", "owner": "GIMP Development Team (GNU Project, fiscally hosted by GNOME Foundation)", "fundingModel": "Donations through GNOME Foundation, community fundraisers. Primary maintainer Jehan funds development partly through the ZeMarmot animated film project. $72K income in 2023-2024. First two GNOME-administered development grants awarded October 2025. No corporate sponsor.", "businessModel": "None — volunteer-driven open source. No paid tier, no premium features, no data monetization.", "knownIssues": "Multiple file-parsing vulnerabilities disclosed in 2025 (CVE-2025-2760, CVE-2025-2761, CVE-2025-48797, CVE-2025-48798) affecting XWD, FLI, TGA, and XCF formats — all require opening a malicious file. Patched in 3.0+. Cannot open RAW camera files natively. GNOME Foundation financial instability in 2024-2025 slowed grant-funded development, though community contributions continued. 21 contributors to 3.2.2 codebase, but only ~7 core developers — bus factor is low for a project this important.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Open-source, fully local, no accounts or telemetry. Part of the GNU Project with decades of community oversight. File-parsing CVEs are the main attack surface — mitigated by keeping current (3.2.2 as of March 2026) and not opening untrusted files in exotic formats." }, { "name": "Global Fishing Watch", "slug": "global-fishing-watch", "url": "https://globalfishingwatch.org", "tagline": "Open-data platform tracking global fishing activity and vessel movements via satellite AIS and radar — free, open source, purpose-built for transparency and ocean accountability.", "category": "newsgathering", "additionalCategories": [ "data", "verification" ], "openSource": true, "whoItsFor": "Investigative journalists covering illegal fishing, forced labor on fishing vessels, sanctions evasion via fishing fleets, marine protected area violations, and environmental crime. Environmental reporters tracking fleet activity near sensitive ecosystems. OSINT researchers monitoring dark vessels. Marine scientists, policy researchers, and NGOs working on ocean governance. Government fisheries enforcement agencies.", "pricing": "Free. The platform, data, and tools are available at no cost. Research-grade datasets downloadable for free. API access available for researchers and developers. No premium tier — the entire platform is open.", "freeOption": true, "editorialTake": "Global Fishing Watch is one of the most powerful open tools for ocean-related investigative journalism. It tracks the activity of more than 65,000 commercial fishing vessels globally using a combination of AIS data, Vessel Monitoring System data (shared by governments), and satellite radar (synthetic aperture radar that detects vessels even when transponders are off). The result is a near-complete picture of industrial fishing activity worldwide, updated daily, going back to 2012.\n\nThe platform was launched in 2016 as a partnership between Google, Oceana, and SkyTruth. It became an independent international nonprofit in 2017, headquartered in Washington, DC, with staff across the US, Europe, Asia, and Latin America. Google provided the initial cloud computing infrastructure and continues to support the platform with donated compute through Google.org. Additional funding comes from Bloomberg Philanthropies, the Walton Family Foundation, and multiple government partnerships.\n\nFor journalists, the platform answers questions no other public tool can. Where are Chinese distant-water fishing fleets operating near West African waters? Which vessels entered a marine protected area? What trawlers went dark (turned off AIS) near a disputed maritime boundary? The \"apparent fishing activity\" layer uses machine learning to classify vessel behavior — distinguishing fishing from transiting — based on speed, course changes, and movement patterns. The carrier vessel portal tracks refrigerated cargo ships (reefers) that enable transshipment at sea, a key mechanism for laundering illegal catch.\n\nThe data and code are open source under permissive licenses. The vessel-tracking algorithms, the machine-learning classifiers, and the processed datasets are all published on GitHub. This means journalists can verify the methodology, reproduce results, and cite specific algorithmic decisions — a level of transparency unmatched by commercial maritime intelligence providers.\n\nThe platform has been used in award-winning investigations: AP's Pulitzer-winning coverage of forced labor on Thai fishing vessels, reporting on illegal fishing in Galapagos waters by Chinese fleets, and investigations into North Korean fishing vessels violating UN sanctions. The Environmental Justice Foundation, Oceana, and Greenpeace all use it for campaign research.\n\nThe limits: Global Fishing Watch focuses on commercial fishing vessels (typically above 15 meters). Artisanal and small-scale fishing fleets are largely invisible. AIS manipulation is as much a problem here as in any maritime tracking — vessels going dark is itself a signal, but you cannot track what you cannot see. The machine-learning fishing-activity classifier has known false-positive rates, particularly for vessels engaged in slow transit or anchor operations. Always verify apparent fishing detections against vessel type and context.\n", "bestFor": "Tracking fishing fleet activity near marine protected areas or disputed waters. Identifying vessels that go dark (disable AIS) in sensitive zones. Monitoring transshipment at sea via carrier vessel tracking. Investigating forced labor by cross-referencing fishing vessel activity with port state measures. Documenting illegal fishing patterns for environmental investigations. Accessing research-grade datasets for data journalism projects. Verifying government claims about fisheries enforcement.", "notFor": "Tracking non-fishing commercial vessels (tankers, cargo ships, cruise ships) — use MarineTraffic or VesselFinder. Small artisanal fishing boats under 15 meters that don't carry AIS. Real-time vessel tracking with sub-hour updates — the platform is better for pattern analysis over days, weeks, or months. Beneficial ownership of fishing companies — combine with corporate registries. Land-based environmental monitoring — use Global Forest Watch instead.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. Global Fishing Watch is a US-registered 501(c)(3) nonprofit headquartered in Washington, DC. Infrastructure runs primarily on Google Cloud Platform. Data is derived from satellite systems, government-shared VMS data, and AIS broadcast data — all publicly available or shared under government partnership agreements.", "privacyPolicyTldr": "Minimal user data collection. The platform can be browsed without an account. Creating a free account requires email only. Standard web analytics present. The vessel data itself is not personal information — it's commercial vessel activity derived from public AIS broadcasts and government-shared monitoring data. As a US nonprofit, not subject to GDPR, though data partnerships with EU governments follow those standards. No advertising, no data sales.", "practicalMitigations": "The platform can be used without an account for basic map exploration. For sensitive investigations into specific fleets, download the bulk datasets and analyze locally rather than repeatedly querying the web interface. All data is freely downloadable — no paywall to lock you out later. Cross-reference Global Fishing Watch detections with satellite imagery (Sentinel-1 SAR is particularly useful for confirming vessel presence when AIS is off). Verify vessel identities against national fishing registries and the FAO Global Record. Remember that \"apparent fishing activity\" is a machine-learning classification, not ground truth — always note this in reporting. For forced-labor investigations, combine vessel tracking data with port state inspection records and crew interview evidence.\n", "owner": "Global Fishing Watch, an independent international nonprofit organization registered as a 501(c)(3) in the United States. Originally launched in 2016 by Google, Oceana, and SkyTruth. Became independent in 2017. Led by CEO Tony Long (former director of the Pew Charitable Trusts' ocean program).", "fundingModel": "Philanthropic grants and government partnerships. Major funders include Bloomberg Philanthropies, the Walton Family Foundation, Google.org (donated cloud compute), the Gordon and Betty Moore Foundation, and multiple national governments. Revenue comes from grants, not commercial data sales. Some government contracts for fisheries monitoring services.", "businessModel": "Nonprofit with open data. All data and tools are free. Revenue comes entirely from philanthropic grants and government partnerships. No premium tier, no data licensing fees, no advertising. The model depends on continued philanthropic support — a sustainability consideration worth noting, though the funder base is diversified and growing.", "knownIssues": "AIS manipulation: Fishing vessels engaged in illegal activity routinely disable AIS transponders. Global Fishing Watch can detect gaps (vessels going dark) but cannot track a vessel with no signal. Satellite radar partially compensates but has lower temporal resolution.\n\nMachine-learning classification errors: The fishing-activity detection model has false positives (classifying slow transit or anchoring as fishing) and false negatives (missing certain fishing techniques). Always verify classifications against vessel type, gear type, and operational context.\n\nSmall vessel blind spot: Vessels under 15 meters typically do not carry AIS and are invisible to the platform. This excludes most artisanal and small-scale fishing — a significant gap in regions like West Africa, Southeast Asia, and the Pacific Islands where small-scale fishing is dominant.\n\nVMS data access depends on government willingness: Vessel Monitoring System data is government-controlled and shared voluntarily. Coverage is uneven — some countries share comprehensive VMS data, others share nothing. Gaps in VMS coverage create gaps in the platform's ability to track fishing fleets in those waters.\n\nTemporal lag: Data updates daily but is not real-time. For enforcement or breaking-news purposes, this delay matters. Historical data back to 2012 is excellent for pattern analysis but updates may lag by 24-72 hours for the most recent activity.\n\nPhilanthropic sustainability: The platform depends on continued grant funding. While the funder base is diversified, a significant reduction in philanthropic support could affect data processing and platform maintenance.\n", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "strong", "securityRatingNote": "US-based nonprofit with a transparency mission. All data is public and open — there is no sensitive proprietary information to protect. The code is open source on GitHub, allowing full methodology verification. Infrastructure runs on Google Cloud Platform with standard enterprise security. Minimal user data collection (email for optional account). No advertising, no data sales, no commercial surveillance. The open-source, open-data architecture is the strongest possible trust signal for investigative work: every detection is reproducible and verifiable. No record of security incidents." }, { "name": "Global Forest Watch", "slug": "global-forest-watch", "url": "https://www.globalforestwatch.org", "tagline": "Free satellite-based deforestation monitoring — real-time alerts, 65+ datasets, and 20+ years of tree cover change data for environmental investigations worldwide.", "category": "newsgathering", "additionalCategories": [ "data" ], "openSource": true, "whoItsFor": "Environmental journalists investigating deforestation, illegal logging, agricultural expansion into forests, and corporate supply chain accountability. Investigative reporters tracking land grabs, indigenous territory violations, and climate commitments. Data journalists working with geospatial environmental datasets. NGOs, researchers, and policy analysts monitoring forest loss. Corporate sustainability teams assessing supply chain deforestation risk (via GFW Pro).", "pricing": "Free for the public platform, map explorer, dashboards, country profiles, and data downloads. GFW Pro (supply chain risk tool for companies) is also free to use. All datasets freely downloadable. No premium tier for public users.", "freeOption": true, "editorialTake": "Global Forest Watch is the definitive public tool for tracking deforestation anywhere on Earth. It combines satellite imagery from Landsat, Sentinel, and other sources into a continuously updated picture of global tree cover change going back to 2001. The platform provides weekly deforestation alerts (GLAD alerts for the tropics, RADD radar-based alerts that see through clouds), country-level dashboards, and over 65 downloadable datasets covering tree cover loss, forest fires, land use, protected areas, and indigenous territories.\n\nThe platform is built and maintained by the World Resources Institute, a Washington DC-based global research organization founded in 1982. WRI operates with an annual budget exceeding $200 million and employs over 1,800 staff across 12 offices worldwide. Global Forest Watch launched in 2014 as a partnership between WRI, Google (which provides Earth Engine computing infrastructure), the University of Maryland (whose GLAD lab produces the core tree cover loss data), and dozens of other research institutions and government agencies.\n\nFor journalists, the killer feature is the alert system. GLAD alerts detect tree cover loss in the tropics at roughly 30-meter resolution, published weekly with a few days' lag. RADD alerts use Sentinel-1 radar, which penetrates cloud cover — critical in tropical regions where optical satellites are frequently blocked. When a story breaks about illegal logging in the Amazon, fires in Borneo, or deforestation for palm oil in Central Africa, Global Forest Watch gives you the satellite evidence within days.\n\nThe data has powered major investigations. Mongabay, Reuters, the Guardian, and Bloomberg have all used GFW data to document deforestation linked to specific companies, concessions, and supply chains. The platform's ability to overlay tree cover loss against concession maps, protected area boundaries, and indigenous territory maps makes it possible to identify precisely who is clearing what land, and whether it violates legal protections.\n\nThe code is open source (GitHub), the data is freely downloadable, and the methodology (Hansen et al., University of Maryland) is published in peer-reviewed literature. This means every claim is reproducible — you can verify the satellite analysis independently, cite the methodology in your story, and withstand legal challenges from companies disputing your findings.\n\nLimits: The platform measures tree cover loss, not specifically deforestation. A tree plantation harvested and replanted registers as loss then gain, same as illegal clearing of primary forest. Context matters — always check the land use layer to distinguish plantation forestry from natural forest destruction. Resolution at 30 meters means individual trees are not tracked; small-scale selective logging may be invisible. The alert systems cover the tropics primarily; temperate and boreal forest monitoring has different tools and timelines.\n", "bestFor": "Documenting deforestation linked to specific companies, agricultural concessions, or supply chains. Real-time monitoring of forest clearing in tropical regions. Verifying corporate sustainability claims against satellite evidence. Tracking fires and their aftermath in forested regions. Identifying illegal logging in protected areas or indigenous territories. Data journalism projects requiring long-term forest change statistics by country or region.", "notFor": "Urban tree canopy monitoring — different tools and scales. Individual tree-level analysis — 30-meter resolution is too coarse. Temperate/boreal forest near-real-time alerts (tropical focus for GLAD/RADD). Marine or ocean environmental monitoring — use Global Fishing Watch. Air quality or pollution monitoring — different platforms. Real-time fire detection — use NASA FIRMS for sub-daily fire alerts, then GFW for forest loss aftermath.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. World Resources Institute is headquartered in Washington, DC. Infrastructure runs primarily on Google Cloud Platform (Earth Engine). Data is derived from public satellite systems (Landsat/USGS, Sentinel/ESA) and processed by the University of Maryland and WRI. All output data is public and freely downloadable.", "privacyPolicyTldr": "Minimal user data collection. The platform can be fully browsed and data downloaded without creating an account. Optional account creation requires email. Standard web analytics (Google Analytics) present. WRI's privacy policy covers data across its platforms. No advertising. The environmental data itself is entirely public satellite-derived information with no personal data component. GFW Pro users (companies) provide additional organizational information for supply chain analysis.", "practicalMitigations": "The platform works without login for most features — use it without an account when investigating sensitive land clearing by powerful interests. Download datasets for offline analysis if you're working on a story that could attract legal threats. Always cross-reference GFW tree cover loss data with high-resolution commercial satellite imagery (Planet Labs, Maxar) before publication — GFW provides the alert, but you may need sharper imagery for the story. Verify land ownership and concession boundaries against national land registries. Combine GFW data with corporate supply chain disclosures to link deforestation to specific buyers. Note the difference between tree cover loss (any loss, including managed forestry) and illegal deforestation — context and land-use layers are essential for accurate reporting.\n", "owner": "World Resources Institute (WRI), a US-based 501(c)(3) global research organization founded in 1982. WRI has over 1,800 staff across offices in the US, China, India, Brazil, Indonesia, the UK, and elsewhere. Global Forest Watch is one of WRI's flagship platforms, operated in partnership with the University of Maryland GLAD lab, Google, and dozens of other institutions.", "fundingModel": "Philanthropic and government grants. Major funders include the Norwegian government (through NICFI — the Norway International Climate and Forests Initiative), Google.org, the UK government, USAID, the Gordon and Betty Moore Foundation, and many others. WRI's total annual budget exceeds $200 million across all programs. GFW is sustained by a diversified base of government, foundation, and corporate funders.", "businessModel": "Nonprofit with open data. All tools and datasets are free. No premium pricing for public users. GFW Pro (corporate supply chain tool) is also free — WRI's theory of change is that providing companies with free deforestation monitoring creates accountability pressure. Revenue comes from grants and contracts, not data licensing. Some corporate partnership revenue from companies using WRI's broader sustainability advisory services.", "knownIssues": "Tree cover loss vs. deforestation: GFW measures tree cover loss from satellite imagery. This includes managed plantation harvesting, natural disturbances (storms, disease), and deliberate clearing. Not all tree cover loss is illegal or environmentally harmful. Journalists must use the land-use context layers to distinguish plantation cycles from primary forest destruction.\n\nResolution limitations: At 30-meter resolution (Landsat-based), the platform cannot detect selective logging, narrow road building through forests, or small-scale clearings below the pixel threshold. High-resolution commercial imagery is needed to document these activities.\n\nTropical bias in alerts: GLAD and RADD near-real-time alerts cover tropical regions. Temperate and boreal forests are monitored through annual tree cover loss products, not weekly alerts. Northern-hemisphere forest stories may have year-long data lag.\n\nCloud cover delays: While RADD radar alerts penetrate clouds, the Landsat-based GLAD alerts cannot. Persistent cloud cover in regions like the Congo Basin can delay optical alert detection by weeks. Both systems together provide better coverage, but no single alert catches everything immediately.\n\nHistorical data starts at 2001: No tree cover change data before 2001. Longer-term historical deforestation analysis requires other archives.\n\nGoogle Analytics present: WRI uses standard Google Analytics on the platform. For journalists investigating powerful landowners or governments, search patterns could theoretically be observable through WRI's analytics. Download data for offline analysis when sensitivity warrants it.\n", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "strong", "securityRatingNote": "Operated by WRI, a major global research institution with strong governance and a 40-year track record. All data is public satellite-derived information — no sensitive proprietary data to protect. Open-source code and peer-reviewed methodology provide full transparency. Infrastructure on Google Cloud with standard enterprise security. Minimal user data collection — platform works without login. The main concern is standard Google Analytics tracking search patterns, which is mitigatable by downloading datasets for offline analysis. No record of security incidents. The open, reproducible methodology is the strongest possible trust architecture for investigative environmental journalism." }, { "name": "Good Tape", "slug": "good-tape", "url": "https://goodtape.io", "tagline": "Transcription built by journalists, for journalists. Audio deleted after processing by default. EU servers, ISO 27001, GDPR compliant. 2.5M users.", "category": "visuals", "openSource": false, "builtForJournalism": true, "whoItsFor": "Journalists who need accurate transcription with real privacy guarantees — not marketing claims. Reporters who transcribe interviews in multiple languages, including less-common ones like Danish, Estonian, Croatian, and Hebrew. Newsrooms that need a DPA and SSO for org-wide deployment.", "pricing": "Free: 3 transcriptions/month, 30-min max per file, waiting queue. Pro: €13.75/month — 20 hours/month, speaker labels, AI summaries, smart search, bulk uploads, DPA. Business: custom pricing per seat (20 hrs/seat), SSO, API, SLA, admin dashboard, tailored onboarding.", "freeOption": true, "editorialTake": "Good Tape started as a newsroom hack at Zetland, a Danish digital newspaper. Software engineer Jakob Steinn sat next to journalists complaining about transcription, built a tool on OpenAI's Whisper, and it spread. Zetland spun it out in 2023. Now 2.5M users and $2M ARR with a 10-person team — bootstrapped, no VC. The privacy story is genuine: audio deleted after processing by default, AES-256 encryption at rest, TLS 1.2/1.3 in transit, EU-only servers, ISO 27001 certified, and they host their own LLM for summaries rather than piping data to third-party APIs. Accuracy is 90-95% on clear audio, competitive with Otter.ai and raw Whisper, but Good Tape adds proprietary audio preprocessing that helps with noisy field recordings. The real edge over Otter: Good Tape never trains on your data, period. Otter trains on de-identified recordings. For journalists handling sensitive sources, that difference matters. Handles 100+ languages with strong performance on European and regional languages that competitors fumble. The 20-hour monthly cap on Pro is the main friction point — heavy users will burn through it.", "bestFor": "Transcribing interviews with genuine privacy guarantees. Multilingual transcription, especially European and regional languages. Newsrooms that need org-wide deployment with DPA, SSO, and admin controls. Journalists who need audio deleted after transcription without thinking about it.", "notFor": "Real-time transcription during live events — no live mode. High-volume users who need more than 20 hours/month without paying for Business tier. Workflows that depend on deep integrations with Slack, Zoom, or Google Meet — Good Tape is deliberately simple, drag-and-drop only. Users who want unlimited free transcription.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "European Union (Copenhagen, Denmark). All servers EU-based. EU-only subprocessors. No offshore transfers.", "privacyPolicyTldr": "Audio files deleted automatically after transcription — that's the default, not an opt-in. Optional Safe Vault for encrypted long-term storage. Never trains AI on user data. Never shares with third parties. Hosts its own LLM for summary features rather than using third-party APIs. Pro and Business tiers include a formal Data Processing Agreement. Account data retained up to 5 years after termination unless you request deletion. ISO 27001 certified. AES-256 at rest, TLS 1.2+ in transit.", "practicalMitigations": "Use Business tier with DPA and SSO for newsroom-wide deployment. The default auto-delete after transcription is the right posture for sensitive source material — don't override it unless you need the audio. Export transcripts and delete originals. For the most sensitive work, be aware that account metadata (not audio) can be retained up to 5 years post-termination — request explicit deletion if needed.", "owner": "Good Tape ApS (Copenhagen, Denmark). CVR DK43724509. Spun out of Zetland Media in 2023.", "fundingModel": "Bootstrapped. No venture capital. $2M ARR as of early 2025 with a 10-person team. Revenue from Pro and Business subscriptions.", "businessModel": "Freemium. Free tier (3 transcriptions/month) converts to Pro (€13.75/month) or Business (custom). Also serves non-journalism verticals — partnered with Chile's court system for criminal case transcription.", "knownIssues": "Accuracy drops on low-quality recordings, heavy accents, and overlapping speakers — a real gap for field journalists working in noisy environments. 20-hour monthly cap on Pro can be limiting for high-volume users. Free tier's 3-transcription limit makes it hard to properly evaluate before committing. No real-time or live transcription. No video editing features. Some Trustpilot complaints (2025) about unclear cancellation flow and unexpected annual charges — check billing terms carefully before subscribing. No integrations with Slack, Zoom, or Google Meet by design.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "ISO 27001 certified. AES-256 encryption at rest, TLS 1.2/1.3 in transit. Audio deleted after processing by default. EU-only servers and subprocessors. No AI training on user data. Hosts own LLM rather than routing to third-party APIs. DPA available on Pro and Business tiers. Built by journalists for journalists — privacy is architectural, not bolted on." }, { "name": "Google Alerts", "slug": "google-alerts", "url": "https://www.google.com/alerts", "tagline": "Free email alerts when Google indexes new results matching your search terms. The simplest web monitoring tool — and one of the least reliable.", "category": "newsgathering", "openSource": false, "whoItsFor": "Journalists monitoring people, companies, topics, or developing stories over time. Researchers tracking emerging publications. Anyone who wants passive, zero-cost web monitoring — as long as they understand it will miss things.", "pricing": "Free", "freeOption": true, "editorialTake": "Google Alerts has not received a meaningful feature update in over a decade. Google itself acknowledged in 2013 that alerts were 'not as comprehensive as we'd like' — and nothing has materially changed. A Contify study of Fortune 1000 companies found only 10% of Google Alerts results were relevant, and 40% of important news was never detected. Mention's testing found 3.7x more results tracking the same keywords. Google Alerts covers zero social media, zero paywalled content, and delivers everything through email or RSS — no Slack, no webhooks, no API. It cannot filter by sentiment, source type, or language with any precision. For journalists, the real risk is not that it's bad — it's that it creates a false sense of coverage. You think you're monitoring a topic. You're monitoring a fraction of a topic. Use it as one signal among many. Pair it with Talkwalker Alerts (free, covers Twitter/X and blogs), Klaxon (for webpage change detection), or a paid tool like Mention if monitoring is core to your beat. The one thing Google Alerts does well: it's instant to set up, costs nothing, and requires no maintenance. For a quick background watch on a name or company, that's enough.", "bestFor": "Low-effort background monitoring of names, companies, court cases, and topics. Tracking when a source or subject appears in newly indexed web content. Setting a baseline watch on a developing story. Monitoring your own byline or publication for syndication.", "notFor": "Comprehensive media monitoring — misses social media entirely, skips paywalled content, and catches only a fraction of web mentions. Real-time breaking news alerts (delays range from hours to days). Monitoring specific webpage changes (use Klaxon). Any scenario where missing a mention has consequences.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (Google LLC, Mountain View, CA). Alert queries, delivery preferences, and associated Google account data stored on Google infrastructure. Subject to US law enforcement requests — Google disclosed data from 3.5M+ user accounts to the US government in a recent reporting period (557% increase over the prior decade, per Proton's 2025 transparency analysis).", "privacyPolicyTldr": "Google Alerts has no standalone privacy policy. It falls under Google's main privacy policy, which means your alert queries become part of your Google profile data — used for ad targeting, search personalization, and potentially shared with law enforcement via legal process. Your alert topics reveal what you're investigating. Google collects and retains this data indefinitely unless you manually delete it. There is no way to use Google Alerts without a Google account.", "practicalMitigations": "Your alert queries are a direct signal of your investigative interests. If you cover sensitive topics, use a dedicated Google account that is not linked to your real identity or primary email. Access the alerts setup page through a privacy-focused browser or VPN. Do not use your newsroom Google Workspace account for alerts on sensitive subjects — your employer and Google both have access to that data. Consider Talkwalker Alerts as a free alternative that does not require a Google account. For high-risk reporting, do not use any Google service for monitoring — use RSS readers with Tor or dedicated OSINT tools.", "owner": "Google LLC (Alphabet Inc.)", "fundingModel": "Google-funded. Part of Google Search infrastructure. No separate funding or team — Alerts is a side feature of Google's core indexing pipeline.", "businessModel": "Free. No direct revenue. Functions as a lightweight retention feature within the Google ecosystem. Your alert queries enrich Google's understanding of user interests, which feeds their ad targeting business. Google Alerts has no dedicated product team, no roadmap, and no public development updates. It is effectively in maintenance mode.", "knownIssues": "Coverage is unreliable and has been since at least 2013, when Google publicly acknowledged the problem. A Contify study found 40% of relevant news about Fortune 1000 companies was never detected by Google Alerts. Users routinely find articles via manual Google searches that never triggered an alert. Delivery timing is inconsistent — alerts can arrive hours or days after content is indexed, defeating the purpose for time-sensitive monitoring. Social media is completely absent: no Twitter/X, no Facebook, no Reddit, no YouTube comments. Paywalled and subscription content is never included. Broad search terms generate excessive noise; narrow terms miss relevant results. There is no way to filter by source credibility, geographic region (beyond language), or content type with precision. The 'as-it-happens' frequency option does not mean real-time — it means 'whenever Google's batch process runs.' No feature updates have been announced or shipped in years. The tool's UI has not changed materially since the mid-2010s.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "Standard Google security infrastructure — TLS in transit, encryption at rest, robust account security options (2FA, passkeys). The concern is not security but privacy: your alert queries reveal your investigative interests to Google, which retains that data, uses it for profiling, and will disclose it under legal process. For journalists covering sensitive topics, this is a meaningful exposure. A separate, pseudonymous Google account mitigates the risk but does not eliminate it. Google Alerts requires a Google account — there is no anonymous usage path." }, { "name": "Google Colab", "slug": "google-colab", "url": "https://colab.research.google.com", "tagline": "Browser-based Python notebooks with free GPU access. No local setup needed.", "category": "data", "openSource": false, "whoItsFor": "Data journalists who need to write Python code, analyze datasets, or build machine learning models without setting up a local environment. Journalism students and reporters learning to code. Investigative teams doing collaborative data analysis on public records or scraped datasets.", "pricing": "Free: limited GPU, 12-hour max runtime, usage caps that shift without notice. Colab Pro: $11.99/month (100 compute units, faster GPUs, longer runtimes). Colab Pro+: $49.99/month (500 compute units, 24-hour runtimes, background execution). Pay As You Go: buy compute units à la carte. Colab Enterprise: via Google Cloud Marketplace, custom pricing.", "freeOption": true, "editorialTake": "Google Colab is the fastest path from zero to running Python code. No installation, no environment setup — open a browser, write code, run it. The free tier gives you T4 GPU access and up to 12 hours of runtime, which covers most data journalism tasks: cleaning CSVs, analyzing public records, building charts. The 2025 AI-first redesign added Gemini-powered code generation, error fixing, and a Data Science Agent that can autonomously analyze uploaded datasets. These AI features are on by default and Google collects your prompts and generated code to improve its products, including for training. Human reviewers may read your prompts. That is the core trade-off: Colab is free and fast, but Google sees everything. For public data analysis, that is fine. For sensitive datasets — leaked documents, source-identifying information, confidential records — use Jupyter on your own machine instead.", "bestFor": "Data analysis and visualization on public datasets. Learning Python for journalism. Collaborative coding projects shared like Google Docs. Quick exploratory analysis with free GPU. Using Gemini AI to generate analysis code without deep Python knowledge.", "notFor": "Analyzing confidential or leaked datasets (Google collects prompts and can access data). Long-running processes — free tier caps at 12 hours and disconnects idle sessions. Production data pipelines. Journalists who need full control over their computing environment or must keep data off third-party servers.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (Google Cloud infrastructure). No option to choose data residency on standard Colab. Enterprise tier inherits Google Cloud region settings.", "privacyPolicyTldr": "Notebooks stored in Google Drive. Code executes in a VM private to your account, deleted when idle. When you use AI features (on by default), Google collects prompts, code, and generated output to improve Google products and machine learning technologies. Human reviewers may read and annotate your prompts and output. This data is retained anonymously for up to 18 months. Colab AI does not access your Google Drive files or secrets unless you explicitly request it. Google's standard privacy policy applies to all stored data.", "practicalMitigations": "Never upload sensitive source material, leaked documents, or datasets that could identify confidential sources. Use local Jupyter for anything you would not put in Google Drive. Disable AI features if you do not want prompts collected (click Gemini icon > settings). Review Google Drive sharing permissions on notebooks — shared views expose all code and output. Delete notebooks and data from Drive when analysis is complete. Use Colab's built-in Secrets manager for API keys instead of hardcoding them.", "owner": "Google LLC (Alphabet Inc.)", "fundingModel": "Google-funded. Part of Google's research, AI, and cloud ecosystem. Colab drives adoption of Google Cloud and Gemini AI products.", "businessModel": "Freemium. Free tier subsidized by Google to build ecosystem lock-in. Revenue from Pro ($11.99/month), Pro+ ($49.99/month), Pay As You Go compute units, and Enterprise subscriptions via Google Cloud Marketplace.", "knownIssues": "Google collects AI feature prompts and output for product improvement, including human review — a real concern for journalists. API keys hardcoded in notebooks have been accidentally exposed when publishing to GitHub (documented colabtools issue #4565). Free tier GPU limits and runtime caps shift without notice and are not published. The platform has been abused for hosting spam and phishing content on the trusted colab.research.google.com domain. Idle sessions disconnect aggressively on the free tier. No offline access — requires internet connection.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "Standard Google Cloud security: encryption in transit (TLS) and at rest, isolated VM execution, SOC 2/ISO 27001 infrastructure. The concern is not a security weakness — it is data access. Google can see your notebooks, your data, and (if you use AI features) your prompts. Human reviewers may read them. Adequate for public data analysis and learning. Not suitable for sensitive or confidential material. Use local Jupyter instead." }, { "name": "Google Docs", "slug": "google-docs", "url": "https://docs.google.com", "tagline": "Collaborative document editing. Free with a Google account. Google can access your content.", "category": "writing", "openSource": false, "whoItsFor": "Journalists writing collaboratively, sharing drafts with editors, and working across devices. Newsrooms that need real-time co-editing, commenting, and version history without managing infrastructure.", "pricing": "Free with Google account. Google Workspace Business Starter: $7/user/month. Business Standard: $14/user/month. Business Plus: $18/user/month. Enterprise Plus (required for Client-Side Encryption): ~$25–35/user/month, quote-based.", "freeOption": true, "editorialTake": "Google Docs is the default collaborative writing tool for most newsrooms, and for everyday editorial work it earns that position. Real-time editing, commenting, version history, and near-universal access. AES-256 encryption at rest, TLS in transit. But Google is not zero-knowledge — Google employees and systems can access your document content for service operation, abuse detection, and AI feature delivery. Gemini AI is now embedded across Workspace, and while Google says Workspace customer data is not used for model training, your content is processed by Gemini's systems when AI features are active. Client-Side Encryption (CSE) — where Google genuinely cannot read your documents — exists but requires Enterprise Plus or Education Plus plans, starts around $25–35/user/month, and demands a third-party key management service (FlowCrypt, Virtru, or Thales). That prices out freelancers and most small newsrooms. The bigger issue for journalists: Google complies with legal process. In H1 2024 alone, Google received over 82,000 government requests for user data globally, producing some data in roughly 83% of U.S. subpoena cases. The DOJ obtained Fox News reporter James Rosen's Gmail via search warrant in 2013 and ordered Google not to notify him. In January 2026, the FBI raided Washington Post reporter Hannah Natanson's home and seized devices in a leak investigation — the first raid of a journalist's home for a national security leak case. Your Google Docs are subpoena-able. For daily editorial collaboration, Google Docs is practical and well-built. For sensitive investigations, source protection, or anything that could become a legal target, use CryptPad or local encrypted documents instead.", "bestFor": "Collaborative writing, editorial drafts, shared reporting documents, newsroom workflows that need real-time multi-user editing with commenting and suggestion mode.", "notFor": "Sensitive investigation documents, confidential source notes, legal-risk reporting, whistleblower communications, or anything you need to keep away from Google's servers and U.S. legal process. Google complies with subpoenas, search warrants, and FISA orders, and can produce document contents.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States by default (Google Cloud). Workspace customers can select data region (US or EU) for primary data at rest. Enterprise Plus plans offer Client-Side Encryption where Google cannot decrypt content — but this requires a third-party key service (FlowCrypt, Virtru, Thales, or Futurex) and is only available on Enterprise Plus, Education Plus, Education Standard, and Frontline Plus plans.", "privacyPolicyTldr": "Google encrypts data in transit (TLS) and at rest (AES-256) but is not zero-knowledge. Google accesses content for service operation, abuse scanning, and legal compliance. Gemini AI features process document content when active — Google states Workspace customer data is not used for model training, but content is still analyzed by AI systems for feature delivery. Google publishes a transparency report: in H1 2024, they received 82,000+ government data requests globally, producing data in ~83% of U.S. subpoena cases. Content requires a search warrant (not just a subpoena) to compel disclosure, but Google complies with valid warrants, court orders, and national security letters. Users are typically notified of requests unless a gag order prohibits it.", "practicalMitigations": "Do not store sensitive source identities, confidential investigation notes, or legally risky material in Google Docs. Disable Gemini AI features in Workspace admin settings if you do not want content processed by Google's AI systems. Review sharing settings — 'anyone with the link' is a common misconfiguration that has exposed sensitive documents. Enable Google Advanced Protection Program (free) for phishing-resistant login with passkeys or security keys. For the highest-risk work, use CryptPad (zero-knowledge, end-to-end encrypted) or local encrypted documents. If your newsroom uses Workspace Enterprise Plus, enable Client-Side Encryption with a third-party key service.", "owner": "Alphabet Inc. / Google LLC", "fundingModel": "Publicly traded (NASDAQ: GOOGL). Market cap ~$2T.", "businessModel": "Free tier supported by Google ecosystem and data collection. Revenue from Google Workspace subscriptions ($7–35+/user/month) and enterprise services. Google's ad business benefits from ecosystem lock-in even when Docs itself is free.", "knownIssues": "Google Docs comment feature has been repeatedly exploited for phishing — attackers use @mentions in comments to send malicious links that appear to come from Google's own servers, bypassing email filters. 'Anyone with the link' sharing misconfiguration has exposed sensitive documents across newsrooms, schools, and government agencies. In 2013, DOJ obtained Fox News reporter James Rosen's Gmail via warrant and gagged Google from notifying him. In January 2026, FBI raided Washington Post reporter Hannah Natanson's home and seized devices in a national security leak investigation — a precedent that makes all cloud-stored journalist documents more legally vulnerable. Gemini AI integration (rolled out across Workspace in 2024–2025) processes document content for AI features; while Google says Workspace data is not used for model training, the data is still analyzed by AI systems. Client-Side Encryption is limited to Enterprise Plus, Education Plus/Standard, and Frontline Plus plans — inaccessible to freelancers and small newsrooms. Notion has the same zero-knowledge gap: it is not end-to-end encrypted and can access user content. CryptPad is the only mainstream collaborative editor with true zero-knowledge encryption.", "reviewedBy": "Deepened evaluation by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "Strong infrastructure security: AES-256 at rest, TLS in transit, ISO 27001 and SOC 2/3 certified, FIPS 140-2 validated encryption modules. But Google is not zero-knowledge — they can access your document content, and they comply with legal process (82,000+ government data requests in H1 2024 alone). Gemini AI processes document content when features are active. Client-Side Encryption exists but is locked behind Enterprise Plus plans ($25–35+/user/month) and requires third-party key management. Google Advanced Protection Program (free) adds phishing-resistant login but does not change Google's ability to access stored documents. Adequate for general editorial collaboration. Not recommended for sensitive source material, investigation notes, or legally risky reporting without Enterprise CSE. Journalists handling sensitive material should use CryptPad or local encrypted storage." }, { "name": "Google Earth Pro", "slug": "google-earth-pro", "url": "https://www.google.com/earth/about/versions/#earth-pro", "tagline": "Free desktop satellite imagery with historical views back to the 1940s, 3D terrain, GIS import, and measurement tools. Version 7.3.7.", "category": "newsgathering", "additionalCategories": [ "verification", "data" ], "whoItsFor": "Investigative journalists verifying locations and tracking changes over time. OSINT researchers doing geolocation and conflict monitoring. Climate reporters documenting deforestation, flooding, and land use. Researchers who need to import GIS shapefiles or export high-res imagery.", "pricing": "Free (was $399/year until January 2015). Google Earth Engine is a separate paid product for large-scale planetary analysis.", "freeOption": true, "editorialTake": "Google Earth Pro is the single most important free tool for geolocation and visual investigation. The historical imagery slider is a time machine — Bellingcat used it to document destruction in Myanmar by comparing 2020 imagery against later captures. The desktop version is meaningfully more capable than the web version: it imports ESRI shapefiles and MapInfo files, exports at up to 4K resolution, and has a movie maker for broadcast-quality flyovers. Imagery resolution reaches 30-50cm in urban areas, though most images are 1-3 years old and rural areas may lag 2-5 years. The tradeoff is that this is a Google product with CIA-funded origins. Your searches and viewed locations are logged under Google's standard privacy policy. Common Sense Privacy gave Google Earth a 'Warning' rating. For routine geolocation this is fine; for sensitive investigations where your search patterns could reveal sources, use operational security or alternative tools.", "bestFor": "Verifying locations from photos and video using satellite imagery, terrain, and shadow angles. Tracking changes over time — construction, conflict damage, deforestation, coastal erosion. Measuring distances and areas for investigative reporting. Creating flyover videos for broadcast or documentary storytelling. Importing GIS data layers (shapefiles, KML, MapInfo) for geographic analysis.", "notFor": "Real-time satellite monitoring — imagery lags months to years behind. Frequent-revisit earth observation (Sentinel Hub updates every 5 days vs. Google's 1-3 year cycle for most areas). Privacy-sensitive investigations where your search queries must remain confidential. Multispectral analysis like NDVI vegetation indices (use Sentinel Hub or Google Earth Engine). Mobile fieldwork (the web and mobile versions lack Pro's analytical depth).", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. Google LLC (Alphabet Inc.). All usage data subject to Google's standard privacy policy and US government data request compliance.", "privacyPolicyTldr": "Google Earth Pro operates under Google's unified privacy policy. Google logs your search queries, viewed locations, and usage patterns. This data feeds Google's advertising profile for your account. Common Sense Privacy rates Google Earth as 'Warning' — it creates advertising profiles, may sell data, and targets ads based on usage. Google complies with US law enforcement and national security data requests. No option to use the tool anonymously. Requires a Google account for some features including saved places sync.", "practicalMitigations": "Use a dedicated Google account not linked to your real identity for sensitive geolocation work. Avoid searching for locations that could reveal ongoing investigations or sources. Use a VPN to prevent IP-based location correlation. Clear search and location history after sensitive sessions (myactivity.google.com). For highest-sensitivity work, consider offline alternatives: download imagery for a broad area, then disconnect before analyzing specific locations. Combine with Sentinel Hub (no Google account needed) for less attributable satellite analysis.", "owner": "Google LLC (Alphabet Inc., United States)", "fundingModel": "Originally Keyhole Inc., founded 2001 by John Hanke. In February 2003, CIA-funded venture firm In-Q-Tel made a strategic investment in Keyhole. Months later, Keyhole software was deployed to support US troops during Operation Iraqi Freedom. Google acquired Keyhole in October 2004 for an undisclosed sum, inheriting In-Q-Tel's stake. Rebranded as Google Earth in 2005.", "businessModel": "Free product within Google's mapping ecosystem. No direct revenue. Serves Google's broader data collection and advertising business — location interest data enriches ad targeting profiles. Enterprise and scientific users pay for Google Earth Engine (separate product for planetary-scale geospatial analysis). Google Earth Studio (browser-based animation tool) is free but requires a Google account.", "knownIssues": "Desktop client is resource-heavy and prone to crashes on older hardware, especially with complex GIS layers loaded. Movie maker frame rates can be unstable during zoom transitions. Historical imagery coverage is inconsistent — dense urban areas may have captures every few months back to the early 2000s, while rural areas have sparse coverage with multi-year gaps. Imagery dates shown at the bottom of the screen are capture dates, not upload dates — there can be months of delay before new imagery appears. Web version cannot import shapefiles or export high-res imagery, limiting it to casual use. February 2026 data catalog maintenance caused data layer issues in projects, requiring users to delete and re-add layers. The mobile app lacks most Pro features. No Linux ARM support.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "Powerful free tool with standard Google data collection. Your search queries and viewed locations are logged and feed advertising profiles. Common Sense Privacy rates Google Earth as 'Warning' for data practices. Adequate for routine journalism; use a dedicated account and VPN for sensitive geolocation investigations. The CIA-funded origin story is historical context, not a current operational concern — but it underscores that geospatial intelligence has always been a dual-use technology." }, { "name": "Google Fact Check Explorer", "slug": "google-fact-check-explorer", "url": "https://toolbox.google.com/factcheck/explorer", "tagline": "Search engine for fact-checks from around the world — find what's been debunked before you publish.", "category": "verification", "whoItsFor": "Journalists, fact-checkers, and researchers who need to quickly find existing fact-checks on a claim, person, or topic. Useful during breaking news to see what's already been verified or debunked globally.", "pricing": "Free. API access also free with a Google Cloud API key.", "freeOption": true, "editorialTake": "Fact Check Explorer is a search engine that indexes fact-checks published by organizations worldwide using ClaimReview structured data markup. Type a claim or keyword, get back fact-checks from hundreds of publishers with their verdicts — false, misleading, partly true, etc. You can also search by image to see if a photo has been previously fact-checked. It's not doing the fact-checking itself — it's aggregating what credentialed organizations have already published. That's a strength and a limitation: coverage depends on what's been marked up with ClaimReview schema. The Fact Check Markup Tool companion lets publishers add ClaimReview structured data to their own articles, feeding the ecosystem. The API (free, via Google Cloud) enables programmatic access for newsroom tools and monitoring dashboards. As a Google product, it runs on Google's infrastructure and is subject to Google's privacy policy — searches are logged like any Google service.", "bestFor": "Quickly checking if a claim has already been fact-checked. Researching the debunking history of viral misinformation. Finding fact-check sources across languages and countries. Building automated fact-check monitoring via the API. Pre-publication verification — seeing what others have already found.", "notFor": "Original fact-checking — this aggregates existing work, it doesn't verify claims itself. Claims that haven't been fact-checked yet by a ClaimReview publisher. Real-time verification of breaking news (fact-checks take time to publish). Sensitive investigative research where you don't want Google logging your search queries.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (Google LLC, Mountain View, CA). Data processed on Google's global infrastructure.", "privacyPolicyTldr": "Subject to Google's standard privacy policy. Search queries are logged and associated with your Google account if signed in. Google collects usage data, device information, and interaction patterns. No special privacy carve-out for journalists. The Fact Check Tools API requires a Google Cloud API key tied to a Google account.", "practicalMitigations": "Use without signing in to a Google account to reduce query logging tied to your identity. Use a privacy-focused browser or incognito mode for sensitive verification research. For the API, use a service account not tied to personal identity. Be aware that Google can see what claims you're researching — relevant for pre-publication investigative work.", "owner": "Google LLC (part of the Google News Initiative)", "fundingModel": "Google-funded as part of its News Initiative, which supports journalism infrastructure globally.", "businessModel": "Free public utility. Supports Google's broader news ecosystem strategy and structured data adoption. No direct monetization.", "knownIssues": "Coverage depends entirely on which organizations publish with ClaimReview markup — significant blind spots exist for claims not yet fact-checked or in regions with fewer fact-checking organizations. Google's privacy policy means your search queries are logged. Image search capability is useful but limited to images that have been previously fact-checked. Results can lag behind fast-moving misinformation. Relies on Google's infrastructure — not available in regions where Google services are blocked.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "reviewDepth": "editorial", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "Standard Google service with HTTPS and enterprise-grade infrastructure. The privacy trade-off is typical of Google products: your search queries are logged and subject to Google's broad data collection practices. For routine verification work this is fine. For sensitive pre-publication research, the fact that Google can see exactly what claims you're investigating warrants caution — use without signing in and consider your threat model." }, { "name": "Google Gemini", "slug": "google-gemini", "url": "https://gemini.google.com", "tagline": "Google's AI assistant. Deep Workspace integration. The hallucination problem is real.", "category": "ai", "whoItsFor": "Journalists already in Google Workspace who want AI built into Docs, Gmail, Sheets, and Drive. Also researchers, activists, and anyone using Google's ecosystem.", "pricing": "Free (Gemini 2.5 Flash). Plus: $7.99/month. Pro: $19.99/month (Gemini 2.5 Pro, Advanced features). Ultra: $249.99/month. Workspace add-ons: Business ($20-24/user/month) and Enterprise (custom) require active Workspace subscription ($6-18/user/month), bringing total cost to $26-54/user/month.", "freeOption": true, "editorialTake": "Gemini's advantage is integration. It lives inside Google Docs, Gmail, Sheets, and Drive — no copy-pasting between apps. For newsrooms already on Google Workspace, that matters. The AI can summarize email threads, draft in Docs, and analyze spreadsheets without leaving the tools reporters already use.\n\nThe privacy picture splits sharply by tier. Free Gemini app conversations are used to improve Google's models by default. Human reviewers read anonymized conversations. Opting out of training means your conversations aren't stored, but Google retains data for up to 72 hours for abuse monitoring. Gemini for Workspace (Business and Enterprise) is different: Google pledges that prompts, outputs, and inputs are not used to train base models and receive the same data protections as other Workspace content. Enterprise customers get SOC 1/2/3, ISO 42001, FedRAMP High, and HIPAA compliance. Client-side encryption lets organizations hold their own keys — Google and Gemini cannot access that data.\n\nThe hallucination problem is severe. Independent benchmarks show Gemini 3 Flash with a 91% hallucination rate — the highest of any major model tested. Gemini 3 Pro scored 88%. Google's models know the most but admit the least: they attempt every question rather than saying \"I don't know.\" On grounded summarization tasks, Gemini 2.0 Flash scored 0.7% hallucination — best in class. The gap between grounded and ungrounded performance is enormous. For journalists, this means Gemini is useful for summarizing documents you provide but unreliable for generating facts from its training data.\n\nIn October 2025, activist Robby Starbuck sued Google after Gemini fabricated sexual misconduct and criminal charges attributed to him. Defamation from AI hallucinations is now an active legal question.\n\nIn January 2026, Google and Apple announced a deal to run Siri on Gemini, pushing Alphabet past a $4 trillion market cap. Google's funding model — profitable search advertising — gives it an advantage over VC-dependent competitors. But it also means Gemini exists to keep users inside Google's advertising ecosystem.\n\nCompared to ChatGPT: Gemini has deeper productivity suite integration but worse hallucination benchmarks. Compared to Claude: Gemini integrates with more tools but Claude handles nuanced writing and long documents better. Compared to Perplexity: use Perplexity when you need cited search results.\n\nDisclosure: This site was built with Anthropic's Claude, a competing product. Our assessment of Gemini is based on documented facts, public benchmarks, and disclosed policies.\n", "bestFor": "Summarizing documents already in Google Drive, drafting in Google Docs, analyzing data in Sheets, email triage in Gmail. Grounded summarization tasks where you provide the source material.", "notFor": "Fact-dependent research without source documents — hallucination rates are too high. Confidential source communications on the free tier. Any task where you need the model to say 'I don't know' rather than guess. Investigative work involving sensitive documents on consumer plans.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (Google Cloud infrastructure). Workspace Business/Enterprise customers can confine Gemini data processing to US or EU. Local data storage available in additional countries for Workspace customers.", "privacyPolicyTldr": "Free Gemini app: conversations used to improve models by default. Human reviewers read anonymized samples. Opting out stops storage but Google retains data up to 72 hours. Gemini for Workspace (Business/Enterprise): prompts and outputs are not used to train base models. Data receives same protections as other Workspace content. Client-side encryption available — organizations hold their own keys, preventing access by Google or Gemini. Gemini only retrieves Workspace content the user already has access to.\n", "practicalMitigations": "On the free tier, turn off Gemini Apps Activity in your Google Account settings to stop conversation storage and training use. Do not paste confidential source identities or unpublished documents into the free tier. For newsroom use, Workspace Business or Enterprise tiers provide contractual training exclusions and compliance certifications. Enable client-side encryption for the most sensitive documents. Never trust Gemini-generated facts without independent verification — hallucination rates on ungrounded queries exceed 88%. Use Gemini for summarizing documents you provide, not for generating new factual claims. For cited research, use Perplexity or manual search instead.\n", "owner": "Alphabet Inc. (GOOGL, publicly traded, $4T+ market cap as of January 2026). Gemini developed by Google DeepMind.", "fundingModel": "Alphabet is profitable. Revenue exceeds $100B per quarter. Funded by search advertising, YouTube ads, Google Cloud, and hardware. No external VC dependency. $20B bond issuance in February 2026 included a 100-year 'Century Bond' for long-term infrastructure investment.", "businessModel": "Advertising-funded ecosystem. Gemini keeps users inside Google's productivity and search products, which generate advertising revenue. Direct subscription revenue from Pro/Ultra tiers and Workspace add-ons. API licensing for developers. The Apple-Siri deal (January 2026) expands Gemini's reach to iOS users.", "knownIssues": "Hallucination rates: Gemini 3 Flash scored 91% hallucination rate in independent benchmarks — highest of any major model. Gemini 3 Pro scored 88%. The models attempt every question rather than admitting uncertainty. On grounded tasks with provided documents, performance is strong (0.7% hallucination for Gemini 2.0 Flash). The gap is the core risk for journalism.\n\nAI defamation: Robby Starbuck filed suit in October 2025 after Gemini fabricated criminal charges and sexual misconduct attributed to him. Google's AI Overview feature has also generated defamatory outputs in search results.\n\nFree tier trains by default: Consumer conversations improve Google's models unless users disable Gemini Apps Activity. Human reviewers see anonymized conversations. Most users never change defaults.\n\nWorkspace data access: Gemini retrieves any Workspace content the user has access to. In organizations with loose sharing permissions, this can surface documents beyond what users expect. Admins should audit sharing settings before enabling Gemini.\n\nGoogle's advertising business model: Gemini exists to retain users in Google's ecosystem. Editorial decisions about AI features are influenced by advertising revenue incentives, not journalism needs.\n\nAntitrust: The US DOJ's antitrust case against Google (ongoing as of 2026) could force structural changes to how Gemini integrates with Search and Workspace.\n", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03", "relatedPrograms": [], "securityRating": "caution", "securityRatingNote": "Strong infrastructure security at the Workspace tier: SOC 1/2/3, ISO 42001, FedRAMP High, HIPAA, client-side encryption. Workspace Business/Enterprise provide genuine data isolation with no model training on customer data. The free tier trains by default with human review of anonymized conversations — a significant risk for journalists. The hallucination problem is the most serious concern: 88-91% hallucination rates on ungrounded queries make Gemini unreliable for fact-dependent journalism without source documents. Use Workspace tiers for newsroom deployments. Never trust ungrounded Gemini outputs without verification.\n" }, { "name": "Google Maps", "slug": "google-maps", "url": "https://maps.google.com", "tagline": "Street View in 80+ countries. 280 billion panoramic images. Route planning, location verification, satellite imagery. The everyday mapping tool for field reporting.", "category": "newsgathering", "additionalCategories": [ "verification" ], "whoItsFor": "Journalists who need to verify locations from photos and video. Reporters planning field assignments and navigating unfamiliar areas. Investigators using Street View for remote reconnaissance of buildings, neighborhoods, and infrastructure. OSINT researchers cross-referencing geotagged content with ground-level imagery. Any reporter who needs to understand the geography of a story.", "pricing": "Free for personal use (web and mobile). Google Maps Platform API: $7 per 1,000 Dynamic Maps loads, $14 per 1,000 Street View Static API requests. $200 monthly free credit covers most journalism use.", "freeOption": true, "editorialTake": "Google Maps is the tool journalists reach for first and think about least. It is not specialized — it is ubiquitous. That ubiquity is its strength. Street View covers 80+ countries with 280 billion panoramic images. Historical Street View imagery lets you compare a location across years. Route planning with real-time traffic helps reporters reach a story. Satellite view provides overhead context without the analytical depth of Google Earth Pro. For everyday journalism — where is this building, what does this intersection look like, how do I get to the courthouse — Google Maps is the answer. The investigative applications are real but secondary. Bellingcat used Google Maps Street View to geolocate a Malaysian wildlife trafficker's house in 2025 by matching posted photos to panoramic imagery. Reporters use it to verify the location of photos and videos shared on social media. Street View's time-travel feature (historical imagery on mobile since 2022) adds a temporal dimension — you can see what a neighborhood looked like five years ago. But Google Earth Pro is the better tool for serious geolocation work: it has higher-resolution satellite imagery, measurement tools, GIS import, and more granular historical imagery going back to the 1940s. OpenStreetMap is the better tool when you need open, editable map data not controlled by a single corporation. QGIS is the better tool for spatial analysis. Google Maps fills the gap below all of these — it is fast, familiar, and sufficient for 90% of location-related journalism tasks. The privacy cost is Google's standard bargain. Google Maps collects your search queries, viewed locations, routes, transportation methods, and visit frequency. This data feeds advertising profiles. Google paid $392 million in 2022 to settle allegations that it tracked users' locations even after they turned off location tracking. If you are investigating a sensitive location — a government facility, a source's home, a conflict zone — your search history is logged under your Google account.", "bestFor": "Verifying locations from user-generated photos and video. Planning routes and logistics for field reporting. Remote reconnaissance of locations via Street View before visiting in person. Checking real-time traffic and transit options. Quick satellite overview of a story's geography. Comparing historical Street View imagery across time periods. Embedding maps in digital stories.", "notFor": "High-resolution satellite analysis — Google Earth Pro has better imagery and measurement tools. Historical satellite comparison going back decades — Google Earth Pro's slider is more granular. Sensitive investigations where your search patterns must remain confidential — Google logs everything. Spatial data analysis or GIS work — use QGIS. Situations where you need map data not controlled by Google — use OpenStreetMap. Offline mapping in areas without internet — download offline maps in advance or use dedicated offline tools.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. Google LLC (Alphabet Inc.) headquartered in Mountain View, California. All usage data subject to Google's unified privacy policy and US government data request compliance. Location data stored on US servers. No EU data residency option for consumer accounts.", "privacyPolicyTldr": "Google Maps collects search queries, viewed locations, routes, visit frequency, transportation methods, device location (if enabled), nearby Wi-Fi access points, cell tower data, and device sensors. This data feeds Google's advertising profile for your account. Location History (now called Timeline) stores a record of everywhere you go with your device. Google stores Timeline data on-device by default since 2024, but previously stored it on Google's servers. Google complies with law enforcement geofence warrants — requests for data on all users near a location at a given time. Google has begun requiring individual warrants rather than bulk geofence requests, but the data exists to fulfill them.", "practicalMitigations": "Use a dedicated Google account not linked to your identity for sensitive location research. Turn off Location History (Timeline) or set it to auto-delete after 3 months. Use incognito mode in the Google Maps app to prevent searches from being saved to your account. Clear location search history after sensitive sessions at myactivity.google.com. Use a VPN when researching sensitive locations to prevent IP-based correlation. Download offline maps before traveling to reduce real-time location data transmission. For highest-sensitivity geolocation work, use OpenStreetMap or offline tools that do not phone home to any server. Be aware that geofence warrants can compel Google to reveal who searched for or navigated to a specific location.", "owner": "Google LLC (Alphabet Inc., Mountain View, California). Google Maps launched February 8, 2005. Acquired Where 2 Technologies, Keyhole Inc., and ZipDash to build the initial product. Street View launched May 2007.", "fundingModel": "Subsidiary of Alphabet Inc. (NASDAQ: GOOGL). Alphabet's annual revenue exceeded $340 billion in 2024. Google Maps is funded through Alphabet's advertising and cloud services revenue.", "businessModel": "Free consumer product. Revenue from Google Maps Platform API fees (developers and businesses embedding maps), local business advertising (promoted pins, local search ads), and the broader data collection that enriches Google's ad targeting. Google Maps is estimated to generate $11 billion+ annually through these channels.", "knownIssues": "Google paid $392 million in 2022 to settle with 40 US states over allegations of tracking users' locations after they turned off location tracking. Geofence warrants allow law enforcement to request data on all Google users near a location at a given time — Google has pushed back on bulk requests but the data exists. Street View imagery can be months to years old in less-trafficked areas. Satellite imagery in Google Maps is lower resolution than Google Earth Pro and updates less frequently. Google Maps has been used to spread misinformation through fake business listings and manipulated reviews. Coverage gaps persist in conflict zones, authoritarian states, and remote areas — Street View is unavailable in China, most of the Middle East, and parts of Africa. Offline maps require advance downloading and lack full functionality. The Google Maps Platform API has experienced pricing complaints from developers after a 2018 price increase of up to 1,400%.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "TLS encryption in transit. Encryption at rest on Google's servers. The risk is not a security vulnerability but a data collection model. Google Maps logs your searches, routes, and location visits, feeding this into advertising profiles. The $392 million location tracking settlement confirms that Google's location data practices have exceeded what users consented to. Geofence warrants are a real concern for journalists investigating sensitive locations. For routine field work — navigation, location verification, Street View reconnaissance — the security posture is adequate. For sensitive investigations where your search patterns could reveal sources or story targets, use a dedicated account, VPN, and incognito mode, or switch to OpenStreetMap." }, { "name": "Google NotebookLM", "slug": "google-notebooklm", "url": "https://notebooklm.google.com", "tagline": "AI research assistant grounded in your uploaded documents, not the open web.", "category": "ai", "openSource": false, "whoItsFor": "Journalists synthesizing large document sets — court filings, reports, transcripts, leaked PDFs. Reporters preparing for interviews who need to absorb 200 pages in an afternoon. Investigative teams building notebooks around a single story with dozens of sources.", "pricing": "Free tier: 100 notebooks, 50 sources each, 50 queries/day, 3 Audio Overviews/day. NotebookLM Plus (via Google One AI Premium): $19.99/month — 5x limits, 100 sources/notebook, custom response styles. NotebookLM Ultra (via Google AI Ultra): $249.99/month — highest limits, priority access, advanced features.", "freeOption": true, "editorialTake": "NotebookLM is the best free tool for document-grounded AI research. It refuses to answer from general knowledge — every response cites your uploaded sources, which makes hallucination rates roughly 3x lower than ChatGPT or Gemini on document-based queries (13% vs 40% in one study). The Audio Overview feature is genuinely useful: two AI hosts discuss your sources in a podcast format you can listen to while commuting. Interactive Mode lets you interrupt the podcast to ask questions. Since early 2026, it runs on Gemini 3 with agentic Deep Research capabilities that can browse the live web to fill gaps. The catch: notebooks are siloed. You cannot cross-reference between them, export is manual copy-paste, and there is no API. For journalists, the free tier is generous enough for most story-level research. Don't upload source-identifying materials — Google processes everything server-side.", "bestFor": "Synthesizing 10-50 source documents into a coherent understanding. Generating Audio Overviews of complex material for passive absorption. Interview prep from background documents. Converting dense reports into briefing notes, FAQs, or study guides.", "notFor": "Real-time web research (use Perplexity). Spreadsheet or database analysis (NotebookLM cannot process Excel, CSV, or structured data). Cross-project research that spans multiple notebooks. Anything requiring formatted citations (APA, MLA, Chicago). Image or handwritten note analysis.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Google Cloud (global). No region selection for free users. Workspace Enterprise customers get VPC-SC compliance and regional controls.", "privacyPolicyTldr": "Google states uploaded documents are not used to train AI models. Workspace accounts get stronger guarantees: no human review of uploads, queries, or responses. Free accounts get the same no-training commitment, but are subject to standard Google Terms of Service with fewer contractual protections. Your notebooks, sources, and Audio Overviews persist until you delete them. Queries are not saved.", "practicalMitigations": "Do not upload documents that could identify confidential sources — names, locations, communication records. Use NotebookLM for public records, published research, court filings, and non-sensitive background material. For sensitive investigations, use local tools (Obsidian, Claude desktop with local-only mode) instead. Review your notebook list periodically and delete completed projects. Use a Google Workspace account if your organization has one — the enterprise data protections are materially stronger than consumer account terms.", "owner": "Google LLC", "fundingModel": "Alphabet revenue. NotebookLM is a strategic product within Google Labs, now integrated as a core Google Workspace service.", "businessModel": "Freemium. Free tier drives adoption; paid tiers ($19.99/month Plus, $249.99/month Ultra) add capacity. Enterprise licensing through Google Cloud for large organizations. Part of Google's broader AI platform strategy to keep users inside the Google ecosystem.", "knownIssues": "Gemini 3.1 Pro update (February 19, 2026) broke RAG and grounding quality for multiple users — a critical regression reported on Google's developer forums. Notebooks are completely siloed with no cross-notebook search or references. No public API for automation or integration. No export function — all content is locked inside NotebookLM's interface. Cannot process spreadsheets, databases, images, EPUB files, or code repositories. Source cap of 50 per notebook (100 on Plus) is restrictive for large investigations. Audio Overviews and infographic features hit capacity constraints in November 2025, temporarily limiting free-tier access. Citation system provides inline source links but cannot generate formatted academic citations.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "Google infrastructure with standard encryption in transit and at rest. Google commits to not training on uploaded data, with stronger contractual guarantees for Workspace accounts than consumer accounts. All documents are processed server-side on Google Cloud. No zero-knowledge architecture — Google can technically access your content. Adequate for public records and published research. Not appropriate for source-identifying materials, leaked documents, or anything requiring confidentiality from a platform operator." }, { "name": "Google Pinpoint", "slug": "google-pinpoint", "url": "https://journaliststudio.google.com/pinpoint/about/", "tagline": "AI document analysis for investigative journalism.", "category": "newsgathering", "additionalCategories": [ "data" ], "builtForJournalism": true, "whoItsFor": "Investigative journalists and academic researchers working with large document sets. Pinpoint transcribes PDFs, images, audio, and video, runs entity recognition (people, organizations, locations), and makes everything full-text searchable. Part of Google's Journalist Studio, funded by the Google News Initiative. Not available to the general public — you must apply and verify journalist or academic credentials to upload documents. Anyone with a Google account can view public collections read-only.", "pricing": "Free. No paid tiers. 100GB storage per user, up to 200,000 files per collection, 20,000 uploads per day.", "journalistDiscount": "Entirely free for verified journalists and academic researchers.", "freeOption": true, "editorialTake": "Pinpoint is the best free tool for searching large document sets. Upload thousands of FOIA pages and it identifies entities, transcribes audio in 100+ languages, and lets you ask questions about your collection using Gemini-powered generative AI. The structured data extraction — highlight fields in one document, Pinpoint pulls them from similar documents across the collection — is genuinely powerful for repetitive FOIA work. The catch is the one you already know: your documents go to Google's servers. Google says Pinpoint data won't train LLMs. But human reviewers at Google can read samples of your prompts and feedback. The broader Google Privacy Policy permits using data to 'improve existing services' and 'develop new services.' Google complies with government data requests. For public records this is fine. For leaked documents, whistleblower materials, or anything where the mere existence of your search interest is sensitive, it's a non-starter. Use DocumentCloud (self-hostable, open-source) or Aleph for those.", "bestFor": "FOIA document analysis, public records research, large document set exploration, court filing review, audio/video transcription, structured data extraction from repetitive document formats.", "notFor": "Leaked or classified documents, whistleblower materials, anything where your search queries themselves are sensitive. No API — can't integrate into custom workflows. Not useful on mobile. Generative AI features require separate early-access approval.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (Google Cloud)", "privacyPolicyTldr": "Google's general privacy policy applies. Collections are private by default. Google states uploaded documents will not be used to train LLMs. However, Google human reviewers may read, annotate, and process samples of your Pinpoint data — including prompts and thumbs-up/down feedback on generative AI features. Google explicitly warns against including personally identifiable information (phone numbers, emails, birth dates) in AI prompts. The broader Google Privacy Policy permits using data to 'develop new services' and 'improve existing services.' Google complies with government data requests and publishes a transparency report. Your Pinpoint activity may be correlated with other Google services tied to your account.", "practicalMitigations": "Use a dedicated Google account for Pinpoint that's not linked to your personal email, browsing, or Android phone. Don't upload documents that could identify confidential sources. Don't put PII in generative AI prompts — Google's own help docs warn against this. For sensitive document sets, use DocumentCloud (self-hosted option, open-source) or Aleph (occrp.org). Delete collections when analysis is complete. If a collection sits inactive for 4+ months, Gemini features degrade — you'll need to re-upload to a new collection.", "owner": "Alphabet Inc. / Google LLC", "fundingModel": "Corporate. Part of Google News Initiative ($300M+ committed since 2018). Journalist Studio is the product suite; Pinpoint is its flagship tool.", "businessModel": "Free tool. No direct revenue. Builds Google's relationship with the journalism industry and positions Google infrastructure as the default for newsroom workflows. Classic ecosystem play — free tools create dependency on the platform.", "knownIssues": "Entity recognition produces false positives (in one documented case, a transcript of 'sixty frickin' Chiefs' surfaced the Kansas City Chiefs as an organization). Audio transcription does not separate speakers and breaks paragraphs poorly, making quote extraction difficult. Handwriting OCR is unreliable for anything less than perfectly neat writing. Hindi and some non-Latin script OCR accuracy is weak. No API — zero programmatic access, no way to integrate into custom pipelines. Not conversational — each generative AI question is independent, no follow-up context. Table auto-detection sometimes fails, requiring manual intervention that doesn't scale for large sets. Structured data extraction limited to 100 documents and 5 fields per batch. New features only apply to collections created after the feature ships — old collections don't get upgrades. Desktop-only in practice; mobile experience is minimal. Google has complied with government requests for user data in cases involving journalists.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "relatedPrograms": [ "google-pinpoint" ], "securityRating": "caution", "securityRatingNote": "Strong infrastructure security (Google Cloud encryption, private-by-default collections) but documents are processed on Google's servers under Google's broad privacy policy. Human reviewers can sample your prompts. No journalist-specific data protection guarantees. Use a dedicated account and keep sensitive source materials off the platform entirely." }, { "name": "Google Sheets", "slug": "google-sheets", "url": "https://docs.google.com/spreadsheets", "tagline": "Free collaborative spreadsheet. 10 million cell limit. Real-time multi-user editing. The starting point for most data journalism.", "category": "data", "openSource": false, "whoItsFor": "Data journalists cleaning, analyzing, and sharing datasets. Reporters organizing public records, election results, or FOIA responses. Newsroom teams building collaborative spreadsheets for ongoing investigations. Students and aspiring journalists learning data skills before moving to R, Python, or Tableau.", "pricing": "Free with Google account (15GB shared across Drive, Gmail, Photos). Google Workspace Business Starter: $7/user/month. Business Standard: $14/user/month. Business Plus: $18/user/month. Enterprise Plus: ~$25-35/user/month (required for Client-Side Encryption).", "freeOption": true, "editorialTake": "Half of data journalism starts in Google Sheets. Not because it is the most powerful tool — it is not — but because it is free, collaborative, and already open in every newsroom browser. 10 million cell limit. Real-time co-editing. 83 languages. Imports CSV, TSV, XLSX, ODS. Exports to PDF and Excel. Apps Script (JavaScript-based) lets you automate imports, transformations, and alerts. The Explore feature uses machine learning to answer natural language questions about your data and auto-generate charts. Since late 2025, Gemini AI is embedded in Sheets — it can generate formulas, build pivot tables, and suggest analysis patterns. Google Sheets is the gateway drug to data journalism. Reporters who would never open a command line will pivot, filter, and VLOOKUP their way through a public records dump. For datasets under a few hundred thousand rows, it handles the work. Once you hit millions of rows, complex joins, or statistical modeling, you graduate to Python, R, or a proper database. The security story is identical to Google Docs. Google is not zero-knowledge. Google encrypts data at rest (AES-256) and in transit (TLS), but Google employees and systems can access spreadsheet contents for service operation, abuse detection, and AI feature delivery. Gemini processes your data when AI features are active. In H1 2024, Google received over 82,000 government data requests globally, producing data in ~83% of U.S. subpoena cases. Spreadsheet contents require a warrant, but Google complies with valid warrants, court orders, and national security letters. Client-Side Encryption exists but requires Enterprise Plus ($25-35+/user/month) and a third-party key management service. That prices out every freelancer and most small newsrooms. For non-sensitive data work — public records, published datasets, election results, census data — Google Sheets is practical and well-built. For sensitive source-linked data, financial records under investigation, or anything that could become a legal target, do your analysis locally or in an encrypted environment.", "bestFor": "Data cleaning and exploration for public records, FOIA responses, election data, census data. Collaborative dataset building across a reporting team. Quick pivot tables, charts, and analysis for deadline work. Teaching data journalism fundamentals — the learning curve is near zero.", "notFor": "Datasets over ~500K rows (performance degrades). Statistical modeling, regression analysis, or complex joins (use R or Python). Sensitive source-linked data, financial records under investigation, or any dataset that could become a legal target. Offline-only workflows — Sheets works offline via Chrome extension but with limited functionality. Anyone who needs zero-knowledge encryption on their data (use CryptPad or local tools).", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States by default (Google Cloud). Workspace customers can select data region (US or EU) for primary data at rest. Enterprise Plus plans offer Client-Side Encryption where Google cannot decrypt content — requires a third-party key service (FlowCrypt, Virtru, Thales, or Futurex) and is only available on Enterprise Plus, Education Plus, Education Standard, and Frontline Plus plans.", "privacyPolicyTldr": "Google encrypts data in transit (TLS) and at rest (AES-256) but is not zero-knowledge. Google accesses spreadsheet content for service operation, abuse scanning, and legal compliance. Gemini AI processes spreadsheet data when features are active — Google states Workspace customer data is not used for model training, but content is analyzed by AI systems for feature delivery. Google transparency report: 82,000+ government data requests in H1 2024 globally, producing data in ~83% of U.S. subpoena cases. Spreadsheet contents require a search warrant (not just a subpoena) to compel disclosure, but Google complies with valid warrants, court orders, and national security letters.", "practicalMitigations": "Do not store sensitive source identities, confidential investigation data, or legally risky material in Google Sheets. Disable Gemini AI features in Workspace admin settings if you do not want data processed by Google's AI systems. Review sharing settings — 'anyone with the link' is a common misconfiguration that has exposed sensitive datasets. Enable Google Advanced Protection Program (free) for phishing-resistant login with passkeys or security keys. For sensitive data analysis, use LibreOffice Calc locally or CryptPad Sheets (zero-knowledge, E2E encrypted). If your newsroom uses Workspace Enterprise Plus, enable Client-Side Encryption with a third-party key service.", "owner": "Alphabet Inc. / Google LLC", "fundingModel": "Publicly traded (NASDAQ: GOOGL). Market cap ~$2T.", "businessModel": "Free tier supported by Google ecosystem and data collection. Revenue from Google Workspace subscriptions ($7-35+/user/month) and enterprise services. Google's ad business benefits from ecosystem lock-in even when Sheets itself is free.", "knownIssues": "Performance degrades noticeably past ~500K rows or heavy formula chains. 10 million cell hard limit — large datasets require splitting or migration to BigQuery. 'Anyone with the link' sharing misconfiguration has repeatedly exposed sensitive spreadsheets across newsrooms, government agencies, and NGOs. Gemini AI integration (rolled out across Workspace in 2024-2025) processes spreadsheet data for AI features; Google says Workspace data is not used for model training, but data is still analyzed by AI systems. No true zero-knowledge option outside Enterprise Plus plans. Import/export can lose formatting and formula compatibility with Excel for complex workbooks. Apps Script has execution time limits (6 minutes for consumer, 30 minutes for Workspace) that constrain automated data pipelines. Google Sheets launched in 2006 (originally Google Spreadsheets, rebranded 2012) — mature and stable, but feature development has slowed relative to competitors like Airtable and Notion databases.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "Strong infrastructure security: AES-256 at rest, TLS in transit, ISO 27001 and SOC 2/3 certified, FIPS 140-2 validated encryption modules. But Google is not zero-knowledge — they can access spreadsheet contents, and they comply with legal process (82,000+ government data requests in H1 2024 alone). Gemini AI processes spreadsheet data when features are active. Client-Side Encryption exists but is locked behind Enterprise Plus plans ($25-35+/user/month) and requires third-party key management. Adequate for public data, published datasets, and general newsroom data work. Not recommended for sensitive source-linked data, investigation financials, or legally risky datasets without Enterprise CSE." }, { "name": "Google Translate", "slug": "google-translate", "url": "https://translate.google.com", "tagline": "249 languages. Camera translation, voice translation, document translation. Gemini-powered since December 2025. The default translation tool for field reporting.", "category": "writing", "additionalCategories": [ "newsgathering" ], "whoItsFor": "Journalists working in the field who need instant translation across 249 languages — more than any competitor. Reporters interviewing sources in unfamiliar languages using voice or camera translation. Correspondents reading foreign-language documents, signs, or social media posts. Anyone who needs quick-and-dirty translation in languages that DeepL or other premium tools do not support.", "pricing": "Free for web, mobile, and browser extension. Google Cloud Translation API: $20 per million characters (first 500K characters free per month). Document Translation API: $0.08 per page.", "freeOption": true, "editorialTake": "Google Translate is the Swiss Army knife of translation. It covers 249 languages — DeepL covers 33, and even with its 2025 expansion to 100+, DeepL's quality advantage shrinks as you move beyond European languages. For Tigrinya, Khmer, Yoruba, or Pashto, Google Translate is often the only option. The December 2025 Gemini integration improved idiomatic and conversational translation. Google claims better handling of slang, local expressions, and context-dependent phrases. The camera feature translates text in real-time through your phone's viewfinder — point at a sign in Mandarin and read it in English. Voice translation now uses Gemini's speech-to-speech model with real-time headphone output, supporting 70+ languages (Android only as of early 2026, iOS coming later). Document translation handles PDFs up to 300 pages. The privacy tradeoff is the standard Google bargain. Text submitted to the free web and mobile versions may be logged and used to improve services. Google's privacy policy does not guarantee deletion of translated text. For sensitive documents — leaked files, whistleblower communications, source interviews — this is a problem. DeepL's paid tier explicitly deletes text after translation and never trains on it. Google's Cloud Translation API offers stronger data processing guarantees under enterprise terms, but the free version does not. Compared to Immersive Translate, Google Translate is a standalone tool, not a bilingual browsing layer. Immersive Translate shows original and translated text side-by-side on web pages using 20+ translation engines (including Google's). Google Translate is the better field tool. Immersive Translate is the better research tool. DeepL is the better quality tool for its supported languages. Use Google Translate when language breadth and physical-world translation (camera, voice) matter most.", "bestFor": "Field reporting in countries where you do not speak the language. Translating signs, menus, documents, and handwritten text via camera. Real-time voice translation during interviews (Android, 70+ languages). Quick translation of social media posts, press releases, and news articles in less-common languages. Offline translation in areas without reliable internet (download language packs in advance).", "notFor": "Sensitive or classified documents — text may be logged and used for service improvement. High-stakes translations where accuracy is critical (legal documents, quotes for publication) — always verify with a human translator or DeepL. Languages where DeepL is available and quality matters more than speed. Bilingual web browsing — Immersive Translate is purpose-built for that. Any translation task where you need a contractual guarantee that your text is deleted after processing (use DeepL Pro or the Cloud Translation API with enterprise terms).", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. Google LLC (Alphabet Inc.) headquartered in Mountain View, California. All data subject to Google's unified privacy policy and US government data request compliance. Cloud Translation API customers can specify data processing regions under enterprise agreements.", "privacyPolicyTldr": "Text submitted to the free web and mobile versions of Google Translate may be logged and used to improve translation quality. Google states that uploaded documents are stored temporarily to complete translation and deleted afterward, but does not provide contractual guarantees for the free tier. Data is anonymized before use in training, per Google. The Cloud Translation API has a separate, stricter data processing policy — Google does not log API request content for customers using the paid service. Google complies with law enforcement data requests. No opt-out for data collection on the free tier beyond not using the service.", "practicalMitigations": "Do not paste sensitive source material, leaked documents, or confidential information into the free web or mobile version. Use the Cloud Translation API with enterprise data processing terms for sensitive content. Download offline language packs before traveling to areas with unreliable internet. For high-stakes translations (quotes for publication, legal documents), always verify with a native speaker or professional translator. Use DeepL Pro for European-language documents requiring contractual data deletion guarantees. Consider running local translation models (e.g., Argos Translate, LibreTranslate) for maximum confidentiality.", "owner": "Google LLC (Alphabet Inc., Mountain View, California). Google Translate launched in April 2006. Originally used statistical machine translation; shifted to neural machine translation in 2016. Gemini-powered translation models deployed December 2025.", "fundingModel": "Subsidiary of Alphabet Inc. (NASDAQ: GOOGL). Alphabet's annual revenue exceeded $340 billion in 2024. Google Translate is funded through Alphabet's advertising and cloud services revenue.", "businessModel": "Free consumer product supported by Google's advertising ecosystem. Enterprise revenue from Cloud Translation API usage fees ($20 per million characters). Google Translate drives engagement within Google's ecosystem and contributes training data for Google's AI models. No ads displayed in the translation interface itself.", "knownIssues": "Free tier text may be logged and used for service improvement — no contractual deletion guarantee. Translation quality varies significantly by language pair; less-common languages produce more errors. Camera translation can struggle with handwritten text, unusual fonts, or low-contrast images. The December 2025 live speech translation (Gemini-powered) is Android-only and limited to US, Mexico, and India as of early 2026. Document translation may not preserve complex formatting (tables, embedded images). Offline language packs are large (200-500MB each) and translation quality degrades offline. The browser extension is less feature-rich than Immersive Translate for web page translation. Google Translate has been blocked or restricted in China since 2022.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "TLS encryption in transit. Encryption at rest on Google's servers. Access restricted to authorized Google employees. The privacy concern is data retention, not data security: text submitted to the free version may be logged and used for model training. The Cloud Translation API has stronger guarantees — Google does not log request content for paid API customers. No known data breaches specific to Google Translate. For routine journalism (reading foreign sources, field translation, quick document scans), the security posture is adequate. For sensitive material, use DeepL Pro or local translation tools." }, { "name": "Google Trends", "slug": "google-trends", "url": "https://trends.google.com", "tagline": "Real-time search interest data for story research, trend identification, and audience behavior analysis.", "category": "newsgathering", "additionalCategories": [ "data" ], "openSource": false, "builtForJournalism": false, "whoItsFor": "Journalists researching story angles, tracking public interest shifts, identifying geographic patterns in search behavior, and timing coverage to audience demand. Also useful for researchers, fact-checkers verifying public attention claims, and editors deciding resource allocation.", "pricing": "Free. The alpha API (launched July 2025) requires a Google Cloud account and approved application — no cost yet, but access is limited.", "freeOption": true, "editorialTake": "Google Trends is the fastest way to see what the public is actually searching for right now. The August 2024 Trending Now overhaul detects 10x more trends and updates every 10 minutes instead of hourly — a real improvement for breaking news. But the underlying data has serious methodological limits that most journalists ignore. It shows relative interest on a 0–100 scale, not absolute search volume. The same query run on two different days can produce different results because Google uses random sampling with no disclosed sample size. A 2024 Technological Forecasting & Social Change study found correlations as low as 0.496 between identical queries pulled on different days. Use it for direction and story ideas, not as evidence. For absolute volume numbers, pair it with Glimpse (free Chrome extension) or check Exploding Topics ($39/mo) for early-stage trend discovery across social, podcasts, and e-commerce data that Google Trends misses entirely.", "bestFor": "Timing stories to audience interest. Comparing competing narratives or candidates. Finding geographic angles — which states or cities care most about a topic. Identifying breakout search terms around breaking news. Validating whether a trend is real or media-manufactured.", "notFor": "Statistical research — the data is normalized, sampled, and not reproducible. Absolute search volume (use Glimpse for that). Niche topics with low search volume — sampling noise dominates. Any claim requiring citation-quality data. Tracking topics where Google isn't the dominant search engine (e.g., China, Russia).", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Google Cloud (global). Data processed under Google's standard infrastructure across US, EU, and APAC regions.", "privacyPolicyTldr": "Standard Google privacy policy. Google Trends itself collects no additional data beyond normal Google account activity. Trends data you view is aggregated and anonymized. However, your search queries within Trends are logged as part of your Google Web & App Activity if you're signed in — meaning Google knows what trends you researched.", "practicalMitigations": "Use Trends in a browser where you're not logged into Google, or use an incognito/private window. This prevents your research topics from being associated with your Google profile. Consider disabling Web & App Activity in Google account settings if you use Trends while signed in. The data you view is public and aggregated — no sensitive data is uploaded. For sensitive story research, access via Tor Browser or a VPN to avoid IP-level association.", "owner": "Google LLC", "fundingModel": "Alphabet advertising revenue. Google Trends is a loss leader — it exists to demonstrate the value of Google's search data and attract developers, researchers, and journalists to the Google ecosystem.", "businessModel": "Free tool within Google's advertising ecosystem. The new Trends API (alpha, July 2025) uses Google Cloud billing infrastructure, suggesting eventual paid tiers for programmatic access at scale.", "knownIssues": "Sampling inconsistency: identical queries on different days produce different results. A 2024 study in Technological Forecasting & Social Change documented this and contacted Google — no response as of May 2024. Rounding to whole numbers compounds errors near zero values. Real-time data (under 7 days) uses different sampling than historical data, creating discontinuities at the boundary. Low-volume search terms produce unreliable noise. No confidence intervals or error bars provided. The Trends API (alpha) is limited to rolling 5-year data with 48-hour freshness lag — not truly real-time like the web interface.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "relatedPrograms": [ "google-trends" ], "securityRating": "adequate", "securityRatingNote": "Standard Google infrastructure. No sensitive data uploaded — you only view aggregated public data. The risk is metadata: Google logs your Trends queries as part of Web & App Activity when signed in, which could reveal story research patterns. Mitigated by using incognito mode or signing out." }, { "name": "GPTZero", "slug": "gptzero", "url": "https://gptzero.me", "tagline": "AI text detector built by a Princeton student in January 2023. Useful as a screen, dangerous as a verdict.", "category": "verification", "openSource": false, "builtForJournalism": false, "whoItsFor": "Educators, publishers, recruiters, and verification teams who want a probability score on whether a piece of text was machine-generated. The company reports 10M+ users and 3,500+ colleges have used the product.", "pricing": "Free tier: scans up to 10,000 characters, no account required for small jobs. Essential $9.99/month (150K words). Premium $15.99/month (300K words). Professional $29.99/month (500K words, 250-file batch, LMS integration). Annual plans discount roughly 45%.", "freeOption": true, "editorialTake": "Edward Tian launched GPTZero in January 2023 as a Princeton senior, weeks after ChatGPT's public release, and watched it become the default AI detector by accident. The product has matured: it now handles bulk scans, integrates with LMS systems, claims to be de-biased for ESL writers, and reports independent benchmarking from Penn State and the third-party RAID test at 95.7% AI recall and 1% human false-positive rate. The company's own framing is honest about uncertainty — scores are probabilities, not verdicts. The independent picture is messier. A 2023 Stanford study found AI detectors flagged 61.3% of human-written TOEFL essays by non-native English speakers as AI-generated. A Ryne AI test of 100,000+ texts found GPTZero's real-world false-positive rate closer to 18% than the 0.5% claimed. In February 2025 a Yale School of Management student sued the university after GPTZero flagged his exam, alleging discrimination against non-native English speakers. A University of Michigan student filed a similar suit in 2026. Yale, UCLA, UC Berkeley, UC San Diego, Waterloo, Michigan State, and Vanderbilt have disabled or restricted AI detection tools entirely. For journalists, the takeaway is narrower than the academic mess: GPTZero is reasonable as a first-pass screen on suspected AI-generated press releases, comment-section flooding, or sock-puppet content — anywhere a probability is useful and the consequences of a false positive are reversible. It is not appropriate as a sole basis for accusing a named human of using AI. The model also degrades against new LLMs and against light human editing of LLM output. Treat scores as a starting point for reporting, never the headline.", "bestFor": "Screening suspected AI-generated press releases, astroturf comments, and bulk content floods. Internal newsroom tools that flag possibly synthetic submissions for human review. Quick triage when you have many texts and limited time.", "notFor": "Accusing a named individual of AI use without corroboration. Detecting AI in non-native-English writing — bias is well-documented. Settled-science verdicts in any context. Detecting lightly edited or paraphrased AI text. Detecting output from models released after the detector's last training update.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. Subject to U.S. law.", "privacyPolicyTldr": "Two paths with very different privacy postures. API submissions are not stored and not used for product improvement. Dashboard submissions (paste-in or upload) are stored, separated from user identity, and may be used in anonymized form for model training. Anonymized text used for training is retained permanently — even after account deletion. Personal data is otherwise deleted within three months of account termination.", "practicalMitigations": "Use the API path, not the web dashboard, for any text you don't want retained or used for training. Never paste confidential source material, unpublished drafts, or pre-publication reporting into the web tool. Strip identifying metadata before submission. Treat scores as probabilities, never verdicts — and never name an individual based solely on a GPTZero score. Cross-check suspicious results with a second detector and human editorial judgment. Be especially cautious with text from non-native English speakers.", "owner": "GPTZero, Inc. Founded by Edward Tian (Princeton class of 2023) in January 2023. Headquartered in the United States.", "fundingModel": "Venture-backed. Seed and follow-on funding from venture investors; specific round amounts not consistently disclosed.", "businessModel": "Freemium SaaS. Free tier for small scans; tiered subscriptions ($9.99 to $29.99/month) for higher volumes and enterprise features (LMS integration, batch scanning, API).", "knownIssues": "Documented false-positive bias against non-native English writers (Stanford 2023: 61.3% of TOEFL essays flagged). Independent benchmarks (Ryne AI) measure real-world false-positive rates near 18% versus the company's 0.5% claim. February 2025 Yale lawsuit and 2026 University of Michigan lawsuit allege wrongful academic discipline based on GPTZero scores. Yale, UCLA, UC Berkeley, UC San Diego, Waterloo, Michigan State, and Vanderbilt have disabled or restricted AI detection. Detection accuracy degrades against new LLMs and against lightly edited or paraphrased AI output. Dashboard submissions may be retained for training in anonymized form indefinitely.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-07", "relatedPrograms": [], "securityRating": "caution", "securityRatingNote": "Technical security is standard commercial SaaS — HTTPS, U.S. jurisdiction, reasonable retention for personal data. The caution is editorial. Dashboard submissions are stored and may be used for training in anonymized form permanently. Documented bias against non-native English speakers and active lawsuits over wrongful accusations make this a tool to use defensively, never offensively. Use the API path for sensitive text. Never base a published claim on a score alone." }, { "name": "Grammarly", "slug": "grammarly", "url": "https://www.grammarly.com", "tagline": "Dominant grammar and writing assistant with 30 million daily users. Free tier. Processes all text on company servers — opt-out from AI training available but not default.", "category": "writing", "whoItsFor": "Journalists editing copy, checking grammar, improving clarity. Also used by researchers, students, content creators, and anyone writing in English. Browser extension runs across email, CMS platforms, Google Docs, and most web-based text fields.", "pricing": "Free (basic grammar and spelling). Pro: $12/month (annual), $20/month (quarterly), $30/month (monthly). Enterprise: custom pricing, 150+ seats, requires sales contact. The company rebranded to Superhuman Platform Inc. in October 2025 after acquiring Coda and the Superhuman email client — pricing for the broader Superhuman Suite may evolve.", "freeOption": true, "editorialTake": "Grammarly is the most widely used writing assistant in the world. 30 million daily users. That scale is its strength and its privacy risk. Every word you type in a Grammarly-enabled field gets sent to their servers for processing. By default, Free and Pro users' content trains Grammarly's AI models. You can opt out — but the toggle is buried in account settings, and most users never find it.\n\nFounded in 2009 by three Ukrainians — Max Lytvyn, Alex Shevchenko, and Dmytro Lider — who met at universities in Kyiv. Headquarters moved to San Francisco. The company maintained Kyiv operations through Russia's full-scale invasion and still has engineering staff there. Lytvyn and Shevchenko are now billionaires. The company raised $200 million at a $13 billion valuation in November 2021. An IPO was widely expected but never materialized. Lytvyn said in 2023 the company was \"ready\" but saw no \"immediate need.\" In May 2025, Grammarly secured $1 billion in non-dilutive financing from General Catalyst. Annual revenue exceeded $700 million as of 2025.\n\nThe corporate story got complicated fast. In December 2024, Grammarly acquired Coda (the productivity platform), and Coda's CEO Shishir Mehrotra became Grammarly's new CEO. In July 2025, Grammarly acquired the Superhuman email client. Then in October 2025, the parent company rebranded entirely to Superhuman Platform Inc. — Grammarly the writing tool still exists but is now one product in a four-product suite. This matters because the entity processing your text is no longer a focused grammar company. It is an AI productivity conglomerate with ambitions well beyond writing.\n\nThe writing tool itself is excellent at what it does. Tone detection, full-sentence rewrites, style consistency. The AI features (Grammarly Go) use generative AI for drafting and rewriting. But every feature runs server-side. There is no local processing option. For journalists, the risk is not that Grammarly will leak your draft — it is that every sentence of every story you write passes through a third party's infrastructure, is retained for 30 days even after opt-out, and feeds an AI training pipeline unless you explicitly disable it.\n\nEnterprise accounts (150+ seats) offer contractual training exclusions, SSO, and admin controls. Individual journalists do not get these protections. If your newsroom cannot afford Enterprise, opt out of training immediately and never paste source identities or unpublished investigative material into any Grammarly-enabled field.\n", "bestFor": "Copy editing, grammar correction, tone adjustment, style consistency across long-form articles. Grammarly Go for AI-assisted rewriting and drafting. Browser extension catches errors in email, CMS, and web forms without switching tools.", "notFor": "Processing confidential source communications or unpublished investigative material. Any workflow requiring local-only text processing. Journalists who cannot accept server-side analysis of every keystroke. Self-hosting is not an option.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. Hosted on AWS US East. Grammarly complies with EU-U.S. Data Privacy Framework, UK Extension, and Swiss-U.S. DPF.", "privacyPolicyTldr": "Free and Pro users: content trains Grammarly's AI models by default. Opt-out available at account.grammarly.com/security/privacy — toggle off \"Product Improvement and Training.\" Even with opt-out, Grammarly retains text for 30 days for abuse monitoring. Non-content metadata (word counts, suggestion types accepted, error patterns) is always collected regardless of opt-out.\n\nEnterprise tier: admin can opt out for the entire organization. Contractual training exclusions apply. SOC 2 Type II (audited by Ernst & Young), ISO 27001, ISO 27017, ISO 27018 certified. HIPAA-compliant option available.\n\nThe browser extension processes text in every active text field by default. It does not distinguish between a blog draft and a message containing source information. There is no per-field or per-site granular control — it is all or nothing unless you manually disable the extension on specific sites.\n", "practicalMitigations": "Opt out of AI training immediately: account.grammarly.com/security/privacy > toggle off \"Product Improvement and Training.\" Disable the browser extension on sensitive sites (newsroom CMS with source databases, encrypted messaging web clients, legal document platforms). Never paste source identities, unpublished documents, or confidential legal materials into Grammarly-enabled fields. For sensitive editing, use a local tool like LanguageTool's self-hosted instance or a desktop word processor with Grammarly disabled. If your newsroom has 150+ seats, push for Enterprise — it is the only tier with contractual data protection.\n", "owner": "Superhuman Platform Inc. (San Francisco). Formerly Grammarly Inc. Rebranded October 2025 after acquiring Coda (December 2024) and Superhuman email client (July 2025). CEO: Shishir Mehrotra (former Coda CEO, former YouTube CPO/CTO). Co-founders Max Lytvyn, Alex Shevchenko, and Dmytro Lider — all Ukrainian, originally built Grammarly in Kyiv starting 2009.", "fundingModel": "VC-backed. $200M Series C at $13B valuation (November 2021). $1B non-dilutive financing from General Catalyst (May 2025). Investors include BlackRock, Baillie Gifford, IVP, Spark Capital. Annual revenue exceeded $700M as of 2025.", "businessModel": "Freemium SaaS. Free tier drives adoption; Pro subscriptions ($12-30/month) and Enterprise contracts generate revenue. Now part of the Superhuman Suite alongside Coda workspace, Superhuman Mail, and Superhuman Go AI assistant.", "knownIssues": "Training opt-in by default: Free and Pro users' content trains AI models unless manually disabled. Most users never change this setting. The opt-out toggle is not surfaced during onboarding.\n\nNo local processing: All text is sent to Grammarly's servers. There is no offline mode, no on-device analysis, no self-hosting option. Every keystroke in a Grammarly-enabled field transits their infrastructure.\n\nBrowser extension scope: The extension activates on all text fields by default, including potentially sensitive ones. Grammarly says it excludes password fields and credit card forms, but it processes text in email compose windows, messaging platforms, and CMS editors without distinction.\n\n2018 browser extension vulnerability: A security researcher found a flaw that could have let malicious websites access users' Grammarly account data, including saved documents. Patched within hours. No evidence of exploitation.\n\nCorporate complexity: Three acquisitions in 12 months (Coda, Superhuman, rebrand). The entity handling your writing data is now a multi-product AI platform company, not a focused grammar tool. Privacy policies and data practices may evolve as the Superhuman Platform consolidates.\n\nIPO uncertainty: Despite $13B valuation and $700M+ revenue, the company has not gone public. The 2021 valuation came during a market peak; secondary market pricing has fluctuated since.\n", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03", "relatedPrograms": [], "securityRating": "caution", "securityRatingNote": "Strong infrastructure security: encryption in transit (TLS 1.2) and at rest (AES-256), SOC 2 Type II, ISO 27001/27017/27018, HIPAA option for Enterprise. The concern is not infrastructure — it is the data model. All text processing is server-side with no local option. AI training is opt-in by default for individual users. The browser extension processes every text field indiscriminately. Enterprise tier provides contractual protections, but individual journalists on Free or Pro have limited recourse. The rapid corporate transformation (three acquisitions, rebrand, new CEO) adds uncertainty about future data practices. Opt out of training, disable the extension on sensitive sites, and never process confidential source material through Grammarly.\n" }, { "name": "GrapheneOS", "slug": "grapheneos", "url": "https://grapheneos.org", "tagline": "Hardened Android OS for Pixel phones. Strips Google services, sandboxes sensors, defeats forensic extraction tools that crack stock Android and iOS.", "category": "security", "openSource": true, "threatLevel": "high-risk", "whoItsFor": "Journalists covering national security, organized crime, or authoritarian regimes. Anyone who needs a phone that resists Cellebrite and similar forensic extraction tools. Sources who face physical device seizure.", "pricing": "Free", "freeOption": true, "editorialTake": "GrapheneOS is the most security-hardened mobile OS available to civilians. Leaked Cellebrite documents from 2024 confirm it: GrapheneOS builds from late 2022 onward have closed every extraction loophole the company exploits on stock Android and iOS. The OS strips Google Play Services entirely — not disabled, removed — then offers a sandboxed compatibility layer if you need Google apps. That layer runs Google services as a regular app with no system-level privileges, which is architecturally unique. Auto-reboot timers re-encrypt the device after inactivity. USB-C data is disabled when the device is locked. The hardened memory allocator eliminates entire classes of exploits (use-after-free). Verified boot uses the Pixel's Titan M2 chip to refuse boot if the OS has been tampered with. Runs only on Pixel phones because they're the only devices with the hardware security features GrapheneOS requires — though a Motorola partnership announced in March 2026 may change that by late 2026 or early 2027. The project is run by a Canadian nonprofit funded entirely by donations. Daniel Micay, the original lead developer, publicly stepped down in May 2023 citing harassment and swatting attacks, but corporate filings still listed him as a Foundation director as of December 2025. The project continued shipping regularly through the transition, and now runs on a distributed team model. Not a plug-and-play phone. Requires buying a Pixel, flashing the OS, and accepting that some banking and DRM apps may not work. For high-risk reporting, nothing else is close.", "bestFor": "Investigative journalists facing device seizure risk. Source protection in hostile environments. Anyone whose threat model includes state-level forensic tools.", "notFor": "Casual users who want zero setup friction. Anyone who depends on apps that enforce Google Play Integrity checks (some banking apps, DRM-heavy streaming). People who need enterprise MDM (Microsoft Intune won't work). Non-Pixel phone owners — at least until the Motorola partnership ships devices.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Local device only. No data sent to GrapheneOS servers except update checks against GrapheneOS-controlled infrastructure (moved off OVHcloud in late 2025 over privacy concerns with French digital policy). If sandboxed Google Play is installed, Google's standard data policies apply to those apps only — but Google has no system-level access.", "privacyPolicyTldr": "GrapheneOS collects zero user data. The OS contacts its own servers only for update checks. No telemetry, no analytics, no tracking. The project moved its infrastructure off OVHcloud in late 2025 to maintain this standard.", "practicalMitigations": "Enable auto-reboot timer (re-encrypts storage after configurable inactivity period — 18 hours is the community default). Install sandboxed Google Play only in a dedicated user profile, not your main profile. Disable sensors and cameras per-profile. Use separate user profiles to compartmentalize work, personal, and source-facing apps. Keep the OS updated — GrapheneOS ships Android security patches in preview builds before Google's official bulletin disclosure.", "owner": "GrapheneOS Foundation (Canadian nonprofit, federally incorporated)", "fundingModel": "Community donations only. Accepts GitHub Sponsors (recurring), PayPal (one-time), bank transfers via Wise, Bitcoin, and Monero. No venture capital, no corporate sponsors. The Motorola partnership (announced March 2026) may introduce hardware revenue-sharing, but details are not public.", "businessModel": "Nonprofit. Donations fund full-time and part-time developers, test hardware (every supported Pixel model), server infrastructure, domains, and legal fees. No monetization of user data. The donation-only model preserves technical independence but constrains hiring and governance resources.", "knownIssues": "Play Integrity: A minority of banking and payment apps enforce Google Play Integrity checks that fail on GrapheneOS. Most major US and UK banks (Chase, Amex, Discover, Navy Federal) work via sandboxed Google Play, but some apps will not. GrapheneOS advocates for hardware attestation as a stronger alternative and has filed regulatory complaints about Play Integrity as anti-competitive. Enterprise MDM: Microsoft Intune and similar device management tools do not work, making GrapheneOS incompatible with most corporate BYOD policies. Backup limitations: No one-click backup/restore — 2FA credentials and app data must be migrated manually. Multi-profile restrictions: Wi-Fi AP settings and mobile data toggles are unavailable in secondary user profiles. Future Pixel uncertainty: GrapheneOS has stated it expects future Pixel devices may not meet its requirements, which is why the Motorola partnership matters. Daniel Micay governance: Micay publicly resigned as lead in May 2023 but remained listed as a Foundation director in federal filings as of December 2025. His continued involvement in moderation decisions (banning users as late as August 2025) has drawn community criticism. The project ships reliably regardless.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Hardened kernel with memory-safe allocator, verified boot via Titan M2, auto-reboot re-encryption, USB-C lockout, per-app network and sensor controls, sandboxed Google Play without system privileges. Open-source with active security research and rapid patch delivery (ships Android security patches before Google's public bulletin). Leaked 2024 Cellebrite documents confirm GrapheneOS defeats their extraction tools on Pixel 6 and later — the only mobile OS with that distinction. The gold standard for mobile security." }, { "name": "GuideStar (Candid)", "slug": "guidestar", "url": "https://www.guidestar.org", "tagline": "Nonprofit data on 1.9 million organizations — 990 filings, financials, board members, and mission statements. Now part of Candid.", "category": "newsgathering", "additionalCategories": [ "data" ], "whoItsFor": "Investigative reporters researching nonprofit organizations — finances, leadership, executive compensation, and program spending. Journalists covering philanthropy, dark money, or nonprofit accountability. Data journalists building datasets of nonprofit filings. Grant writers and fundraisers researching potential funders. Donors doing due diligence. Academic researchers studying the nonprofit sector.", "pricing": "Free registration gives access to basic nonprofit profiles, including mission, programs, financials summary, and board members. GuideStar Pro (premium) provides deeper data access including full 990 filings, financial trend analysis, compensation details, and advanced search filters. Pricing for GuideStar Pro is not publicly listed — requires contacting sales. Over 99% of users access Candid data for free.", "freeOption": true, "editorialTake": "GuideStar is the standard tool for researching US nonprofits. It profiles 1.9 million IRS-recognized tax-exempt organizations with data pulled from 990 filings, direct nonprofit reporting, and Candid's own research. The merger with Foundation Center in 2019 created Candid, which combines GuideStar's nonprofit data with Foundation Center's grantmaker data — 3 million annual grant transactions covering $180 billion in annual grant dollars. For journalists, the core use is straightforward: look up any nonprofit and see its revenue, expenses, assets, top compensation, board members, and stated mission. The free tier covers most reporting needs. Where it gets powerful is in cross-referencing: you can trace funding flows from foundations to nonprofits, identify board interlocks, and spot organizations with unusual financial patterns. The 990 Finder lets you pull the actual IRS filings. In late 2025, Candid launched a new unified search platform consolidating all its data. One limitation: GuideStar depends on IRS 990 filings, which are filed annually and can be 12-18 months old by the time they appear. For current financial information, you still need to contact the organization directly. Also, 990 data has known gaps — churches and small nonprofits under $50K in gross receipts are not required to file detailed 990s. Candid supplements IRS data with directly contributed information from 86,000+ nonprofits, which helps fill gaps but is voluntary.", "bestFor": "Researching nonprofit finances — revenue, expenses, assets, executive compensation. Finding 990 tax filings for any US nonprofit. Identifying board members and key personnel. Tracing grant funding flows between foundations and nonprofits. Cross-referencing nonprofit data for investigative reporting. Building datasets of nonprofits by issue area, location, or size.", "notFor": "For-profit company research (use SEC EDGAR, OpenCorporates). Real-time financial data — 990 filings lag 12-18 months. Campaign finance or political spending (use OpenSecrets/FEC). Churches and small nonprofits that do not file detailed 990s. International nonprofit data. Lobbying disclosure data.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. Candid is a 501(c)(3) nonprofit headquartered in New York City.", "privacyPolicyTldr": "Account registration requires name and email. Candid's privacy policy (updated August 2025) outlines rights to access, delete, and port your data. Supports opt-out of targeted advertising and profiling. Candid collects standard analytics and usage data. The nonprofit data itself is derived from public IRS filings and voluntary nonprofit reporting. Candid does not sell user data for advertising purposes.", "practicalMitigations": "Free registration is required for full profile access — use a professional email. The underlying 990 data is public record available from the IRS, so GuideStar is a convenience layer, not a gatekeeper. For the most current financial data, supplement GuideStar with direct nonprofit contact and state attorney general charity registration databases. Cross-reference executive compensation data with 990 Schedule J for the full picture. For bulk research, consider ProPublica's Nonprofit Explorer as a free alternative with API access to 990 data.", "owner": "Candid (501(c)(3) nonprofit, formerly GuideStar + Foundation Center)", "fundingModel": "Nonprofit with earned revenue. Candid is funded through a mix of premium subscriptions (GuideStar Pro), data licensing, foundation grants, and philanthropic donations. The organization has an annual budget of approximately $35 million.", "businessModel": "Freemium nonprofit. Free tier provides basic nonprofit profiles and 990 access for individuals. GuideStar Pro offers advanced search, financial analysis tools, and bulk data access for paying subscribers. Data licensing to platforms and institutions provides additional revenue. Candid's mission is to connect people who want to change the world to the resources they need.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "Operated by a well-established nonprofit (Candid) with a 25+ year track record. HTTPS throughout. Account required for full access. The underlying nonprofit data is derived from public IRS filings, so the data itself is not sensitive. Your search patterns and the nonprofits you research are visible to Candid. Privacy policy is clear and recently updated. No advertising trackers. Adequate security for the nature of the data — the main consideration is operational, not technical." }, { "name": "Have I Been Pwned", "slug": "have-i-been-pwned", "url": "https://haveibeenpwned.com", "tagline": "Free breach notification service tracking 14B+ compromised accounts across 900+ breaches. Check if your credentials have been exposed.", "category": "security", "openSource": false, "threatLevel": "baseline", "whoItsFor": "Every journalist and newsroom. Reporters covering sensitive beats who need to know the moment a credential leaks. Newsroom IT teams managing domain-wide exposure. Anyone with an email address.", "pricing": "Free for individual email and password lookups. Paid API starts at $3.50/month for up to 10 requests per minute. Domain search (all emails on your newsroom domain) requires domain verification. Enterprise tiers available.", "freeOption": true, "editorialTake": "The single most important free security tool for journalists. HIBP indexes over 14 billion compromised accounts across 900+ breaches, with new data arriving from the FBI, law enforcement, and Troy Hunt's own breach research. The k-anonymity model for password checking is genuinely clever: your password never leaves your device. Firefox Monitor and Google Password Checkup both piggyback on HIBP's data, but neither matches the depth or speed of going direct. Check your accounts here quarterly at minimum. If you cover national security, surveillance, or organized crime, check monthly and subscribe to breach notifications for every email you use.", "bestFor": "Checking if your accounts appear in known breaches. Setting up instant breach notifications for all work and personal emails. Domain-wide monitoring so newsroom IT can see which staff accounts are exposed. Validating that passwords you're about to use haven't already been compromised. Quick credential hygiene checks before starting a sensitive investigation.", "notFor": "Preventing breaches — this is detection, not a firewall. Not a password manager (pair it with 1Password or Bitwarden). Won't tell you if credentials are for sale on dark web marketplaces right now — for that you need DeHashed or SpyCloud. Can't remove your data from breaches.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Microsoft Azure (global CDN via Cloudflare). Primary infrastructure in Azure regions. Cloudflare handles edge caching and the Pwned Passwords API. Data subject to US and Australian jurisdiction (Hunt is based in Australia; Azure and Cloudflare are US companies).", "privacyPolicyTldr": "Passwords are checked using k-anonymity — only the first 5 characters of a SHA-1 hash are sent, so your full password never leaves your device. Email addresses are stored only if you opt into breach notifications. No tracking pixels, no ads, no data sales. Notification emails are stored in Azure Table Storage with AES-256 encryption at rest. Hunt has been transparent about what's stored and has published the privacy model in detail.", "practicalMitigations": "Subscribe to breach notifications for every email address you use — work, personal, throwaway. Check passwords using the Pwned Passwords feature before reusing any credential. If a breach is found, change that password immediately, enable 2FA, and check if you reused it elsewhere. For newsrooms: verify your domain to get a full list of exposed staff accounts. Pair with a password manager (1Password offers free accounts for journalists) to generate unique passwords going forward.", "owner": "Troy Hunt (Microsoft Regional Director, Pluralsight author, independent security researcher based in Queensland, Australia). Charlotte Hunt and Stefán Jökull Sigurðsson also contribute to operations.", "fundingModel": "Freemium. API subscriptions and enterprise domain monitoring fund the free individual service. No venture capital, no outside investors. Hunt has publicly declined acquisition offers to maintain independence.", "businessModel": "Free for individual email and password lookups. Paid API tiers for organizations. Domain search for enterprise breach monitoring. Revenue covers Azure hosting and Cloudflare costs. The Pwned Passwords component is open-sourced under BSD 3-Clause via the .NET Foundation, with the FBI feeding compromised passwords directly into the database.", "knownIssues": "In March 2025, Troy Hunt himself was phished via a fake Mailchimp SSO page while jet-lagged. Attackers exported ~16,000 email records (addresses, IPs, rough geolocation) from his blog mailing list. Hunt disclosed within 34 minutes and added the breach to HIBP. The incident is a useful reminder: even security experts get phished, and the real measure is response speed and transparency. Separately, the core HIBP service is not fully open source — only the Pwned Passwords component is. The main breach lookup database and notification system remain closed-source, which means you're trusting Hunt's operational security. That trust is well-earned but worth noting. Aggregated credential stuffing datasets (like the 2B-email batch from late 2025) can trigger misleading headlines — some users see 'your email was in a breach' without understanding it may come from a malware scrape, not a specific site hack.", "reviewedBy": "Fieldwork evaluation by Mike Schneider", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "K-anonymity password checking is cryptographically sound — your password hash is never fully transmitted. The FBI feeds compromised passwords directly into the Pwned Passwords database, making it the most comprehensive credential-checking service available. Azure Storage provides AES-256 encryption at rest. Cloudflare handles edge security. The Pwned Passwords API processes 2B+ queries per month and is integrated into major browsers, password managers, and identity services. The March 2025 Mailchimp phishing incident affected Hunt's personal mailing list, not the HIBP service itself, and his 34-minute disclosure set a transparency standard few organizations match. The main limitation: the core HIBP codebase is closed-source, so you're trusting Hunt's infrastructure. Given 12+ years of consistent, transparent operation and FBI partnership, that trust is well-placed." }, { "name": "Hemingway Editor", "slug": "hemingway-editor", "url": "https://hemingwayapp.com", "tagline": "Color-coded readability analysis. Flags complex sentences, passive voice, adverbs, and reading grade level in real time.", "category": "writing", "openSource": false, "whoItsFor": "Journalists, editors, and content writers who need tighter, lower-grade-level prose. Freelancers who self-edit before filing. Anyone writing for general audiences who wants a fast clarity check.", "pricing": "Free web version (full readability analysis, no account required). Desktop app: $19.99 one-time (offline, lifetime updates). Editor Plus: $8.33/month billed annually ($100/year) for 5,000 AI rewrites, or $12.50/month ($150/year) for 10,000. Team plan available at $12.50/user/month. 14-day free trial with 200 AI rewrites, no credit card.", "freeOption": true, "editorialTake": "Hemingway does one thing and does it well: it shows you where your writing is dense. Color-coded highlights for hard-to-read sentences (yellow/red), passive voice (green), adverbs (blue), and complex phrases (purple). The readability grade is genuinely useful for journalism — most news copy should land at grade 6-9, and Hemingway tells you instantly where you stand. The free web version is fully functional for editing. The desktop app adds offline access for $19.99. Editor Plus layers on AI-powered rewrites via OpenAI, with tone adjustment across eight styles (confident, friendly, casual, professional, persuasive, etc.), grammar correction, and synonym suggestions. The AI rewrites are competent but generic — they'll tighten a sentence but strip voice. Best used as a second-pass tool: write in your own editor, paste into Hemingway for a clarity check, then fix the flagged sentences yourself rather than accepting AI rewrites wholesale.", "bestFor": "Tightening prose for general-audience stories. Catching passive voice and overly complex sentences. Quick readability grade checks before filing. Freelancers self-editing without a copy desk. Dropping reading level on public-facing content.", "notFor": "Grammar and spelling (it's not Grammarly — use a dedicated grammar tool alongside it). Style guidance or voice coaching. Long-form writing workflow — there's no document management, no plugins, no browser extension. Creative or literary writing where intentional complexity is the point. Mobile — no apps or phone keyboards exist.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States.", "privacyPolicyTldr": "The free web version runs readability analysis in the browser — text is not sent to servers. The desktop app is fully offline. Editor Plus sends text to OpenAI servers for AI rewrites. Hemingway states: 'We will never sell your data, let others use it to train an AI, or use it for advertising.' But the privacy policy is thin — no explicit data retention timeline, no detail on how long OpenAI retains submitted text, and no SOC 2 or independent audit mentioned. IP address and browser data collected for analytics.", "practicalMitigations": "Use the free web version or desktop app for sensitive drafts — text stays local. If using Editor Plus AI features, do not paste unpublished investigative material or source-identifying text. The desktop app works fully offline with no server connection. For grammar checking on sensitive text, pair Hemingway (offline) with a local spell-checker rather than a cloud grammar tool.", "owner": "Long Brothers LLC (Adam and Ben Long)", "fundingModel": "Self-funded. No venture capital. Revenue from desktop app sales and Plus subscriptions.", "businessModel": "Freemium. Free web editor drives awareness, paid desktop app ($19.99 one-time) for offline use, Editor Plus subscription ($100-150/year) for AI features. Team tier adds multi-user billing and admin controls.", "knownIssues": "No browser extension or mobile app — copy-paste workflow only. Flags legitimate adverbs and passive voice even when contextually appropriate; blindly following all suggestions flattens voice. No repetition detection (echoed words, repeated sentence starters). AI rewrites via Editor Plus tend toward generic phrasing — useful for structure, but strip distinctive voice. Long-form content is tedious to review since there's no section navigation or chapter handling. No plugin ecosystem. Editor Plus requires internet; desktop app is offline but has no AI features. Privacy policy lacks specifics on data retention for text processed through OpenAI.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "Free web version and desktop app keep text local — no server transmission for core readability features. Editor Plus sends text through OpenAI for AI rewrites, with a stated no-sell/no-training policy but limited transparency on retention. No SOC 2 certification or independent security audit disclosed. Low risk for most editing use cases; avoid Plus for sensitive unpublished material." }, { "name": "HeyGen", "slug": "heygen", "url": "https://www.heygen.com", "tagline": "AI avatar video platform for talking-head explainers, translation, and dubbing. 175+ languages. Growing newsroom adoption for localization — and growing deepfake concerns.", "category": "visuals", "additionalCategories": [ "ai" ], "openSource": false, "whoItsFor": "Newsrooms producing multilingual explainer videos without on-camera talent for every language. Video journalists who need quick talking-head segments for social distribution. Corporate communications teams at media companies producing internal training or stakeholder updates. Podcasters and newsletter creators adding video presence without a studio.", "pricing": "Free: 1 credit (one 1-minute video). Creator: $29/month (200 credits, 1080p, voice cloning, 700+ avatars). Pro: $99/month (2,000 credits, 4K export, faster processing). Business: $149/month + $20/seat (shared credit pool, team collaboration, longer videos). Enterprise: custom pricing. Credits do not roll over. API pricing available separately.", "freeOption": true, "editorialTake": "HeyGen generates synthetic talking-head videos from text scripts using AI avatars. Founded in 2020 by Joshua Xu and Wayne Liang (Carnegie Mellon alumni), the company hit $100M revenue in October 2025 after raising $60M at a $500M valuation from Benchmark in June 2024. The product is genuinely useful for localization: feed it a video in English, get back a lip-synced version in Korean, Arabic, or Spanish. For newsrooms producing explainers across multiple markets, this eliminates re-shoots. BBC, Reuters, and Al Jazeera have experimented with similar avatar tools for multilingual distribution. The deepfake problem is real. HeyGen's consent flow requires verbal confirmation with a spoken password before creating a personal avatar, and human moderators review flagged content. But the underlying technology is dual-use. The same system that produces a legitimate newsroom explainer can produce a convincing impersonation. HeyGen prohibits political content, violent content, and non-consensual avatars in its ToS, but enforcement is reactive. SOC 2 Type 2 certified. GDPR compliant. All data processed in the US on AWS. The company does not share user data with third parties. For journalism use: appropriate for clearly-labeled AI-generated explainers and translations. Not appropriate for anything that could be mistaken for footage of a real person saying real things.", "bestFor": "Multilingual video explainers where you need the same segment in 10+ languages. Social media video clips for text-heavy newsrooms that lack video production capacity. Internal communications and training videos. Clearly-labeled AI presenter segments for newsletters and podcasts.", "notFor": "Anything that could be confused with real footage of real people. News segments where audience trust depends on authenticity of the presenter. Any use where AI generation is not disclosed. Political content. Investigative journalism where synthetic media undermines credibility.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. All servers hosted on AWS in the US. EU-US Data Privacy Framework (DPF) certified for cross-border transfers from Europe.", "privacyPolicyTldr": "Account required. SOC 2 Type 2 certified. GDPR and CCPA compliant. Dedicated European DPO. Biometric data (face, voice) collected for avatar creation requires explicit consent. Data not shared with third parties beyond essential service providers (payment, cloud). Daily backups. Content moderation team reviews flagged outputs. Personal avatar creation requires verbal consent with spoken password verification.", "practicalMitigations": "Always disclose AI-generated video to your audience — label it clearly. Do not create avatars of public figures or sources without explicit written consent. Use only for content types where synthetic presentation is editorially appropriate (explainers, translations, not news reporting). Review HeyGen's biometric privacy notice before uploading face/voice data. Keep copies of consent records if creating avatars of colleagues or talent. Monitor for unauthorized use of your likeness if you create a personal avatar.", "owner": "HeyGen Inc. Private company founded in 2020. Co-founders Joshua Xu (CEO) and Wayne Liang. Headquartered in Los Angeles, California. Approximately 157 employees as of 2025.", "fundingModel": "Venture-backed. Raised $74.6M total. $60M Series A in June 2024 led by Benchmark, with Conviction, Bond Capital, and Thrive Capital participating. Valued at $500M.", "businessModel": "Subscription SaaS with credit-based usage. Revenue from Creator, Pro, Business, and Enterprise tiers plus API access. Hit $100M revenue in October 2025.", "knownIssues": "Dual-use technology: the same system that produces legitimate explainers can produce convincing deepfakes. Consent enforcement is reactive — HeyGen cannot prevent all misuse before it happens. Credit-based pricing means unused credits expire monthly, creating unpredictable costs for irregular users. Voice cloning raises identity theft concerns if consent records are inadequate. No C2PA Content Credentials on output videos. Platform has been used in documented scam attempts involving cloned executive likenesses.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "HeyGen maintains SOC 2 Type 2 certification, GDPR compliance, and a structured consent flow for biometric data. The company's trust and safety team actively moderates content. The 'adequate' rating reflects the solid security infrastructure and privacy practices, balanced against the inherent dual-use risk of synthetic media technology and the absence of C2PA provenance on outputs. The consent mechanisms are better than most competitors, but the technology remains fundamentally capable of misuse." }, { "name": "Hindenburg PRO", "slug": "hindenburg", "url": "https://hindenburg.com", "tagline": "Audio editor built for spoken-word journalism. Auto-leveling, local transcription, broadcast-standard loudness — in a tool designed by a journalist.", "category": "visuals", "builtForJournalism": true, "whoItsFor": "Radio journalists, podcast producers, documentary makers, and newsroom audio teams. Built specifically for spoken-word production — not music, not sound design. If you edit interviews, field recordings, or narrative audio, this is the purpose-built tool.", "pricing": "Personal Standard: $12/month ($99/year). Personal Plus: $15/month (adds 20 transcription hours). Personal Premium: $30/month (50 transcription hours, premium Soundly library). Business Bronze: $20/user/month (no transcription). Business Silver: $35/user/month (75 transcription hours). Business Gold: $45/user/month (100 transcription hours). Volume discount of 10-15% for 21+ users. Education: 50% off first annual subscription. Perpetual license option exists for one-time purchase. 30-day free trial, no credit card required. Field Recorder iPhone app: $4.99 one-time.", "freeOption": false, "editorialTake": "Hindenburg is the only professional audio editor built specifically for journalism. Founded by Nick Dunkerley after working on a community radio project in Zambia, the company has focused exclusively on spoken-word workflows since 2009. That focus shows. Drag audio onto a track and it auto-levels to broadcast standard. Hit publish and it masters to the correct loudness target — EBU R128 for broadcast, LUFS for podcasting. One-knob noise reduction. Non-destructive editing. Voice profiling that auto-levels and ducks across tracks. The transcription engine runs entirely on-device — no audio leaves your machine, no internet required, 99 languages supported. You can edit audio by editing the transcript text, similar to Descript, but without uploading anything to the cloud. Compared to Audacity (free but steep learning curve, no auto-leveling, no transcript editing), Descript (AI-powered but cloud-dependent), and Adobe Audition (overkill for spoken word, expensive Creative Cloud bundle), Hindenburg occupies a unique position: professional broadcast tools with a journalist's workflow at a mid-range price. The Soundly integration adds 2,000-20,000 royalty-free sound effects depending on tier. Video track support arrived in PRO 2, including subtitle generation from transcripts. The company is small — roughly 11 employees in Copenhagen — and appears bootstrapped with no VC funding on record. That matters for longevity risk but also means no investor pressure to harvest data or pivot the product.", "bestFor": "Radio journalism, podcast production, interview editing, documentary audio, newsroom audio workflows, field recording post-production. Especially strong for deadline-driven spoken-word work where auto-leveling and one-click loudness mastering save real time.", "notFor": "Music production, sound design, multi-instrument recording — use a DAW like Reaper, Logic, or Ableton. Not for journalists who need free tools (use Audacity). Not for video-first workflows (use DaVinci Resolve). The subscription model with metered transcription hours may frustrate heavy transcription users.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "Denmark (Hindenburg Systems ApS, Copenhagen). Audio editing and transcription are processed locally on your machine. Account and licensing data handled by Hindenburg's servers. Transcription hours metered online but audio never leaves the device.", "privacyPolicyTldr": "Hindenburg is a desktop application. Audio editing and transcription happen locally — no audio uploads to any server. The transcription engine runs on-device with downloadable language packs, works offline. Account data (email, license info) collected for licensing. Website uses Google Analytics, Facebook Pixel, LinkedIn, Twitter, and Reddit tracking pixels. GDPR applies (Danish/EU company). The privacy advantage is structural: the core product processes everything locally.", "practicalMitigations": "Audio and transcription are already local by default — no action needed to keep recordings off the cloud. For maximum privacy: (1) work offline after initial license activation, (2) use a dedicated email for your Hindenburg account, (3) block tracking domains if you access their website. The Field Recorder app (iOS) stores recordings locally on device. Soundly sound effects library requires internet access to browse and download.", "owner": "Hindenburg Systems ApS (Copenhagen, Denmark). Founded 2009 by Nick Dunkerley. Small team of approximately 11 employees. VAT: DK-32359337.", "fundingModel": "No VC funding on record. Appears bootstrapped. Revenue from software subscriptions, perpetual licenses, and transcription hour packages.", "businessModel": "Subscription SaaS with perpetual license option. Revenue from tiered subscriptions (Personal and Business plans), metered transcription hours, Soundly sound library access tiers, Narrator Studio add-on ($15/month for voiceover features), and Field Recorder app ($4.99). Education discount (50% off first year) for schools and universities.", "knownIssues": "No public data breaches or security incidents found. No Linux support — Mac and Windows only. Transcription hours are metered and require periodic online check-in to refill, even though transcription itself runs offline. The shift from perpetual licensing (older Hindenburg Journalist product) to subscription-first pricing frustrated some long-time users. Maximum two simultaneous computer installations per license. Field Recorder app is iOS-only.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "Desktop application with local-only audio processing and on-device transcription — no audio ever leaves your machine. Strong structural privacy model for the core editing workflow. Rating is 'adequate' rather than 'strong' because: encryption-at-rest details are undocumented, the licensing system requires periodic online check-ins, and the company's website deploys extensive third-party tracking (Google Analytics, Facebook Pixel, LinkedIn, Twitter, Reddit). The product itself handles sensitive audio well. The marketing infrastructure is typical adtech." }, { "name": "Hunchly", "slug": "hunchly", "url": "https://hunch.ly", "tagline": "Web investigation capture tool. Records, hashes, and archives every page you visit during an investigation.", "category": "verification", "additionalCategories": [ "newsgathering" ], "openSource": false, "threatLevel": "sensitive-reporting", "whoItsFor": "Investigative journalists, OSINT researchers, law enforcement, and private investigators who need a defensible evidence chain for web-based investigations. Bellingcat uses it. So do human trafficking task forces and war crimes investigators.", "pricing": "Classic: $129.99/year (local storage, single user, multiple machines). Cloud: contact sales (adds Kasm Workspaces browser isolation + 15GB encrypted cloud storage). 30-day free trial, no credit card required. Discounts for teams, nonprofits, students, and educational institutions.", "freeOption": false, "editorialTake": "Hunchly is the gold standard for documenting web investigations. Turn it on, browse, and it silently captures full-page MHTML snapshots with SHA-256 hashes, timestamps, and URLs for every page you touch. The result is a court-ready evidence package you can assemble in minutes. Maltego acquired Hunchly in 2025, which means it now plugs into the most complete OSINT analysis pipeline on the market — from capture to link analysis to reporting. The $130/year Classic plan is a bargain for anyone doing real investigative work. The Cloud plan (powered by Kasm browser isolation) adds operational security by keeping your browsing off your own machine entirely, which matters if you're investigating hostile actors who might try to fingerprint or track you.", "bestFor": "Building legally defensible evidence chains from web research. Documenting OSINT investigations with cryptographic integrity. Assembling court-ready evidence packages. Tracking changes across web pages over time using selectors and tags. Journalists working on investigations where evidence preservation determines whether a story holds up.", "notFor": "Casual research or general browsing — it captures everything while active, which creates noise. Archiving entire websites (use HTTrack or ArchiveBox for that). Historical web analysis (use Wayback Machine — 704B+ pages archived). Video evidence capture — Hunchly only grabs screenshots of video content, not the video itself.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Classic: 100% local. All captured data stays in a SQLite database on your machine. Nothing is sent to Hunchly servers except license verification pings. Cloud: encrypted storage hosted through Kasm Workspaces infrastructure.", "privacyPolicyTldr": "Classic plan keeps all investigation data local — no captured content reaches Hunchly's servers. License verification requires periodic internet. Cloud plan stores captures in Kasm's encrypted cloud (15GB cap). No telemetry on investigation content in either plan. Now owned by Maltego (Germany-based, acquired Hunchly in 2025), which also owns PublicSonar and Social Network Harvester.", "practicalMitigations": "Create separate cases for each investigation. Use consistent selectors and tags — searchability depends on your discipline. Export cases before switching devices or reinstalling. Turn Hunchly OFF when not investigating — it captures every page while active, including personal browsing. On the Cloud plan, Kasm browser isolation prevents target sites from fingerprinting your real machine. For Firefox-only users, you're out of luck — Hunchly requires Chromium.", "owner": "Maltego Technologies (acquired Hunchly in 2025; previously Dark River Systems Inc., later Sapper Labs Group)", "fundingModel": "Part of Maltego, which raised $100M in growth funding. Previously bootstrapped by Justin Seitz.", "businessModel": "Paid annual license ($129.99/year Classic, Cloud pricing on request). Part of Maltego's broader investigative platform play alongside Maltego Monitor and Maltego Evidence.", "knownIssues": "Chrome/Chromium-only — no Firefox or Safari support. Requires a native desktop app plus Chrome extension; the extension alone won't work. Linux users must avoid Snap-packaged browsers (Snap containerization breaks Hunchly-browser communication — use .deb install instead). Captures are MHTML snapshots, not live mirrors — dynamic/JavaScript-heavy pages may render incompletely. Video content is archived as screenshots only. SHA-256 hashing proves a capture hasn't changed since the moment Hunchly grabbed it, but cannot prove the source page wasn't manipulated before capture — a determined adversary could serve altered content and Hunchly would faithfully hash that altered version. Closed source, so no independent code audit exists. The 2025 Maltego acquisition changes the ownership and data governance picture — users should review updated terms.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "Local-first architecture (Classic plan) with SHA-256 evidence hashing is solid for investigative integrity. Cloud plan adds Kasm browser isolation, which is a real operational security upgrade for sensitive investigations. Not open source, so no independent code audit. Now owned by Maltego (German company, $100M funded), which is a more institutional owner than a solo developer — brings resources but also changes the trust calculus. Hashing proves post-capture integrity but not pre-capture authenticity. Strong reputation across OSINT community, Bellingcat endorsement, and law enforcement adoption. Evidence packages have been used in legal proceedings, though admissibility ultimately depends on jurisdiction and chain-of-custody procedures beyond the tool itself." }, { "name": "Hunter.io", "slug": "hunter", "url": "https://hunter.io", "tagline": "Find professional email addresses associated with any domain. Verify deliverability before sending. Used by journalists for source outreach.", "category": "newsgathering", "whoItsFor": "Journalists doing source outreach who need to find the right person's email at an organization. Investigative reporters tracing professional connections. Freelancers pitching editors. Anyone who needs verified contact information beyond what's on a company's website.", "pricing": "Free: 50 credits/month (25 domain searches, 50 email verifications). Starter: $34/month (annual) for 2,000 credits. Growth: $104/month (annual) for 10,000 credits. Scale: $209/month (annual) for 25,000 credits. Enterprise: custom.", "freeOption": true, "editorialTake": "Hunter indexes publicly available professional email addresses from 81 million websites and lets you search by domain, name, or company. The free tier gives you 50 credits per month — enough for occasional source outreach but not sustained investigation. The real utility for journalists is Domain Search (enter a company domain, get a list of employees and their email patterns) and Email Verifier (confirm an address is deliverable before you send). Founded in 2015 by Antoine Finkelstein and Francois Grante, Hunter has 6 million users and a Chrome extension with 600,000+ installs. The data comes from publicly crawled web pages — not hacked databases or purchased lists — which keeps it on the right side of GDPR. Servers are in Belgium. The main alternative is Clearbit (now part of HubSpot), which is enterprise-priced and overkill for journalists. Snov.io and Voila Norbert do similar things at similar prices. Hunter's advantage is simplicity: it does one thing well and the free tier actually works. The limitation: it only finds professional emails that have appeared publicly. If someone has never had their work email on a webpage, Hunter won't find them. For journalists, this is a targeted outreach tool — not a surveillance tool.", "bestFor": "Finding professional email addresses for source outreach. Verifying email deliverability before sending cold pitches. Identifying the email pattern at an organization (e.g., firstname.lastname@company.com). Reporters reaching out to specific people at companies, NGOs, or government agencies.", "notFor": "Finding personal email addresses or phone numbers. Investigating subjects who keep low public profiles. Bulk email marketing (Hunter has sending limits and is not a mass mailer). Journalists in high-risk environments who need to avoid leaving digital traces — Hunter logs your searches.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "Belgium (EU). Hunter servers are located in Belgium. International transfers use Standard Contractual Clauses. Hunter maintains EU and UK representatives for GDPR compliance.", "privacyPolicyTldr": "Hunter collects account data (name, email, billing), usage data (feature interactions, retained 3 months), and visitor data (IP, geolocation, retained 14 months). Profile data — the professional emails Hunter indexes — comes from publicly crawled web pages and is retained until removed from public sources or deletion is requested. Campaign data (if you use Hunter's email sequences) is private to you and retained until account deletion. Sub-processors listed at hunter.io/subprocessors. GDPR compliant as both controller and processor.", "practicalMitigations": "Hunter logs your search queries — if you're investigating a sensitive target, be aware that your interest in that domain is recorded in Hunter's systems. Use the free tier without connecting your real email if you want minimal exposure. Don't use Hunter's email sequence feature for source outreach — send from your own email client so Hunter doesn't store the conversation. Verify email addresses before sending to avoid bounces that could alert a target's IT team. Remember that Hunter only surfaces publicly available data — it's not a substitute for deeper OSINT when you need unlisted contacts.", "owner": "Hunter.io (distributed company, founded in France). Co-founders Antoine Finkelstein and Francois Grante. CEO: Matthew Tharp. Team of approximately 25-30 people across Europe, the Americas, and Asia.", "fundingModel": "Bootstrapped. No publicly disclosed venture funding rounds.", "businessModel": "Freemium SaaS. Revenue from paid subscriptions (Starter through Enterprise). Free tier serves as lead generation for paid plans. API access available on all tiers for integrations.", "knownIssues": "Hunter's data accuracy depends on how recently web pages were crawled — some email addresses may be outdated if someone has left an organization. The free tier's 50-credit monthly limit is tight for any sustained research. Hunter's own marketing emphasizes cold email outreach, which has reputational associations with spam — journalists should be aware that recipients may view Hunter-facilitated outreach skeptically. Some email addresses surfaced by Hunter come from data breach compilations that ended up on public paste sites, though Hunter states it only indexes web pages.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "EU-hosted (Belgium) with GDPR compliance and Standard Contractual Clauses for international transfers. Hunter indexes only publicly available professional email data — not scraped from private databases. Encryption in transit confirmed. Search history is logged and retained, which matters if you're researching sensitive targets. The platform is a data aggregator by design, so it inherently involves collecting and storing personal information (professional emails). Adequate for standard journalism outreach; not appropriate for high-risk investigations where your search activity itself could be compromising." }, { "name": "Hypothesis", "slug": "hypothes-is", "url": "https://web.hypothes.is", "tagline": "Annotate any web page collaboratively. Highlight, comment, and share notes with your team.", "category": "writing", "additionalCategories": [ "verification", "newsgathering" ], "openSource": true, "whoItsFor": "Journalists doing collaborative research, fact-checkers annotating sources inline, editors reviewing web-based drafts, investigative teams building shared evidence layers, and educators teaching media literacy. Climate Feedback (UC Berkeley) uses Hypothesis to let scientists annotate climate reporting sentence by sentence — that's the model for journalism fact-checking.", "pricing": "Free for individuals and groups. Hypothesis for Education (LMS-integrated): custom pricing per institution. Enterprise tier for organizations needing SSO, analytics, and admin controls.", "freeOption": true, "editorialTake": "Hypothesis adds a transparent annotation layer to any web page or PDF. Install the Chrome/Firefox/Edge extension, highlight a passage, add a note, share it with a group. Annotations follow the W3C Web Annotation standard — Hypothesis helped write that spec in 2017, which means your annotations aren't locked into a proprietary format. The nonprofit/PBC dual structure (501(c)(3) Hypothesis Project + Annotation Unlimited PBC 'Anno') keeps incentives aligned: no ads, no data monetization, grant-funded origins (Sloan, Mellon, Knight). Anno raised a $14M seed in 2022 led by ITHAKA (JSTOR's parent), At.inc, Triage Ventures, Esther Dyson, and Mark Pincus. As of 2025, Hypothesis reports 1M+ users and 300+ institutional customers, mostly in higher ed. Journalism adoption is real but niche — Climate Feedback is the standout example. The 2025 additions (image annotation in PDFs, @mentions, grading tools) are education-focused. If you want collaborative source annotation for an investigation, this is the best open-source option. Just know the product roadmap follows the tuition dollars, not the newsroom.", "bestFor": "Collaborative source annotation during investigations. Fact-checking published articles with inline evidence. Editorial teams reviewing web content together. Building annotated reading lists for research. Teaching verification and media literacy.", "notFor": "Heavy PDF-only workflows — image annotation works in PDFs but the tool is browser-first. Annotating content you want to keep completely invisible (public annotations reveal what you're reading). Real-time collaborative editing (this is annotation, not Google Docs). Mobile-first workflows — the desktop extension is far superior to the mobile experience.", "encryptionInTransit": "yes", "encryptionAtRest": "partial", "dataJurisdiction": "United States. Infrastructure hosted on AWS. Hypothesis has completed a Cloud Security Alliance CAIQ assessment and performs regular vulnerability testing.", "privacyPolicyTldr": "Hypothesis stores annotations on its servers. Public annotations are visible to anyone — including unauthenticated API users, anyone viewing the Hypothesis stream, and anyone with the browser extension. Private and group annotations are access-controlled. Hypothesis does not sell user data. No advertising. The nonprofit/PBC structure means no VC-driven data monetization pressure, though the $14M seed round from Anno introduces commercial incentives for the education market.", "practicalMitigations": "Default to private or group-only annotations for unpublished research. Public annotations reveal both what you're reading and what you're thinking about it — treat public mode as publishing. Use group permissions to limit visibility for sensitive collaborative work. For high-risk reporting, consider that annotation metadata (timestamps, URLs visited) creates a pattern even if individual notes are private. The browser extension phones home to Hypothesis servers on every page load where it's active.", "owner": "Hypothesis Project (501(c)(3) nonprofit) and Annotation Unlimited PBC ('Anno'). Founded by Dan Whaley (previously founded GetThere, an early online travel company). Anno was formed in 2022 to accept venture funding that the nonprofit structure couldn't take.", "fundingModel": "Originally grant-funded (Sloan, Mellon, Knight foundations). Anno raised $14M seed round in 2022, including $2.5M from ITHAKA (JSTOR's parent org). Revenue from education and enterprise tiers. The shift from pure nonprofit to PBC+nonprofit hybrid was driven by major grant sources drying up.", "businessModel": "Free for individuals and open groups. Revenue from LMS-integrated education deployments (Canvas, Moodle, Blackboard, D2L) and enterprise contracts with SSO/analytics. Education is the core revenue engine — 300+ institutional customers. Journalism is a marketing use case, not a revenue center.", "knownIssues": "Public annotations are discoverable by default — this is a feature, not a bug, but journalists often don't realize their reading patterns are visible. The browser extension activates on every page, which means Hypothesis knows what URLs you visit even if you don't annotate. PDF annotation requires OCR-enabled PDFs; scanned documents without OCR won't work. Mobile experience is significantly worse than desktop. Image annotation (added mid-2025) only works in PDFs, not on web pages. No offline mode. The W3C standard compliance is real but interoperability with other annotation tools remains theoretical — in practice, your annotations live on Hypothesis servers. Genius Web Annotator is effectively dead; Diigo exists but has reliability issues and a paid tier for basic features. Hypothesis is the last credible open-source web annotation tool standing.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "Open source (BSD 2-Clause license) with nonprofit+PBC governance. No data monetization. Completed Cloud Security Alliance CAIQ assessment. Regular vulnerability testing. Hosted on AWS. Annotations stored on Hypothesis servers — public annotations are fully discoverable by anyone, including unauthenticated users. Access controls exist for private and group annotations. No published SOC 2 Type II audit. The extension's always-on nature creates browsing metadata that journalists in sensitive contexts should weigh carefully." }, { "name": "iA Writer", "slug": "ia-writer", "url": "https://ia.net/writer", "tagline": "Distraction-free Markdown writing app. Focus mode, syntax highlighting, no account required. One-time purchase.", "category": "writing", "openSource": false, "whoItsFor": "Journalists, reporters, and writers who want a clean Markdown environment without distractions. Freelancers drafting stories, newsletters, or blog posts. Anyone who wants to write without an account, a subscription, or telemetry phoning home.", "pricing": "One-time purchase per platform: $49.99 Mac, $29.99 Windows, $19.99 iOS/iPad. No subscription. Minor updates free; major version upgrades may require a separate purchase. Educational discounts available for 20+ licenses via Apple School Manager. 14-day free trial on Mac and Windows.", "freeOption": false, "editorialTake": "iA Writer is the rare writing tool that respects both your attention and your privacy. No account, no cloud dependency, no telemetry by default. Files stay where you put them — local or in your own cloud storage (iCloud, Dropbox, Google Drive). The company, Information Architects, is a small bootstrapped studio in Zurich with no outside investors, which means no growth-at-all-costs pressure to monetize your data. The Focus Mode (dims everything except the current sentence) is genuinely useful for deadline writing. The 2024 'AI in Technicolor' feature — which shows colored gradients when text comes from Apple Intelligence, Claude, Gemini, or ChatGPT — is a clever transparency move that treats AI-assisted text as something to be visible, not hidden. The Android app was discontinued in 2024 due to Google API policy issues. At $50 for Mac, it's not cheap for a text editor, but you own it outright.", "bestFor": "Drafting articles, newsletters, and blog posts in Markdown. Focus writing sessions where you need zero distractions. Writers who want local-first file storage with optional cloud sync. Preparing clean copy for CMS import.", "notFor": "Long-form project management with multiple documents (Scrivener is better for that). Collaborative real-time editing (use Google Docs or HackMD). Rich formatting or layout design. Android users — the app was discontinued in 2024.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Switzerland (Information Architects Inc., Zurich). No user content is sent to or stored on iA servers. Files live locally or in your chosen cloud storage provider (iCloud, Dropbox, Google Drive), so data jurisdiction depends on your sync choice.", "privacyPolicyTldr": "No account required. No user content is sent to iA. The app collects only crash reports and anonymous usage statistics, both of which can be disabled. No tracking, no ads, no data brokerage. Files stay on your device or in your own cloud storage. One of the cleanest privacy postures in the writing tool category.", "practicalMitigations": "Disable optional telemetry in Preferences if you want zero network activity. Store files locally or in an encrypted cloud provider you control. If using iCloud sync, be aware that Apple holds the encryption keys (unless you enable Advanced Data Protection). For sensitive source material, keep files local only.", "owner": "Information Architects Inc. (iA), Zurich, Switzerland. Founded by Oliver Reichenstein. Small, fully independent studio — no outside investors, no VC funding, 100% bootstrapped.", "fundingModel": "Bootstrapped. No venture capital, no outside investors. Revenue comes entirely from software sales.", "businessModel": "One-time software purchases across Mac, Windows, and iOS. Also sells iA Presenter (presentation tool). No subscription revenue, no ads, no data monetization.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "strong", "securityRatingNote": "Local-first architecture with no account requirement and no content transmission to iA servers. Bootstrapped Swiss company with no investor pressure to monetize data. Telemetry is minimal and optional. Privacy posture is among the strongest in the writing tool category. The only variable is your choice of cloud sync provider." }, { "name": "ICIJ Offshore Leaks Database", "slug": "icij-offshore-leaks", "url": "https://offshoreleaks.icij.org", "tagline": "Search 810,000+ offshore entities from five major leak investigations — Panama Papers, Pandora Papers, Paradise Papers, Bahamas Leaks, and Offshore Leaks.", "category": "newsgathering", "additionalCategories": [ "data" ], "openSource": false, "builtForJournalism": true, "whoItsFor": "Investigative journalists, anticorruption researchers, and financial regulators tracking offshore financial structures. Search companies, trusts, foundations, intermediaries, beneficial owners, and addresses across 200+ countries. Also used by academics studying tax havens and civil society groups monitoring illicit finance.", "pricing": "Free. No account required to search. Bulk CSV and Neo4j downloads also free.", "freeOption": true, "editorialTake": "The Offshore Leaks Database is the public-facing output of the largest collaborative journalism projects ever undertaken. It aggregates five investigations spanning 2013 to 2022: the original Offshore Leaks (Portcullis Trustnet, Commonwealth Trust Limited), the Panama Papers (Mossack Fonseca), the Bahamas Leaks (Bahamas corporate registry), the Paradise Papers (Appleby + seven corporate registries), and the Pandora Papers (14 offshore service providers). The database covers 810,000+ offshore entities linked to people and companies in 200+ countries, with records spanning 80+ years through 2020. In January 2025, ICIJ added a Reconciliation API that lets you match your own datasets — names, addresses, entities — against the full database programmatically. The graph visualization (powered by Neo4j) is the real power feature: it maps the relationships between entities, officers, intermediaries, and addresses, revealing networks you'd never find in flat tabular data. This is where follow-the-money investigations start.", "bestFor": "Searching for individuals or companies with offshore financial structures. Starting points for follow-the-money and beneficial-ownership investigations. Cross-referencing names against five major leak datasets. Mapping corporate networks through graph visualization. Matching your own datasets against offshore records via the Reconciliation API.", "notFor": "The database is a curated subset of the leaked documents, not the full archives. No bank account details, transaction records, or underlying source documents. Absence from the database does not mean absence from the leaks — ICIJ withholds passport numbers, financial transactions, and other sensitive material. Not a substitute for corporate registries (OpenCorporates has 200M+ companies vs. 810K here). Not evidence of wrongdoing — offshore structures are legal.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. ICIJ is a 501(c)(3) nonprofit based in Washington, DC.", "privacyPolicyTldr": "No account required to search. ICIJ is a nonprofit journalism organization — no ads, no data sales. Standard web server logs may record IP addresses and search queries. The Reconciliation API processes your submitted data server-side to match against records. ICIJ does not disclose what queries users run.", "practicalMitigations": "No login needed for basic searches — just go. Use a VPN if your research targets are sensitive, since your search queries hit ICIJ's US-based servers. Download the full CSV or Neo4j dump for local analysis if you need to search without network exposure. Cross-reference results with OpenCorporates (corporate registries), PACER/RECAP (court records), OpenSanctions (sanctions lists), and Aleph (OCCRP's cross-border database) for a fuller picture. Remember: presence in the database means an offshore connection was documented, not that laws were broken.", "owner": "ICIJ (International Consortium of Investigative Journalists)", "fundingModel": "Nonprofit. Funded by journalism foundations, individual donations, and government transparency grants. The 2025 Reconciliation API was funded by Germany's GIZ (Deutsche Gesellschaft für Internationale Zusammenarbeit).", "businessModel": "Nonprofit journalism organization. ~50 staff, network of 280 investigative journalists across 100+ countries and 140+ media partners. 2022 revenue was $6.4M. Major funders include Adessium Foundation, Ford Foundation, Open Society Foundations, and Luminate (which has contributed $6M+ since 2017). The database is a free public resource — ICIJ's funding comes entirely from grants and donations.", "knownIssues": "Data is from leaked files, not standardized registries — expect duplicates, inconsistent formatting, and data entry errors, including within the same leak. Country matching is automated and sometimes wrong. Not every officer appears: ownership information is often buried in emails and internal memos that can't be systematically extracted. In the Panama Papers specifically, Mossack Fonseca often failed to collect real beneficial ownership data, relying on intermediary banks instead. The database has not been updated with new leak data since May 2022 (Pandora Papers final batch). WikiLeaks and others have criticized ICIJ for not releasing the underlying raw documents — ICIJ's position is that privacy and source protection require withholding bulk source material. Names in the database can be common (false positive risk is real) — always verify identity through additional sources.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "Nonprofit-operated public database with no account requirement and minimal data collection. The main operational security consideration is that your search queries are processed on ICIJ's US-based servers — if you're investigating entities that monitor their own exposure, your query pattern could be revealing. Download the bulk data for local querying if that matters. The Reconciliation API sends your match data to ICIJ servers for processing, so don't submit sensitive source lists without considering that." }, { "name": "iFOIA", "slug": "ifoia", "url": "https://www.ifoia.org", "tagline": "File, track, and appeal FOIA requests electronically — free, from the Reporters Committee for Freedom of the Press.", "category": "newsgathering", "additionalCategories": [ "newsgathering" ], "builtForJournalism": true, "whoItsFor": "Journalists, researchers, and members of the public filing Freedom of Information Act requests at the federal and state level. iFOIA generates the request letter, files it electronically, logs submissions with timestamps, and tracks agency responses. Built and maintained by the Reporters Committee for Freedom of the Press — the same 501(c)(3) that provides pro bono legal defense to journalists.", "pricing": "Free. No paid tiers, no per-request fees, no subscriptions.", "freeOption": true, "editorialTake": "iFOIA launched in 2013 and remains the only free, journalist-built FOIA filing tool with no per-request cost. The Reporters Committee for Freedom of the Press operates it as a public service — no ads, no monetization, no upselling. The tool generates properly formatted request letters for federal and state agencies, files them electronically where possible, and tracks responses in your account. It includes state-by-state guides to open records laws and supports filing appeals when agencies deny or delay. The distinction from MuckRock matters: MuckRock charges ~$5 per request (or a $40/month Pro plan), files on your behalf, and publishes requests publicly by default. iFOIA is free, files in your name, and keeps requests private to your account. For journalists who want to control their own requests and pay nothing, iFOIA is the tool. For journalists who want a managed service with a public archive and auto-follow-ups, MuckRock is the tool. They solve different problems. The Reporters Committee also provides a legal hotline (800-336-4243) for journalists who hit obstacles — subpoenas, access denials, shield law questions — which makes iFOIA part of a broader legal support ecosystem, not just a standalone app.", "bestFor": "Filing federal and state FOIA requests at no cost. Tracking request status and agency responses over time. Filing appeals when agencies deny or delay. Journalists who want requests filed in their own name, not through a third-party intermediary.", "notFor": "Journalists who want a managed service that files on their behalf, auto-follows up, and publishes results to a public archive — that is MuckRock. iFOIA does not file for you; it generates the letter and submits it, but you manage the process. No international FOI support. No bulk filing tools or API. No AI-powered document analysis.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States (Reporters Committee, Washington, D.C.)", "privacyPolicyTldr": "iFOIA is operated by the Reporters Committee for Freedom of the Press, a 501(c)(3) nonprofit. Requests are private to your account — not published publicly (unlike MuckRock's default). The Reporters Committee collects account information (name, email) to manage your requests. No advertising, no data sales. The organization's mission is defending press freedom, not monetizing user data.", "practicalMitigations": "Your FOIA requests are sent to government agencies — once filed, the agency knows who is asking and what they want. (1) Use a newsroom email or general-purpose address if you want to limit personal exposure. (2) iFOIA tracks your requests in your account, but the agencies themselves may publish responsive documents or log requesters in their own systems. (3) For high-sensitivity requests where you need to obscure the requester's identity, consider filing through a third party or attorney. (4) The Reporters Committee's legal hotline (800-336-4243) can advise on access disputes and legal risks.", "owner": "Reporters Committee for Freedom of the Press (501(c)(3) nonprofit, Washington, D.C.). Founded 1970. EIN 52-0972043.", "fundingModel": "Nonprofit. The Reporters Committee is funded by donations, foundation grants, and sustaining donor programs. No advertising revenue, no subscription fees.", "businessModel": "Free public service. iFOIA has no revenue model — it is a tool provided by a nonprofit legal defense organization as part of its mission to support press freedom and government transparency.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "Operated by a 501(c)(3) nonprofit with 55+ years of press freedom advocacy. No monetization of user data. Requests are private to your account. Encryption at rest is unverified. The primary exposure is inherent to FOIA itself: agencies know who is asking. iFOIA's operator has no incentive to misuse journalist data — the Reporters Committee exists to defend journalists, not surveil them." }, { "name": "Immersive Translate", "slug": "immersive-translate", "url": "https://immersivetranslate.com", "tagline": "Browser extension for bilingual side-by-side web page translation. 20+ AI translation engines. Chrome Best Extension 2024. Read foreign-language sources with original and translation visible together.", "category": "writing", "additionalCategories": [ "newsgathering" ], "whoItsFor": "Journalists reading foreign-language news sources, government documents, court filings, or social media posts. Researchers working across languages who need to see the original text alongside the translation. Investigators monitoring foreign-language websites or forums. Anyone who reads the web in multiple languages and wants context, not just output.", "pricing": "Free: web page translation using Google Translate, Microsoft Translate, and other free engines. Unlimited basic usage. Pro: $6.90/month or $69/year — unlocks DeepL Pro, OpenAI, Claude, and Gemini translation engines, plus AI conversation translation, subtitle downloads, EPUB/PDF full-screen translation, OCR for scanned documents, and priority updates.", "freeOption": true, "editorialTake": "Immersive Translate solves a specific problem better than anything else: reading a foreign-language web page with both the original and translation visible simultaneously. The bilingual display preserves context that copy-paste translation destroys. You see the source text. You see the translation. You catch errors because both are right there. For journalists working with foreign-language sources, this is not a convenience — it is a verification tool. The extension supports 20+ translation engines including Google, DeepL, OpenAI, and Claude. The free tier uses free engines and has no hard usage cap. Pro ($69/year) unlocks premium engines. It translates web pages, PDFs, EPUBs, and video subtitles on YouTube, Netflix, and other platforms. Named Chrome Best Extension of 2024 by Google. Over 20 million Chrome users. The extension was originally open source and the GitHub repository (17,000+ stars) remains public, though the current version includes proprietary components. The company behind it is Funstory.ai Limited, registered in Hong Kong, with data stored primarily in South Korea. This matters. In August 2025, a critical security incident exposed user data through the webpage snapshot feature: translated snapshots were uploaded to Tencent Cloud storage with public access and no authentication. Leaked content included personal data, financial documents, and cryptocurrency keys. The developer's response did not directly address remediation. A separate XSS vulnerability reported on Hacker News in August 2024 showed the extension could execute arbitrary code through malicious content. These are not theoretical risks — they are documented incidents. The translation quality through premium engines (DeepL, GPT-4) is excellent. The bilingual reading experience is unmatched. But the security track record requires caution, especially for journalists handling sensitive foreign-language material.", "bestFor": "Reading foreign-language news articles, government publications, and social media with bilingual context. Monitoring foreign-language websites for investigative reporting. Translating PDF documents and research papers while preserving layout. Language learners who want immersive reading practice. Quick translation of web content where seeing the original matters.", "notFor": "Translating sensitive or classified source material — the extension sends text to third-party translation APIs. Journalists working with whistleblower documents in foreign languages (use offline tools instead). Anyone who needs translation without any data leaving their device (use Ollama with local models). Publications needing certified or legal-grade translations.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "Hong Kong (company registration) and South Korea (primary data storage). Data processed across multiple jurisdictions including through third-party translation APIs: AWS, Azure, DeepL (Germany), Alibaba Cloud (China), Tencent Cloud (China). PDF processing routed through Mathpix. Google Analytics used for usage tracking.", "privacyPolicyTldr": "Text submitted for translation is sent to whichever translation engine you select — Google, DeepL, OpenAI, or others. Funstory.ai states translated content is not stored permanently and is deleted after service completion. However, the 2025 snapshot incident showed user content was stored on publicly accessible cloud storage without authentication. The extension collects device information, IP addresses, usage frequency, translation statistics, and error logs. Google Analytics tracks aggregated usage. Payment data processed by third-party providers. BabelDoc (PDF translation) uploads files to Funstory.ai servers. Data controller is Funstory.ai Limited (Hong Kong), subject to Hong Kong privacy law.", "practicalMitigations": "Never translate sensitive source documents, leaked files, or whistleblower communications through this extension — text is sent to external translation APIs. Disable the webpage snapshot feature entirely. Do not use BabelDoc PDF upload for confidential documents. For sensitive material, copy text manually into DeepL's Pro tier (which deletes after translation) or use a local translation model. Review which translation engine you are using — each has its own data handling policy. Consider using the free tier with Google Translate for routine foreign-language reading and reserving offline tools for sensitive work. Keep the extension updated — security patches have followed reported vulnerabilities.", "owner": "Funstory.ai Limited (Hong Kong)", "fundingModel": "Privately funded. No disclosed venture capital rounds. Revenue from Pro subscriptions. Company details are limited — Funstory.ai Limited is registered in Hong Kong with data infrastructure in South Korea and China.", "businessModel": "Freemium. Free tier uses free translation engines (Google, Microsoft). Revenue from Pro subscriptions ($69/year) that unlock premium translation engines and advanced features. No advertising in the extension itself.", "knownIssues": "August 2025: Critical data exposure through webpage snapshot feature. Translated page snapshots were uploaded to Tencent Cloud Object Storage with public access URLs and no authentication. Exposed content included personal documents, financial data, and API keys. Developer response did not directly address technical remediation. August 2024: XSS vulnerability reported on Hacker News — the extension could expose users to cross-site scripting attacks through malicious page content, potentially enabling cookie theft. Extension sends all translated text to third-party APIs by design — this is inherent to how it works, not a bug, but it means every page you translate is transmitted externally. BabelDoc PDF feature uploads documents to Funstory.ai servers for processing.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03", "relatedPrograms": [], "securityRating": "caution", "securityRatingNote": "Two documented security incidents in 2024–2025: an XSS vulnerability and a critical data exposure through the snapshot feature that leaked user documents to publicly accessible cloud storage. Text is sent to third-party translation APIs by design — this is functional, not a flaw, but journalists must understand that every translated page leaves their device. Data controller is Funstory.ai Limited (Hong Kong) with primary storage in South Korea and processing through Chinese cloud providers (Alibaba, Tencent). No disclosed security certifications. No public bug bounty or vulnerability disclosure program. Google Analytics tracks usage. The translation quality is excellent and the bilingual UX is best-in-class, but the security posture requires caution for any use involving sensitive material." }, { "name": "Infogram", "slug": "infogram", "url": "https://infogram.com", "tagline": "Data visualization and infographics platform. Drag-and-drop charts, maps, and interactive graphics — owned by Prezi since 2017.", "category": "data", "additionalCategories": [ "visuals" ], "openSource": false, "whoItsFor": "Journalists and newsroom designers who need to produce charts, infographics, and interactive data visualizations quickly without coding. Works well for reporters who need to turn spreadsheet data into embeddable graphics for stories. Used by newsrooms, nonprofits, and marketing teams for visual storytelling.", "pricing": "Basic: free (limited templates, 10 projects, Infogram branding). Pro: $19/month (100 projects, no branding, analytics, downloads). Business: $67/month (1,000 projects, team collaboration, custom branding, priority support). Team: $149/month (3-10 users, shared workspace, admin controls). Enterprise: custom pricing (10+ users, SSO, API access). Annual billing available. Special pricing for startups, nonprofits, and educational organizations.", "freeOption": true, "editorialTake": "Infogram sits in the middle of the newsroom visualization stack. Datawrapper is the gold standard for clean, accessible charts with zero learning curve. Flourish handles more complex interactive and animated visualizations. Infogram lands between them — more template variety than Datawrapper, easier than Flourish, with a stronger infographic focus. You can build charts, maps, dashboards, and multi-section infographics from a single interface. The drag-and-drop editor is genuinely easy. Connect a Google Sheet and your visualization updates automatically. The free tier is usable but limited: 10 projects, Infogram branding on everything. The Pro tier at $19/month removes branding and unlocks exports, which is the minimum for professional newsroom use. Prezi acquired Infogram in 2017 for an undisclosed amount. The product has continued to operate independently from its original base in Riga, Latvia. The ownership by Prezi (itself VC-backed) means the product's long-term direction depends on Prezi's strategy. For newsrooms already invested in Datawrapper, there's limited reason to switch. Infogram's strength is its infographic templates — if you need to produce multi-section visual explainers (not just standalone charts), Infogram has a deeper template library than competitors.", "bestFor": "Infographics and multi-section visual explainers. Quick chart creation from spreadsheet data. Interactive embeddable graphics for stories. Teams that need a shared workspace for visual content production. Organizations that want a single tool for charts, maps, and infographics.", "notFor": "High-precision statistical visualization (use Datawrapper or Observable). Complex interactive storytelling (use Flourish or custom D3.js). Sensitive data you don't want on third-party servers. Newsrooms that need full control over visual output and styling.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "Latvia (Infogram development team) and United States (Prezi parent company, headquartered in San Francisco). Cloud-hosted. Specific data center locations not publicly documented.", "privacyPolicyTldr": "Infogram is owned by Prezi Inc. Data is processed under Prezi's privacy framework. Standard account data collected (name, email, usage analytics). Data you upload for visualizations is stored on their servers. GDPR compliance claimed. No published transparency report. The privacy posture inherits from Prezi's broader policies.", "practicalMitigations": "Don't upload sensitive or unpublished data for visualization — use Datawrapper's self-hosted option or local tools instead. Export final visualizations and delete projects containing sensitive data promptly. Use the Team plan's access controls for newsroom collaboration. Verify that embedded visualizations don't expose raw data to viewers when that data shouldn't be public.", "owner": "Prezi Inc. (parent company). Infogram was founded in 2012 in Riga, Latvia by Uldis Leiterts and Raimonds Kaze. Acquired by Prezi in May 2017. Prezi is headquartered in San Francisco.", "fundingModel": "Owned by Prezi, which has raised over $100M in venture funding. Infogram operates as a wholly owned subsidiary. Prezi established a Data Visualization Center of Excellence in Latvia after the acquisition.", "businessModel": "Freemium SaaS. Revenue from Pro ($19/mo), Business ($67/mo), Team ($149/mo), and Enterprise subscriptions. Free tier limited enough to push professional users to paid plans. Special pricing for nonprofits and education.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "HTTPS encryption in transit. Owned by Prezi, a well-funded company with standard enterprise security practices. GDPR compliance claimed. No published SOC 2 certification or independent security audit. Data jurisdiction spans Latvia and the U.S. Adequate for visualizing public data. For sensitive unpublished data, use tools with stronger documented security postures (Datawrapper, or local visualization tools)." }, { "name": "Inkscape", "slug": "inkscape", "url": "https://inkscape.org", "tagline": "Free vector graphics editor for illustrations, diagrams, and infographics.", "category": "visuals", "additionalCategories": [ "data" ], "openSource": true, "whoItsFor": "Journalists creating infographics, maps, diagrams, or illustrations without a Figma or Adobe subscription. Data reporters who need to polish QGIS or D3.js exports for publication.", "pricing": "Free", "freeOption": true, "editorialTake": "Inkscape is the free Illustrator alternative that actually ships. Version 1.4.3 (December 2025) landed 120+ bug fixes and the project is hiring C++ developers to accelerate the 1.5 mega-release with native multipage support. SVG-native workflow means everything scales perfectly for web. The QGIS-to-Inkscape pipeline is a standard workflow for newsroom cartography — export shapefiles as SVG, refine labels and legends in Inkscape. It lacks CMYK color mode, so print-first shops still need Illustrator. But for web infographics, election maps, and explainer diagrams, Inkscape is publication-ready and costs nothing.", "bestFor": "Vector infographics, maps, diagrams, and illustrations. Polishing GIS exports (QGIS, ArcGIS) for publication. SVG editing for web interactives. Budget-constrained newsrooms that refuse Adobe subscriptions.", "notFor": "Photo editing (use GIMP). Complex multi-page layouts (use Scribus, though Inkscape 1.5 will add multipage). Print workflows requiring CMYK (use Illustrator or Affinity Designer). Real-time collaboration (no cloud features at all).", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "All local — no data sent anywhere", "privacyPolicyTldr": "Inkscape is fully local software. No accounts, no telemetry, no data collection, no network connections required. One caveat: SVG files may embed your OS username in file paths. Use 'Save as Optimized SVG' to strip metadata before publishing.", "practicalMitigations": "Save as 'Optimized SVG' to strip embedded file paths and metadata before publishing. Export to SVG for web, PDF for print. Keep source .svg files for future edits. On macOS, update to 1.4.3 to patch the Python privilege escalation vulnerability (CVE-2025-15523).", "owner": "Inkscape Project (open-source, fiscal sponsor: Software Freedom Conservancy since 2006)", "fundingModel": "Donations, community task funding campaigns, grants. SFC administers funds and provides tax-deductible status. Project hired two C++ developers in 2025 for 1.5 release work.", "businessModel": "None — no commercial entity, no premium tier, no paid features", "knownIssues": "No CMYK color mode — limits print production use. Interface feels dated compared to Illustrator or Figma; fixed toolbars, no dark mode on all platforms. macOS had a privilege escalation flaw (CVE-2025-15523) via bundled Python interpreter inheriting TCC permissions — patched in 1.4.3. Performance degrades on very complex SVGs (thousands of nodes). Font rendering quirks on macOS ('tofu' rectangles) were fixed in 1.4.3 but indicate platform-specific fragility.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Open-source, fully local, no accounts or telemetry. Maintained under the Software Freedom Conservancy since 2006. The macOS privilege escalation CVE (2025-15523) was patched promptly in 1.4.3. Active development with 120+ bug fixes in the latest release. As local-only software with no network requirements, the attack surface is minimal." }, { "name": "Instant Data Scraper", "slug": "instant-data-scraper", "url": "https://chromewebstore.google.com/detail/instant-data-scraper/ofaokhiedipichpaobibbnahnkdoiiah", "tagline": "Browser extension that uses AI to detect data patterns on web pages and export to CSV or Excel. No code, no account, no server.", "category": "newsgathering", "additionalCategories": [ "data" ], "openSource": false, "whoItsFor": "Journalists who need quick, no-code data extraction from web pages — tables, lists, search results, directories, government records. Also useful for OSINT researchers, activists, and anyone who needs to get structured data off a webpage without writing a script. Bellingcat includes it in their investigation toolkit.", "pricing": "Free. No paid tiers, no premium features, no account required.", "freeOption": true, "editorialTake": "Instant Data Scraper is the fastest path from web page to spreadsheet. Click the icon, preview the detected table, export. That's it. The extension uses heuristic AI to analyze HTML structure and identify repeating data patterns — tables, lists, search results, directory listings — then lets you export to CSV or Excel with one click. It handles pagination (auto-detecting 'Next' buttons) and infinite scrolling. All processing happens locally in your browser; no data leaves your machine. Over 1 million Chrome Web Store users. 4.86 stars across 7,000+ reviews. Current version is 1.2.1 (March 2026), running on Manifest V3. Originally built by webrobots.io (Lithuania), ownership transferred to Flavr Technology, LP, which now publishes the extension. Webrobots.io explicitly states the extension is 'no longer owned, developed or supported by Web Robots.' The transfer raises questions about long-term maintenance transparency, but the extension continues to receive updates. Also available on Microsoft Edge. An unofficial Firefox port ('Instant Data Scraper reboot') exists under Mozilla Public License 2.0. For quick grabs of public data, nothing is faster. For complex multi-page workflows, scheduled runs, or anti-bot evasion, use ParseHub or Octoparse instead.", "bestFor": "Quick extraction of tables, lists, and structured data from public web pages. Government databases, court records, business directories, search results, product listings, social media profiles (limited), any page with repeating data patterns. OSINT investigations: Bellingcat-documented use cases include scraping social media data to map disinformation networks.", "notFor": "Complex multi-page scraping workflows requiring scheduling, scripts, or API output (use ParseHub at $189/mo or Octoparse from $119/mo). Sites behind logins or paywalls. Pages with aggressive anti-bot protection (CAPTCHAs, Cloudflare challenges). Large-scale automated collection (browser memory limits cap practical use at a few thousand rows). LinkedIn (HTML structure defeats the detection algorithm). Jobs requiring proxy rotation or geographic IP flexibility.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Local only. The extension runs entirely in your browser. Scraped data is never transmitted to external servers — it exports directly to your device as CSV or Excel files. No cloud storage, no accounts, no server-side processing.", "privacyPolicyTldr": "All data processing happens locally in the browser. No scraped data is sent to any external server. The extension requires broad page access permissions ('Read and change all your data on all websites') to read DOM content for extraction — this is standard for scraping extensions but grants wide access. No accounts, no telemetry reported by the extension. Webrobots.io confirms no data is sent to their servers, though they no longer own or operate the extension.", "practicalMitigations": "Review Chrome extension permissions before installing — the 'all websites' access is necessary for functionality but is a wide grant. Disable the extension when not actively scraping to reduce attack surface. Export data to your local machine immediately; don't rely on the extension to store results. Be aware of legal and ethical considerations: scraping public data is generally legal under hiQ v. LinkedIn (Ninth Circuit), but copyright, terms of service, and privacy regulations (GDPR, CCPA) still apply. Avoid inadvertently collecting personal data about individuals unrelated to your investigation. Monitor for extension updates — ownership changes (webrobots.io to Flavr Technology) mean you're trusting a different entity than the original developer.", "owner": "Flavr Technology, LP (current Chrome Web Store publisher). Originally developed by webrobots.io (Vilnius, Lithuania). Webrobots.io transferred ownership and no longer maintains or supports the extension.", "fundingModel": "None disclosed. Free extension with no revenue model. No venture funding publicly associated with Flavr Technology, LP.", "businessModel": "None. Free extension with no paid tiers, no premium features, no advertising, no data monetization reported. The absence of a business model is itself a risk factor — there is no financial incentive to maintain or secure the extension long-term.", "knownIssues": "Ownership transferred from webrobots.io to Flavr Technology, LP with no public explanation of the transfer or the new owner's identity. This is a trust gap — users are granting broad browser permissions to an entity with minimal public presence. The extension can only extract one table per page; complex pages with multiple data sets require separate passes. Pagination handling sometimes fails when 'Next' buttons are non-standard or dynamically rendered. JavaScript-heavy SPAs and sites with anti-bot detection (CAPTCHA, Cloudflare) will block or defeat the scraper. No built-in deduplication, validation, or data cleaning — exported data often requires manual cleanup. No proxy support, so your IP is exposed directly to target sites. Browser memory limits cap practical extraction at a few thousand rows before performance degrades. Users have reported the extension occasionally losing scraped URL data mid-session. No API, no scheduling, no scripting — strictly manual, interactive use. The extension is closed-source, so independent security auditing of the code is not possible.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "Local-only data processing is a genuinely strong privacy model — no server ever touches your scraped data. But the extension is closed-source, requires broad page access permissions across all websites, and ownership transferred from webrobots.io to Flavr Technology, LP without public explanation. You're trusting a publisher with minimal public presence to not inject malicious code into a future update. The extension continues to receive updates (v1.2.1, March 2026, Manifest V3), which is a positive signal. Adequate for scraping public data in non-sensitive contexts. If you're scraping data related to sensitive sources or investigations, consider using the open-source Firefox reboot port (MPL 2.0) where the code is auditable, or a self-hosted tool like Scrapy." }, { "name": "IntelTechniques", "slug": "inteltechniques", "url": "https://inteltechniques.com", "tagline": "Michael Bazzell's OSINT tools, training, and methodology — the definitive resource for digital investigations, online search techniques, and personal privacy protection.", "category": "newsgathering", "additionalCategories": [ "security" ], "whoItsFor": "Investigative journalists conducting online research and people-finding. OSINT practitioners building digital investigation skills. Newsroom security teams protecting journalist identities. Anyone conducting background research, social media investigations, or public records searches. Privacy-conscious journalists who want to reduce their own digital footprint while researching others. Law enforcement and intelligence analysts (Bazzell's original audience).", "pricing": "The OSINT tools portal requires a paid subscription — pricing has varied but is typically around $50/year for access to the online tools collection. Books ('OSINT Techniques' and 'Extreme Privacy') retail at approximately $36-46 each. The podcast is free. Online training courses and in-person workshops are offered at varying price points. Some free content available through the podcast and blog.", "freeOption": true, "editorialTake": "IntelTechniques is Michael Bazzell's one-person operation and the most respected OSINT methodology resource in the English-speaking investigation community. Bazzell spent 18 years as an FBI cyber crimes investigator before leaving to focus on OSINT training and personal privacy consulting. His work sits at the intersection of two concerns that matter deeply to journalists: how to find information about other people online, and how to protect your own information from being found.\n\nThe core product is a web-based collection of OSINT search tools — structured interfaces that query public records, social media platforms, search engines, archived content, and other open sources. These are not hacking tools or data brokers. They are organized, methodical search interfaces that help researchers exhaust public sources systematically rather than relying on ad hoc Google searches. Categories cover people search, email, username, social media, domain/IP, documents, images, and more.\n\nThe tools have evolved significantly. Earlier versions linked directly to third-party search engines and databases. Current versions are more cautious about operational security — Bazzell has progressively removed tools that might expose the researcher's identity or search patterns to the target. This privacy-first evolution reflects Bazzell's dual expertise: he teaches both how to investigate and how to avoid being investigated.\n\nFor journalists, IntelTechniques serves three purposes. First, the tools portal provides structured OSINT workflows — a checklist approach to digital research that ensures you've checked all public sources before concluding someone can't be found online. Second, the books (particularly 'OSINT Techniques,' now in its 10th+ edition, updated annually) provide comprehensive methodology that's applicable to any investigation. Third, the privacy guidance helps journalists protect sources, reduce their own exposure, and understand the same techniques that targets use to hide.\n\nThe 'Extreme Privacy' book and associated guidance is particularly valuable for journalists in hostile environments. Bazzell covers removing personal information from data brokers, compartmentalizing online identities, securing communications, and reducing physical-world exposure. This is the same tradecraft he teaches to stalking victims, domestic violence survivors, and law enforcement personnel — adapted for anyone whose work creates enemies.\n\nThe limits: IntelTechniques is one person's operation. When Bazzell updates the tools or books, they're updated. When he doesn't, they age. Some tools break when target platforms change their interfaces or APIs. The subscription tools portal has had periods of being taken offline or restructured as Bazzell rethinks the operational security implications. The content is US-centric in its public records coverage, though the methodology is globally applicable. There is no team, no roadmap, no SLA — this is an expert practitioner sharing his methods, not a software company.\n", "bestFor": "Structured OSINT research methodology — ensuring you've exhausted all public sources. People-finding using public records, social media, and web archives. Username and email investigations across platforms. Learning digital investigation techniques through books and training. Personal privacy protection and digital footprint reduction. Understanding the OSINT landscape and available data sources. Operational security for journalists conducting sensitive research.", "notFor": "Automated bulk data collection or API access — these are manual research tools. Non-English or non-US public records (methodology applies globally, but tool coverage is US-centric). Real-time monitoring or alerting. Breaking into accounts or accessing private data — Bazzell teaches legal, ethical open-source research only. Newsroom-scale deployment — this is an individual researcher's toolkit, not enterprise software. Situations requiring guaranteed uptime or SLA — it's a one-person operation.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States. Michael Bazzell operates from the US (location deliberately obscured given his privacy focus). The tools portal is web-hosted on US infrastructure. The tools themselves query third-party public sources in their respective jurisdictions — IntelTechniques provides the search interface, not the underlying data.", "privacyPolicyTldr": "IntelTechniques is built by a privacy expert and reflects that ethos. The tools portal requires a subscription (email and payment), but Bazzell's known philosophy minimizes data collection. The tools generate queries against third-party sources — those sources have their own tracking and logging. IntelTechniques itself is a search interface, not a data store. Bazzell has explicitly discussed minimizing server logs and user tracking. No advertising, no data sales, no third-party analytics visible on the site.", "practicalMitigations": "Use the OSINT tools through a VPN or Tor to prevent your IP from being logged by the third-party sources being queried. Remember that IntelTechniques provides the search interface, but the actual queries hit external platforms that log requests — your operational security depends on how you access those end sources, not just IntelTechniques itself. Use a dedicated browser profile for OSINT research, separate from your personal browsing. Follow Bazzell's own privacy methodology: compartmentalize research identities, use purpose-specific email addresses, and don't mix investigation accounts with personal accounts. Keep a local copy of the methodology (from the books) in case the online tools portal goes offline or is restructured.\n", "owner": "Michael Bazzell, operating as a sole proprietor. Former FBI cyber crimes investigator (18 years). Now an independent OSINT trainer, author, and privacy consultant. One-person operation with no corporate parent, no investors, and no board. Bazzell maintains deliberate personal privacy — limited public biographical information beyond his professional credentials.", "fundingModel": "Self-funded through product sales. Revenue from book sales ('OSINT Techniques' and 'Extreme Privacy,' both updated and republished annually), tools portal subscriptions, training courses, consulting engagements, and the podcast (which may have sponsors). No venture capital, no institutional funding. A sustainable one-person business model.", "businessModel": "Direct-to-practitioner sales. Books sold through Amazon and direct. Tools portal subscription (~$50/year). Training courses and workshops. Privacy consulting for individuals and organizations. The podcast (free) serves as marketing. No data brokerage, no advertising revenue, no third-party data sales. Revenue comes from practitioners paying for methodology and tools access.", "knownIssues": "One-person dependency: The entire operation depends on Michael Bazzell. If he retires, becomes incapacitated, or decides to shut down, there is no succession plan, no team, and no institutional continuity. Books remain available but tools and training would end.\n\nTool maintenance: Individual tools break when target platforms change their interfaces, APIs, or access policies. With one person maintaining the collection, broken tools may remain broken for days or weeks until Bazzell addresses them. No SLA or guaranteed uptime.\n\nUS-centric coverage: While the OSINT methodology is universally applicable, the specific tool collection and public-records guidance is heavily oriented toward US data sources. Journalists investigating in other countries will need to supplement with local-jurisdiction tools.\n\nPeriodic restructuring: Bazzell has historically taken the tools portal offline, restructured access, or removed tools he considers operationally risky. The product is not static — features available today may be gone tomorrow based on Bazzell's evolving security philosophy. This is principled but unpredictable for users who depend on specific tools.\n\nSubscription required for tools: The tools portal is not free. While the methodology is accessible through books and podcast, the actual structured search tools require an active subscription. For journalists already paying for multiple tool subscriptions, this is one more recurring cost.\n\nEthical boundaries: IntelTechniques teaches legal open-source research only. Journalists hoping for tools that access private databases, bypass authentication, or scrape restricted platforms will not find them here. This is a feature, not a bug — but it sets expectations.\n", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "Built by a former FBI cyber crimes investigator and active privacy advocate — the developer's personal expertise is the strongest trust signal here. HTTPS encryption in transit. Minimal data collection philosophy consistent with Bazzell's published privacy principles. No advertising, no third-party analytics visible. The main considerations: it's a one-person operation without published security certifications or third-party audits, and the tools generate queries against external sources with their own logging. The privacy expertise of the operator provides high confidence in intentional security design, but no formal verification exists. Rating reflects strong practitioner credibility offset by lack of institutional security documentation." }, { "name": "InVID/WeVerify", "slug": "invid-weverify", "url": "https://github.com/AFP-Medialab/verification-plugin", "tagline": "Browser extension for verifying videos and images — keyframe extraction, reverse search, deepfake detection, and metadata analysis.", "category": "verification", "openSource": true, "builtForJournalism": true, "whoItsFor": "Journalists, fact-checkers, OSINT researchers, and human rights defenders verifying viral videos, images, and social media content. 57,000+ weekly active users including newsrooms and law enforcement agencies worldwide.", "pricing": "Free", "freeOption": true, "editorialTake": "The standard verification toolkit for newsrooms. Extract keyframes from video, run reverse image searches across Google, Bing, Yandex, Baidu, and TinEye simultaneously, inspect EXIF metadata, and now run deepfake detection — all from one browser extension. Built by AFP Medialab under three successive EU research grants (InVID 2016-2018, WeVerify 2018-2021, vera.ai 2022-2025). The vera.ai funding ended October 2025, but AFP continues maintaining the plugin (v0.89.1, updated March 2026). The deepfake detector is useful as a first-pass screen — it color-codes face-manipulation probability per frame — but independent benchmarks show forensic tools like this have high recall and poor specificity. Translation: it catches a lot of fakes but also flags compression artifacts and motion blur as suspicious. Pair it with TrueMedia or human analysis for anything you'd publish. Some features send data to third-party search engines, so keep pre-publication material away from the reverse search tabs.", "bestFor": "Verifying viral videos and images. Extracting keyframes for reverse image search. Checking EXIF metadata and GPS coordinates. First-pass deepfake screening on video. Archiving disinformation traces in WACZ format. Forensic image analysis (error level analysis, noise analysis). Twitter/X social network analysis (registered users only).", "notFor": "High-confidence deepfake verdicts — accuracy trails human analysts and dedicated paid tools like Sensity (98% accuracy). Verifying text claims (use Google Fact Check Explorer). Automated monitoring at scale. Confidential pre-publication material (reverse searches hit third-party servers).", "encryptionInTransit": "yes", "encryptionAtRest": "partial", "dataJurisdiction": "Split. Metadata extraction and forensic analysis run locally in your browser. Reverse image searches route through Google, Bing, Yandex, Baidu, and TinEye — each with its own jurisdiction and data practices. Deepfake detection and AI-based tools process via CERTH-ITI servers in Greece (EU). Content is cached by partner tools for approximately one day.", "privacyPolicyTldr": "No personal data recorded by the extension itself. Matomo analytics tracks usage patterns but you can opt out from the About page. Reverse image searches send your queries and images to third-party engines. AI-based tools (deepfake detection, synthetic image detection) send content to CERTH servers. No account required for core features; registration required for advanced tools (Twitter SNA, CheckGIF, synthetic image detector, voice cloning detector).", "practicalMitigations": "Never use reverse image search with pre-publication material — those queries go to Google, Yandex, TinEye, and others who may log them. Use metadata extraction and forensic tabs (local processing) for sensitive content. Opt out of Matomo analytics in the About page. For deepfake detection, treat results as a starting point, not a verdict — the tool flags compression artifacts and motion blur as suspicious. Cross-reference with TrueMedia or manual frame analysis before publishing.", "owner": "AFP Medialab (Agence France-Presse R&D lab). Developed through three EU research consortia with CERTH-ITI (Centre for Research and Technology Hellas), Deutsche Welle, and 14 European partners.", "fundingModel": "EU grants: Horizon 2020 (InVID, WeVerify) and Horizon Europe (vera.ai, grant 101070093). vera.ai ended October 2025. Additional tools from IFCN DisinfoArchiving project (2024-2025). No announced successor grant as of April 2026 — continued maintenance appears to rely on AFP Medialab's institutional commitment.", "businessModel": "Free. Open-source (MIT license) on GitHub. Research project output sustained by AFP's ongoing maintenance. No paid tier, no ads, no affiliate revenue.", "knownIssues": "Deepfake detection has high false-positive rate — benign compression, color grading, and motion blur trigger alerts (confirmed by March 2026 comparative study). AI detection accuracy lags behind human forensic analysts and paid tools like Sensity. vera.ai EU funding ended October 2025 with no announced successor grant, creating long-term maintenance uncertainty. Advanced features (Twitter SNA, CheckGIF, synthetic image detector, voice cloning detector) require registration and are restricted to verified journalists and researchers. Yandex reverse search raises geopolitical concerns for some users. One-day content caching by partner tools means uploaded material persists briefly on external servers.", "reviewedBy": "Deepened evaluation by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "Metadata extraction and forensic analysis run locally — good. Open-source under MIT license with full code on GitHub. No personal data collection by the extension. But reverse searches and AI tools send content to third-party and CERTH servers. Content cached for ~1 day by partner tools. The split architecture (local forensics + remote AI + third-party search) means your operational security depends on which tabs you use. Stick to local-only features for sensitive material." }, { "name": "Jitsi Meet", "slug": "jitsi-meet", "url": "https://meet.jit.si", "tagline": "Open-source encrypted video conferencing — self-host for full control, or use meet.jit.si for quick calls.", "category": "messaging", "openSource": true, "threatLevel": "sensitive-reporting", "whoItsFor": "Journalists who need encrypted video calls without forcing sources to create accounts. Newsrooms that want to self-host video infrastructure and keep call data off third-party servers entirely.", "pricing": "Free (community edition). 8x8 JaaS (Jitsi as a Service) starts free for 25 monthly active users, then usage-based pricing with $0.01/min recording add-on.", "freeOption": true, "editorialTake": "Jitsi is the strongest open-source option for journalist video calls, but the privacy story got more complicated in August 2023. The public meet.jit.si instance now requires a Google, Facebook, or GitHub login to create rooms — 8x8 stores that account info and will share it with authorities on ToS violation reports. Guests still join without accounts, but the room creator is no longer anonymous. For sensitive source calls, self-hosting is now the only way to get Jitsi's original promise: no accounts, no tracking, no metadata retention. The Freedom of the Press Foundation has reviewed Jitsi favorably for high-risk users but emphasizes self-hosting for maximum protection. E2EE works but caps at 20 participants, and only covers audio/video — not chat or polls. AV1 codec support (default since December 2024) is a genuine technical advantage over Zoom and Google Meet for video quality at low bandwidth.", "bestFor": "Encrypted source calls where the source joins via link with no account. Self-hosted video infrastructure for newsrooms that want zero third-party data exposure. Quick internal calls when calendar integration doesn't matter.", "notFor": "Large encrypted meetings (E2EE caps at 20 participants). Teams that need calendar integration, recording, or transcription out of the box (Zoom and Google Meet are better). Situations where the room creator needs to stay anonymous on meet.jit.si (self-host instead).", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "meet.jit.si servers are 8x8-operated (US-headquartered, global infrastructure). 8x8 stores room creator account credentials and retains the right to share with authorities. Self-hosting gives full jurisdiction control — deploy in any country, on any infrastructure.", "privacyPolicyTldr": "Since August 2023, creating a room on meet.jit.si requires a Google, Facebook, or GitHub login. 8x8 stores creator credentials and uses them for ToS abuse investigations. Call content (audio/video) is deleted when the last participant leaves. Recordings stay on 8x8 servers temporarily until uploaded to your Dropbox. 8x8 retains data as needed for legal/tax compliance. Self-hosted instances have no forced telemetry and you control all logs and retention.", "practicalMitigations": "Enable E2E encryption in the meeting security panel for sensitive calls — SRTP is the default, E2EE is opt-in and uses Insertable Streams API (Chromium-based browsers only, max 20 participants). Use a self-hosted instance for source calls — meet.jit.si now logs creator identity. Set meeting passwords and enable the lobby. Distribute meeting links and passwords via Signal shortly before call time (per Freedom of the Press Foundation guidance). Use random meeting names, not guessable words.", "owner": "8x8, Inc. (NASDAQ: EGHT). Acquired Jitsi from Atlassian in October 2018. Originally created by Emil Ivov. 8x8 is a US-based cloud communications company.", "fundingModel": "8x8 corporate sponsorship. Jitsi is the engine behind 8x8's commercial video products. E2EE development received NLnet Foundation funding (EU). Accepted into Google Summer of Code 2025.", "businessModel": "8x8 monetizes Jitsi through JaaS (Jitsi as a Service) — a commercial SDK/API product with SLA and 24/7 support. The open-source community edition remains free. This is the standard open-core model: free self-hosted, paid managed service.", "knownIssues": "meet.jit.si no longer allows anonymous room creation (August 2023) — creators must log in with Google, Facebook, or GitHub, and 8x8 stores that credential. E2EE only works in Chromium-based browsers (Chrome, Edge, Brave, Opera) via the Insertable Streams API — Firefox does not support it. E2EE is capped at 20 participants. E2EE covers audio, video, and screen sharing only — chat, polls, and reactions are not end-to-end encrypted. CVE-2024-33530: meeting password disclosure in lobbied meetings (fixed April 2024). No published third-party security audit — the codebase is open for review but has not undergone a formal pen test that's been made public. Docker deployment historically shipped with default system passwords (fixed in stable-4384-1+). Recording on meet.jit.si temporarily stores video on 8x8 servers before upload to your cloud storage.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Open-source with optional E2E encryption, self-hosting available, no tracking on self-hosted instances. Rating assumes self-hosting for sensitive work. The meet.jit.si public instance lost its anonymous room creation in 2023 — room creators are now identified to 8x8. Still strong overall: open codebase, Insertable Streams E2EE, active development, NLnet-funded encryption work, and endorsement from Freedom of the Press Foundation for high-risk users." }, { "name": "Journallist / trust.txt", "slug": "journallist", "url": "https://journallist.net", "tagline": "Machine-readable transparency file for news publishers — declares organizational affiliations, ownership, social accounts, and AI training permissions in a standard text format.", "category": "verification", "builtForJournalism": true, "whoItsFor": "News publishers, press associations, journalism organizations, and media companies that want to make their institutional relationships and credentials machine-readable. Approximately 3,000 publishers participate as of 2024, up from 110 in March 2022. Notable participants include the Associated Press, the Florida Press Association, and Digital Content Next members (BBC News, The New York Times, News Corp).", "pricing": "Free to implement. Adding a trust.txt file to your site costs nothing. JournalList membership (optional) carries fees, though amounts are not publicly disclosed. In August 2023, JournalList announced complimentary access for all publishers from its association members.", "freeOption": true, "editorialTake": "Trust.txt is a plain-text file you host at /.well-known/trust.txt on your domain — modeled after robots.txt and ads.txt. It declares which associations you belong to (belongto=), which sites you control (control=, controlledby=), your verified social accounts (social=), vendor relationships (vendor=, customer=), ethics disclosures (disclosure=), and whether you permit AI training on your content (datatrainingallowed=). The system is decentralized: each publisher hosts their own file, and claims are validated by checking that the referenced organization's trust.txt reciprocates the relationship. JournalList.net aggregates these files into a searchable dataset. Founded in 2018 by Scott Yates, a Colorado journalist and serial entrepreneur, JournalList is a 501(c)(6) nonprofit incorporated in Delaware. The board includes Claire Wardle (Brown University, formerly First Draft News), Ralph Brown (former CTO of CableLabs), Randy Picht (Reynolds Journalism Institute), and Susan Kantor (Alliance for Audited Media). RJI partnered with JournalList in 2022; Mark Stencel (formerly Duke Reporters' Lab, Washington Post, NPR) was appointed executive director when Yates left to run for Congress. An IETF Internet-Draft was submitted by Ralph Brown in February 2025 but expired in August 2025 — trust.txt has no formal IETF standing. A browser extension built by Ralph Brown and Microsoft engineer Christian Paquin shows a badge on participating sites. Compared to JTI (Journalism Trust Initiative by RSF, ISO-based, 2,000+ outlets in 119 countries, requires independent audit) and NewsGuard (paid editorial ratings), trust.txt is lighter-weight: it reports affiliations rather than evaluating quality. That is both its strength and its limitation. It tells you who vouches for a publisher but not whether the journalism meets any standard. Adoption grew from 110 to 3,000 publishers in two years, but that is still a fraction of the news ecosystem. The datatrainingallowed field (added April 2024) is a useful opt-in/opt-out signal for AI crawlers, though enforcement depends on crawlers choosing to respect it — same limitation as robots.txt.", "bestFor": "Declaring organizational affiliations in a machine-readable format. Helping ad platforms and search engines distinguish legitimate publishers from pink-slime sites. Verifying social media account ownership. Signaling AI training permissions. Press associations that want a lightweight way to vouch for member outlets.", "notFor": "Evaluating journalism quality — trust.txt reports affiliations, not editorial standards (use JTI for that). Individual journalists without a publication domain. High-stakes verification where you need editorial ratings (use NewsGuard). Replacing fact-checking or content verification tools. Publishers not affiliated with any recognized association — the system's value depends on reciprocal relationships.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States. JournalList Inc. is incorporated in Delaware with offices in Denver, CO. The trust.txt files themselves are hosted on each publisher's own domain under their own jurisdiction. JournalList.net aggregates these files but the spec is decentralized — no single entity controls all data.", "privacyPolicyTldr": "JournalList.net collects standard website data: comment form info, IP addresses, browser user agents for spam detection. Contact form submissions are retained. Cookies for login (2 days or 2 weeks with Remember Me) and screen preferences (1 year). They state they do not share data outside JournalList Inc. All staff access requires 2FA. The trust.txt files themselves contain only organizational relationships and public URLs — no personal data.", "practicalMitigations": "Trust.txt files contain only public organizational data, so exposure risk is minimal. Verify that your trust.txt only lists affiliations you want public. The datatrainingallowed field is advisory — AI crawlers may ignore it, just as they sometimes ignore robots.txt. Do not treat a trust.txt badge as proof of journalism quality; it confirms association membership, not editorial standards. If you control multiple domains, each needs its own trust.txt file with matching control/controlledby entries.", "owner": "JournalList Inc., a 501(c)(6) nonprofit. Founded by Scott Yates (2018). Current executive director: Mark Stencel (appointed 2022, formerly Duke Reporters' Lab). Board: Claire Wardle (Brown University), Ralph Brown (former CTO CableLabs), Randy Picht (Reynolds Journalism Institute), Susan Kantor (Alliance for Audited Media).", "fundingModel": "Nonprofit membership fees (amounts undisclosed). Accepts no funding from platforms, governments, or competing organizations per stated policy. Partnership with Reynolds Journalism Institute (University of Missouri) provides institutional support. Alliance for Audited Media expanded complimentary access to 1,100+ audited publishers in 2023.", "businessModel": "Nonprofit association. Revenue from optional membership dues. The trust.txt spec itself is open-source and free to implement. JournalList aggregates and distributes the data to platforms, ad buyers, and researchers. No ads, no tracking, no affiliate revenue.", "knownIssues": "The IETF Internet-Draft expired in August 2025 with no formal standardization — trust.txt remains a de facto spec, not an official internet standard. 3,000 publishers is meaningful growth but still a small fraction of global news outlets. The system only works when both parties (publisher and association) maintain matching trust.txt files — stale or missing files break the chain. The datatrainingallowed field has no enforcement mechanism beyond voluntary compliance by AI crawlers. Trust.txt confirms affiliations but does not assess journalism quality, editorial independence, or factual accuracy — a publisher could belong to a legitimate association and still produce poor journalism. The browser extension exists but has minimal consumer adoption. Membership fee structure is not transparent.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "Trust.txt files contain only public organizational data — no personal information, no credentials, no sensitive content. The spec is open-source with an expired IETF draft. JournalList.net uses HTTPS and requires 2FA for staff. The decentralized architecture means no single point of compromise for all publisher data. The main risk is not technical but conceptual: trust.txt signals affiliation, not quality, and consumers or platforms may conflate the two. Low data sensitivity, straightforward implementation, no authentication required to read the files." }, { "name": "Journo Portfolio", "slug": "journo-portfolio", "url": "https://journoportfolio.com", "tagline": "Purpose-built portfolio builder for journalists. Import clips by URL, auto-screenshot backups, custom domain — starting at $0.", "category": "publishing", "builtForJournalism": true, "whoItsFor": "Journalists, freelance writers, and creatives who need a portfolio site without touching code. Built originally for journalists in 2012 and still optimized for clip-based portfolios. 250,000+ users across journalism, copywriting, photography, and design. Good for students — 50% off first year with a .edu email.", "pricing": "Free: 10 portfolio items, 1 page, journoportfolio.com subdomain. Plus: $8/month or $5/month billed annually ($60/year) — 50 items, 5 pages. Pro: $12/month or $8/month billed annually ($96/year) — 1,000 items, 10 pages, custom domain, article backups, password protection, auto-imports, 120 min video/audio hosting. Unlimited: $18/month or $14/month billed annually ($168/year) — unlimited everything, 240 min media hosting, product sales, priority support. 50% student discount. 50% off additional portfolio sites. 7-day Pro trial on signup. 29 currencies supported.", "freeOption": true, "editorialTake": "Journo Portfolio does one thing well: get a journalist's clips online fast. Paste a URL, and it extracts the title, publication date, image, and description automatically. The Pro plan adds screenshot backups of every clip — not full-text like Authory, but enough to prove the work existed if the original goes offline. At $96/year for Pro (or $60/year for Plus), it undercuts Authory ($144/year) and avoids the complexity of WordPress. 250,000 users since 2012 is a real number, though most are on free or Plus plans. The free tier is genuinely usable — 10 items and a subdomain gets a student or early-career journalist online immediately. Compared to Muck Rack's free portfolio, Journo Portfolio does not monetize your data to PR firms. Compared to Squarespace ($192/year for Personal), it is cheaper and purpose-built for clip portfolios rather than generic websites. The tradeoff is design ceiling. Eight pre-built themes with customizable colors, fonts, and layouts — fine for a professional portfolio, limiting if you want a full website. The content builder handles pages, blogs, and collections, but it is not WordPress. For most working journalists who need clips online with a custom domain, Pro at $96/year is the sweet spot.", "bestFor": "Journalists and freelance writers who need a clean portfolio site with minimal setup. Students and early-career reporters on tight budgets. Writers who want screenshot backups of clips without paying for full archival. Anyone who needs a portfolio in minutes, not hours.", "notFor": "Writers who need full-text searchable archives of their work — Authory is better for that. Journalists who want deep design customization or a full website beyond a portfolio. Publications or teams that need multi-user CMS features. Photographers or designers who need high-resolution image galleries — dedicated visual portfolio tools like Adobe Portfolio or Format are better.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United Kingdom. Journo Portfolio Limited is registered in England and Wales (Company #10554685). Registered with the UK ICO. Data stored and processed in the UK or where third-party providers maintain facilities.", "privacyPolicyTldr": "Collects name, email, billing address, social media profiles, IP addresses, browser type, geolocation, and device info. Payment processing through Stripe, PayPal, and Paddle — Journo Portfolio does not store card numbers. Uses Plausible Analytics (privacy-friendly, no cookies) and Intercom for support. Shares data with hosting providers, payment processors, and legal authorities when required. Account data deleted within 14 days of account deletion. UK GDPR applies. No mention of selling data to third parties or AI training.", "practicalMitigations": "Export your portfolio content periodically — the platform does not advertise a bulk export feature, so save copies of your clip URLs and descriptions locally. Use a custom domain (Pro plan) so your URL is portable. Screenshot backups are automatic on Pro, but keep your own local copies of critical clips. Understand that Journo Portfolio controls your site's availability — if the company shuts down, your subdomain and hosted content go with it. A custom domain mitigates this. Password protection (Pro) is useful for sensitive portfolios shared with specific editors.", "owner": "Journo Portfolio Limited (United Kingdom). Founded by Joshua Lewis (sole director, appointed January 2017). Registered at 9 Perseverance Works, Kingsland Road, London E2 8DD. The platform launched in 2012; the company incorporated in 2017.", "fundingModel": "Bootstrapped. No disclosed venture funding. Revenue-funded through subscriptions.", "businessModel": "SaaS subscription across four tiers (Free, Plus, Pro, Unlimited). No advertising. No data sales. Unlimited plan includes product/service sales feature, suggesting a commission or payment processing component. Student discounts and multi-site discounts drive adoption.", "knownIssues": "Screenshot backups are not full-text archives — if you need the actual article content preserved, Authory or manual local backups are necessary. No bulk export tool is prominently documented, which creates some lock-in risk. The free plan's 10-item limit and subdomain-only restriction push users toward paid plans quickly. The platform started as journalism-focused but now markets to photographers, designers, and beauticians — the journalism-specific features have not deepened as much as the general website-builder features have broadened.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "Standard web platform security with TLS in transit. UK jurisdiction with ICO registration provides GDPR-equivalent protections. Uses Plausible Analytics instead of Google Analytics — a privacy-positive choice that avoids cookie tracking. Payment processing is handled by Stripe, PayPal, and Paddle — no card data stored by Journo Portfolio. The privacy policy is honest about its limits: acknowledges no method of electronic storage is 100% secure. For journalists, the main risk is platform dependency on a small bootstrapped company with a single director. Use a custom domain and keep local backups of your clips." }, { "name": "Junkipedia", "slug": "junkipedia", "url": "https://junkipedia.org", "tagline": "Cross-platform social media monitoring for journalists and researchers. Tracks 14 platforms including fringe networks that most tools ignore.", "category": "newsgathering", "additionalCategories": [ "verification" ], "openSource": false, "builtForJournalism": true, "whoItsFor": "Investigative journalists, disinformation researchers, fact-checkers, and civil society organizations who need to monitor social media narratives across mainstream and fringe platforms simultaneously. Over 100 organizations use it. GIJN featured it as a top investigative tool in 2024.", "pricing": "Free. Application required — approved users get full access at no cost.", "freeOption": true, "editorialTake": "CrowdTangle died in August 2024. Meta replaced it with the Meta Content Library, restricted to credentialed academics. That left journalists without a cross-platform social media monitoring tool. Junkipedia fills part of that gap — and goes further by covering platforms CrowdTangle never touched. It monitors 14 platforms: Bitchute, Facebook, Gab, GETTR, Instagram, OK.ru, Parler, Rumble, Telegram, TikTok, Truth Social, Twitter/X, VK, and YouTube. It also monitors podcasts and Substack. The killer feature is automatic transcription — Junkipedia transcribes audio from TikTok videos, YouTube videos, and podcasts, then makes those transcripts searchable by keyword. That means you can find what someone said on a podcast without listening to every episode. Built by Cameron Hickey, an Emmy-winning former PBS NewsHour journalist who founded the Algorithmic Transparency Institute at the National Conference on Citizenship (NCoC), a Congressionally-chartered nonprofit. Hickey previously led Harvard's Information Disorder Lab at the Shorenstein Center. The platform is collaborative: organizations can share monitored content with each other to reduce duplication and spot cross-platform narrative trends. The tradeoff is depth. Junkipedia does not have CrowdTangle's comprehensive Facebook dataset — it tracks accounts you specify, not every public page. The interface has been described as clunky compared to commercial social listening tools. And some platform coverage depends on API availability, which means access can break when platforms change their terms. For the price (free), the cross-platform breadth and transcript search are unmatched.", "bestFor": "Tracking narratives across mainstream and fringe platforms simultaneously. Monitoring accounts on platforms like Gab, GETTR, Truth Social, and Rumble that commercial tools ignore. Searching podcast and video transcripts by keyword without manual listening. Collaborative disinformation investigations where multiple organizations share findings. Post-CrowdTangle social media monitoring on a zero budget.", "notFor": "Comprehensive Facebook or Instagram analytics — Junkipedia tracks specific accounts, not the full public dataset CrowdTangle offered. Real-time brand monitoring or PR use cases — it is built for civic and investigative research, not marketing. Sentiment analysis or automated trend detection — the platform requires manual narrative tagging. Users who need polished dashboards or one-click reporting — the interface is functional but not slick.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States. Operated by the Algorithmic Transparency Institute, a project of the National Conference on Citizenship, headquartered in Washington, D.C.", "privacyPolicyTldr": "Junkipedia collects standard account information for approved users. The platform aggregates publicly available social media content — it does not access private messages or non-public posts. Reasonable security measures in place per their policy, but no specifics on encryption at rest or data retention periods. Users must respect intellectual property and platform terms of service when using collected data. No advertising, no data sales — the tool is grant-funded.", "practicalMitigations": "Junkipedia collects public posts, not private data — but your monitoring lists reveal what you are investigating. If you are tracking accounts tied to hostile actors, assume your list of monitored accounts is sensitive information. Use a dedicated research account rather than a personal one. Export data regularly — grant-funded tools can lose funding or shut down without warning. Verify any content you find through Junkipedia against the original platform before publishing, since aggregation can miss context like edits, deletions, or community notes. The automatic transcription is useful but imperfect — always check quotes against source audio before attribution.", "owner": "Algorithmic Transparency Institute (ATI), a project of the National Conference on Citizenship (NCoC). NCoC is a Congressionally-chartered 501(c)(3) nonprofit founded in 1946. Cameron Hickey, NCoC CEO and ATI founder, leads the project.", "fundingModel": "Nonprofit grants. NCoC reported $7.9 million total revenue in 2022, funded by contributions, gifts, and grants ($5.6M), program services ($1.1M), and royalties ($1M). Funders have included the Bill and Melinda Gates Foundation, Rockefeller Brothers Fund, and Ford Foundation. AmeriCorps is a long-term partner. Junkipedia-specific funding breakdown is not publicly disclosed.", "businessModel": "Free tool funded by grants. No subscription fees, no advertising, no data licensing. Sustained by NCoC's broader nonprofit revenue. The ATI also operates the social-media-collector browser extension and the Candidata political candidate database.", "knownIssues": "Not open source — the Junkipedia platform code is proprietary. ATI's GitHub has 9 public repos (including a social media collector extension and Candidata), but the core Junkipedia application is not among them. Platform coverage depends on API access and scraping methods that can break when platforms change terms — Parler shut down entirely in 2023, and Twitter/X API access has become increasingly restricted and expensive since Elon Musk's acquisition. The interface has been described as clunky by researchers accustomed to commercial tools. Narrative tagging and categorization require manual effort — there is no automated classification. Automatic transcription is English-only. Grant-funded sustainability is inherently fragile — if NCoC loses funding, the tool could disappear like CrowdTangle did. The platform was originally designed for U.S.-focused disinformation research, so coverage of non-English-language content and non-U.S. platforms (OK.ru, VK) may be less developed. Application-based access means you cannot try it immediately — approval process timeline is unclear.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "Junkipedia aggregates publicly available social media content — it does not handle end-to-end encrypted messages or sensitive source communications. The primary security consideration is that your monitoring lists reveal your investigative interests, and the platform stores that data on U.S.-based infrastructure operated by a nonprofit. HTTPS in transit is confirmed. Encryption at rest and detailed infrastructure security are not publicly documented. NCoC is a Congressionally-chartered nonprofit with 80 years of history and institutional funders (Gates, Rockefeller, Ford), which provides organizational stability but also means the platform operates in a U.S. government-adjacent context — relevant for journalists investigating U.S. government actors. Not open source, so no independent code audit exists. No reported data breaches or security incidents. For its intended use case — monitoring public social media posts for investigative research — the risk profile is low. Do not use it for anything requiring source protection or operational security." }, { "name": "Jupyter Notebooks", "slug": "jupyter-notebooks", "url": "https://jupyter.org", "tagline": "Interactive computing environment for data analysis, visualization, and documentation in one document.", "category": "data", "openSource": true, "whoItsFor": "Data journalists who write Python, R, or Julia for analysis. Newsroom data teams that publish methodology alongside investigations. Reporters building reproducible analyses for FOIA datasets, election results, or financial disclosures. Journalism educators teaching computational reporting.", "pricing": "Free. JupyterLab 4.5 (current stable, March 2026) and Notebook 7.5 install via pip or conda at no cost. Google Colab is free for basic use; Colab Pro starts at $10/month for longer runtimes and better GPUs.", "freeOption": true, "editorialTake": "Jupyter is the standard for reproducible data journalism, and nothing else comes close for showing your work. You mix code, output, charts, and narrative text in a single document. BuzzFeed News published notebooks alongside their tennis match-fixing investigation. The Markup built analyses of algorithmic accountability in them. ProPublica starts or ends most major investigations with computational notebooks. The tool earned that trust because it runs locally — your data never leaves your machine unless you send it somewhere. The learning curve is steep: you need Python or R fluency, and notebook state management trips up even experienced users (cells execute out of order, hidden state persists between runs). JupyterLab 4.5 is the recommended interface now — multi-panel layout, built-in terminal, Git integration, code folding, and cell windowing for large notebooks. Classic Notebook 7 still works but is built on JupyterLab components and has a smaller extension ecosystem. For journalists handling sensitive datasets — leaked documents, surveillance records, source communications — local Jupyter is the right call over any cloud notebook. Google Colab is convenient but sends your data to Google's servers and subjects it to their terms of service.", "bestFor": "Reproducible data analysis for investigative stories. Publishing methodology alongside findings for transparency. Exploratory analysis of FOIA data, campaign finance records, court documents, and public datasets. Teaching computational journalism. Building shareable analysis pipelines that other reporters can verify and extend.", "notFor": "Journalists who don't write code — use Datawrapper or Flourish instead. Quick charts for publication (overkill for simple visualizations). Real-time dashboards or production data pipelines. Collaborative editing with non-technical colleagues (Google Colab handles that better, with the privacy tradeoffs). Anything requiring GPUs for machine learning — you'll need Colab, a cloud VM, or local GPU hardware.", "encryptionInTransit": "partial", "encryptionAtRest": "no", "dataJurisdiction": "Local — Jupyter runs on your machine by default. No data sent to external servers. If you use JupyterHub (multi-user), data lives on whatever server hosts it. Google Colab stores notebooks in Google Drive (US jurisdiction, subject to Google's data processing terms). Binder runs ephemeral containers — data deleted on session end but processed on third-party infrastructure.", "privacyPolicyTldr": "Jupyter itself is local software that sends no telemetry and collects no data. Your notebooks, code, and data stay on your machine. The Jupyter project website uses Plausible analytics (privacy-focused, no cookies). Hosted services are different: Google Colab notebooks live in Google Drive and are subject to Google's privacy policy. Colab VMs are isolated and deleted on session close, but Google employees with elevated permissions could theoretically access data. JupyterHub deployments inherit the privacy posture of whoever runs the server.", "practicalMitigations": "Run Jupyter locally for any sensitive reporting — leaked documents, source identities, surveillance data. Never upload investigative datasets to Google Colab or other cloud notebooks. Strip cell outputs before committing notebooks to Git (use nbstripout as a pre-commit hook) — outputs can leak data, API keys, or file paths. Use virtual environments (venv or conda) to isolate project dependencies. Pin package versions in requirements.txt for reproducibility. Set a Jupyter password or token (enabled by default since Notebook 4.3) — an unprotected local server is accessible to any process on your machine. Don't run untrusted notebooks without reading the code first: notebooks execute arbitrary code, and malicious notebooks have been used for supply-chain attacks. Disable JavaScript output rendering in untrusted notebooks to block XSS vectors.", "owner": "Project Jupyter (open-source, NumFOCUS fiscally sponsored nonprofit)", "fundingModel": "Open-source project under NumFOCUS fiscal sponsorship. NumFOCUS dispersed $13M in project allocations in 2024. Jupyter has received grants from the Sloan Foundation, Gordon and Betty Moore Foundation, Helmsley Charitable Trust, and Chan Zuckerberg Initiative (EOSS program for Papyri documentation). Corporate sponsors include Two Sigma (corporate partner), Bloomberg, and IBM. $2.5M in NumFOCUS PyData grants available for 2026.", "businessModel": "None. Free open-source software under the BSD license. Commercial hosted services (Google Colab, Amazon SageMaker, Azure Notebooks, Deepnote, Hex) are separate products by other companies that use the Jupyter protocol. The Jupyter project itself generates no revenue.", "knownIssues": "CVE-2025-53000: Arbitrary code execution via Jupyter configuration files (config files are valid Python). Jupyter Server Proxy before 3.2.3/4.1.1: unauthenticated websocket proxying enabled remote code execution via phishing links. Historical XSS-to-RCE chain (CVE-2021-32797/32798): malicious .ipynb files could execute arbitrary code through markdown cell injection. Jupyter had 8 security vulnerabilities published in 2024, 3 specific to Notebook. Notebook state management is a persistent usability hazard: cells can run out of order, variables persist invisibly between executions, and 'restart kernel and run all' is the only reliable way to verify a notebook produces correct results. Large notebooks (1000+ cells) cause performance degradation even with JupyterLab 4.5's contentVisibility windowing.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "Open-source, runs locally, no telemetry or data collection. The security model is sound when used as intended: local execution, password/token-protected server, trusted notebooks only. The risk surface comes from two directions. First, notebooks execute arbitrary code by design — opening an untrusted .ipynb file is equivalent to running an unknown script. Second, historical vulnerabilities (XSS-to-RCE, config file injection, server proxy auth bypass) show the project has had real security gaps, though they've been patched. Cloud-hosted alternatives like Google Colab introduce data jurisdiction and privacy risks that local Jupyter avoids entirely. Rating: adequate for local use with basic precautions. Would be 'strong' if Jupyter had sandboxed execution or mandatory code signing, but that's not how notebooks work." }, { "name": "Kaggle", "slug": "kaggle", "url": "https://www.kaggle.com", "tagline": "The world's largest data science community — 460,000+ public datasets, free cloud notebooks, and machine learning competitions. Google-owned.", "category": "data", "whoItsFor": "Data journalists who need datasets for analysis and visualization. Reporters working with machine learning or AI-related stories who need to understand the tools practitioners use. Journalists learning data analysis skills through competitions and tutorials. Researchers who need pre-cleaned public datasets on specific topics. Newsrooms building data pipelines who want free cloud compute for analysis.", "pricing": "Free for all core features — datasets, notebooks, competitions, community. Free cloud compute includes 30 hours/week of CPU, 30 hours/week of GPU (T4, P100), and 20 hours/week of TPU. No paid tier for individual users. Enterprise and custom competition hosting may involve fees.", "freeOption": true, "editorialTake": "Kaggle is the default platform for the global data science community — 23 million+ registered users, 460,000+ public datasets, and a competitive ranking system that functions as a de facto credential in the ML industry. Google acquired Kaggle in 2017 and has kept it free, using it as a talent pipeline and community hub for its AI ecosystem. For journalists, Kaggle's value is the dataset library. Need census-adjacent data, health statistics, election results, climate data, financial datasets, or social media corpus data? Someone has likely cleaned it and posted it on Kaggle with documentation. The free cloud notebooks (Kaggle Notebooks) let you run Python or R analysis directly in your browser with no local setup — including free GPU access for machine learning work. The competition platform is less directly useful for journalism, but understanding how Kaggle competitions work is relevant for covering AI/ML — many major ML advances were first demonstrated in Kaggle competitions. The main limitation for journalism is data provenance. Kaggle datasets are community-contributed, which means quality and sourcing vary enormously. Some datasets are meticulously documented government data; others are scraped web data with no methodology description. Always verify the source and methodology before using a Kaggle dataset in reporting. Also note: Kaggle is Google-owned, so your usage data, notebooks, and account information are subject to Google's data practices.", "bestFor": "Finding pre-cleaned public datasets on almost any topic. Running data analysis in free cloud notebooks (Python/R) without local setup. Learning data analysis and machine learning through competitions and tutorials. Accessing free GPU/TPU compute for machine learning experiments. Exploring how data scientists approach problems — useful for covering AI/ML.", "notFor": "Primary source data for investigative reporting — always verify Kaggle datasets against original sources. Real-time or frequently updated data. Guaranteed data quality or provenance — community-contributed datasets vary widely. Confidential or sensitive data analysis (Google can see your notebooks). Enterprise data workflows. Anything requiring privacy from Google.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. Owned and operated by Google LLC (Alphabet Inc.). Data stored on Google Cloud infrastructure.", "privacyPolicyTldr": "Google account required. Subject to Google's Privacy Policy and Terms of Service. Google collects usage data, notebook activity, competition participation, and account information. Public notebooks and datasets are visible to all users. Google uses data for service improvement and may use aggregated data for AI research. Your analysis work in Kaggle Notebooks is stored on Google servers.", "practicalMitigations": "Google account required — use a professional or dedicated account rather than your personal Google account to separate your data journalism activity from personal data. Public notebooks are visible to everyone; keep sensitive analysis in private notebooks or download and run locally. Verify dataset provenance before using in reporting — check the data source, methodology, license, and last update date. Do not upload confidential source data or sensitive materials to Kaggle. For sensitive analysis, download the dataset and run it in a local environment rather than on Google's infrastructure.", "owner": "Google LLC (Alphabet Inc.)", "fundingModel": "Corporate subsidiary. Acquired by Google in March 2017. Fully funded by Google/Alphabet. Kaggle operates as a community and talent pipeline for Google's AI ecosystem.", "businessModel": "Free platform sustained by Google. Serves as a talent pipeline (Google recruits from Kaggle leaderboards), community hub for Google's AI tools and APIs, and marketing channel for Google Cloud AI services. Enterprise competition hosting may generate revenue. The platform's primary economic value to Google is ecosystem lock-in and AI talent identification, not direct revenue.", "knownIssues": "Dataset quality is inconsistent — community-contributed data ranges from meticulously sourced government data to poorly documented web scrapes. Licensing on individual datasets varies; some restrict commercial use. Google ownership means all your activity is subject to Google's data practices. Competition prize structures have been criticized for undervaluing participant labor relative to the business value of winning solutions. The ranking system creates incentive for gaming and overfitting. Notebook output size limits can frustrate large-scale analysis. Some users report slow notebook startup times during peak hours.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "Google-operated platform with enterprise-grade infrastructure security. HTTPS throughout. The technical security is strong. The consideration for journalists is privacy, not security: Google sees your account activity, notebook contents, dataset downloads, and search patterns. For public data analysis this is a non-issue. For sensitive reporting work, do not use Kaggle — download data locally and analyze offline. The platform is best treated as a public research tool, not a secure workspace." }, { "name": "Kagi", "slug": "kagi", "url": "https://kagi.com", "tagline": "Paid, ad-free search engine funded entirely by users. No ads, no tracking, no surveillance economics. Custom result ranking, domain lenses, and access to multiple AI assistants in one subscription.", "category": "newsgathering", "openSource": false, "threatLevel": "baseline", "whoItsFor": "Journalists who want search results ranked on quality rather than ad revenue, and who are willing to pay $5-25/month to remove the surveillance layer entirely. Reporters tired of SEO spam and AI slop dominating the first page of Google. Investigators who want to deprioritize Pinterest, Quora, and content farms while boosting authoritative sources. Anyone who runs hundreds of searches per week and finds that an extra 20% relevance pays for itself in time saved.", "pricing": "Trial: free, 100 searches total (not per month — a one-time trial). Starter: $5/month for 300 searches and standard AI assistant. Professional: $10/month for unlimited searches and standard AI assistant. Ultimate: $25/month for unlimited searches plus premium AI models (Claude, GPT, Gemini, Grok flagship tiers) and Research mode in Kagi Assistant. Annual billing available. Family plans add up to 5 additional members at a discount. Unused months credit forward.", "freeOption": false, "editorialTake": "Kagi is the only major search engine that has aligned its business model with its users instead of with advertisers. There are no ads. There is no tracking. There is no behavioral profile. The company is funded entirely by subscriptions, which means the product is built for the person paying — not for advertisers buying placement. For journalists who run dozens of searches a day, the difference is immediate. Kagi's results are noticeably cleaner than Google in 2026 — less SEO spam, fewer AI-generated content farms, fewer Reddit-and-Quora-and-Pinterest pile-ups. The killer feature is Lenses: custom search modes that boost or block specific domains. You can build a 'small web' lens that prioritizes independent blogs, an 'academic' lens that boosts .edu and journal sites, or an 'investigative' lens that surfaces nonprofit newsrooms. You can also permanently block any domain (Pinterest, eHow, Forbes Advisor, AI content farms) from ever appearing in your results again — a feature Google has refused to ship for 20 years. The honest comparison to DuckDuckGo: DDG is free and ad-supported with privacy protections; Kagi is paid and removes the ad layer entirely. DDG draws results primarily from Bing's index. Kagi blends Google, Bing, Mojeek, Marginalia, Yandex, and its own Teclis crawler — a more diverse base index. Kagi is also a Public Benefit Corporation registered in Delaware, which legally binds it to balance shareholder return with stated social mission. The downsides are real: $10/month is a real cost, the Starter tier's 300 searches runs out fast for power users, and you have to create an account and trust Kagi with your billing identity (they offer Bitcoin payment for those who want to decouple). For most journalists, Professional at $10/month pays for itself the first time you stop fighting search spam on a deadline.", "bestFor": "High-volume daily research where result quality matters and SEO spam is wasting your time. Building custom Lenses for beats — academic sources, government records, independent media, fact-checking sites. Permanently blocking content farms and AI-generated junk from your results. Replacing Google as your default engine without giving up result quality. The Kagi Assistant feature gives you Claude, GPT-4o, Gemini, and Grok in one interface for an additional flat fee, useful for journalists who want multi-model AI access without separate subscriptions.", "notFor": "Anyone unwilling to pay for search — DuckDuckGo is the free alternative. Casual searchers running fewer than 100 queries a month — the cost-per-search math doesn't work. Users who need anonymous search with no account at all — Kagi requires login, even though it pledges not to link queries to identity. Local searches in non-English markets where Google's local data still wins. High-risk reporting where you need search to be fully untraceable — use Tor with a no-account engine instead.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States — Kagi Inc. is a Public Benefit Corporation registered in Delaware. Subject to US legal process. Search query logs are retained only briefly for debugging and then automatically purged. Kagi Assistant conversations are deleted after 24 hours. Load balancer and VM logs retain for 7 days; error logs for 90 days.", "privacyPolicyTldr": "Kagi pledges not to log search queries to user accounts, not to build behavioral profiles, not to track clicks on results, and not to sell user data. The company is funded entirely by subscriptions, removing the structural incentive to surveil. Account creation requires an email; Bitcoin and Lightning payments are accepted for users who want to decouple billing from identity. Privacy policy is short, readable, and specific. Kagi Assistant proxies AI model calls so the upstream providers (OpenAI, Anthropic, Google) do not see user identity. Public Benefit Corporation status legally requires balancing user welfare with profit.", "practicalMitigations": "Use Bitcoin or Lightning payment to decouple your Kagi account from your real identity. Set Kagi as your default search engine in browsers — install the Kagi extension or update search settings in Firefox, Brave, and Safari. Build custom Lenses for your beats: block content farms permanently, boost trusted sources. Use Kagi Assistant for AI queries you don't want tied to your OpenAI or Anthropic account. Combine with a VPN and a privacy browser (Brave, Firefox with hardening, or Tor) for stronger network-layer privacy — Kagi protects you from Kagi, but not from your ISP. Audit your account periodically and delete old Kagi Assistant conversations even though they auto-purge.", "owner": "Kagi Inc. — Public Benefit Corporation, Delaware, United States. Founded 2018 by Vladimir Prelovac. Reached profitability in 2024 and has stated it intends to remain user-funded.", "fundingModel": "User subscriptions only. Kagi raised a small seed round in 2023 but has stated repeatedly that it will not take advertising or sell user data. Investors are bound to the PBC mission. The company crossed 50,000 paying users in 2024 and has continued steady growth into 2026.", "businessModel": "Subscription search engine. Revenue comes entirely from users paying $5-$25/month. No advertising. No data resale. No surveillance. Search index is a blend of partner indexes (Google, Bing, Mojeek, Yandex, Marginalia) and Kagi's own Teclis crawler — Kagi pays per-query fees to upstream providers, which is the structural reason it cannot offer a free tier.", "knownIssues": "Account requirement is unavoidable — Kagi cannot offer anonymous search at zero cost because every query has a real per-call cost upstream. The Starter tier's 300-search cap is too low for working journalists; Professional is the realistic minimum. Kagi blends multiple indexes including Google's, which means Google sees aggregated query volume from Kagi (though not individual user identity). Some users have raised concerns about Kagi staff taking strong positions on social media that occasionally read as politically charged — worth knowing if institutional neutrality matters to your newsroom. The company is small (~25 people in 2026) and dependent on continued subscription growth; long-term viability is not yet at Google-scale certainty. AI features in Kagi Assistant are good but flagship models require the $25/month Ultimate tier, which is more expensive than subscribing directly to Claude or ChatGPT separately if you only use one model.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-07", "relatedPrograms": [], "securityRating": "strong", "securityRatingNote": "Kagi's structural alignment is the rare case where the business model and the privacy claims point in the same direction. No ads means no incentive to track. Subscription funding means the user is the customer, not the product. Public Benefit Corporation status legally codifies the mission. Search queries are not linked to accounts, Kagi Assistant conversations purge in 24 hours, and Bitcoin payment is accepted to decouple billing identity. The 'strong' rating reflects design and incentives, not an independent audit — Kagi's index and infrastructure are proprietary, and you are still trusting a US company subject to US legal process. For journalists who can afford $10/month, Kagi removes the entire ad-tech surveillance layer from a tool used dozens of times a day." }, { "name": "KeePassXC", "slug": "keepassxc", "url": "https://keepassxc.org", "tagline": "Local-only password manager. No cloud, no server, no account required.", "category": "security", "openSource": true, "threatLevel": "sensitive-reporting", "whoItsFor": "Journalists who cannot use cloud-hosted password managers due to their threat model or organizational policy. Reporters in environments where cloud providers can be compelled to hand over data.", "pricing": "Free. Open source (GPLv3).", "freeOption": true, "editorialTake": "KeePassXC fills the gap 1Password doesn't — a password manager with zero cloud dependency. Your database is a file you control completely. For journalists whose threat model includes compromised cloud services or government compulsion of cloud providers, KeePassXC is the right choice. The French national cybersecurity agency (ANSSI) awarded it a CSPN security visa in November 2025, and an independent audit in 2023 found no major problems in its cryptographic implementation. KDBX4 format with Argon2id key derivation is memory-hard, meaning GPU-based brute-force attacks are orders of magnitude more expensive. YubiKey challenge-response adds hardware-backed authentication without any network call. Passkey/WebAuthn support landed in 2.7.7 and is improving. Less convenient than 1Password for cross-device sync, but the attack surface is fundamentally smaller — there is no server to breach.", "bestFor": "Journalists who cannot use cloud-hosted password managers due to threat model or policy. Storing credentials that must never touch a server. Air-gapped environments. High-risk reporting where hardware key authentication is required.", "notFor": "Users who need seamless cross-device sync (requires manual file management or third-party cloud storage). Teams who need shared vaults (use 1Password Teams or Bitwarden). Beginners who want zero configuration (1Password is more user-friendly).", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Local only. Your password database is a file on your device. No servers, no jurisdictional risk. You decide where the file lives — local disk, USB drive, air-gapped machine.", "privacyPolicyTldr": "No network connectivity by default. No telemetry, no accounts, no servers. The application is entirely local. Update checks can be disabled. There is nothing to subpoena because there is no service provider.", "practicalMitigations": "Use a strong master passphrase (20+ characters) plus a key file for two-factor database access. Add YubiKey challenge-response (HMAC-SHA1) for hardware-backed authentication — program a backup key with the same secret in case your primary key is lost. Store database backups in a separate encrypted location. Use the built-in TOTP generator to consolidate 2FA codes. Enable KeePassXC-Browser for autofill — it communicates over encrypted native messaging (libsodium), not the network. Set Argon2id parameters high enough that unlocking takes 1-2 seconds on your hardware.", "owner": "KeePassXC Team (open-source community project, fork of KeePassX, which forked from KeePass)", "fundingModel": "Donations (Open Collective, GitHub Sponsors). ANSSI certification was government-sponsored.", "businessModel": "None. Community open-source project with no commercial entity behind it.", "knownIssues": "CVE-2023-32784 (master password recovery from memory dump) affected KeePass 2.x only — KeePassXC is not affected, as it uses a different codebase (C++/Qt, not .NET). Passkey/WebAuthn support (since 2.7.7) is still maturing — disabled by default in the browser extension, and some WebAuthn features like resident keys and PIN/biometric verification are not yet fully implemented. Cross-device sync requires manual file management or third-party cloud storage (Dropbox, Syncthing, etc.), with no built-in conflict resolution. YubiKey implementation is incompatible with KeePass 2's KeeChallenge plugin. The 2023 independent audit was conducted pro bono by a single consultant — not a funded firm-level engagement like Cure53 audits of 1Password or Bitwarden.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Open source (GPLv3), fully local, no cloud dependency. KDBX4 format with AES-256-CBC + HMAC-SHA256 or ChaCha20 encryption. Argon2id key derivation (memory-hard, GPU-resistant). ANSSI CSPN security visa (November 2025, valid through 2028). Independent audit (2023) found no major cryptographic issues. YubiKey challenge-response support. No attack surface from cloud infrastructure. The trade-off is convenience — you manage your own sync, backups, and key recovery." }, { "name": "Klaxon", "slug": "klaxon", "url": "https://newsklaxon.org", "tagline": "Website change monitoring built for newsrooms. Get alerts when government pages, court dockets, or corporate sites change.", "category": "newsgathering", "openSource": true, "builtForJournalism": true, "whoItsFor": "Investigative journalists and researchers tracking changes to government websites, court filings, corporate pages, regulatory filings, or any public web content that might change without notice. Used by 58+ newsrooms including the AP, NYT, Washington Post, ProPublica, Reuters, CNN, and The Guardian Australia.", "pricing": "Free. Klaxon Cloud (via MuckRock/DocumentCloud) requires a free DocumentCloud account. Self-hosted: free and open source (MIT license). No paid tiers.", "freeOption": true, "editorialTake": "Klaxon turns the web into a tip line. Built in 2016 by Tom Meagher, Ivar Vong, and Andy Rossback at The Marshall Project — born from a specific reporting problem (tracking pending executions for 'The Next to Die'). You bookmark sections of any webpage; Klaxon checks them roughly every 10 minutes and alerts you via email, Slack, or Discord when something changes. Since December 2023, Klaxon Cloud (hosted by MuckRock via DocumentCloud) eliminates the need to run your own server — snapshots go to the Internet Archive's Wayback Machine, and checks run via GitHub Actions. The original self-hosted version (Ruby on Rails) still exists on GitHub with 675 stars, but Marshall Project has stopped supporting individual deployments. Klaxon Cloud is the path forward for solo journalists. Commercial alternatives like Visualping ($10+/mo) and Distill.io ($15+/mo) offer shinier UIs and faster check intervals, but Klaxon is free, open source, and purpose-built for journalism. That matters.", "bestFor": "Monitoring government websites for quiet changes — budget documents, policy pages, agency rosters. Tracking court docket updates. Watching corporate press releases, regulatory filings, or FOIA disclosure logs. Any page where a silent edit is the story.", "notFor": "Real-time alerts (Cloud version runs on GitHub Actions schedule, not sub-minute). Pages behind logins or paywalls. Large-scale scraping (Internet Archive rate limit: 6 requests/minute even authenticated). Visual change detection — Klaxon compares HTML, not screenshots. If you need visual diffing, look at Visualping.", "encryptionInTransit": "yes", "encryptionAtRest": "partial", "dataJurisdiction": "Klaxon Cloud: data stored across MuckRock (US), DocumentCloud (US), and Internet Archive (US). Self-hosted: wherever you deploy it.", "privacyPolicyTldr": "Klaxon Cloud is operated by MuckRock, a nonprofit. Your watched URLs and alert history are stored on their servers and snapshots are sent to the Internet Archive. No data selling, no advertising, no tracking. Self-hosted gives you full control over all data.", "practicalMitigations": "For maximum control, self-host on your own infrastructure. On Klaxon Cloud, your watched URLs are stored on MuckRock's servers and snapshots go to the Internet Archive — both are public-interest nonprofits, but avoid monitoring pages that reveal your investigation's focus if operational security is critical. The URLs you monitor are themselves a form of metadata about your reporting interests.", "owner": "The Marshall Project (nonprofit, founded 2014). Klaxon Cloud maintained by MuckRock (nonprofit, founded 2010).", "fundingModel": "The Marshall Project: nonprofit donor-funded. MuckRock: nonprofit, grant-funded plus premium DocumentCloud plans for organizations. Klaxon itself has no monetization.", "businessModel": "Free and open source (MIT license). No paid tiers, no ads, no affiliate revenue. Sustained by nonprofit newsroom budgets and MuckRock's DocumentCloud infrastructure.", "knownIssues": "Internet Archive rate limiting caps at 6 requests/minute even with authentication — heavy monitoring setups will hit this. Open GitHub issues include timeouts when deleting pages with many snapshots (#699), snapshots occasionally not flagging as changed (#359), and a possible memory leak in the feed view (#320). Marshall Project has stopped supporting individual self-hosted deployments — the README says 'we will no longer be supporting development for individual users.' Klaxon Cloud runs on GitHub Actions, which means check frequency depends on DocumentCloud's scheduling, not a dedicated server. The tool monitors HTML changes, not rendered visual output — JavaScript-heavy SPAs may not trigger alerts correctly.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "Open source (MIT) and operated by two nonprofits (Marshall Project, MuckRock). Self-hosted option gives full control. Klaxon Cloud relies on MuckRock/DocumentCloud infrastructure, which has a strong track record serving 2,000+ newsrooms. No sensitive content is processed — only public web page changes. Main concern: the URLs you monitor are stored on third-party nonprofit servers, which constitutes metadata about your reporting interests. For high-risk investigations, self-host or use a throwaway DocumentCloud account." }, { "name": "Knight Lab JuxtaposeJS", "slug": "knight-lab-juxtapose", "url": "https://juxtapose.knightlab.com", "tagline": "Before/after image slider for comparing photos. Embed in stories to show change over time.", "category": "data", "openSource": true, "builtForJournalism": true, "whoItsFor": "Journalists creating visual before/after comparisons — construction, environmental damage, disaster aftermath, urban development, conflict zones. Also useful for educators, researchers, and anyone who needs readers to see change with their own eyes.", "pricing": "Free. No paid tiers, no limits on embeds.", "freeOption": true, "editorialTake": "JuxtaposeJS does exactly one thing: a draggable slider between two images. Paste two image URLs, add labels and credits, copy the embed code. Done. No account, no login, no data collection. Built by Northwestern's Knight Lab (same team behind TimelineJS and StoryMapJS). The library is 49.7% JavaScript, loads from Knight Lab's CDN, and works on any CMS. Touch/swipe support on mobile. Licensed under Mozilla Public License 2.0. The tool launched in 2014 and the last tagged release was v1.0.9 in December 2014 — but the library still works because the scope is so narrow that there's little to break. The GitHub repo has 873 stars and 46 open issues, many about responsive iframe sizing and mobile touch quirks. Development is effectively dormant. That's fine for what it does — but don't expect bug fixes or new features.", "bestFor": "Before/after comparisons: natural disasters, construction progress, environmental change, conflict damage, urban development, satellite imagery over time. Any story where visual comparison tells it better than words. Works with photos and GIFs.", "notFor": "Comparing more than two images at once. Video comparisons. Complex data visualization. Stories needing custom slider styling or animation. If you need a self-hosted solution with active development, look at BeforeAfterly (browser-based, no uploads) or the open-source Improve-ImgSLI for desktop.", "encryptionInTransit": "yes", "encryptionAtRest": "no", "dataJurisdiction": "No data stored. Images stay wherever you host them — JuxtaposeJS is a client-side JavaScript library that references your image URLs directly. The embed code loads JS from cdn.knightlab.com (United States, Northwestern University infrastructure).", "privacyPolicyTldr": "JuxtaposeJS is client-side only. No images are uploaded to Knight Lab. No accounts, no cookies, no tracking from the library itself. The embed loads JavaScript from Knight Lab's CDN — standard CDN access logs may apply, but Knight Lab publishes no specific privacy policy for the CDN. Northwestern University's general privacy policy governs.", "practicalMitigations": "Host images on your own servers or CMS rather than third-party services if the content is sensitive. The embed code loads JavaScript from cdn.knightlab.com — verify this is acceptable for your publishing platform's CSP headers. For full control, self-host the library from GitHub (MPL 2.0 license allows it). Be aware that the data-credit attribute renders raw HTML, which is a documented XSS vector if you accept untrusted input for credit fields.", "owner": "Knight Lab, Northwestern University", "fundingModel": "Knight Foundation grants (original $4.2M in 2011) plus Northwestern University and Robert R. McCormick Foundation support. Knight Lab received an additional $1M in 2024 for their Generative AI + Journalism Initiative, though that funding targets AI research, not legacy tools like JuxtaposeJS.", "businessModel": "Free academic resource. No advertising, no monetization, no paid tiers. Part of Knight Lab's suite of open-source storytelling tools (TimelineJS, StoryMapJS, SoundciteJS). Sustainability depends entirely on university and foundation support — no independent revenue.", "knownIssues": "Development is dormant — last tagged release was December 2014, 46 open GitHub issues. Responsive iframe sizing causes blank whitespace below the slider at different viewport widths; fix requires custom CSS media queries per embed. Touch interaction inside iframes is unreliable on some mobile browsers. The data-credit attribute renders raw HTML (documented XSS risk if credit fields accept untrusted input). Google Drive and Dropbox deprecated public file hosting, breaking older embeds that used those URLs. The showCredits option reportedly does nothing (#189). No ARIA labels or keyboard navigation — accessibility is poor. No support for web components (#188).", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "Client-side tool with no data collection or server-side storage. Open source under MPL 2.0. Academic project with no commercial incentives. The XSS vector in credit fields is low-risk in practice (you control the input). Main concern is CDN dependency on cdn.knightlab.com — if Knight Lab infrastructure goes down or is compromised, embeds break. Self-hosting the library eliminates this risk." }, { "name": "Knight Lab StoryMap", "slug": "knight-lab-storymap", "url": "https://storymap.knightlab.com", "tagline": "Map-based interactive narratives — pin locations, add media, publish an embeddable story. Free, open-source, no coding.", "category": "data", "openSource": true, "builtForJournalism": true, "whoItsFor": "Journalists, educators, and storytellers who need a location-driven narrative without developer resources. Newsrooms that want an embeddable interactive in 30 minutes. Digital humanities projects on zero budget.", "pricing": "Free. No paid tiers. No usage limits on the hosted authoring tool.", "freeOption": true, "editorialTake": "StoryMapJS is the simplest way to build a map-driven narrative on the web. Each slide pins a location and pairs it with text, images, and embedded media (YouTube, Vimeo, SoundCloud, Twitter, Flickr, DocumentCloud). The output is a responsive iframe that drops into any CMS. It's one of several free tools from Northwestern's Knight Lab — alongside TimelineJS and JuxtaposeJS — and has been in continuous use since 2013. The codebase (1,949 commits, 233 GitHub stars, 106 open issues as of early 2026) is maintained but not rapidly evolving. The authoring tool is functional, not polished: no collaboration, no version history, no offline mode. For what it does — free, fast, zero-code location storytelling — nothing else matches the simplicity. But if you need custom cartography, live data, or more than ~20 slides, you've outgrown it.", "bestFor": "Location-driven narratives: a refugee's journey, a disaster timeline, a walking tour, a historical migration route. Quick-turnaround interactives for breaking news with a spatial dimension. Classroom projects. Stories where geography is the organizing principle. Also supports gigapixel mode for exploring high-resolution images (historic maps, artworks, satellite photos) without geographic coordinates.", "notFor": "Data-heavy map visualizations with hundreds of points (use Datawrapper, Flourish, or QGIS). Highly customized cartography or live-updating maps (use Mapbox Studio or Leaflet). Collaborative editing with multiple authors working simultaneously — StoryMapJS has no multi-user support. Stories with more than ~20 slides (Knight Lab's own recommendation). Time-based narratives where chronology matters more than geography (use TimelineJS instead).", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States (Northwestern University servers). Story data was formerly stored in Google Drive but migrated to Knight Lab's own infrastructure. Google account is used only for authentication — Knight Lab says it stores only a unique profile identifier, not your name or email.", "privacyPolicyTldr": "Google OAuth used for author login. Knight Lab says it requests only your profile (unique ID) — not name, not email. Story content is stored on Knight Lab servers. Published stories are public to anyone with the URL. Northwestern University's privacy policy governs. No advertising. No analytics tracking disclosed on the authoring tool.", "practicalMitigations": "Published storymaps are public — anyone with the URL can view them. There is no password protection or access control on published output. If your story involves sensitive locations (safe houses, source meeting points), publishing exact coordinates could endanger people. For sensitive projects, self-host using the open-source StoryMapJS library on your own infrastructure. The Google OAuth scope is narrow (profile only, no Drive access on new accounts), but older accounts may still have legacy Drive permissions — revoke those in Google account settings.", "owner": "Knight Lab, Northwestern University (Medill School of Journalism)", "fundingModel": "John S. and James L. Knight Foundation (founding and ongoing grants), Robert R. McCormick Foundation, National Science Foundation. In 2024, Knight Foundation granted Northwestern $1M via Press Forward for AI-related journalism tools development at Knight Lab and the Computational Journalism Lab.", "businessModel": "Free academic resource. No advertising, no paid tiers, no data monetization. Sustained by grants and university support. This is a university lab project, not a commercial product — which means stability depends on continued grant funding, not revenue.", "knownIssues": "Stamen basemap tiles (watercolor, toner lite) broke in October 2023 when Stamen could no longer afford free hosting. Existing storymaps using those tiles display an error message unless reconfigured to use Stadia Maps (requires a Stadia account) or switched to OpenStreetMap/Mapbox. No collaborative editing — multiple authors cannot work on the same storymap simultaneously. No version history or undo. Knight Lab recommends a 20-slide maximum; performance degrades beyond that. Older accounts created before the Google Drive migration may need manual re-authentication. The Cooper Hewitt watercolor basemap tiles sometimes fail to load in the editor but render correctly in the published output. Gigapixel mode requires hosting image tiles on your own web server. 106 open GitHub issues as of early 2026 — the backlog is large relative to the maintenance pace. No WCAG accessibility audit has been published.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "University-operated, grant-funded, open-source. Google OAuth scope is narrow (profile ID only). Published stories are inherently public with no access controls. At-rest encryption status is undocumented. Low risk for general journalism use. Not suitable for stories involving sensitive locations or sources that could be endangered by public coordinate disclosure." }, { "name": "Krisp", "slug": "krisp", "url": "https://krisp.ai", "tagline": "AI noise cancellation and meeting transcription. Noise removal runs locally on-device — no audio sent to the cloud for that feature.", "category": "visuals", "openSource": false, "builtForJournalism": false, "whoItsFor": "Journalists who conduct interviews over video calls in noisy environments — home offices, cafes, hotel rooms, the field. Reporters who need clean audio from Zoom/Meet/Teams calls without post-production. Anyone who records calls and wants noise-free archives.", "pricing": "Free trial: 7 days, full features. Core: $8/month (annual) or $16/month (monthly) per user — unlimited transcription, noise cancellation, recording, AI notes, 5GB storage. Advanced: $15/month (annual) or $30/month (monthly) — adds accent conversion (4 hrs/day), Salesforce integration, manager view, 30GB storage. Enterprise: custom pricing — SSO/SCIM, on-device transcription, HIPAA, unlimited storage.", "freeOption": false, "editorialTake": "Krisp's noise cancellation is genuinely impressive and runs entirely on-device — no audio leaves your computer for that feature. This matters. A journalist interviewing a source over Zoom from a noisy cafe gets clean audio on both sides without uploading anything to a server. The technology works at the system audio level, meaning it functions with any calling app — Zoom, Meet, Teams, Signal, WhatsApp, whatever you use. But here's the critical distinction journalists must understand: noise cancellation is local, but the meeting assistant features (transcription, recording, AI notes, summaries) send data to Krisp's cloud servers. The privacy policy explicitly states they do not access or store audiovisual data when using noise cancellation only. But when you enable transcription, recordings and summaries are stored on their servers until you delete them. Non-English transcription temporarily records audio server-side, then deletes it after generating the transcript. English transcription on the Enterprise tier runs on-device. For journalists, the move is clear: use Krisp for noise cancellation (local, private) and be deliberate about which meetings you let it transcribe (cloud, stored). SOC 2, GDPR, and HIPAA certifications are real — this is enterprise-grade security infrastructure. The accent conversion feature is novel but niche for journalism. The AI meeting notes and summaries are competitive with Otter.ai and Fireflies. Data stored primarily in the US, with international transfers via Standard Contractual Clauses. Trusted by Siemens, Sony, Cisco, Autodesk. G2 rating 9.3/10 from 933+ reviews.", "bestFor": "Removing background noise from video calls in real-time. Clean interview recordings over Zoom/Meet/Teams. System-wide noise cancellation that works with any app. Teams that need meeting transcription with enterprise security (SOC 2, HIPAA).", "notFor": "Journalists who need fully local transcription — only Enterprise tier offers on-device transcription for English. Sensitive source calls where you cannot risk any cloud processing — disable all meeting assistant features and use noise cancellation only. Mobile users who need noise cancellation (not yet available on mobile). Anyone who needs a free long-term solution — only a 7-day trial, no permanent free tier.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (primary). International transfers use Standard Contractual Clauses for GDPR compliance. Enterprise tier offers on-device processing for English transcription.", "privacyPolicyTldr": "Noise cancellation processes entirely on-device — Krisp has no access to audio for this feature. Meeting assistant features (transcription, recording, summaries) store data on cloud servers until user deletes it. Non-English speech is temporarily recorded server-side for transcription, then deleted after transcript generation. Analytics data (Google Analytics, Hotjar) collected. Payment processed by third-party PCI-compliant processors. Data shared with AI summarization vendors, analytics platforms, and cloud infrastructure providers. Subprocessor list published.", "practicalMitigations": "Use noise cancellation only (disable transcription/recording) for sensitive calls — this keeps all audio local. When transcribing, delete recordings from Krisp's servers after export. Use Enterprise tier for on-device English transcription if budget allows. Review the subprocessor list at krisp.ai/privacy-for-humans to understand which third parties handle your data. For the most sensitive source interviews, pair Krisp noise cancellation (local) with a local recording tool rather than Krisp's cloud recording.", "owner": "Krisp Technologies, Inc. (Berkeley, California, USA).", "fundingModel": "Venture-backed. Raised $9M Series A (2020) led by Storm Ventures. Total funding approximately $17M.", "businessModel": "SaaS subscriptions per user per month. Core, Advanced, and Enterprise tiers. Also sells Call Center AI (starts at $10/agent/month) and Voice AI SDK for developers.", "knownIssues": "No permanent free tier — only a 7-day trial. Mobile noise cancellation not yet available (listed as 'coming'). Transcription accuracy depends on audio quality and speaker clarity. Non-English transcription requires temporary cloud audio processing. Meeting recordings stored on servers until user actively deletes them — not auto-deleted. Data primarily stored in the US, which may concern journalists in EU jurisdictions. Some features (accent conversion) have daily time limits even on paid plans. The product has expanded significantly beyond noise cancellation into a full meeting platform — the feature set is broad but the privacy story differs by feature.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "SOC 2 certified, GDPR compliant, HIPAA compliant, PCI-DSS certified. Noise cancellation runs entirely on-device with zero cloud exposure — genuinely strong for that specific feature. However, meeting assistant features (transcription, recording, notes) process and store data in the cloud. The privacy posture is split: local for noise cancellation, cloud for everything else. Enterprise tier offers on-device transcription for English. Overall security infrastructure is serious, but journalists must understand which features are local vs. cloud." }, { "name": "LanguageTool", "slug": "languagetool", "url": "https://languagetool.org", "tagline": "Open-source grammar checker supporting 31 languages. Self-hostable. The privacy-first alternative to Grammarly — run it locally and no text leaves your machine.", "category": "writing", "openSource": true, "whoItsFor": "Journalists who need grammar and style checking without sending text to a third party. Multilingual reporters working across 31 languages. Privacy-conscious writers, activists, and researchers. Newsrooms that can self-host for zero data exposure.", "pricing": "Free (basic checks, 10,000 character limit per field, 3 AI rephrases/day). Premium Individual: $4.99/month (annual) or $19.90/month (monthly). Teams: $9.49/month per user (annual, 2+ users). Self-hosted: free (open-source core under LGPL 2.1, run your own server via Docker or Java).", "freeOption": true, "editorialTake": "LanguageTool is the only major grammar checker with an open-source core. Started in 2003 as Daniel Naber's diploma thesis at Bielefeld University in Germany. Grew into a community-maintained project with volunteer linguists contributing rules for 31 languages. In 2017, Naber and Christopher Blum co-founded LanguageTooler GmbH to commercialize it. In April 2023, Learneo Inc. (Redwood City, CA) acquired the company. Learneo also owns QuillBot, Course Hero, Scribbr, and CliffsNotes.\n\nThe core value proposition for journalists is self-hosting. Download the open-source server, run it on your laptop or newsroom infrastructure, and every grammar check happens locally. No text transmitted. No third-party retention. No training pipeline. This is the only grammar tool that offers true air-gapped operation. The self-hosted version lacks some premium AI features but covers grammar, spelling, and style rules comprehensively.\n\nIf you use the cloud service (languagetool.org), text is sent to LanguageTool servers for processing. As of December 2024, LanguageTool no longer uses input text to train its language models. Text submitted for checking is not stored, with narrow exceptions: if you submit explicit feedback on a false positive, accept a typo correction, or toggle a rule. No full IP addresses are stored.\n\nThe catch: official browser extensions are closed-source. The open-source core is the server component. For full transparency, use the self-hosted server with the LibreOffice/OpenOffice plugin (which is open-source) or connect via the API. The Chrome and Firefox extensions are proprietary and their behavior cannot be independently audited.\n\nGrammar checking quality is strong for English and German, good for French, Spanish, Dutch, Polish, and Portuguese. Thinner for less-common languages. The AI rewriting features (paraphrasing, style suggestions) are cloud-only and not available in the self-hosted version. For pure grammar and style checking without AI features, the self-hosted version is fully capable.\n", "bestFor": "Privacy-first grammar checking. Multilingual newsrooms (31 languages). Self-hosted deployments where no text can leave the network. Journalists on tight budgets — the free tier and open-source self-hosting cost nothing. LibreOffice users get a native open-source integration.", "notFor": "Writers who need advanced AI rewriting features locally (cloud-only). Heavy Grammarly users expecting identical feature depth in English — Grammarly's AI suggestions are more extensive. Anyone needing a fully open-source browser extension (official extensions are closed-source).", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "Cloud service: data processed by Learneo Inc. (United States), with offices in US, Germany, Netherlands, Israel, India, Canada. GDPR-compliant under German Federal Data Protection Act (BDSG 2018). Self-hosted: your jurisdiction entirely — data never leaves your infrastructure.", "privacyPolicyTldr": "Cloud service: text sent for checking is not stored. Exceptions: explicit user feedback on false positives, accepted typo corrections, and rule toggles. No full IP addresses stored. As of December 2024, LanguageTool does not use input text to train language models. Non-content usage data (feature usage, error counts) is collected.\n\nData controller is Learneo Inc. (California). Personal data may be processed in US, Germany, Netherlands, Israel, India, and Canada. GDPR and BDSG 2018 apply.\n\nSelf-hosted: no data leaves your machine. No telemetry. No account required. The open-source server processes everything locally.\n", "practicalMitigations": "For maximum privacy, self-host the open-source server: download from GitHub (languagetool-org/languagetool), run via Docker or Java, connect via API or LibreOffice plugin. No text leaves your machine. For the cloud service, no special opt-out is needed — text is not stored or used for training as of December 2024. Use the LibreOffice/OpenOffice plugin (open-source) rather than the closed-source browser extensions if auditability matters. Disable the browser extension on sensitive sites if using the cloud version.\n", "owner": "LanguageTooler GmbH (Potsdam, Germany), a subsidiary of Learneo Inc. (Redwood City, California). Acquired April 2023. Learneo also owns QuillBot, Course Hero, Scribbr, CliffsNotes, LitCharts, and Symbolab. CEO of Learneo: Andrew Grauer. LanguageTool CEO: Daniel Naber (founder). Managing directors of LanguageTooler GmbH: Jennifer Seidel and Stephen Van Horne.", "fundingModel": "No external VC funding for LanguageTool itself. Early development supported by EU and European Regional Development Fund (ERDF) grants, plus German state funds via the European Social Fund. Acquired by Learneo Inc. in April 2023. Learneo is VC-backed (Course Hero raised $380M Series C in 2021).", "businessModel": "Freemium SaaS. Free tier with character limits drives adoption. Premium subscriptions ($5-20/month) and Teams plans generate revenue. Open-source core (LGPL 2.1) available for self-hosting at no cost. Part of Learneo's portfolio of education and writing tools.", "knownIssues": "Closed-source browser extensions: All official LanguageTool browser extensions (Chrome, Firefox, Edge, Safari) are closed-source. The team has confirmed no plans to open-source them again. Only the LibreOffice and OpenOffice plugins remain open-source. This limits independent auditability of the most common client.\n\nLearneo acquisition: The April 2023 acquisition moved data controllership from a small German company to a US-based education technology conglomerate. Privacy policy now references data processing across six countries. The December 2024 policy update (no training on user text) was a positive step, but policies can change under new ownership.\n\nSelf-hosted limitations: The open-source server handles grammar, spelling, and style rules but does not include AI-powered paraphrasing or advanced rewriting features. Premium cloud features are not available locally.\n\nLanguage depth varies: English and German have the deepest rule sets. Other languages rely on volunteer-maintained rules and may miss errors that Grammarly or dedicated single-language tools would catch.\n\nMaintenance transition: In March 2025, original creator Daniel Naber handed maintenance of the open-source project to Stefan Viol at LanguageTooler GmbH. Long-term community health depends on continued investment by Learneo.\n", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-03", "relatedPrograms": [], "securityRating": "strong", "securityRatingNote": "Self-hosted deployment is the gold standard for privacy: open-source core (LGPL 2.1), local processing, no network dependencies, no account required. Cloud service also has a clean posture — text is not stored or used for training, no IP logging. The main caveats are the closed-source browser extensions (cannot be independently audited) and the Learneo acquisition shifting data controllership to a US entity. For maximum trust, self-host the server and use the open-source LibreOffice plugin. The cloud service is adequate for non-sensitive work.\n" }, { "name": "Latakoo", "slug": "latakoo", "url": "https://latakoo.com", "tagline": "Secure video workflow for newsrooms. Fast file transfer, auto-transcription in 99 languages, and cloud-based media asset management built by broadcast journalists.", "category": "visuals", "builtForJournalism": true, "whoItsFor": "TV newsrooms, broadcast journalists, and video teams who need to move large video files fast from the field to the station. Correspondents filing from locations with limited bandwidth. News organizations that need transcription, translation, and clip editing in one platform. Visual journalists who need a secure, professional alternative to WeTransfer or Google Drive for video delivery.", "pricing": "Custom pricing — not publicly listed. Latakoo offers enterprise contracts for newsrooms and media companies. Free trial available. Individual plans reportedly start in the $20-50/month range for freelancers. Newsroom-wide deployments are priced per seat or per organization. NPPA members receive discounted access through the March 2026 partnership.", "freeOption": false, "editorialTake": "Latakoo was built by broadcast journalists who got tired of waiting for video files to upload on deadline. Co-founded by Paul Adrian and Jade Kurian in Austin, Texas, the platform uses patented transfer technology that compresses and sends video files significantly faster than raw upload — critical when you're filing from a disaster zone on hotel Wi-Fi or a mobile hotspot. The product has three core components. Flight is the upload agent — it sits on your laptop and handles fast, secure transfer of video files regardless of bandwidth constraints. Pilot is the cloud-based media asset manager where you view, share, clip, and organize footage. And the transcription engine recognizes 99 languages with translation in 133, which makes it useful for international newsrooms and multilingual coverage. The NPPA (National Press Photographers Association) partnership announced in March 2026 is a meaningful endorsement from the professional visual journalism community. Clients include Euronews Romania, NBC Universal, and Nexstar Media Group. The clip editing feature lets you create cuts directly from transcriptions — edit by text rather than timeline, which speeds up producing web clips from longer packages. CMS integration (Hub) auto-ingests files into your newsroom's content management system. For broadcast and video-heavy newsrooms, Latakoo solves a real workflow problem: getting large video files from field to edit to air, with transcription and asset management built in. The trade-off is that this is a niche tool for video professionals — text-only reporters won't need it. Pricing is opaque and enterprise-oriented. The market is competitive: Frame.io (now Adobe), Dropbox Replay, and Signiant are all in this space, though none combine fast transfer with built-in transcription the way Latakoo does.", "bestFor": "TV newsrooms filing video from the field on tight deadlines. Correspondents working on limited bandwidth connections. Newsrooms that need transcription and translation built into the video workflow. Visual journalists who need a professional, secure alternative to consumer file-sharing tools. Organizations producing multilingual video content.", "notFor": "Print or text-only journalists — this is a video workflow tool. Newsrooms already invested in Frame.io or Signiant. Solo journalists who can manage with Google Drive or WeTransfer for occasional file transfers. Anyone looking for a free video transfer solution. Podcasters or audio-only producers — this is optimized for video.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (Austin, Texas). Latakoo is a US company. Video files and transcriptions are processed and stored on US cloud infrastructure.", "privacyPolicyTldr": "Latakoo processes video files, transcriptions, and metadata on its cloud platform. Files are encrypted in transit during upload via the Flight agent. The company emphasizes secure transfer as a core feature. Enterprise contracts include data handling terms. As a B2B tool for newsrooms, Latakoo's business model is selling the service, not monetizing user data.", "practicalMitigations": "Review your organization's data handling agreement with Latakoo before uploading sensitive footage (source interviews, undercover footage, whistleblower material). Understand that transcriptions are generated on Latakoo's cloud infrastructure — AI transcription means your audio content is processed by third-party models. Delete files from the platform after they've been ingested into your CMS. Use strong credentials and enable any available MFA. For highly sensitive footage, consider transferring files via encrypted direct methods (Signal, SecureDrop) rather than any cloud workflow tool.", "owner": "Latakoo Inc. (Austin, Texas)", "fundingModel": "Privately held. Founded by broadcast journalism veterans Paul Adrian and Jade Kurian. Specific funding details not publicly disclosed. Revenue from enterprise subscriptions and newsroom contracts.", "businessModel": "B2B SaaS for media companies. Revenue from newsroom subscriptions, enterprise contracts, and per-seat licensing. NPPA partnership provides a channel to individual visual journalists. No advertising. No consumer data monetization.", "knownIssues": "Pricing is opaque — no public price page, which makes it hard to evaluate cost without a sales conversation. The market is increasingly competitive with Frame.io (Adobe), Dropbox Replay, and Signiant all offering video workflow tools for media. Transcription accuracy varies by language and audio quality, as with all AI transcription tools. The product is niche — useful for video-heavy newsrooms but irrelevant for text journalists. Limited public documentation on security architecture compared to enterprise competitors. Small company relative to Adobe-owned Frame.io, which raises questions about long-term feature parity and development pace.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "Purpose-built for newsroom video workflows with encryption in transit as a core feature. B2B business model with no incentive to monetize content. NPPA partnership adds professional credibility. Rating is 'adequate' because detailed security architecture documentation is limited, and video files and transcriptions are processed on US cloud infrastructure with no self-hosting option. For routine newsroom video workflows, this is fine. For highly sensitive footage, use encrypted direct transfer methods instead." }, { "name": "LexisNexis Nexis", "slug": "lexisnexis", "url": "https://www.lexisnexis.com/en-us/professional/research/media.page", "tagline": "The largest licensed news and public records database — 39,000+ sources, 45 years of archives, 138 billion documents. The backbone of professional investigative research.", "category": "newsgathering", "additionalCategories": [ "verification" ], "whoItsFor": "Investigative journalists, newsroom researchers, fact-checkers, media analysts, and anyone who needs deep archival access to news, court records, company filings, and public records. Also used by law firms, corporate compliance teams, and academic researchers.", "pricing": "Pricing is opaque and negotiated. Nexis Essential, Nexis+ AI, and Nexis Essential with Nexis+ AI are available as 3-month or annual subscriptions — LexisNexis does not publish list prices. Enterprise and multi-user plans require a sales call. Single-user plans reportedly start around $50/month. For independent journalists and freelancers: ExpertAccess.org offers Nexis news archives (10,000+ publications) at $26/month on a one-year commitment — the most affordable entry point, but excludes public records (Accurint) and CourtLinks.", "freeOption": false, "editorialTake": "Nexis is the industry-standard research database for professional journalism. No competing product matches its combination of scale (39,000+ licensed sources in 50 languages, 138 billion documents, archives back to the late 1970s) and structured search. SmartIndexing lets you search without Boolean syntax. Nexis+ AI adds conversational search and predictive analytics. SmartLinx maps relationships between people, companies, and properties using 82 billion public records from 13,000+ data sources — essential for connecting dots in investigations.\n\nThe content is the draw. Nexis aggregates full-text articles from major newspapers, wire services, trade journals, magazines, broadcast transcripts, court filings, and company profiles (540 million). For investigative work requiring historical context or cross-referencing across publications, nothing else comes close.\n\nThe problems are real. Pricing is opaque and expensive — enterprise contracts run to tens of thousands annually, and LexisNexis does not publish rates. The UI is functional but dated. ExpertAccess at $26/month gets freelancers into news archives, but excludes public records and court documents — the features most valuable for investigations.\n\nOwnership matters. LexisNexis is a division of RELX plc (formerly Reed Elsevier), a London-based information conglomerate with £9.59 billion in 2025 revenue. RELX also operates LexisNexis Risk Solutions, a separate division that sells surveillance and data analytics tools to law enforcement. Risk Solutions holds a $22.1 million contract with ICE, renewed despite opposition from 200+ journalists at RELX-owned publications. The Intercept reported that ICE searched the LexisNexis database over 1.2 million times in the first seven months of the contract. Risk Solutions is distinct from the Nexis research product, but they share a parent company and brand — journalists covering immigration, civil liberties, or law enforcement should weigh this.\n\nIn February 2026, hackers breached LexisNexis Legal & Professional's AWS infrastructure, exfiltrating 2.04 GB of data including 400,000 cloud user profiles and 21,042 enterprise customer accounts. The attackers exploited a React2Shell vulnerability that CISA flagged in December 2025. LexisNexis failed to patch for over two months. The breach revealed weak internal security practices: the RDS master password was \"Lexis1234\" and a single IAM role granted read access to all AWS Secrets Manager entries. LexisNexis said the breach is contained and involved \"mostly legacy data.\"\n\nDespite these issues, Nexis remains essential for serious investigative and archival research. No alternative aggregates this volume of licensed, full-text content in a single searchable platform.\n", "bestFor": "Deep archival news research, background checks on people and companies, fact-checking claims against historical records, corporate investigation and due diligence, tracking relationships between entities via SmartLinx, cross-referencing coverage across thousands of publications.", "notFor": "Breaking news monitoring (Nexis Newsdesk is a separate product). Budget-constrained freelancers who only need occasional lookups — the pricing is prohibitive without ExpertAccess. Journalists who need real-time social media monitoring. Anyone who needs a modern, intuitive interface — the learning curve is steep.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. LexisNexis Legal & Professional is headquartered at 230 Park Ave, New York. Infrastructure runs on AWS. RELX plc is incorporated in the UK.", "privacyPolicyTldr": "LexisNexis collects usage data including search queries, documents accessed, and account information. Enterprise customers can negotiate data handling terms. The February 2026 breach exposed user profiles (names, emails, phones, job roles) and enterprise account data — including 118 .gov profiles from federal judges, DOJ attorneys, and SEC staff. LexisNexis maintains a Trust Center with compliance documentation but has not disclosed SOC 2 Type II certification publicly. The parent company RELX operates across legal, risk, scientific, and exhibitions divisions — data practices vary by division.\n", "practicalMitigations": "Use a dedicated work email for your LexisNexis account — not a personal address. Enable multi-factor authentication if available. Do not store sensitive source identifiers in Nexis search history or saved searches. Review and clear search history periodically. If your newsroom has an enterprise contract, confirm data retention and training exclusion terms. For freelancers using ExpertAccess, understand that your searches go through the same LexisNexis infrastructure — the same security posture applies. After the February 2026 breach, verify your account was not affected and rotate your password. Do not reuse your LexisNexis password elsewhere.\n", "owner": "RELX plc (formerly Reed Elsevier). Publicly traded on the London Stock Exchange (REL), Euronext Amsterdam (REN), and NYSE (RELX). Market cap ~£70 billion. RELX operates four divisions: LexisNexis Legal & Professional (Nexis), LexisNexis Risk Solutions, Elsevier (scientific publishing), and RX (exhibitions).", "fundingModel": "Publicly traded conglomerate. RELX reported £9.59 billion in 2025 revenue with 7% underlying growth and 34.8% adjusted operating margins. LexisNexis Legal & Professional is RELX's second-largest division.", "businessModel": "Enterprise SaaS subscriptions + per-seat licensing + API access (Nexis Data+). Revenue from law firms, newsrooms, corporate compliance, government agencies, and academic institutions. Separate LexisNexis Risk Solutions division sells data analytics to law enforcement and insurance companies.", "knownIssues": "February 2026 data breach: Hackers exploited an unpatched React2Shell vulnerability in LexisNexis AWS infrastructure, stealing 2.04 GB of data including 400,000 user profiles, 21,042 enterprise accounts, and 53 plaintext cloud secrets. CISA flagged the vulnerability in December 2025; LexisNexis failed to patch for two months. Internal security was poor — the RDS master password was \"Lexis1234.\" LexisNexis called the breach \"contained\" and said it involved \"mostly legacy data.\"\n\nICE surveillance contracts: LexisNexis Risk Solutions (a separate RELX division) holds a $22.1 million contract with ICE for the Accurint database and Justice Intelligence platform. ICE used it to search records 1.2 million times in seven months. Immigration advocates sued (case dismissed for standing). Over 200 journalists at RELX-owned Law360 signed a letter opposing the contract. Human rights groups including the ACLU called on ICE not to renew. The contract circumvents sanctuary city policies by giving ICE direct access to incarceration records that local jurisdictions refused to share.\n\nPricing opacity: LexisNexis does not publish standard pricing. Costs vary by negotiation, contract term, user count, and content packages. This makes comparison shopping difficult and favors institutional buyers over independents.\n\nUI and usability: The Nexis interface is powerful but dated. New users face a steep learning curve. Nexis+ AI improves this with conversational search, but the core product still requires Boolean or structured query skills to use effectively.\n\nAcademic access restrictions: Nexis Uni (the academic version) has a smaller source set (17,000 vs. 39,000+) and may limit access after graduation, leaving early-career journalists without affordable options.\n", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "LexisNexis deploys encryption in transit and at rest, network security controls, and logging. However, the February 2026 breach exposed serious operational gaps: an unpatched critical vulnerability left open for two months, a weak master database password, and overly permissive IAM roles that gave a single credential access to all cloud secrets. The breach affected 400,000 user profiles. LexisNexis maintains a Trust Center but has not publicly disclosed SOC 2 Type II certification. The core Nexis research product has standard enterprise security controls, but the 2026 incident demonstrates that infrastructure hygiene has not matched the company's scale or the sensitivity of its user base — which includes federal judges and DOJ attorneys. Rating reflects adequate baseline security with documented recent failures.\n" }, { "name": "LibreOffice", "slug": "libreoffice", "url": "https://www.libreoffice.org", "tagline": "Free, open-source office suite. No account, no cloud, no tracking. Runs offline.", "category": "writing", "openSource": true, "whoItsFor": "Journalists who need offline document editing without Microsoft or Google. Freelancers who can't justify Office 365. Reporters in restrictive environments who need to work without internet. Anyone who wants an office suite that collects zero data.", "pricing": "Free and open-source (Mozilla Public License 2.0). No subscription, no account, no upsells. Enterprise support available from certified partners like Collabora.", "freeOption": true, "editorialTake": "LibreOffice is the default recommendation for journalists who need an office suite and want to pay nothing while collecting zero telemetry. Writer, Calc, Impress, and Draw cover word processing, spreadsheets, presentations, and vector graphics. The software processes everything locally. No account required. No data leaves your machine.\n\nThe Document Foundation, a German nonprofit established in 2010, stewards LibreOffice. TDF forked from OpenOffice.org after Oracle's acquisition made the community's future uncertain. That independence has been tested. In June 2025, TDF's board expelled over 30 developers employed by Collabora and allotropia — the two companies responsible for roughly 80% of all commits to the codebase, including seven of LibreOffice's all-time top ten core committers. The stated rationale was conflicts of interest between commercial employment and Foundation membership. Collabora responded that it would continue contributing \"where that makes sense\" but would stop investing heavily in building TDF's community.\n\nThis governance crisis is the biggest risk to LibreOffice's future. The software works well today. Whether it continues to receive the same quality of maintenance depends on resolving the rift between the nonprofit and the companies whose engineers actually write the code. As of early 2026, Collabora launched Collabora Office Desktop as a competing product, and TDF announced it would resume developing LibreOffice Online.\n\nOn security: LibreOffice has had notable CVEs. CVE-2025-1080 exposed users to remote code execution through manipulated macro URLs — patched in March 2025. CVE-2025-2866 allowed PDF signature spoofing. CVE-2025-14714 was a macOS-specific authentication bypass where LibreOffice's bundled Python inherited TCC permissions. All were patched. Keep LibreOffice updated. Disable macros from untrusted sources.\n\nThe ODF 1.4 standard was approved by OASIS Open in December 2025 — LibreOffice's default format. ODF is an open, vendor-neutral document format. For long-term document preservation and interoperability, it beats proprietary formats.\n\nMicrosoft Office compatibility is good but not perfect. Complex formatting, VBA macros, and advanced Excel features can break on import. For collaborative work with Microsoft-dependent colleagues, expect friction.\n", "bestFor": "Offline document editing, working with ODF files, budget-zero newsrooms, environments with restricted internet access, long-term document archiving in open formats, basic spreadsheet analysis.", "notFor": "Real-time collaborative editing (Google Docs is better). Heavy VBA macro workflows (stay with Excel). Newsrooms deeply embedded in Microsoft 365 ecosystems where compatibility friction would slow production. Advanced desktop publishing (use InDesign or Scribus).", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "All local. LibreOffice processes everything on your machine. No cloud component. No telemetry. No data leaves your device unless you explicitly export or share files.", "privacyPolicyTldr": "LibreOffice collects no personal data, no usage metrics, and no diagnostic information. Fully GDPR-compliant by design — there is nothing to comply with because nothing is collected. No account required. No network connections made during normal use. Update checks can be disabled entirely.", "practicalMitigations": "Download only from libreoffice.org — avoid third-party repackagers. Keep updated for security patches (CVE-2025-1080, CVE-2025-2866, CVE-2025-14714 all required updates). Set macro security to High or Very High in Tools > Options > Security > Macro Security. Never enable macros in documents from unknown sources. Use version 25.2.4 or later to avoid the macOS authentication bypass. For sensitive documents, LibreOffice supports ODF encryption with AES-256.", "owner": "The Document Foundation (TDF), a German nonprofit (gemeinnützige Stiftung) established in 2010. Headquartered in Berlin. Board-governed with elected membership. Current governance under strain after June 2025 developer expulsions.", "fundingModel": "Donations, corporate sponsorships, and ecosystem certification fees. TDF's 2024 annual report emphasized end-user privacy as a core mission. No venture capital. No advertising. The Foundation funds one site reliability engineer and infrastructure costs.", "businessModel": "LibreOffice is free. TDF certifies commercial support providers (Collabora, allotropia, CIB) who sell enterprise support, training, and hosted LibreOffice deployments. TDF earns certification fees. No direct monetization of the desktop product.", "knownIssues": "Governance crisis (June 2025): TDF expelled 30+ developers from Collabora and allotropia — roughly 80% of the codebase's active contributors. The rift centers on whether employees of commercial LibreOffice companies can serve as independent Foundation members. The expelled developers include most of LibreOffice's top committers. Long-term maintenance quality depends on resolving this.\n\nSecurity vulnerabilities: CVE-2025-1080 (remote code execution via macro URLs, critical, patched March 2025). CVE-2025-2866 (PDF signature spoofing, patched). CVE-2025-14714 (macOS TCC permission bypass via bundled Python, patched in 25.2.4). CVE-2025-0514 (additional vulnerability, patched). Users must stay current on updates.\n\nMicrosoft Office compatibility: Complex .docx formatting, pivot tables, VBA macros, and conditional formatting can break or degrade on import. Not a drop-in replacement for advanced Microsoft 365 workflows.\n\nNo real-time collaboration: LibreOffice Online development was paused for years while Collabora built the commercial Collabora Online. TDF announced it would resume LibreOffice Online development in early 2026, but the product is not yet mature.\n\nCompeting forks: Collabora Office Desktop (November 2025) competes directly with the desktop LibreOffice product, fragmenting the ecosystem.\n", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-03", "relatedPrograms": [], "securityRating": "strong", "securityRatingNote": "All processing is local. No telemetry, no cloud, no account required. Zero data collection by design. ODF encryption supports AES-256. The main security concern is keeping the software updated — several critical CVEs were patched in 2025 (remote code execution, PDF signature spoofing, macOS privilege escalation). Macro security should be set to High. The governance crisis does not affect the current software's security, but it raises questions about the pace of future security patches if core contributors reduce their involvement.\n" }, { "name": "Loom", "slug": "loom", "url": "https://www.loom.com", "tagline": "Async video messaging with screen recording and camera. Acquired by Atlassian for $975M in 2023. Free tier with limits.", "category": "visuals", "openSource": false, "whoItsFor": "Journalists and editors sharing story feedback, explaining edits, or walking through complex data. Newsroom managers communicating with distributed teams. Freelancers sending video pitches or progress updates to clients. Anyone who needs to explain something visually without scheduling a meeting.", "pricing": "Starter (free): 25 videos max, 5-minute recording limit, 720p quality, up to 50 workspace members (10 for Atlassian-integrated accounts). Business: $12.50/creator/month annual — unlimited videos, custom branding, 4K quality, drawing tools, integrations. Business + AI: $20/creator/month annual — auto-summaries, AI editing, filler word removal, auto-chapters, transcript-based editing. Enterprise: custom pricing — SSO, SCIM, advanced privacy, custom data retention.", "freeOption": true, "editorialTake": "Loom solved the 'this meeting could have been an email' problem by making screen recordings frictionless. Record your screen, camera, or both; share a link; viewers watch on their own time and leave timestamped comments. Atlassian acquired Loom for $975M in October 2023, integrating it across Jira, Confluence, and the Atlassian ecosystem. For newsrooms, Loom is useful for editorial feedback ('here's what I'd change in paragraph 3'), explaining data analysis steps, onboarding new reporters, and async standups across time zones. The free tier is heavily limited — 25 videos, 5 minutes each, 720p — but enough to test whether async video fits your workflow. The AI features (summaries, chapters, filler word removal) are locked behind the $20/month Business + AI tier. Post-acquisition, Loom is now part of Atlassian's enterprise stack, which means strong security infrastructure but also more complex data handling across the Atlassian ecosystem. Videos are stored on AWS with encryption at rest and in transit.", "bestFor": "Editorial feedback and story markup. Explaining data analysis or investigation methodology. Async team standups for distributed newsrooms. Onboarding and training for new reporters. Video pitches to editors or clients.", "notFor": "Confidential source discussions or sensitive editorial conversations (videos stored on Atlassian/AWS servers). Live video calls or real-time collaboration (Loom is async-only). Long-form video production (use dedicated editing software). Environments where video recording creates legal or consent issues.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (Atlassian, Inc., headquartered in Sydney, Australia, with major operations in San Francisco). Video data stored on AWS with VPC isolation. Servers behind secure firewall. Videos uploaded via SSL-encrypted websocket. Enterprise plan supports custom data retention policies.", "privacyPolicyTldr": "Account required. Videos stored on Atlassian/AWS infrastructure, private by default unless shared via link. Loom sends data only to trusted third-party sub-processors under strict privacy agreements. Enterprise plan adds SSO, SCIM, advanced privacy, and visibility controls over Personal Library content. Atlassian's broader privacy framework applies post-acquisition.", "practicalMitigations": "Do not record discussions involving confidential sources or sensitive unpublished information — videos are stored on Atlassian's cloud infrastructure. Review link-sharing settings before distributing videos (anyone with the link can view by default on lower tiers). Use password protection on sensitive videos when available. Enterprise tier adds SSO, SCIM, and content visibility controls. Download important videos locally as backups.", "owner": "Atlassian, Inc. (acquired Loom in October 2023 for $975M). Atlassian is publicly traded (NASDAQ: TEAM), headquartered in Sydney, Australia. Co-founders: Scott Farquhar and Mike Cannon-Brookes. Loom originally founded by Joe Thomas, Vinay Hiremath, and Shahed Khan.", "fundingModel": "Fully owned subsidiary of Atlassian (NASDAQ: TEAM). Pre-acquisition, Loom raised $203M from investors including Andreessen Horowitz, Sequoia, Kleiner Perkins, and Coatue.", "businessModel": "Freemium SaaS within the Atlassian ecosystem. Revenue from Business, Business + AI, and Enterprise subscriptions. Deep integrations with Jira, Confluence, Slack, Salesforce, and GitHub. Part of Atlassian's broader collaboration platform strategy.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "Enterprise-grade infrastructure via Atlassian — encryption at rest and in transit on AWS, VPC isolation, SSL-encrypted video uploads. Enterprise tier adds SSO, SCIM, advanced privacy controls, and custom data retention. Atlassian is SOC 2 and ISO 27001 certified at the company level. Free and Business tiers have limited admin controls. Not recommended for recording discussions involving confidential sources or sensitive editorial content." }, { "name": "MacWhisper", "slug": "macwhisper", "url": "https://goodsnooze.gumroad.com/l/macwhisper", "tagline": "Native Mac GUI for OpenAI's Whisper and Nvidia Parakeet. Local transcription, one-time purchase, no cloud required.", "category": "visuals", "openSource": false, "builtForJournalism": false, "whoItsFor": "Journalists on Mac who want Whisper's transcription accuracy without the command line. Reporters who need local, private transcription but aren't comfortable with Terminal. Anyone who wants a one-time purchase rather than a monthly subscription for transcription.", "pricing": "Free version available (basic Whisper models). Pro: one-time purchase (approximately $30, sold via Gumroad) — unlocks all models including large-v3, large-v3-turbo, and Nvidia Parakeet, plus batch processing, speaker labels, translation, and export options. No subscription. No recurring fees.", "freeOption": true, "editorialTake": "MacWhisper wraps OpenAI's Whisper in a native macOS interface and adds the features journalists actually need: batch processing, speaker labels, export to multiple formats, and support for the latest models. Built by Jordi Bruin, an indie Mac developer. The key advantage over raw Whisper CLI: you get a drag-and-drop interface with real-time progress, searchable transcript history, and speaker diarization without touching Terminal. Processing runs entirely on your Mac — audio never leaves your device. On Apple Silicon (M1/M2/M3/M4), Core ML acceleration makes transcription fast: a 1-hour interview transcribes in roughly 5-10 minutes on an M2 Pro with the large-v3-turbo model. The free version includes basic Whisper models (tiny, base, small, medium) which are fine for testing but not accurate enough for interview transcription. Pro unlocks large-v3 (most accurate) and large-v3-turbo (8x faster with marginal accuracy loss). Also supports Nvidia's Parakeet model as an alternative engine. The privacy story is as strong as it gets: fully local processing, no network requests, no telemetry, no account required. One-time purchase means no ongoing data relationship. For journalists handling sensitive sources, MacWhisper plus a good pair of headphones for verification is the gold standard workflow. Compared to Good Tape ($13.75/month): MacWhisper is cheaper long-term, fully local, but requires a Mac with decent specs and offers no collaboration features. Compared to Whisper CLI (free): MacWhisper costs money but saves significant time on batch jobs and removes the technical barrier. Compared to Otter.ai: MacWhisper is local-only (private) but has no real-time mode and no cloud sync. The hallucination caveat from Whisper applies equally here — MacWhisper uses the same underlying models. Every quote must be verified against audio before publication. Speaker diarization is good but not perfect — review labels on multi-person interviews.", "bestFor": "Private local transcription on Mac without command-line knowledge. Batch transcribing multiple interview files. One-time purchase economics for freelancers. Sensitive source interviews that cannot be uploaded to any cloud service. Journalists who want Whisper accuracy with a proper GUI.", "notFor": "Windows or Linux users (Mac-only). Real-time transcription during live events. Collaborative transcription workflows with team sharing. Users who need cloud sync across devices. Machines without Apple Silicon or a capable GPU — CPU-only transcription on Intel Macs is very slow for large models.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Local only. All processing happens on your Mac. No audio is uploaded, no network requests made, no cloud dependency. The app itself is purchased via Gumroad but operates fully offline after download.", "privacyPolicyTldr": "Fully local processing. No data collection. No telemetry. No network requests during transcription. No account required to use. Audio never leaves your device. Model weights downloaded once and run locally. The strongest privacy posture available for transcription — zero cloud exposure by design.", "practicalMitigations": "Verify every quote against the original audio — Whisper hallucination applies to MacWhisper equally. Use large-v3 model for highest accuracy on important interviews (slower but fewer errors). Use large-v3-turbo for quick drafts where speed matters more than perfection. Trim silence from audio files before transcribing to reduce hallucination risk. For Intel Macs, stick to the medium model — large models are impractically slow on CPU-only. Keep the app updated for latest model support and bug fixes.", "owner": "Jordi Bruin (indie Mac developer, Netherlands). Sold via Gumroad under the 'Good Snooze' brand.", "fundingModel": "Indie developer. One-time purchase revenue. No venture capital. No subscription model.", "businessModel": "One-time purchase via Gumroad. Free version available with basic models. Pro version unlocks advanced features and models. No recurring revenue, no data monetization.", "knownIssues": "Mac-only — no Windows, Linux, iOS, or Android version. Whisper hallucination problem applies equally: fabricated phrases appear in roughly 1% of transcriptions (per the 2024 Cornell/ACM FAccT study). Speaker diarization is approximate — review labels carefully on multi-person recordings. Large-v3 model requires significant RAM and runs slowly on Intel Macs without Apple Silicon. No real-time transcription. No cloud sync or collaboration features. No API for automation. Dependent on one indie developer for updates and support — bus factor of one. Gumroad purchase means no App Store review or distribution guarantees.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "strong", "securityRatingNote": "Fully local processing with zero network dependency. No data collection, no telemetry, no cloud requirement. Audio never leaves your device. One-time purchase means no ongoing data relationship. The strongest privacy posture available for GUI-based transcription. The hallucination problem is an accuracy concern, not a security concern — it does not compromise confidentiality." }, { "name": "Mailvelope", "slug": "mailvelope", "url": "https://mailvelope.com", "tagline": "PGP encryption for Gmail, Outlook.com, and Yahoo — without switching email providers.", "category": "security", "openSource": true, "threatLevel": "sensitive-reporting", "whoItsFor": "Journalists who need PGP-encrypted email but won't abandon Gmail or Outlook.com. Sources who refuse to adopt a new email provider. Newsrooms on Google Workspace that need encryption for specific threads without migrating to ProtonMail.", "pricing": "Free for personal use. Mailvelope Business pricing is per-user with volume discounts; annual and monthly plans available. Contact sales for current rates.", "freeOption": true, "editorialTake": "Mailvelope solves the biggest PGP adoption problem: nobody wants to switch email providers. It bolts OpenPGP encryption onto Gmail, Outlook.com, and Yahoo webmail as a browser extension. Open-source since 2012, audited ten times by firms including Cure53, SEC Consult, and 0xche. The German BSI funded its development in 2018 to add encrypted web forms and GnuPG integration. Private keys never leave your browser. The tradeoff: you're trusting a browser extension with your encryption, which has a larger attack surface than a standalone app. And PGP email itself is losing ground to Signal and other modern E2EE protocols — most security researchers now recommend against PGP for routine secure communication. Mailvelope is still the best option when PGP email is a hard requirement, but in 2026, that requirement is increasingly rare.", "bestFor": "Adding PGP encryption to existing webmail accounts. Receiving encrypted tips from sources who already use PGP. Newsrooms standardizing on Gmail or Microsoft 365 that need encryption for specific threads. Compliance workflows requiring OpenPGP.", "notFor": "Journalists facing state-level adversaries (use Tails + Thunderbird for air-gapped PGP). Mobile email — Mailvelope only works in desktop browsers. Routine secure messaging — Signal is simpler and safer for most journalist-source communication.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Local — private keys stored in browser extension, never on Mailvelope servers. Optional Mailvelope Key Server for public key distribution is hosted in Germany.", "privacyPolicyTldr": "Encryption runs locally in the browser. The extension does not transmit email content or private keys to Mailvelope servers. The Web Key Directory (WKD) lookup feature makes HTTP requests to the sender's domain by default, which can expose user activity — disable in settings if this matters. If you use the Mailvelope Key Server, your public key and email address are stored on German servers. No analytics or tracking in the extension.", "practicalMitigations": "Verify recipient public keys through a second channel before sending sensitive material. Use a strong passphrase for your private key. Keep the extension updated — the 2025 audit found a clickjacking vulnerability patched in v6.1.0. Back up your private key securely outside the browser. Disable automatic WKD lookups in settings to prevent information leakage to sender domains. Consider whether Signal or SecureDrop would serve your use case better than PGP email.", "owner": "Mailvelope GmbH (Germany)", "fundingModel": "Open-source project with commercial business tier. Received funding from the Open Technology Fund, Internews, and the German Federal Office for Information Security (BSI). BSI contracted Mailvelope GmbH and Intevation GmbH in 2018 to extend the extension with encrypted web forms and GnuPG key management integration.", "businessModel": "Free for personal use. Revenue from Mailvelope Business — managed deployment for organizations with Google Workspace, Microsoft 365, and Nextcloud integration. Per-user licensing with volume discounts.", "knownIssues": "2025 audit by 0xche found seven issues: one high-severity clickjacking vulnerability in the client-API (patched in v6.1.0 by removing embeddable settings), one low-severity prototype pollution, and five informational findings including automatic WKD lookups that leak user activity to sender domains (can be disabled in settings but on by default). A signature spoofing vulnerability via OpenPGP.js was also fixed in v6.1.0. At 39C3 in late 2025, researchers presented new PGP/GnuPG vulnerabilities — not Mailvelope-specific, but affecting the underlying ecosystem. Firefox manifest v3 migration completed in v6.1.0 (May 2025). Chrome 144 compatibility fix shipped in v6.2.1 (January 2026). PGP email as a category is under pressure: cryptographers increasingly recommend against it in favor of modern E2EE protocols like Signal.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "Open-source, ten independent audits since 2013, BSI-funded development, local key management. The 2025 0xche audit found issues but all critical ones were patched promptly. Browser extension attack surface is real but manageable. Adequate for sensitive reporting where PGP email is specifically required. For most journalist-source communication in 2026, Signal or SecureDrop is the better choice." }, { "name": "Make", "slug": "make", "url": "https://www.make.com", "tagline": "Visual workflow automation platform connecting 3,000+ apps. Formerly Integromat. More powerful and cheaper than Zapier for complex multi-step automations, with a steeper learning curve.", "category": "ai", "openSource": false, "threatLevel": "baseline", "whoItsFor": "Journalists and newsrooms who need to automate complex workflows involving multiple apps — monitoring data sources, routing content between platforms, triggering alerts, syncing databases. Power users who've outgrown Zapier's linear model and need branching logic, error handling, and conditional paths. Small teams that need enterprise-level automation without enterprise pricing.", "pricing": "Free tier: 1,000 credits per month, limited to 2 active scenarios. Core: from $9/month for 10,000 credits. Pro: from $16/month for 10,000 credits with advanced features (custom variables, priority execution). Teams: from $29/month with team collaboration. Enterprise: custom pricing with SSO, audit logs, dedicated support. Credits replaced operations as the billing unit in August 2025 — one standard operation equals one credit, but AI modules may consume variable credits.", "freeOption": true, "editorialTake": "Make is the power-user alternative to Zapier, and for most journalism automation use cases, it's the better deal. The visual scenario builder lets you see branching logic, parallel paths, and error handling in a way Zapier's linear Zap model doesn't support. You get roughly 10x the operations per dollar compared to Zapier at equivalent tiers. The tradeoff is learning curve — Make's interface is more complex, and the documentation assumes technical comfort. For newsroom automation (RSS monitoring, social posting, tip-line routing, data pipeline triggers), Make handles the same jobs as Zapier with more flexibility and lower cost. The ownership story changed in 2020 when Celonis (German process mining company, valued at $13B) acquired Integromat for over $100M and rebranded it as Make. This means the product is backed by a well-funded enterprise software company — good for stability, but it also means Make's roadmap is influenced by enterprise priorities. The August 2025 shift from operations to credits is worth watching — AI-heavy workflows may become expensive as variable credit consumption makes costs less predictable. For journalism workflows that don't use AI modules, the credit system is straightforward. Compare directly to Zapier (broader app coverage, easier onboarding) and n8n (open source, self-hosted, you keep the data).", "bestFor": "Complex multi-step automations with branching logic and error handling. Monitoring government data feeds and routing alerts to Slack or email. Automating social media posting across multiple platforms. Syncing CRM, spreadsheet, and project management tools. Any workflow where Zapier's per-task pricing gets expensive — Make is significantly cheaper at volume.", "notFor": "Journalists who need one or two simple automations (Zapier's easier to set up for basic flows). Workflows involving sensitive source data — everything passes through Make's cloud servers. Anyone who needs on-premises automation with no cloud dependency (use n8n self-hosted). Non-technical users who find visual programming intimidating — the learning curve is real.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "European Union (Make is operated by Celonis SE, headquartered in Munich, Germany; Make's operations are based in Prague, Czech Republic). Data processed on EU infrastructure. GDPR-compliant. EU data residency by default — a meaningful advantage over US-based alternatives for European newsrooms. Subject to EU legal process.", "privacyPolicyTldr": "Make processes workflow data (the information flowing through your scenarios) on EU servers. Scenario execution logs are retained for debugging — retention period depends on plan tier. SOC 2 Type II certified. GDPR-compliant as both processor and controller. Does not sell user data. Credentials for connected apps are encrypted at rest. Celonis ownership means enterprise-grade security infrastructure.", "practicalMitigations": "Don't route source identities, confidential documents, or sensitive tip-line data through Make — use it for routine operational workflows. Review scenario execution logs and understand retention periods for your plan tier. Audit connected apps quarterly and disconnect unused integrations. Rotate API keys and OAuth tokens annually. For sensitive automation needs, consider self-hosted n8n instead. Monitor credit consumption after the August 2025 billing change — AI modules may cost more than expected.", "owner": "Celonis SE (acquired Integromat/Make in October 2020 for over $100M)", "fundingModel": "Subsidiary of Celonis, a German process mining company valued at $13B with over $1.4B in total funding from investors including Sequoia, Durable Capital Partners, and Arena Holdings. Make operates as a product line within Celonis.", "businessModel": "Subscription SaaS billed by credit volume and feature tier. Free tier serves as acquisition funnel. Revenue from individual, team, and enterprise subscriptions. No advertising. No data resale. Part of Celonis's broader enterprise automation strategy.", "knownIssues": "August 2025 credit system change makes costs less predictable for AI-heavy workflows — one AI module execution may consume multiple credits depending on complexity and token usage. Learning curve is steeper than Zapier — the visual scenario builder is powerful but not intuitive for non-technical users. Fewer pre-built app integrations than Zapier (3,000+ vs 8,000+), though most journalism-relevant apps are covered. Enterprise ownership (Celonis) means product direction may prioritize enterprise features over individual/small-team needs. Scenario debugging can be frustrating when complex branches fail silently.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "SOC 2 Type II certified, GDPR-compliant, EU data residency by default, encryption in transit and at rest. Owned by Celonis (well-funded German enterprise company), which brings enterprise security infrastructure. The structural consideration is the same as any cloud automation platform: Make sees everything flowing through your workflows. For routine newsroom automation, this is fine. EU jurisdiction is a meaningful advantage over US-based Zapier for European newsrooms. For sensitive workflows, self-hosted n8n remains the better choice." }, { "name": "Mapshaper", "slug": "mapshaper", "url": "https://mapshaper.org", "tagline": "Browser-based tool for editing, simplifying, and converting geographic data. All processing happens locally — your shapefiles never leave your machine.", "category": "data", "openSource": true, "whoItsFor": "Data journalists, newsroom graphics desks, and researchers who work with shapefiles, GeoJSON, TopoJSON, or CSV geodata. Anyone who needs to prep geographic files for web maps, interactive stories, or further analysis in QGIS or D3.", "pricing": "Free", "freeOption": true, "editorialTake": "Mapshaper is the tool newsroom graphics teams actually use. Built by Matthew Bloch, a graphics editor at The New York Times (MS in GIS/Cartography from UW-Madison), it does one family of tasks extremely well: simplify, convert, filter, dissolve, clip, and join geographic data. The killer feature is topologically-aware simplification — shared polygon borders stay aligned as you reduce detail, which QGIS's built-in simplify does not guarantee. In testing, Mapshaper's dissolve runs many times faster than QGIS or GRASS. The interactive simplification slider in the browser UI lets you drag to see exactly where detail drops off, which is something no desktop GIS matches for speed of iteration. All processing is client-side JavaScript — nothing uploads to any server, even on the public mapshaper.org site. The CLI (npm install -g mapshaper) supports batch pipelines and scripted workflows, and a mapshaper-xl variant allocates extra heap for large files. R users get rmapshaper on CRAN; QGIS users can install the qmapshaper plugin to call Mapshaper's algorithms from inside QGIS. With 3,400+ GitHub stars and active commits, this is mature, trusted infrastructure for geographic data work.", "bestFor": "Simplifying shapefiles for web maps (reducing 50MB Census files to 500KB). Converting between Shapefile, GeoJSON, TopoJSON, CSV, KML, and SVG. Dissolving, clipping, joining, and filtering geographic features. Previewing and inspecting geodata before loading into D3, Datawrapper, or Flourish. Batch processing via CLI for repeatable map-data pipelines.", "notFor": "Full GIS analysis — spatial joins with attributes, raster processing, geocoding, routing (use QGIS). Publication-ready data visualizations or choropleth maps (use Datawrapper, Flourish, or D3). Editing individual point coordinates with precision (use QGIS or geojson.io). Satellite imagery or raster data of any kind.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Local only. All processing runs client-side in your browser. No data is sent to any server. The mapshaper.org website is a static JavaScript application — geographic data never leaves your machine.", "privacyPolicyTldr": "Mapshaper has no privacy policy because it collects no data. The web app is pure client-side JavaScript. No accounts, no cookies, no analytics, no telemetry. Your geographic data stays in your browser's memory and is discarded when you close the tab.", "practicalMitigations": "No special precautions needed — data never leaves your browser. For additional assurance with sensitive geographic data (e.g., source locations, conflict zones), run Mapshaper locally via npm (npm install -g mapshaper) to eliminate any network dependency entirely. For files over ~500MB, use Firefox (handles 1GB+ shapefiles) or the CLI with mapshaper-xl to avoid Chrome's memory limits.", "owner": "Matthew Bloch (Graphics Editor, The New York Times)", "fundingModel": "Unfunded open-source project. Built and maintained by Bloch as a personal/professional tool. No grants, no sponsors, no commercial backing. The NYT connection is relevant context — Bloch built this to solve real newsroom problems — but the Times does not fund or own the project.", "businessModel": "None. Free and open-source under MPL 2.0 license. No paid tiers, no enterprise version, no support contracts.", "knownIssues": "Browser memory limits are real. Chrome can crash on files over ~500MB; Firefox handles up to 1GB+. Very large GeoJSON files balloon in memory because every coordinate becomes a JS array object — switch to Shapefile format or use the CLI with mapshaper-xl (allocates 8GB heap by default, configurable higher). The web UI has no undo history — destructive edits are permanent within the session. No projection/CRS transformation support in the browser UI (CLI supports -proj). Single-developer project: bus factor of one, though the codebase is clean and well-structured.", "reviewedBy": "Deepened evaluation by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Client-side processing means zero data exposure — your files never touch a server. Open-source (MPL 2.0) with 3,400+ GitHub stars and transparent code on GitHub. No accounts, no tracking, no cookies, no analytics. One of the strongest privacy stories in our entire evaluation set. The only theoretical risk is a supply-chain attack via npm dependencies, which applies to any JavaScript tool — mitigated by running a pinned version locally." }, { "name": "MarineTraffic", "slug": "marine-traffic", "url": "https://www.marinetraffic.com", "tagline": "Real-time global ship tracking via AIS — 13,000+ terrestrial receivers and satellite coverage, the standard tool for maritime investigations and sanctions evasion reporting.", "category": "newsgathering", "additionalCategories": [ "verification" ], "whoItsFor": "Investigative journalists tracking sanctions evasion, oil-tanker dark fleets, maritime accidents, port activity, and cross-border smuggling. Also used by shipping analysts, commodity traders, port operators, insurers, and OSINT researchers. Bellingcat documents MarineTraffic as a core OSINT tool.", "pricing": "Free tier with significant limits. Paid plans run from roughly $10/month for basic features to enterprise contracts in the thousands per year for satellite AIS, full historical archives, and API access. Specific paid tiers and pricing are negotiated through Kpler since the 2023 acquisition. The free tier shows live terrestrial AIS positions but caps fleet size at 5 vessels and limits track history to the last 3 days.", "freeOption": true, "editorialTake": "MarineTraffic is the standard public-facing tool for ship tracking, and it has powered some of the most consequential maritime investigations of the last decade — Russian oil tanker dark-fleet reporting, Iran sanctions-evasion stories, the Houthi Red Sea attacks, the Ever Given Suez blockage, and countless smaller stories about port activity, vessel collisions, and suspicious ship-to-ship transfers. It is in Bellingcat's OSINT toolkit because it works.\n\nThe data comes from the Automatic Identification System, the maritime equivalent of aircraft transponders. Vessels above 300 gross tons are required by SOLAS to broadcast AIS data, including identity (MMSI, IMO number, name, callsign), position, speed, heading, and destination. MarineTraffic operates a global network of 13,000+ terrestrial AIS receivers along coastlines, supplemented by satellite AIS for vessels in open ocean beyond coastal range. Coverage is global but uneven — coastal data is dense, mid-ocean data depends on satellite passes.\n\nThe free tier is enough for many basic stories. Search a vessel by name, MMSI, or IMO number. See its current position, recent track, photos contributed by ship spotters, port calls, and basic specs. Click through to the operator and registered owner. For real-time monitoring of a specific vessel during a story, the free tier delivers.\n\nThe paid tiers are where investigative work happens. Historical AIS archives go back to 2010 — essential for reconstructing what a vessel was doing weeks, months, or years ago. Satellite AIS fills coverage gaps in mid-ocean, the Arctic, and waters where vessels are deliberately running dark by spoofing or disabling AIS. Fleet tracking, custom alerts, and the API support workflows that scrape thousands of vessels at once.\n\nThe big caveat is AIS spoofing and dark vessels. Sanctions-evading tankers routinely turn off their transponders, broadcast false MMSI numbers, or transmit fake GPS coordinates. MarineTraffic shows what AIS reports — not necessarily where the ship actually is. Cross-reference with satellite imagery (Planet Labs, Sentinel-2, Sentinel-1 SAR for cloudy areas), Lloyd's List, Equasis, and the OFAC sanctioned vessels list. For the strongest stories, combine MarineTraffic position data with synthetic-aperture radar imagery to confirm ships are where they say they are.\n\nOwnership matters. MarineTraffic was acquired by Kpler in 2023, alongside FleetMon, in a major consolidation of the maritime intelligence market. Kpler is a Brussels-based commodities-tracking company that sells maritime and trade intelligence to commodity traders, hedge funds, oil majors, and governments. The same data and infrastructure now serve both investigative journalists looking at Russian oil tankers and the trading desks profiting from those flows. There is no public evidence of editorial interference, but the corporate context is worth understanding when you rely on a single vendor for sanctions-evasion reporting.\n", "bestFor": "Tracking individual vessels in real time during a breaking story. Reconstructing historical voyages of suspect tankers using paid archive access. Monitoring port calls and ship-to-ship transfers. Identifying vessel ownership and operator chains. Cross-referencing AIS data with satellite imagery for sanctions-evasion investigations. OSINT verification of maritime claims.", "notFor": "Tracking vessels that have deliberately turned off AIS or are spoofing their position — you need satellite imagery for that. Free-tier users who need historical data older than 3 days. Stories that require provable, court-admissible position data — AIS is operator-reported and can be falsified. Anyone who needs guaranteed mid-ocean coverage on a budget.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "European Union (Greece and Belgium). MarineTraffic was founded in Athens in 2007 and remains headquartered in Greece. Parent company Kpler is headquartered in Brussels, Belgium, with offices across Europe, the US, Singapore, and Dubai. Operates under GDPR.", "privacyPolicyTldr": "MarineTraffic collects standard account data (email, name, payment information), search history, fleet selections, and usage analytics for logged-in users. Free guest browsing also captures standard web analytics. Kpler's privacy policy permits sharing across the broader Kpler product family and with corporate customers in aggregate form. As an EU entity, MarineTraffic operates under GDPR and provides data access and deletion rights. The vessel position data itself is public AIS broadcast information aggregated by MarineTraffic's receiver network — not personal data.\n", "practicalMitigations": "For sensitive investigations, do not use a fleet name or saved-vessel list that reveals your investigation target. Create a separate MarineTraffic account for each investigation if possible, or use the free tier without logging in for casual lookups. Pay with a corporate card, not a personal one, when subscribing to paid tiers. Do not share investigation account credentials. Cross-reference AIS data against satellite imagery before publishing — assume sophisticated targets are spoofing or running dark. Verify vessel identity by IMO number, not just name, since names can be changed weekly. Save evidence as screenshots and exports immediately, since paid tier downgrades can lock you out of historical data you previously accessed.\n", "owner": "Kpler, a Brussels-based maritime and commodities intelligence company. Kpler acquired MarineTraffic and FleetMon in 2023, consolidating a large share of the public AIS tracking market. MarineTraffic was originally founded in 2007 by Dimitris Lekkas as an academic project at the University of the Aegean before becoming a commercial company.", "fundingModel": "Subsidiary of a venture-backed maritime intelligence company. Kpler has raised significant private equity and venture funding from investors including Five Arrows, Insight Partners, and others. Kpler is a profitable, growth-stage private company serving commodities traders, oil majors, banks, and government clients.", "businessModel": "Freemium SaaS plus enterprise data licensing and API access. Free tier acquires casual users and ship spotters who contribute photos and AIS receiver coverage. Paid tiers and API access generate revenue from shipping companies, traders, insurers, ports, governments, and a small but visible base of investigative journalists and OSINT researchers. Most revenue comes from commercial customers, not journalists.", "knownIssues": "AIS spoofing and dark vessels: AIS data is self-reported by vessel operators and can be turned off, falsified, or spoofed. Sanctions-evading tankers routinely manipulate their transponders. MarineTraffic shows what is broadcast, not necessarily where ships actually are. Always cross-reference with satellite imagery for high-stakes stories.\n\nFree tier limits: The free tier caps \"My Fleet\" at 5 vessels and shows only the last 3 days of vessel track history. Historical playback, satellite AIS coverage, full archives, alerts, and API access all require paid tiers. Casual users hit these walls quickly during an active investigation.\n\nCoastal vs. open-ocean coverage: Terrestrial AIS coverage is dense near coasts but disappears in mid-ocean. Satellite AIS fills the gaps but is paid-only and has lower update frequency. For vessels deliberately operating in coverage gaps, MarineTraffic alone is insufficient.\n\nKpler consolidation: Kpler now owns MarineTraffic, FleetMon, and a large share of the public ship-tracking market. This concentration creates a single point of failure for investigative work and a potential conflict where the same company sells data to both journalists and the commodity traders profiting from the flows being investigated.\n\nPricing opacity for higher tiers: Public free and basic tiers are clear, but enterprise pricing for satellite AIS, historical archives, and API access is negotiated through sales. Independent journalists often cannot afford the tiers that matter most for serious investigations.\n\nVessel identity confusion: Ships change names, flags, owners, and operators constantly — sometimes weekly for sanctions-evasion fleets. Always identify vessels by IMO number (a permanent 7-digit identifier) rather than name.\n", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-07", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "MarineTraffic runs on EU infrastructure under GDPR with encryption in transit and at rest, standard account security, and no public record of a major breach. The vessel data itself is public AIS broadcast information, not personal data — the privacy concern for journalists is account metadata (search history, saved fleets) revealing investigation targets, not the underlying vessel records. The bigger trust consideration is corporate consolidation: Kpler now owns most of the public ship-tracking market and serves both journalists and the commodity traders whose flows are being investigated. Rating reflects standard SaaS security plus a meaningful note about corporate context and the inherent unreliability of self-reported AIS data when targets are sophisticated.\n" }, { "name": "Media Bias/Fact Check", "slug": "media-bias-fact-check", "url": "https://mediabiasfactcheck.com", "tagline": "Independently operated database of news source bias ratings and factual reporting scores. Covers 7,000+ sources with transparent methodology.", "category": "verification", "openSource": false, "threatLevel": "baseline", "whoItsFor": "Journalists, researchers, and editors who need a quick reference for how a news source is generally perceived in terms of political lean and factual accuracy. Students and media literacy educators. Anyone building source lists who wants a first-pass filter on reliability.", "pricing": "Free to access all ratings and methodology pages. Supported by third-party advertising (Google AdSense, Snigel). No paywall on core ratings database. Some premium features may be available but core functionality is free.", "freeOption": true, "editorialTake": "Media Bias/Fact Check is the most widely cited source-bias database on the internet, and it's essentially a one-person operation. Dave Van Zandt, a registered unaffiliated voter with a background in physiology (not journalism), has been running MBFC since 2015, investing 60-80 hours per week with volunteer help. The methodology combines objective measures (sourcing, corrections policy) with subjective editorial judgment on story selection and language — which is simultaneously its strength (human nuance) and weakness (scalability, consistency). For journalists, MBFC is useful as a quick sanity check — 'has this source been flagged for poor factual reporting?' — but it's not a fact-checking tool itself. It rates sources, not claims. The ratings have been adopted by browser extensions, Wikipedia editors, and academic researchers, which gives them outsized influence. The operation is ad-supported with no institutional funding, which keeps it independent but also resource-constrained. Take any individual rating with appropriate skepticism — the value is in the aggregate pattern across 7,000+ sources, not any single call.", "bestFor": "Quick reference on whether a source has a documented track record of factual reporting. Building source lists for coverage. Media literacy education. Identifying outlets with known bias patterns before citing them. Browser extension integration for real-time source checking.", "notFor": "Fact-checking specific claims (use dedicated fact-checkers like Snopes, PolitiFact). Verifying individual articles — MBFC rates the source, not the story. High-stakes editorial decisions where a single rating shouldn't determine inclusion. Assessing sources outside English-language media (coverage is limited). Anyone expecting academic-grade methodology with peer review.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States (Media Bias Fact Check LLC, registered in the US). Standard web hosting with advertising partners (Google, Snigel). No user accounts required for core functionality. Subject to US legal process.", "privacyPolicyTldr": "Ad-supported website using Google AdSense and Snigel for advertising. Standard web tracking associated with ad networks. No user registration required to access ratings. No sensitive user data collected beyond standard web analytics. Third-party ad cookies are present.", "practicalMitigations": "Use an ad blocker when browsing the site to minimize tracking from advertising networks. Don't treat any single MBFC rating as definitive — cross-reference with AllSides, Ad Fontes Media, or NewsGuard for additional perspectives. No login required, so no account data at risk. The site is a reference tool, not a workflow tool — you're reading ratings, not submitting data.", "owner": "Media Bias Fact Check LLC (Dave Van Zandt, sole owner and editor)", "fundingModel": "Self-funded and ad-supported. No institutional investors, no grants, no political organization funding. Revenue comes entirely from third-party advertising (Google AdSense, Snigel). Volunteers contribute ratings work and receive variable cash gifts based on contribution.", "businessModel": "Free ad-supported website. Revenue from display advertising. No subscription fees, no premium tier for core ratings. Independence maintained by avoiding direct funding from political organizations or media companies being rated.", "knownIssues": "One-person operation with volunteer help — scalability and consistency concerns are real. Founder has no formal journalism or political science credentials. Methodology combines objective and subjective measures without external peer review. Some critics argue the 'center' bias anchor point is itself a subjective editorial choice. Individual ratings can lag behind source changes (a formerly reliable outlet that degrades may keep its old rating). Ad-heavy experience without a blocker. Limited coverage of non-English sources.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "This is a reference website, not a workflow tool — you read it, you don't submit sensitive data to it. HTTPS is enabled. The main privacy consideration is standard ad-network tracking (Google AdSense, Snigel), which is easily mitigated with an ad blocker. No user accounts, no sensitive data collection. The security question here is about the reliability of the information rather than data protection — and on that front, it's a useful first-pass reference that shouldn't be treated as authoritative on its own." }, { "name": "Media Cloud", "slug": "mediacloud", "url": "https://mediacloud.org", "tagline": "Open-source media analysis platform. Search and analyze news coverage across 60,000+ sources and 1 billion+ stories worldwide.", "category": "newsgathering", "openSource": true, "whoItsFor": "Journalists studying how news stories spread across media ecosystems. Researchers analyzing coverage patterns, framing, and sourcing across thousands of outlets. Fact-checkers and media critics tracking narrative formation. Policy reporters comparing how different outlets cover the same story. Anyone doing systematic media analysis rather than one-off searches.", "pricing": "Free to use. Account required for full search access. Open-source tools available on GitHub.", "freeOption": true, "editorialTake": "Media Cloud is the most powerful open-source tool for understanding how news travels. Originally developed at Harvard's Berkman Klein Center and MIT's Center for Civic Media, it's now run as a consortium by the Media Ecosystems Analysis Group, University of Massachusetts Amherst, and Northeastern University. The platform indexes over 1 billion stories from 60,000+ news sources worldwide — the largest open-source news database that exists. Media Cloud Search lets you analyze how digital news covers specific topics: which outlets publish what, when coverage spikes, and how framing differs across media ecosystems. The Media Cloud Directory catalogs all 60,000+ sources with metadata. For journalists, the use cases are concrete: track how a story spread from a single outlet to national coverage, compare how left- and right-leaning media covered the same event, identify which outlets drove a narrative, or find underreported angles by seeing what everyone else missed. The platform moved from Harvard/MIT to its current consortium structure, which brought growing pains — some tools and documentation lag behind the ambition. The learning curve is real. But nothing else offers this scale of media analysis for free and open source. GDPR Note: Media Cloud indexes published articles, not private data.", "bestFor": "Analyzing news coverage patterns at scale. Tracking how stories spread across media ecosystems. Comparing coverage framing across outlets and political leanings. Identifying which outlets broke a story and how it propagated. Academic and investigative media research.", "notFor": "Real-time news monitoring (there's a processing delay). Social media analysis (this covers news outlets, not Twitter or Facebook). Simple news searches — Google News is faster for quick lookups. Journalists who need a turnkey tool with no learning curve. Broadcast media analysis (primarily text-based digital news).", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States. Hosted by consortium institutions (UMass Amherst and Northeastern University). Data consists of indexed public news articles and metadata.", "privacyPolicyTldr": "Media Cloud collects account information for registered users. The indexed data consists entirely of publicly published news articles and metadata — no private or personal data is scraped. Terms of Use and Privacy Policy available on site. As an academic research tool, data practices are governed by university institutional policies. No advertising or commercial data monetization.", "practicalMitigations": "Create an account with a professional email — some search features require login. Export and save your research results locally; as a nonprofit academic project, service continuity depends on ongoing institutional support and funding. Cross-reference Media Cloud findings with direct source verification — the platform indexes article metadata and content but automated processing can introduce classification errors. Understand that coverage of non-English sources is less comprehensive than English-language media. The 60,000+ source count includes varying levels of reliability — use Media Cloud's source metadata to filter appropriately.", "owner": "Media Cloud Consortium: Media Ecosystems Analysis Group, University of Massachusetts Amherst, and Northeastern University. Originally developed at Harvard University's Berkman Klein Center for Internet & Society and MIT's Center for Civic Media.", "fundingModel": "Nonprofit academic project. Funded by university institutional support and research grants. Originally supported by Ford Foundation, Knight Foundation, and Open Society Foundations during the Harvard/MIT era. Current funding structure tied to consortium member institutions.", "businessModel": "Free public research tool. No commercial revenue. Sustained by academic institutional support, research grants, and open-source community contributions.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "Academic nonprofit with no commercial data incentives. Indexes only publicly published news content — no private data collection beyond user accounts. Open-source codebase allows independent security review. US-hosted at university infrastructure. The main risk is institutional: as an academic project, long-term service continuity depends on funding and institutional commitment. The transition from Harvard/MIT to the current consortium was bumpy. Adequate for media research purposes." }, { "name": "Media Defence", "slug": "media-defence", "url": "https://www.mediadefence.org/", "tagline": "Free legal representation for journalists worldwide with emergency defense funding.", "category": "legal", "builtForJournalism": true, "whoItsFor": "Journalists and independent media outlets facing legal threats anywhere in the world.", "pricing": "Free", "freeOption": true, "editorialTake": "Media Defence provides actual lawyers, not just advice — they fund and coordinate legal representation in cases that set precedent for press freedom globally.", "bestFor": "Journalists facing criminal charges, civil suits, or regulatory action related to their reporting. Emergency defense funding for urgent cases.", "notFor": "Non-media legal disputes or cases unrelated to journalism and press freedom.", "owner": "Media Defence", "fundingModel": "Grants and donations", "businessModel": "Nonprofit", "reviewedBy": "Preliminary assessment by Fieldwork", "lastReviewedDate": "2026-04-12" }, { "name": "Microsoft Copilot", "slug": "microsoft-copilot", "url": "https://copilot.microsoft.com", "tagline": "Microsoft's free AI assistant powered by GPT-4 class models. Web search integration, image generation, and document analysis — no account required for basic use.", "category": "ai", "openSource": false, "threatLevel": "baseline", "whoItsFor": "Journalists who want a free LLM interface for research assistance, brainstorming, summarization, and writing support. Anyone already in the Microsoft ecosystem (Outlook, Word, Teams) who wants AI integrated into their existing workflow. Reporters who need web-grounded answers with citations rather than pure generative output.", "pricing": "Free tier: access to GPT-4 class models, web search, image generation (15 boosts/day), no account required. Microsoft 365 Personal/Family: $9.99-$12.99/month includes Copilot in Word, Excel, PowerPoint, Outlook. Microsoft 365 Business: $30/user/month (or $21 for businesses under 300 employees as of December 2025). Copilot Pro as standalone was discontinued in 2026 — now bundled into Microsoft 365 Premium at $19.99/month.", "freeOption": true, "editorialTake": "Microsoft Copilot is the most accessible free LLM on the market — you can use it without creating an account, and it runs GPT-4 class models with built-in web search. For journalists, the web-grounded responses with source citations are genuinely useful for initial research, background checks, and summarization. It won't hallucinate as much as base GPT because it's pulling from indexed web pages and citing them. The free tier is generous enough for daily use. The image generation is a bonus but not journalism-critical. Where Copilot gets interesting (and expensive) is the Microsoft 365 integration — Copilot in Word, Excel, and Outlook transforms how you work with documents, data, and email. At $30/user/month for business plans, it's a real budget line item, but for newsrooms already paying for Microsoft 365, the incremental value is high. The privacy story is better than most: Microsoft explicitly states that personal conversations aren't used to train models, uploaded files are deleted after 30 days, and enterprise plans include full data protection commitments. The catch is that you're giving Microsoft your prompts, your documents, and your research patterns — and Microsoft is a company that cooperates with law enforcement. For routine journalism work, this is fine. For sensitive investigative research, use a local model instead. Compared to ChatGPT: Copilot's free tier includes web search (ChatGPT charges for this), but ChatGPT's paid tier has better reasoning models and more customization.", "bestFor": "Free daily AI assistance for research, summarization, and writing. Web-grounded answers with source citations for background research. Document analysis and summarization (upload PDFs, ask questions). Newsrooms already on Microsoft 365 who want AI integrated into Word, Excel, and Outlook. Quick image generation for social media or mockups.", "notFor": "Sensitive investigative research where your queries themselves are confidential — Microsoft can see your prompts. Workflows requiring API access or custom integrations (OpenAI's API is more flexible). Journalists who need the most advanced reasoning models (Claude or GPT-4o handle complex analysis better). Anyone philosophically opposed to Big Tech AI. Users who need offline or local model access.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (Microsoft Corporation, Redmond, Washington). Enterprise plans offer data residency options in multiple regions. Consumer data processed on Microsoft's global Azure infrastructure. Subject to US legal process, including FISA court orders and national security letters. Microsoft publishes transparency reports on government data requests.", "privacyPolicyTldr": "Microsoft states it does not use personal Copilot conversations to train foundation models. Uploaded files are stored securely for up to 30 days then deleted. Conversations are not shared with other users. Users can disable personalization and memory features. Enterprise plans add full data protection with no training on organizational data. However, Microsoft retains the right to review content for safety and terms of service compliance.", "practicalMitigations": "Don't use Copilot for research queries that would reveal sensitive investigative targets or sources. Disable personalization and memory features if you don't want Microsoft building a profile of your research patterns. Use the free tier without an account for maximum anonymity. For sensitive work, run a local model (Ollama + Llama, or similar) instead. Clear conversation history regularly. Enterprise users should verify their data residency and retention settings match editorial policy.", "owner": "Microsoft Corporation", "fundingModel": "Division of Microsoft (market cap $3T+). Copilot is a strategic product leveraging Microsoft's $13B+ investment in OpenAI and Azure AI infrastructure.", "businessModel": "Freemium funnel driving Microsoft 365 subscriptions. Free tier acquires users, paid tiers ($10-$30/month) monetize through productivity suite integration. Enterprise contracts at scale. Advertising-free in the product itself. Copilot strengthens Microsoft's ecosystem lock-in across Office, Azure, and Windows.", "knownIssues": "Free tier provides access to latest models only during non-peak hours — response quality may vary by time of day. Copilot Pro was discontinued as a standalone product in 2026, forcing users into the full Microsoft 365 bundle. Web search grounding sometimes surfaces outdated or low-quality sources. Image generation has content restrictions that can block legitimate journalism use cases (depicting public figures, news events). Microsoft's cooperation with US law enforcement and intelligence agencies is documented — your prompts are subject to legal process. The product evolves rapidly — features and pricing change frequently.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "Enterprise-grade infrastructure (Azure), encryption in transit and at rest, explicit no-training policy for personal conversations, SOC 2 and ISO 27001 certified. The privacy commitment is stronger than most consumer AI products. The caveat is structural: Microsoft is a US company subject to FISA, national security letters, and law enforcement requests. For routine journalism AI assistance, this is fine — the free tier with no account is surprisingly privacy-friendly. For investigative research where your queries themselves are sensitive, use a local model." }, { "name": "Midjourney", "slug": "midjourney", "url": "https://www.midjourney.com", "tagline": "The most popular AI image generator. Produces high-quality stylized and photorealistic output. No Content Credentials, no provenance trail, no IP indemnification for most users.", "category": "visuals", "additionalCategories": [ "ai" ], "openSource": false, "whoItsFor": "Visual journalists and editors who need concept art, illustrations, or editorial graphics and prioritize output quality over provenance. Freelancers creating social media visuals, newsletter headers, or explainer graphics. Designers who want stylized output that Adobe Firefly cannot yet match.", "pricing": "Basic: $10/month (3.3 GPU hours, ~200 images). Standard: $30/month (15 GPU hours). Pro: $60/month (30 GPU hours, Stealth Mode). Mega: $120/month (60 GPU hours, Stealth Mode). Annual billing saves 20%. Companies with over $1M gross revenue must use Pro or Mega for commercial work. Enterprise tier available with SSO and API access.", "freeOption": false, "editorialTake": "Midjourney is the aesthetic benchmark for AI image generation. Version 6 (launched 2024) and subsequent updates produce photorealistic and stylized output that consistently outperforms competitors in blind comparisons. The web app launched in 2024, ending the Discord-only era, and native iOS/Android apps followed in 2025. The company hit $500M in revenue in 2025 with roughly 40 employees and no outside funding until a $150M Series B from Lightspeed in late 2025 at a $10B valuation. The critical gap for journalism: Midjourney does not embed C2PA Content Credentials. Images carry IPTC metadata (prompt, Job ID, digital source tag), but this metadata is unsigned and trivially editable with ExifTool. Adobe Firefly, DALL-E 3, and Google Imagen all embed cryptographically signed C2PA provenance. Midjourney does not. For newsrooms that have adopted provenance standards — BBC, NYT, Reuters — this is disqualifying. There is also no IP indemnification below the Enterprise tier. Midjourney trains on web-scraped data, and multiple copyright lawsuits remain active (Getty Images, artists' class action). The output quality is undeniable. The governance story is not.", "bestFor": "Editorial illustration where provenance requirements do not apply. Concept art and mood boards. Social media graphics and newsletter visuals. Any visual workflow where aesthetic quality matters more than a verifiable chain of custody.", "notFor": "Any newsroom that requires C2PA Content Credentials or provenance metadata. Photojournalism or depictions of real events. Organizations that need IP indemnification (unless on Enterprise). Workflows where you must prove an image was AI-generated to compliance teams. Journalists covering sensitive topics who cannot have prompts visible in public galleries (Stealth Mode requires Pro or above).", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (Midjourney Inc., San Francisco, California). Processing on Midjourney's cloud infrastructure.", "privacyPolicyTldr": "Account required. Prompts and generated images are stored on Midjourney servers. By default, all generations are public and visible to other users. Stealth Mode (Pro/Mega only) hides your images from public galleries but does not prevent Midjourney from storing and processing them. Midjourney's ToS grant a broad license to use, reproduce, and display user-generated content. No explicit commitment not to train on user prompts or outputs.", "practicalMitigations": "Use Pro or Mega plan with Stealth Mode if working on unreleased editorial projects — default is public. Strip or verify metadata before publishing if you don't want prompts exposed. Do not use for anything depicting real people or real events. Document AI use in your captions and disclosure policy. Consider Adobe Firefly if your publication requires Content Credentials. If copyright indemnification matters, confirm Enterprise terms in writing.", "owner": "Midjourney Inc. Private company founded in 2022 by David Holz (CEO), previously co-founder of Leap Motion. Headquartered in San Francisco, California. Approximately 40 employees as of 2025.", "fundingModel": "Bootstrapped from founding through mid-2025, reaching profitability in August 2022. Raised $150M Series B from Lightspeed Venture Partners in late 2025 at a reported $10B valuation.", "businessModel": "Subscription SaaS. Revenue from individual and enterprise subscriptions. Hit $500M annual revenue in 2025. Also offers a developer API (launched late 2025) for third-party integrations.", "knownIssues": "No C2PA Content Credentials — images lack cryptographically signed provenance, unlike Adobe Firefly, DALL-E 3, and Google Imagen. Active copyright lawsuits including Getty Images (filed January 2023) and a class-action from visual artists. Training data scraped from the open web without explicit creator consent. Default public generation means prompts and outputs are visible to all users unless on Pro/Mega with Stealth Mode. EU AI Act transparency requirements (effective August 2026) may require labeling that Midjourney does not yet support at the metadata level.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "relatedPrograms": [], "securityRating": "caution", "securityRatingNote": "Midjourney is a well-funded, profitable company with reasonable infrastructure security. The 'caution' rating reflects the absence of C2PA Content Credentials (a significant gap for editorial use), the lack of IP indemnification for most users, active copyright litigation, default public visibility of all generations, and no explicit commitment regarding training on user content. For non-editorial creative work these are manageable risks; for journalism with provenance requirements they are disqualifying." }, { "name": "Miro", "slug": "miro", "url": "https://miro.com", "tagline": "Collaborative whiteboard for visual planning, investigation mapping, and newsroom brainstorming. SOC 2 and ISO 27001 certified.", "category": "writing", "openSource": false, "whoItsFor": "Investigative teams mapping connections between people, organizations, and events. Newsroom editors planning story coverage and editorial calendars. Reporters doing source mapping and timeline reconstruction. Any journalism team that needs a shared visual workspace for brainstorming or project planning.", "pricing": "Free: 3 editable boards, unlimited team members. Starter: $8/user/month annual ($10/month monthly) — unlimited boards, all collaboration tools. Business: $16/user/month annual — SSO, advanced admin, guest access controls. Enterprise: custom pricing — SCIM, data governance, audit logs, SLA.", "freeOption": true, "editorialTake": "Miro is the dominant collaborative whiteboard — 80M+ users, $500M ARR, and a $17.5B valuation as of 2022. For journalism, it's useful for investigation mapping (linking people, organizations, money flows), editorial planning (kanban boards, calendars), and brainstorming sessions. The infinite canvas with sticky notes, connectors, mind maps, and embedded media makes it easy to build visual representations of complex stories. The June 2024 acquisition of Uizard (Danish AI design startup) signals Miro's push into AI-assisted workflows. The company was founded in 2011 in Perm, Russia as RealtimeBoard, rebranded to Miro in 2019, and is now co-headquartered in Amsterdam and San Francisco. SOC 2 Type II and ISO 27001 certified, with enterprise-grade encryption, SSO, and SCIM. The free tier (3 boards, unlimited members) is enough for a small team to evaluate. The concern for journalists: boards are cloud-stored, and anything you put on a Miro board lives on their servers. For sensitive investigation mapping, consider an offline tool like draw.io (diagrams.net) desktop instead.", "bestFor": "Investigation mapping and link analysis. Editorial planning and story tracking. Newsroom brainstorming and ideation sessions. Timeline reconstruction for complex stories. Visual project management for multi-reporter investigations.", "notFor": "Sensitive investigation boards with confidential source identities (cloud-stored). Offline environments without internet access. Simple task management (overkill — use a task list). Document writing or drafting (Miro is visual, not textual).", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States and EU. RealtimeBoard, Inc. dba Miro is incorporated in the US (San Francisco) with co-headquarters in Amsterdam. SOC 2 Type II and ISO 27001 certified. Enterprise customers can request data residency options.", "privacyPolicyTldr": "Account required. Board content stored on Miro servers. Free and Starter plans have limited admin controls over data. Business and Enterprise tiers add SSO, SCIM, advanced privacy controls, and audit logs. Miro collects usage analytics. Review the privacy policy for AI feature data handling — the 2024 Uizard acquisition expanded AI capabilities.", "practicalMitigations": "Do not put confidential source identities, sensitive investigation details, or unpublished story specifics on Miro boards — content is cloud-stored. Use guest access controls to limit who can view boards. On Enterprise plans, enable SSO and SCIM for user management. Export board content regularly as backups. For sensitive visual mapping, use diagrams.net (draw.io) desktop app instead — it's free, open-source, and fully offline.", "owner": "RealtimeBoard, Inc. dba Miro, co-headquartered in Amsterdam and San Francisco. Co-founders: Andrey Khusid (CEO) and Oleg Shardin. Founded in 2011 in Perm, Russia as RealtimeBoard; rebranded to Miro in 2019.", "fundingModel": "Venture-backed. $476M total raised. Investors include ICONIQ Capital, Accel, Atlassian Ventures, Dragoneer, GIC (Singapore sovereign wealth fund), Salesforce Ventures. Last private valuation: $17.5B (January 2022 Series C).", "businessModel": "Freemium SaaS. $500M ARR as of 2026. 80M+ users. Revenue from Starter, Business, and Enterprise subscriptions. Acquired Uizard (AI design) in June 2024.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "SOC 2 Type II and ISO 27001 certified. Enterprise-grade encryption, SSO, and SCIM on higher tiers. Zero Trust Architecture. The security infrastructure is solid for a collaboration tool at this scale. Free and Starter tiers lack admin controls. Not recommended for boards containing confidential source material or sensitive investigation details — content lives on Miro servers." }, { "name": "Muck Rack", "slug": "muck-rack", "url": "https://muckrack.com", "tagline": "PR database that profiles 600K+ journalists and sells access to communications teams. Free portfolio tools for journalists — but you are the product.", "category": "publishing", "additionalCategories": [ "newsgathering", "messaging" ], "openSource": false, "builtForJournalism": true, "whoItsFor": "Journalists who want a free online portfolio and media alerts. PR and communications teams who need a media database, outreach tools, and coverage monitoring. Freelancers building visibility with editors and PR contacts.", "pricing": "Free for journalists: portfolio profile, media alerts (600K+ outlets), verified journalist badge with access to the media database. PR side is quote-based, annual contracts only, no month-to-month option. Reported pricing ranges from ~$5,000/year for a single user to $15,000/year for small teams, with enterprise deals reaching $40,000–$53,000/year for 5–9 users. Three tiers each for brands and agencies. Generative Pulse (LLMO/AI visibility monitoring) is available only on Muck Rack Premier, the top tier.", "freeOption": true, "editorialTake": "Muck Rack is the dominant journalist-PR matching platform, used by over 5,000 companies and tracking 600,000+ media sources. Founded in 2009 by Gregory Galant and Lee Semel, the company was self-funded and profitable for 13 years before raising a $180M Series A from Susquehanna Growth Equity in September 2022. It acquired Keyhole (social listening) in September 2024 and Ruepoint (media intelligence, 450+ clients) in January 2025. In May 2025, it launched press release distribution via a GlobeNewswire partnership. In July 2025, it shipped Generative Pulse, a tool that tracks how brands appear in AI-generated answers from ChatGPT, Claude, and Gemini — one of the first PR-specific LLMO products. The core tension: Muck Rack gives journalists free portfolios, media alerts, and a verified badge program, then monetizes that journalist data by selling database access, contact details, and outreach tools to PR teams at $5,000–$53,000/year. Journalist profiles are created automatically when Muck Rack ingests articles — no opt-in required. Profiles include name, title, employer, email, phone, social accounts, beat topics, pitch preferences, and published work. Journalists can claim, edit, or hide their profiles, but PR users retain relationship data even after a journalist removes their profile. The platform collects contact lists uploaded by PR customers and uses that data to update the journalist database. This is not a secret — Muck Rack is transparent about the model — but many journalists do not realize the extent to which their professional data is aggregated and sold. The free journalist tools are genuinely useful: media alerts are fast and cover 600K+ outlets, the portfolio is a clean public-facing page, and verified journalists get database search access. The 2026 State of Journalism survey (produced by Muck Rack) found 82% of journalists use AI tools. Muck Rack has a 4.6/5 rating on G2 (270+ reviews). Common complaints: opaque pricing, steep learning curve, limited report customization, and occasionally stale contact data. For journalists, the calculus is straightforward: the free tools are useful, but understand that your profile, contact info, and publishing history are the product being sold. Decide accordingly.", "bestFor": "Journalists building a public portfolio. Freelancers who want to be discoverable by editors and PR teams. PR and communications teams running media outreach campaigns. Anyone tracking media coverage across 600K+ outlets.", "notFor": "Journalists who want to minimize their digital footprint or keep contact details out of PR databases. Reporters on sensitive beats where discoverability is a liability. Organizations that need open-source or self-hosted media monitoring.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. Muck Rack is headquartered in New York (operates fully remote). No public documentation of data residency options or regional hosting.", "privacyPolicyTldr": "Muck Rack collects journalist data from publicly indexable sources — articles, social media, websites, RSS feeds — and creates profiles automatically without opt-in. PR customers can upload journalist contact lists, which Muck Rack uses to update the database. Collected data includes name, title, employer, email, phone, social profiles, photos, pitch preferences, topics covered, and location. Journalists can claim profiles, edit information, or request full removal by emailing hello@muckrack.com. However, PR users retain relationship data for removed journalists. Data is encrypted in transit (TLS 1.2+) and at rest (AES-256). The platform is SOC 2 certified with regular security testing. Muck Rack states it does not sell personal information in the CCPA sense but does share journalist data with paying PR customers as a core business function. Journalists have the right to object to processing for direct marketing and can request data access or deletion under GDPR and CCPA.", "practicalMitigations": "Claim your Muck Rack profile to control what information is visible — unclaimed profiles display whatever Muck Rack's automated system scraped. Review and remove any contact details you do not want PR teams to access (personal email, phone numbers). If you want full removal, email hello@muckrack.com with a link to your profile, but understand that PR users who previously saved your data retain their relationship records. Do not use your Muck Rack profile email for sensitive source communication — PR teams and their tools have access to it. If you are on a sensitive beat, consider hiding your profile entirely. Treat Muck Rack as a public-facing professional directory, not a private tool. For media monitoring, the free journalist alerts are useful but route through Muck Rack's infrastructure — if operational security matters, use RSS readers or self-hosted alternatives instead.", "owner": "Sawhorse Media, Inc. (privately held). Co-founded by Gregory Galant (CEO) and Lee Semel. Galant also runs the Shorty Awards under the Sawhorse umbrella.", "fundingModel": "Self-funded and profitable from 2009 to 2022. Raised $180M Series A from Susquehanna Growth Equity in September 2022 — one of the largest investments in PR technology. Acquired Keyhole (social listening, September 2024) and Ruepoint (media intelligence, January 2025).", "businessModel": "Two-sided marketplace. Free tools for journalists (portfolio, alerts, verified badge) attract and retain journalist profiles. Revenue comes from selling database access, outreach tools, media monitoring, and analytics to PR and communications teams via annual SaaS subscriptions ($5K–$53K+/year). Generative Pulse (LLMO monitoring) is a premium add-on. Press release distribution launched May 2025 via GlobeNewswire partnership.", "knownIssues": "Journalist profiles are created automatically from published articles without opt-in — many journalists do not know they have a Muck Rack profile until a PR person pitches them through it. PR users retain relationship data even after a journalist hides or removes their profile. Pricing is opaque and quote-based, with wide variance reported ($5K–$53K/year). Annual contracts only — no monthly option. Some users report stale contact data as journalists change jobs. The learning curve is steep for new PR users. Report customization is limited. Muck Rack's annual State of Journalism survey, while widely cited, is produced by a company whose revenue depends on PR teams reaching journalists — the framing favors the PR-journalist relationship model.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "Encrypted in transit (TLS 1.2+) and at rest (AES-256). SOC 2 certified with regular security testing and a responsible disclosure program. No major breaches or security incidents in the public record. The primary risk is not technical — it is data exposure by design. Muck Rack's business model requires aggregating journalist contact details and making them accessible to paying PR customers. Journalists on sensitive beats should treat their Muck Rack profile as a public directory listing. The platform does not offer end-to-end encryption, two-factor authentication documentation is not publicly available, and there are no published data residency options. Adequate for general-purpose journalist portfolio and media monitoring use. Not appropriate for journalists who need to minimize their professional footprint or control who can access their contact information." }, { "name": "MuckRock", "slug": "muckrock", "url": "https://www.muckrock.com", "tagline": "File, track, and share public records requests — with a nonprofit that actually files them for you.", "category": "newsgathering", "additionalCategories": [ "newsgathering", "data" ], "openSource": true, "builtForJournalism": true, "whoItsFor": "Journalists, researchers, and civic advocates filing FOIA and public records requests. MuckRock acts as a middleman — it files the request on your behalf, timestamps submissions and responses, auto-follows up, digitizes paper responses, and publishes results to a searchable public archive. Also runs DocumentCloud (document hosting used by NYT, ProPublica, Washington Post) and FOIA Machine (free DIY tracker). The Sunlight Research Desk offers dedicated research staff for newsrooms that need hands-on help.", "pricing": "Free tier: create an account, search the archive, file requests (pay per request at ~$5 each). Pro: $40/month — 20 requests/month, 30-day embargo, 2,000 DocumentCloud AI credits. Organization: $100/month — 50 requests/month, permanent embargo, 5,000 AI credits, unlimited members. Additional request bundles: $60 for 20 requests. Sunlight Research Desk: $4,000-$16,000/year (nonprofit rate) for dedicated research hours and investigative consultations.", "journalistDiscount": "MuckRock is a 501(c)(3) nonprofit. Pricing is already journalist-friendly. Sunlight Research Desk offers nonprofit rates at 50% off standard pricing. Some grant-funded projects provide free accounts for specific investigations.", "freeOption": true, "editorialTake": "MuckRock is the gold standard for public records work in the U.S. Founded in 2010 by Michael Morisy and Mitchell Kotler, reincorporated as a nonprofit in 2016, and merged with DocumentCloud in 2018 — it now operates the infrastructure that major newsrooms depend on for document publishing. The platform has processed over 120,000 FOIA requests across 22,000+ government agencies. Its incentives are fully aligned with journalism: no ads, no data selling, open-source codebase on GitHub. The 2025 Knight Foundation grant expanded its toolkit for smaller newsrooms. DocumentCloud's AI credits (GPT-powered Add-Ons for document classification, summarization, de-jargonization) add real analytical capability. The January 2025 DocumentCloud redesign and MuckRock API v2 show active development. In the current federal transparency environment — DOGE dismantling FOIA offices, agencies ghosting requesters — MuckRock's institutional knowledge and legal persistence matter more than ever.", "bestFor": "Filing and tracking FOIA requests without learning each agency's process. Searching 120,000+ existing public records requests before filing your own. Crowdsourced investigations via Assignments tool. Publishing source documents through DocumentCloud. AI-assisted document analysis (classification, summarization, OCR) via DocumentCloud Add-Ons.", "notFor": "Confidential records requests. MuckRock requests are public by default — anyone can see what you filed and when. If your investigation depends on the agency not knowing who's asking or what you're looking at, file directly with the agency. MuckRock's embargo feature delays publication but doesn't prevent MuckRock staff from seeing the request. Also U.S.-only: no support for international FOI regimes.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States", "privacyPolicyTldr": "MuckRock is a 501(c)(3) nonprofit. Account data is minimal — email and name. FOIA requests filed through MuckRock are public by design (that's the point). Private notes stay private. MuckRock does not sell user data, does not run advertising, does not share data with third parties beyond what's needed to file requests. DocumentCloud documents can be set to private, organization-only, or public. The unified authentication system (Squarelet) handles both MuckRock and DocumentCloud accounts.", "practicalMitigations": "FOIA requests are publicly visible by default — treat them as published. (1) Use the embargo feature to delay publication during active investigations (30 days on Pro, permanent on Organization). (2) File sensitive requests directly with the agency if you need to hide your identity or interest. (3) MuckRock staff can coordinate on sensitive requests — email them. (4) DocumentCloud supports private document uploads that are not publicly searchable. (5) Use a separate email for your MuckRock account if you want to limit connection to your newsroom identity.", "owner": "MuckRock Foundation (501(c)(3) nonprofit), Boston, MA", "fundingModel": "Nonprofit. Revenue from Pro/Organization subscriptions, DocumentCloud subscriptions, and Sunlight Research Desk memberships. Grant funding from Knight Foundation (ongoing — new grant in August 2025 for newsroom tooling expansion), Democracy Fund (general operating support), and others. Successfully sued the CIA in 2014 and won 25 years of declassified documents published in 2017.", "businessModel": "Nonprofit subscription + grants + research services. Pro and Organization tiers fund core operations. Sunlight Research Desk ($4K-$16K/year) provides dedicated research staff to newsrooms. Grant funding supports specific journalism infrastructure projects. No advertising, no data monetization. Open-source codebase. All incentives point toward transparency.", "knownIssues": "Federal FOIA response times have deteriorated sharply since early 2025 — DOGE has fired FOIA officers at multiple agencies (OPM, USIP, others), and some agencies are simply not responding. This is not a MuckRock problem, but it means requests filed through the platform are taking longer or going unanswered at the federal level. State and local requests are unaffected. DocumentCloud's new UI (January 2025) had a learning curve for longtime users. The AI credits system (GPT-powered Add-Ons) is useful but limited — 2,000 credits/month on Pro doesn't go far on large document sets. FOIA Machine (the free DIY tracker) still exists but gets minimal development attention compared to the core MuckRock platform.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Nonprofit with fully aligned incentives. Open-source codebase. Minimal data collection. Funded by Knight Foundation and Democracy Fund, not advertisers. Operates DocumentCloud — the document-publishing infrastructure used by the world's top newsrooms. One of the most trustworthy tools in the journalism ecosystem." }, { "name": "Mullvad VPN", "slug": "mullvad-vpn", "url": "https://mullvad.net", "tagline": "Privacy-focused VPN. No account needed. No logging. Pay with cash or crypto.", "category": "security", "openSource": true, "threatLevel": "high-risk", "whoItsFor": "Journalists investigating sensitive topics, working from hostile networks, or needing to obscure their IP from surveillance-capable adversaries. Also useful for researchers, activists, and anyone whose browsing patterns could be used against them.", "pricing": "€5/month flat. Same price since 2009 — no tiers, no annual discount, no upselling. Pay with cash mailed to Sweden, crypto (10% discount), or card. 14-day refund window (reduced from 30 days in 2025).", "freeOption": false, "editorialTake": "Mullvad is the most privacy-respecting VPN available. No email required — you get a random 16-digit account number. No logs, verified by multiple independent audits (X41 D-Sec, Assured Security Consultants, Cure53, NCC Group) and a real-world police raid in April 2023 where Swedish authorities seized nothing because there was nothing to seize. All 700+ servers run entirely on RAM with zero persistent storage. DAITA v2 (March 2025) adds AI traffic analysis resistance — constant packet sizes, dummy traffic injection, server-defined dynamic configs — available on 40+ servers across 15 countries. Post-quantum WireGuard enabled by default on all platforms. GotaTun, their new Rust-based WireGuard implementation (December 2025), cut Android crash rates from 0.40% to 0.01% and passed its first independent audit in early 2026 with no major vulnerabilities. The €5/month flat rate since 2009 with no VC funding signals a company that optimizes for privacy, not growth. If you need a VPN, this is the one.", "bestFor": "Obscuring your IP while researching sensitive topics. Working from public or untrusted Wi-Fi. Circumventing geographic restrictions on news sources. Defeating AI-powered traffic analysis with DAITA. Post-quantum protection against future decryption of recorded traffic.", "notFor": "Mullvad hides your IP from destination websites but can see your traffic metadata (not content — WireGuard encrypts that). For true anonymity where no single entity sees both who you are and what you access, use Tor Browser. Mullvad's server network (~700 servers, 49 countries) is smaller than ProtonVPN or NordVPN, so not ideal if you need many geographic options or fast streaming. Speeds peak around 350 Mbps — fine for research, not optimized for 4K streaming.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Sweden. Mullvad VPN AB is subject to Swedish law. Sweden's Electronic Communications Act (LEK) mandates data retention for ISPs but explicitly does not apply to VPN providers. The Covert Surveillance of Data Act (made permanent April 2025) allows court-ordered monitoring, but requires data to exist — Mullvad's RAM-only architecture means there is nothing to intercept retroactively. Sweden is a 14 Eyes country, which makes some threat modelers nervous, but Mullvad's architecture makes the jurisdiction largely moot. Worth watching: an EU-wide data retention proposal targeting VPN providers is expected in the first half of 2026.", "privacyPolicyTldr": "No activity logs, no connection logs, no IP addresses, no bandwidth data, no account activity, no DNS queries. Servers run entirely on RAM — data is gone on reboot. Account numbers are random 16-digit strings with no linked email or identity. In April 2023, Swedish police raided Mullvad's Gothenburg office with a search warrant and left empty-handed. Audit trail: Cure53 infrastructure audit (June 2024, no critical issues), X41 D-Sec app penetration test (November 2024, six findings — zero critical, three high, all fixed), Assured Security Consultants web app audit (August 2025, no medium+ issues), NCC Group Android MASA assessment (March 2025, passed all controls), Assured Security GotaTun audit (February 2026, no major vulnerabilities).", "practicalMitigations": "Use WireGuard (post-quantum enabled by default) for best performance and future-proof encryption. Enable DAITA on supported servers if you are concerned about AI-powered traffic fingerprinting — it roughly doubles bandwidth use but makes pattern analysis dramatically harder. Enable the kill switch to prevent traffic leaks on disconnect. Use multihop (available on all platforms as of March 2025) to route through two servers when you need extra separation. Do not log into personal accounts while VPN is active if your goal is identity separation. For full anonymity, layer Tor Browser over the VPN. Mullvad Browser (co-developed with the Tor Project) is a good middle ground — Tor's fingerprinting resistance without the Tor network.", "owner": "Mullvad VPN AB", "fundingModel": "Self-funded since 2009. No venture capital. No outside investors.", "businessModel": "Paid subscriptions only. €5/month flat rate unchanged since founding. No free tier, no ads, no data monetization. Revenue comes exclusively from subscriptions. The company donates hundreds of thousands of free accounts yearly to privacy-focused organizations.", "knownIssues": "In 2023, donated Mullvad account numbers appeared on dark web forums, triggering breach headlines. Mullvad confirmed these were freely distributed accounts — no personal data was attached because Mullvad accounts have no personal data. The X41 D-Sec penetration test (November 2024) found three high-severity vulnerabilities in the desktop and mobile apps; all were fixed before the audit report was published. DAITA is only available on ~40 of 700+ servers, so most connections do not have traffic analysis protection. Server network is smaller than competitors (~700 vs. ProtonVPN's 6,000+), limiting geographic options. ProtonVPN now undercuts Mullvad on price at $2.99/month (annual plan) vs. Mullvad's ~$5.50/month equivalent.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "No-logs policy verified by five independent audits (2024-2026) and a real-world police raid. RAM-only servers across entire 700+ node network. No account or email required. All clients open-source (GPL-3.0, Rust-based). Post-quantum WireGuard enabled by default on all platforms. DAITA v2 counters AI traffic analysis. Swedish jurisdiction does not require VPN data retention. GotaTun WireGuard implementation passed independent audit with no major findings. The gold standard for VPN privacy." }, { "name": "n8n", "slug": "n8n", "url": "https://n8n.io", "tagline": "Self-hostable workflow automation with 350+ integrations. Fair-code licensed. The open alternative to Zapier where you keep your data on your own server.", "category": "data", "additionalCategories": [ "ai" ], "openSource": true, "whoItsFor": "Journalists and newsrooms who want Zapier-style automation but need to keep data on their own infrastructure. Developers and power users comfortable with Docker or a VPS. Investigative teams who can't route sensitive workflows through third-party cloud services. Anyone hitting Zapier's per-task pricing ceiling.", "pricing": "Community (self-hosted): free, unlimited workflows and executions. Cloud Starter: $24/month for 2,500 executions. Cloud Pro: $60/month for 10,000 executions. Enterprise: custom pricing with SSO, audit logs, and source-available license. All cloud plans include 5 active workflows minimum. Self-hosted Pro license available for teams needing LDAP/SAML without using n8n Cloud.", "freeOption": true, "editorialTake": "n8n is the automation platform journalists should know about if they've outgrown Zapier on price or trust. Founded in Berlin in 2019 by Jan Oberhauser, it raised $180M in a Series C in October 2025 at a $2.5B valuation, led by Accel with participation from Sequoia and Nvidia NVentures. The product connects 350+ apps — fewer than Zapier's 8,000+, but the important ones are there: Google Sheets, Slack, RSS, webhooks, HTTP requests, databases, email. The real differentiator is self-hosting. Run n8n on your own server via Docker, and every workflow executes on infrastructure you control. No data leaves your environment. For newsrooms handling source tips, FOIA tracking, or sensitive document routing, this is a meaningful upgrade over cloud-only tools. The visual workflow editor is capable but steeper than Zapier's. You build with nodes, not simple trigger-action pairs. Conditional logic, loops, error handling, and custom JavaScript are all native. The AI agent capabilities (LLM chains, RAG pipelines, tool-use agents) are why it sits in the AI category — n8n has become a popular platform for building custom AI workflows without writing full applications. The trade-off: self-hosting means you handle updates, backups, and uptime. The cloud version eliminates that but puts you back in the same trust position as Zapier, just with a smaller company. Fair-code license (Sustainable Use License) means you can view and modify the source, but commercial redistribution is restricted. Compared to Zapier: n8n is dramatically cheaper at scale and self-hostable. Compared to Make: n8n is more developer-oriented with better AI tooling. Compared to Apache Airflow: n8n has a gentler learning curve and a visual editor.", "bestFor": "Automating newsroom workflows on your own infrastructure. Building AI agent pipelines (summarization, monitoring, triage). RSS and web scraping automation. FOIA tracking and document routing. Any automation where data sovereignty matters. Power users who want conditional logic and custom code in their workflows.", "notFor": "Non-technical journalists who want plug-and-play simplicity — Zapier is easier to start with. Newsrooms that need 8,000+ app integrations — Zapier's catalog is far larger. Teams without anyone comfortable running Docker or managing a server. Quick one-off automations where Zapier's free tier is sufficient.", "encryptionInTransit": "yes", "encryptionAtRest": "partial", "dataJurisdiction": "Self-hosted: wherever you deploy it — you choose the jurisdiction. Cloud: Germany (n8n GmbH, Berlin). AWS EU infrastructure for cloud instances. Self-hosted instances store all data locally in your chosen database (SQLite default, PostgreSQL recommended for production).", "privacyPolicyTldr": "Self-hosted n8n sends no workflow data to n8n GmbH — telemetry (anonymous usage stats) can be disabled entirely. Cloud version processes workflow data on n8n's EU infrastructure. n8n GmbH is a German company subject to GDPR by default. Cloud credentials for connected apps are encrypted at rest. No data selling. Enterprise plans add audit logs and SAML SSO.", "practicalMitigations": "Self-host for any workflow involving sensitive sources, documents, or communications. Disable telemetry on self-hosted instances if operational security matters. Use PostgreSQL instead of SQLite for production self-hosted deployments. Keep n8n updated — the project ships security patches regularly. Store credentials in n8n's built-in credential manager rather than hardcoding in workflows. Restrict n8n's web interface behind a VPN or reverse proxy with authentication. Back up your workflow database regularly.", "owner": "n8n GmbH (Berlin, Germany)", "fundingModel": "Venture-backed. Seed: $1.5M (2020, Sequoia). Series A: $12M (2021, Felicis). Series B: €55M (2025, Highland Europe). Series C: $180M (October 2025, Accel) at $2.5B valuation. Investors include Sequoia, Nvidia NVentures, Redpoint Ventures.", "businessModel": "Open-core. Community edition is free and self-hostable under the Sustainable Use License. Revenue from n8n Cloud subscriptions (Starter, Pro, Enterprise) and self-hosted Pro/Enterprise licenses with advanced features (SSO, LDAP, audit logs, source-available add-ons).", "knownIssues": "The Sustainable Use License is not OSI-approved open source — it restricts competing commercial use, which matters if you're building a product on top of n8n. Integration catalog (350+) is significantly smaller than Zapier (8,000+) or Make (1,700+), though HTTP/webhook nodes cover most gaps. Self-hosting requires technical competence — misconfigured instances can expose workflow data. The visual editor has a learning curve steeper than Zapier's drag-and-drop. Rapid growth and VC funding ($2.5B valuation) create pressure to monetize features currently in the free tier.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "relatedPrograms": [], "securityRating": "strong", "securityRatingNote": "Self-hosted n8n keeps all workflow data on your own infrastructure — no third party sees your automations or the data flowing through them. German company subject to GDPR. Cloud version encrypts data in transit and credentials at rest on EU infrastructure. The self-hosting option is what elevates this above cloud-only automation tools for journalism. Rating reflects the self-hosted deployment; cloud-only use would be 'adequate' — same trust model as Zapier but with a smaller, EU-based company." }, { "name": "NewsGuard", "slug": "newsguard", "url": "https://www.newsguardtech.com", "tagline": "Browser extension that rates news sites on nine journalistic criteria. Used by libraries, advertisers, and AI companies — and now sued by both sides of the trust war.", "category": "verification", "openSource": false, "builtForJournalism": true, "whoItsFor": "Librarians, educators, advertisers, AI companies, and individual readers who want a third-party reliability rating attached to news URLs. NewsGuard journalists rate sites on nine criteria including whether the site repeatedly publishes false content, corrects errors, avoids deceptive headlines, and discloses ownership and financing.", "pricing": "$4.95/month for personal browser extension. Free for all Microsoft Edge users. Free for libraries and schools. Enterprise pricing for advertisers and AI companies (NewsGuard for AI, NewsGuard for Advertising).", "freeOption": true, "editorialTake": "NewsGuard rates news sites on nine criteria and slaps a green or red shield next to links in Google, Bing, social feeds, and search results. The pitch is simple: hand readers a nutrition label for the source before they click. Co-founded in 2018 by Steven Brill (American Lawyer, Court TV) and Gordon Crovitz (former Wall Street Journal publisher) with $6M led by Publicis Groupe and the Knight Foundation. Hundreds of public libraries get it free. Microsoft bundled it into Edge. The American Federation of Teachers partnered with NewsGuard to train members on misinformation. The product works as advertised — ratings are written by named human analysts and sites get a chance to respond before publication. The controversy is downstream. Conservative outlets accuse NewsGuard of partisan bias. House Republicans opened a 2024 oversight probe. The Daily Wire, The Federalist, and Texas AG Ken Paxton sued the State Department in 2024 over a $25,000 grant to NewsGuard, and a federal judge let the case proceed. In February 2026 NewsGuard sued the Trump FTC, alleging Chairman Andrew Ferguson used the Omnicom-IPG merger conditions to bar the combined ad agency from subscribing to NewsGuard ratings. A separate defamation suit by the Consortium for Independent Journalism was dismissed in March 2025. Bottom line for journalists: NewsGuard is a useful third-party signal, not a verdict. Treat its ratings the way you treat any source — informative, fallible, and worth reading the underlying nutrition label rather than just the score.", "bestFor": "Librarians teaching media literacy to patrons. Educators showing students how source-level signals work. Newsroom researchers wanting a quick second opinion on an unfamiliar outlet. AI companies licensing reliability data for training set hygiene.", "notFor": "Replacing your own source vetting. Settling editorial disputes about a competitor's credibility. Anyone who needs a politically uncontested authority — NewsGuard sits in the middle of an active legal and regulatory fight.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States. Headquartered at 25 W. 52nd Street, New York, NY. Subject to U.S. law and FTC jurisdiction (currently the subject of an active First Amendment lawsuit by NewsGuard against the FTC).", "privacyPolicyTldr": "Browser extension reports the URLs you visit to NewsGuard's rating database to display the appropriate shield. Account required for paid subscribers. Personal data handled per U.S. consumer privacy norms. Specific retention periods not published on the marketing site.", "practicalMitigations": "Treat shield ratings as one input, not a verdict — NewsGuard publishes the underlying nutrition label and you should read it before quoting the score. The extension reports visited URLs to NewsGuard servers, so use a separate browser profile or skip it entirely when researching sensitive sources. Don't rely on NewsGuard alone for sites at the political edges where its ratings are actively contested. For libraries and classrooms, pair it with explicit instruction on the nine criteria so students learn the framework, not the badge.", "owner": "NewsGuard Technologies, Inc. Co-CEOs and Co-Editors-in-Chief Steven Brill and L. Gordon Crovitz. Investors include Publicis Groupe (lead), Knight Foundation, Blue Haven Initiative, ImpactAssets, and Fitz Gate Ventures.", "fundingModel": "Venture and strategic capital. $6M seed in 2018 led by Publicis Groupe. Subsequent Series A from ImpactAssets and others. Founders retain governing rights over editorial products.", "businessModel": "Subscription. $4.95/month consumer extension. Free distribution via Microsoft Edge (Microsoft pays). Free site licenses for libraries and schools. Enterprise contracts with advertisers (brand safety) and AI companies (training data hygiene, retrieval grounding). Government contracts have included a $25,000 State Department grant that became the subject of litigation.", "knownIssues": "Politically contested. House Oversight probe opened 2024. Daily Wire/Federalist/Texas AG lawsuit against State Department grant proceeding. NewsGuard v. FTC First Amendment suit filed February 2026 alleging FTC Chairman Ferguson used Omnicom-IPG merger conditions to block ad-agency clients from using NewsGuard. Defamation suit by Consortium for Independent Journalism dismissed March 2025. Critics on the right argue ratings skew left; NewsGuard publishes its methodology and gives sites a right of reply. Browser extension reports visited URLs to NewsGuard servers.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-07", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "Standard commercial SaaS. HTTPS in transit. U.S. jurisdiction. The risk profile here is editorial and political, not technical: NewsGuard sees the URLs you visit, and the company is actively litigating with the FTC. For routine library and classroom use, the security posture is fine. For sensitive newsroom research, use a separate browser profile or skip the extension." }, { "name": "NorthData", "slug": "northdata", "url": "https://www.northdata.com", "tagline": "European company intelligence engine — 87 million entities across 23 countries with financial indicators, network visualizations, and ownership chains extracted from official registries.", "category": "newsgathering", "additionalCategories": [ "data" ], "whoItsFor": "Investigative journalists tracing European corporate structures, beneficial ownership, financial performance, and executive networks. Business reporters researching company backgrounds and financial health. OSINT researchers mapping corporate connections across European jurisdictions. Compliance teams running KYB (Know Your Business) checks. Anyone investigating European companies who needs a single search interface across 23 national registries.", "pricing": "Free web search with limited results and basic company profiles. Premium subscription required for full financial data, network visualizations, advanced search filters, historical data, and bulk research. Pricing is not publicly listed — requires contacting sales. Based on user reports, individual researcher plans start around €29-49/month. Enterprise and data service contracts are negotiated.", "freeOption": true, "editorialTake": "NorthData is the most comprehensive single-interface tool for researching European companies. It aggregates data from trade registers, annual financial reports, funding registers, trademark registers, and patent registers across 23 countries — covering Germany, the UK, France, Netherlands, Austria, Switzerland, the Nordics, and most of the EU. The database holds approximately 87 million company records with 26 financial performance indicators extracted from official filings.\n\nThe differentiator is depth, not breadth. Where OpenCorporates provides basic registration data across 140+ jurisdictions, NorthData goes deeper within Europe — pulling actual financial statements, revenue figures, employee counts, profit/loss data, and year-over-year trends from annual reports filed with national registries. For German companies especially (NorthData's home market), the coverage is exceptional: full Handelsregister data, Bundesanzeiger financial publications, insolvency filings, and trademark registrations.\n\nThe network visualization is the most journalistically useful feature. Search a person's name and NorthData maps every company they're connected to as a director, shareholder, or authorized representative — across all 23 countries in the database. This makes it possible to quickly identify when a person sits on multiple boards, controls shell companies across jurisdictions, or has connections to companies in financial distress. For corporate investigations, this cross-border person-to-company mapping saves days of manual registry searches.\n\nNorthData is operated by NorthData GmbH, a German company based in Hamburg. Germany's strict data protection regime (GDPR plus Germany's additional Bundesdatenschutzgesetz) provides a strong legal framework. The company processes only publicly available official registry data — it does not scrape social media or aggregate non-public sources.\n\nThe limits are real. Coverage outside the core European markets is thin or absent. The US, Asia, Africa, and Latin America are not covered at all. Even within Europe, data depth varies — German and UK filings are comprehensive, while smaller EU members may have only basic registration data. The free tier is restrictive: you can search and see that data exists, but accessing full financial details, historical trends, and network graphs requires a paid subscription. Pricing opacity is a frustration — there's no public pricing page, which makes budgeting difficult for freelance journalists.\n\nCompared to OpenCorporates (breadth across 140+ jurisdictions, less financial depth) and Orbis/BvD (Moody's enterprise product, $20K+/year for deep global corporate data), NorthData occupies the middle ground: serious European depth at researcher-accessible pricing.\n", "bestFor": "Researching European company financials — revenue, profit, employees, year-over-year trends. Mapping personal networks across European companies (who sits on which boards). Cross-border European corporate investigations. Identifying shell companies, insolvency patterns, and suspicious corporate structures in Germany, Austria, Switzerland, UK, and Benelux. Finding trademark and patent registrations linked to companies or individuals. Quick background checks on European companies or executives.", "notFor": "Investigations outside Europe — no US, Asian, African, or Latin American coverage. Beneficial ownership that is not in public registries — use Open Ownership or national UBO registers. Real-time monitoring or alerting — NorthData updates when registries publish, not in real time. Deep due diligence requiring non-public intelligence — this is registry data only. Global company searches — use OpenCorporates for breadth or Orbis for depth beyond Europe.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "Germany (European Union). NorthData GmbH is a German company based in Hamburg. Operates under GDPR and Germany's Bundesdatenschutzgesetz (Federal Data Protection Act). All source data comes from official European government registries and public filings. Infrastructure presumed to be EU-hosted given German incorporation and GDPR compliance requirements.", "privacyPolicyTldr": "NorthData processes publicly available official registry data — trade registers, annual reports, trademark registers, patent registers. User account data (email, billing) collected for subscribers. Standard web analytics. As a German company, strict GDPR compliance with data subject rights including deletion requests. The company has faced and complied with GDPR requests from individuals seeking removal of their data from search results, which creates a tension between public registry transparency and privacy rights.", "practicalMitigations": "Use the free tier for initial company identification and basic lookups before committing to a subscription. For sensitive investigations, use a dedicated research account unlinked to your publication. Cross-reference NorthData findings against the original national registry (Handelsregister, Companies House, KvK) to confirm data freshness and completeness. Combine with OpenCorporates for jurisdictions NorthData doesn't cover and with Aleph/ICIJ for leaked document cross-referencing. Be aware that GDPR deletion requests may have removed some records from NorthData that still exist in the original registry — always verify against the source. Screenshot and save network visualizations immediately, as they reflect point-in-time data that may change.\n", "owner": "NorthData GmbH, a privately held German company headquartered in Hamburg. Founded by Andreas Teusner. Small team focused on European registry data aggregation and corporate intelligence.", "fundingModel": "Self-funded through subscription revenue and enterprise data service contracts. No known venture capital investment. Revenue comes from premium subscriptions (individuals, journalists, researchers), enterprise contracts (compliance teams, law firms, financial institutions), and data services (bulk data licensing for customers building their own products).", "businessModel": "Freemium SaaS plus enterprise data services. Free tier attracts users with basic company search. Premium subscriptions unlock full financial data, network visualizations, and advanced features. Enterprise clients pay for bulk data access, API integration, and custom data services. Competing against OpenCorporates (broader but shallower), Orbis (deeper but vastly more expensive), and free national registries (no cross-border aggregation).", "knownIssues": "Pricing opacity: No public pricing page. Journalists must contact sales to learn costs, which creates friction for freelancers and small newsrooms trying to budget. User reports suggest plans from €29-49/month for individuals, but this is not officially confirmed.\n\nUneven European coverage: German, UK, Austrian, and Swiss data is deep (full financials, insolvency, trademarks). Smaller EU members and recently added countries (Portugal, Ireland, Netherlands) may have only basic registration data without full financial extraction.\n\nNo coverage outside Europe: Zero data for the US, Asia, Africa, Latin America, or most of the Middle East. Cross-border investigations involving non-European jurisdictions require other tools entirely.\n\nGDPR deletion tensions: Individuals have successfully requested removal of their data from NorthData under GDPR's right to erasure, even though the underlying registry data remains public. This means NorthData may be missing records that still exist in original registries — a particular concern when investigating individuals who have actively tried to reduce their digital footprint.\n\nRegistry update lag: NorthData's data freshness depends on when national registries publish. Some registries update monthly, others quarterly. Recently filed documents may not appear for weeks. Always check the \"last updated\" indicator on individual records.\n\nFree tier is very limited: Basic search shows that data exists but walls off financial details, historical trends, and network visualizations behind the paywall. The free tier is useful for confirming a company exists and seeing its basic registration data, but serious research requires a subscription.\n", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "German company operating under GDPR and Germany's strict federal data protection law. Processes only publicly available official registry data — low sensitivity profile. HTTPS encryption in transit. Data at rest encryption status not publicly documented. No public record of security breaches. The main journalist concern is account activity (search history) potentially revealing investigation targets — use a dedicated research account for sensitive work. Rating reflects solid EU regulatory framework and low-risk data profile, offset by limited public documentation of security practices." }, { "name": "Notion", "slug": "notion", "url": "https://www.notion.com", "tagline": "All-in-one workspace for notes, docs, wikis, and project management.", "category": "writing", "openSource": false, "whoItsFor": "Journalists and newsrooms managing editorial calendars, story research, and team knowledge bases. Not for solo reporters who need local-only storage or offline-first workflows — use Obsidian for that.", "pricing": "Free: $0 (limited AI trial). Plus: $10/user/month. Business: $20/user/month (includes full Notion AI, agents, SSO). Enterprise: custom pricing (adds zero LLM data retention, SCIM, audit logs). Custom AI agents cost $10 per 1,000 credits on top of Business/Enterprise.", "freeOption": true, "editorialTake": "Notion is the dominant team workspace for editorial planning — 4 million paying customers, $600M revenue in 2025. SOC 2 Type II, ISO 27001/27701/27017/27018 certified. Encrypted in transit (TLS 1.2) and at rest (AES-256). Not zero-knowledge: Notion employees can access your content for service operation. Notion 3.0 (September 2025) added autonomous AI agents that can run for 20 minutes across hundreds of pages, pull from Slack, Google Drive, GitHub, and the web. That power comes with real risk. In September 2025, security researchers documented a critical prompt injection vulnerability: hidden text in PDFs could trick AI agents into exfiltrating data via crafted image URLs — the browser sends the data whether or not the user accepts the AI edit. Notion initially closed the HackerOne report as 'Not Applicable' on December 29, 2025, then reversed course and shipped a fix by January 8, 2026 after public disclosure by PromptArmor. The specific vector is patched, but the architectural risk persists: any LLM agent with tool access, long-term memory, and exposure to untrusted content is an exfiltration surface. Bruce Schneier and Simon Willison both documented this 'lethal trifecta.' For general newsroom coordination with AI disabled, Notion works well. For sensitive source material or investigation notes, use Obsidian (local-only, end-to-end encrypted sync, no cloud access).", "bestFor": "Editorial calendars, story tracking, team wikis, research organization, project management, collaborative databases.", "notFor": "Storing sensitive source identities, investigation notes, or anything requiring local-only storage. Do not process untrusted documents with Notion AI enabled. Solo researchers who need offline-first workflows should use Obsidian instead.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. Hosted on AWS. Enterprise plans offer data residency options.", "privacyPolicyTldr": "Notion encrypts data in transit and at rest but is not zero-knowledge — the company can access your content for service operation. Notion does not use customer data to train models, and contractually prohibits subprocessors from doing so. AI features on Free/Plus plans: LLM providers retain data up to 30 days. Business plans: same 30-day retention. Enterprise plans: zero data retention with LLM providers. Individual customer data is isolated — not mixed with other customers during AI processing. As of August 2026, the standalone AI add-on ($8/user/month) was discontinued for new subscribers on Free/Plus plans. New users must upgrade to Business ($20/user/month) for full AI access.", "practicalMitigations": "Do not store sensitive source identities or confidential investigation details in Notion. Disable Notion AI on any workspace containing sensitive content — the September 2025 prompt injection vulnerability demonstrated that AI agents can be tricked into exfiltrating data via malicious documents, and the browser sends the data whether or not the user accepts the AI edit. Never open untrusted PDFs, resumes, or documents in Notion with AI enabled. Use Enterprise plan for zero AI data retention with LLM providers. Enable 2FA. Review sharing permissions regularly — Notion pages can be accidentally made public. Consider Obsidian for any notes that must never leave your device.", "owner": "Notion Labs, Inc.", "fundingModel": "Venture-backed. Last primary round: $275M Series C (October 2021). Secondary tender offer at $11B valuation (December 2025). Investors include Coatue Management, Sequoia Capital. $600M annual revenue as of 2025. No IPO yet, but widely expected.", "businessModel": "Freemium SaaS. Revenue from Plus, Business, and Enterprise subscriptions. AI agent credits ($10/1,000 credits) as additional revenue stream. Standalone AI add-on discontinued for new Free/Plus subscribers as of August 2026 — AI now bundled into Business and Enterprise tiers.", "knownIssues": "September 2025: Notion 3.0 AI agents introduced prompt injection attack surface. Hidden text in PDFs could trick agents into exfiltrating workspace data via crafted image URLs — data sent to attacker's server whether or not user accepts the AI edit. Reported via HackerOne on December 24, 2025. Notion closed report as 'Not Applicable' on December 29. After public disclosure by PromptArmor on January 7, 2026, Notion shipped a fix by January 8. The specific vector is patched; the architectural class of attack (LLM agents + tool access + untrusted content) remains an industry-wide risk. AI data retention: 30 days for Free/Plus/Business plans; zero retention for Enterprise only. Notion is not zero-knowledge — company employees can access content. Misconfigured sharing permissions are the most common real-world data exposure vector.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "relatedPrograms": [ "notion-nonprofits" ], "securityRating": "adequate", "securityRatingNote": "Strong encryption and compliance certifications (SOC 2 Type II, ISO 27001/27701/27017/27018). Not zero-knowledge — Notion can access content. Cloud-only storage means you trust Notion with your data. The September 2025 AI agent vulnerability — and Notion's initial dismissal of the HackerOne report — shows that AI features create new attack surfaces that even well-resourced security teams underestimate. The 30-day LLM data retention on non-Enterprise plans is a meaningful gap for newsrooms handling sensitive material. Adequate for general editorial work; not for sensitive source material. Disable AI features unless you are on Enterprise with zero data retention." }, { "name": "Notion Calendar", "slug": "notion-calendar", "url": "https://www.notion.com/product/calendar", "tagline": "Free calendar app integrated with Notion. Fast keyboard-driven interface. Links events to Notion pages for notes and agendas. Formerly Cron (acquired by Notion 2022).", "category": "writing", "whoItsFor": "Journalists and editors who already use Notion for editorial planning, story tracking, or project management. Freelancers managing multiple deadlines and interview schedules who want their calendar connected to their notes. Small newsroom teams coordinating coverage calendars alongside Notion-based workflows.", "pricing": "Free (standalone app). Advanced Notion database integrations require Notion Plus ($10/user/month) or higher.", "freeOption": true, "editorialTake": "Notion Calendar started as Cron, a keyboard-first calendar app beloved by developers and productivity enthusiasts for its speed. Notion acquired the team in 2022 and rebranded it. The core experience is still excellent: the app is fast, keyboard shortcuts are extensive (press 'S' to schedule, arrow keys to navigate), and the command palette lets you create events without touching a mouse. The Notion integration is the differentiator. Link any calendar event to a Notion page — attach your interview prep notes, meeting agendas, or story outlines directly to the event. When the meeting starts, your notes are one click away. For journalists who run their editorial workflow in Notion (and many do), this closes the gap between 'what am I doing today' and 'what do I need for this meeting.' The free tier covers everything most individuals need: Google Calendar sync, scheduling links, menu bar calendar, and the keyboard-driven interface. Notion database connections (linking calendar events to database entries for editorial calendars or story trackers) require a paid Notion plan. Cross-platform: macOS, Windows, iOS, Android, and web. The main limitation is that Notion Calendar is tightly coupled to Google Calendar — it requires Google OAuth and does not support Microsoft Outlook or other calendar providers natively. If your newsroom runs on Microsoft 365, this is not your tool. The second limitation is Notion itself: if you do not use Notion, the calendar's main differentiator (page linking) is irrelevant, and you are better served by Fantastical, Google Calendar, or Apple Calendar. Notion Calendar is good at what it does, but what it does is serve Notion users.", "bestFor": "Managing interview schedules, editorial meetings, and deadlines alongside Notion-based workflows. Linking meeting notes, story outlines, and prep documents directly to calendar events. Fast, keyboard-driven calendar management for people who dislike clicking through menus. Freelancers juggling multiple client calendars in a single view.", "notFor": "Microsoft 365 / Outlook environments (Google Calendar only). Journalists who do not use Notion (the integration is the main value proposition). Shared newsroom calendars that need to work across different calendar providers. Anyone who needs offline calendar access (requires internet connection for sync). High-security environments where calendar data must not pass through third-party servers.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (Notion Labs, Inc., San Francisco). Calendar data syncs through Google Calendar (Google servers, US) and Notion's infrastructure (AWS, US). Notion is SOC 2 Type 2 certified.", "privacyPolicyTldr": "Notion Calendar requires Google OAuth — it accesses your Google Calendar data to display and manage events. Calendar data is stored on Google's servers (per Google's privacy policy) and on Notion's infrastructure (per Notion's privacy policy). Notion does not use end-to-end encryption — Notion maintains encryption keys, meaning the company can technically access your data. Notion states it does not sell user data. Link tracking (pstmrk.it) is used for aggregate analytics on notification emails. SOC 2 Type 2, GDPR, and CCPA compliant.", "practicalMitigations": "Be aware that Notion can access your data — they hold the encryption keys, not you. Do not store source-identifying information in Notion pages linked to calendar events if source protection is a concern. Review which Google Calendar scopes Notion Calendar requests during OAuth setup. For sensitive interview schedules, consider whether having them mirrored across both Google and Notion servers is acceptable for your threat model. Use Notion's workspace permissions to control who else in your organization can see linked calendar-to-page connections. Disable link tracking in notification emails if email privacy matters to you.", "owner": "Notion Labs, Inc.", "fundingModel": "Venture-backed. Notion has raised $343 million total. $275 million Series C at $10 billion valuation (October 2021) led by Sequoia Capital and Coatue Management. Previous investors include Index Ventures and First Round Capital.", "businessModel": "Freemium. Notion Calendar is free as a standalone app and serves as an acquisition channel for Notion's paid workspace plans. Revenue comes from Notion Plus ($10/user/month), Business ($18/user/month), and Enterprise plans. Calendar's deep integration incentivizes upgrading to paid Notion tiers for database connections.", "knownIssues": "Google Calendar only — no Microsoft Outlook, Apple Calendar (CalDAV), or other provider support. Notion does not use end-to-end encryption, so the company can technically access your calendar-linked notes and pages. Some users report sync delays between Google Calendar changes and Notion Calendar reflecting them. The app's usefulness is directly proportional to how much you use Notion — without it, this is a competent but unremarkable calendar app. Menu bar widget (macOS) occasionally fails to update after sleep/wake cycles. No offline mode — requires internet connection for all features.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "SOC 2 Type 2 certified, TLS in transit, encryption at rest on Notion and Google infrastructure. The main security consideration is that Notion does not use end-to-end encryption — the company holds the keys and can technically access your data. This is standard for productivity SaaS but means sensitive source information should not be stored in linked Notion pages. Google OAuth means your calendar data flows through both Google and Notion infrastructure. Rating is 'adequate' because the security practices are industry-standard for a productivity tool but do not meet the higher bar needed for source-sensitive journalism workflows." }, { "name": "OBS Studio", "slug": "obs-studio", "url": "https://obsproject.com", "tagline": "Free, open-source screen recording and live streaming — 60K GitHub stars, zero data collection, no account required.", "category": "visuals", "openSource": true, "whoItsFor": "Journalists producing video content — live streams, interview recordings, data walkthroughs, screen captures for investigative pieces. OBS is the default tool for anyone who needs broadcast-quality recording without paying for it. Used by independent reporters, newsroom multimedia desks, and journalism schools (BCIT's broadcast curriculum teaches OBS). If you're doing any video work on a budget, you'll end up here eventually.", "pricing": "Free. No paid tier, no premium features locked behind a paywall. The full application is the free version.", "freeOption": true, "editorialTake": "OBS is the industry standard for recording and streaming, used by millions, and it costs nothing. No watermarks, no time limits, no accounts, no telemetry. Version 32.1.0 (March 2026) added a rebuilt audio mixer, WebRTC simulcast for adaptive-quality streaming, and undo/redo for scene items. 60K+ GitHub stars, 500+ contributors, backed by sponsors like Logitech (Diamond) and Games Done Quick (Gold) through Open Collective. The learning curve is real — OBS assumes you know what scenes, sources, and encoding settings are. StreamYard is easier for panel shows and guest interviews (browser-based, shareable links, no downloads for guests). Zoom is easier for calls you also want to stream. But both are cloud services that route your video through their servers. OBS processes everything locally. Nothing leaves your machine unless you point it at a streaming endpoint. For journalists, that difference matters. OBS is the tool you learn once and use for years.", "bestFor": "Recording interviews and source conversations. Screen captures for data-driven stories. Live streaming press conferences or events. Building reusable scene layouts with lower thirds, branded overlays, and multi-camera setups. Newsroom-style broadcasts with DSK (downstream key) workflows.", "notFor": "Video editing (use DaVinci Resolve). Simple one-off screen grabs (use native OS tools). Remote guest interviews without additional setup — OBS has no built-in guest link feature, so you'll need a separate tool (Zoom, Jitsi, Discord) piped in as a source. If you want browser-based simplicity for panel discussions, StreamYard is the better choice.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "All local — no servers, no accounts, no cloud. Recordings save to your machine. Stream data goes only where you point it (YouTube, Twitch, custom RTMP).", "privacyPolicyTldr": "OBS collects nothing. No accounts, no telemetry, no analytics, no crash reporting phoned home. The log file stays on your machine — it records basic system info (OS, CPU, RAM) and OBS settings for troubleshooting, but is never transmitted unless you manually upload it to the forums. Third-party plugins can introduce data collection, but the core application is fully offline. This is as clean as software gets.", "practicalMitigations": "Be mindful of what's on screen when recording — OBS captures everything visible, including notifications, browser tabs, and chat windows. Review recordings before publishing. Use Display Capture sparingly; prefer Window Capture to limit what OBS sees. Disable desktop notifications before recording sensitive material. If streaming, double-check your stream key isn't visible on screen. Third-party plugins run with full application permissions — only install plugins from the official OBS plugin repository.", "owner": "OBS Project (open-source community, led by developer Lain Bailey)", "fundingModel": "Donations and corporate sponsorships via Open Collective and Patreon. Logitech is the first Diamond sponsor. Games Done Quick is a Gold sponsor. Patreon supports lead developer Lain Bailey directly (~9,500 patrons). All expenses publicly visible on Open Collective.", "businessModel": "None. No paid tier, no ads, no data monetization. Revenue comes entirely from voluntary donations and corporate sponsorships. Blackmagic-style model: the software is the ecosystem driver, not the revenue center.", "knownIssues": "CVE-2024-13524: Untrusted DLL search path on Windows (versions up to 30.0.2). Local attack vector — an attacker with access to your machine could place a malicious DLL in the search path. Fixed in later versions. A separate heap overflow in libnsgif (GIF processing library) was reported May 2024 and patched July 2024. Neither vulnerability was remotely exploitable. Separately, security researchers have documented malware strains (BIOPASS RAT) that abuse OBS's recording capabilities to spy on victims — this isn't an OBS vulnerability, but it means OBS installed on a compromised machine can be weaponized. Keep OBS updated and verify downloads come from obsproject.com.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Open-source (GPL-2.0), 60K+ GitHub stars, 500+ contributors, publicly auditable code. Fully local processing — no accounts, no telemetry, no network dependency for core functionality. Two CVEs in 2024, both local-only attack vectors, both patched. Funding model (donations + sponsorships) creates zero incentive to monetize user data. The strongest privacy posture in the visuals category." }, { "name": "Obsidian", "slug": "obsidian", "url": "https://obsidian.md", "tagline": "Local-first markdown note-taking. Your files, your device, plain text.", "category": "writing", "openSource": false, "whoItsFor": "Journalists who want full control over their notes. Researchers building personal knowledge bases. Investigators who need to connect hundreds of sources, documents, and leads without any data leaving their machine.", "pricing": "Free for personal and commercial use (commercial license requirement removed in 2024). Sync: $4/month billed annually ($5 monthly). Publish: $8/month billed annually ($10 monthly). Catalyst one-time supporter license starts at $25.", "freeOption": true, "editorialTake": "Obsidian stores everything as plain markdown files on your device. No account required, no cloud dependency, no company between you and your notes. The plugin ecosystem has 2,000+ community plugins — you can build anything from a simple notebook to a full research database with Dataview queries and Canvas spatial maps. Obsidian Sync is end-to-end encrypted with AES-256 (file contents via AES-GCM, file paths via AES-SIV as of August 2025). Cure53 has audited both desktop and mobile clients twice (December 2023 and December 2024), with all findings remediated. The privacy model is the strongest of any mainstream note-taking app because by default, nothing leaves your machine. Bases (v1.9, 2025) adds structured querying of notes by properties — essentially a database layer over plain files. Canvas gives you spatial mapping for investigations. The team is 18 people generating ~$2M revenue, bootstrapped with zero VC. That matters: no investor pressure to monetize your data. Bellingcat lists Obsidian in their investigation toolkit. For journalists handling sensitive material, this is the right default.", "bestFor": "Research notes, source tracking, investigation journals, personal knowledge management. Connecting leads across complex stories using graph view and backlinks. Long-term knowledge building where you own every file.", "notFor": "Real-time collaborative editing (use Google Docs or CryptPad). Teams that need shared workspaces with permissions (Notion does this better). Anyone who wants zero setup — Obsidian rewards configuration investment.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Local by default. Files stored on your device as plain text markdown. Obsidian Sync uses E2E encryption with servers in the user's selected region. With custom encryption password, Obsidian's servers store only ciphertext — the company cannot read your notes.", "privacyPolicyTldr": "Obsidian collects no personal data and requires no account for the core app. Notes never leave your device unless you opt into Sync or Publish. Obsidian Sync offers two modes: managed encryption (Obsidian holds the key) or custom encryption password (zero-knowledge — Obsidian cannot decrypt). No telemetry. No tracking. The app is not open-source, but the local-first model means your data is never at risk from a server breach.", "practicalMitigations": "Enable full-disk encryption (FileVault, BitLocker, LUKS) to protect local vault files at rest. If using Obsidian Sync, always choose the custom encryption password option for true zero-knowledge sync — the managed key option means Obsidian could theoretically decrypt. Vet community plugins before installing: they run with full access to your vault and inherit Obsidian's OS-level permissions. There is no plugin sandboxing or permission manifest system. Restrict Mode (enabled by default) blocks all third-party code — only disable it deliberately. Back up your vault with git or rsync; local-only means no safety net if your drive fails. Review linked devices in Sync regularly.", "owner": "Dynalist Inc. (Shida Li and Erica Xu, co-founders)", "fundingModel": "Bootstrapped. Zero venture capital. ~$2M annual revenue as of 2025 from an 18-person team.", "businessModel": "Revenue from optional Sync and Publish services. Core app is free with no feature restrictions and no commercial license requirement. Catalyst supporter licenses provide early access to insider builds.", "knownIssues": "Community plugins are the primary attack surface. Plugins run with full OS-level access inherited from Obsidian — no sandboxing, no permission manifests, no capability restrictions. The Obsidian team cannot manually review every plugin update; they rely on community reporting. Supply-chain attacks through plugin dependencies are a real risk. Historical CVEs (all patched): CVE-2023-2110 allowed crafted webpages to exfiltrate local files via app://local/ paths (fixed in 1.2.8). CVE-2023-27035 allowed desktop notifications and audio recording via embedded websites in Canvas (fixed in 1.2.2). CVE-2022-36446 allowed remote code execution via obsidian:// URI handler (fixed in 0.15.5). The August 2025 Sync upgrade strengthened file-name encryption from a pattern-leaking scheme to AES-SIV. The app is closed-source, so independent code audits depend on Obsidian commissioning them (Cure53 audits in Dec 2023 and Dec 2024, both with all findings remediated and reports published).", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Local-first architecture means no cloud dependency and no company access to your notes by default. Obsidian Sync uses AES-256 E2E encryption (AES-GCM for contents, AES-SIV for file paths). Two independent Cure53 penetration tests (2023, 2024) with all findings fixed. No telemetry, no tracking, no ads. Bootstrapped with no VC — no incentive to weaken privacy for growth metrics. The main risk is the community plugin ecosystem: no sandboxing, full vault and OS access, and the team is too small to audit every update. Use Restricted Mode unless you have vetted your plugins. ~8% market share in note-taking but dominant in the personal knowledge management niche among researchers, developers, and journalists." }, { "name": "Octoparse", "slug": "octoparse", "url": "https://www.octoparse.com", "tagline": "No-code visual web scraper. Point-and-click data extraction with cloud execution, IP rotation, and 469+ pre-built scraper templates.", "category": "data", "openSource": false, "whoItsFor": "Journalists who need to scrape websites for data without writing code — government directories, court records, public databases, pricing data, or any repeatable web extraction task. Octoparse offers both a desktop app for building scrapers visually and cloud servers for running them at scale. The 469+ pre-built templates cover common targets (Amazon, LinkedIn, Google Maps, Yelp, etc.), which can save hours on routine data collection.", "pricing": "Free: limited features, local extraction only, no cloud runs. Standard: $89/month annually ($119/month monthly) — cloud extraction, IP rotation, scheduled runs. Professional: $209/month annually ($299/month monthly) — advanced features, priority support, higher limits. Enterprise: custom pricing. Professional plan users get 20% off template pricing; Enterprise gets 40% off.", "freeOption": true, "editorialTake": "Octoparse is a capable no-code scraper, but its corporate structure demands scrutiny. The company was founded in Shenzhen, China in 2012 by Keven Liu (Liu Baoqiang) as Shenzhen Skieer Information Technology Co. Ltd (SVIT). The U.S. subsidiary, Octopus Data Inc., was established in 2015 in Walnut, California. The company markets itself as U.S.-based, but the parent entity and founding team are Chinese. This matters because all scraped data processed through Octoparse's cloud passes through their infrastructure. For public data scraping — price monitoring, government directories, business listings — Octoparse works well. The visual builder handles JavaScript-rendered pages, pagination, and login-protected sites. The 469+ pre-built templates are a genuine time-saver. IP rotation is included in paid plans, which helps avoid blocks. Meta sued Octopus Data Inc. in 2022 for scraping Facebook and Instagram data, which tells you something about how the platform has been used. For journalism, the core question is: do you trust this company's infrastructure with your scraped data? For public records, probably fine. For investigative scraping where the targets or patterns of your queries reveal an active investigation, run scrapers locally with open-source tools (Scrapy, Playwright, Puppeteer) instead.", "bestFor": "Repeatable, scheduled scraping of public websites without coding. Government databases, business directories, price monitoring, court record aggregation. Pre-built templates for common data sources. Teams that need cloud-based scraping with IP rotation.", "notFor": "Sensitive investigative scraping where query patterns reveal an active story. Data you don't want processed through third-party cloud infrastructure with Chinese parent company ownership. Quick one-off table grabs (use Instant Data Scraper browser extension instead — it's free and instant). Journalists who need full control over their scraping infrastructure.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States (Octopus Data Inc., Walnut, California) with parent company in Shenzhen, China (Shenzhen Skieer Information Technology Co. Ltd). Data processed on cloud servers — specific hosting locations not publicly documented. Claims GDPR and CCPA compliance. EU-U.S. Privacy Shield certification. Infrastructure providers audited for SOC 2 Type II and ISO 27001.", "privacyPolicyTldr": "Octopus Data Inc. transfers personal data to the United States. Claims EU-U.S. Privacy Shield and GDPR compliance. Uses outsourced cloud infrastructure providers with SOC 2 Type II and ISO 27001 certifications. The company's Data Processing Agreement describes GDPR compliance steps. Scraped data passes through their cloud infrastructure when using cloud extraction. No transparency report published. The dual U.S./China corporate structure adds jurisdictional complexity.", "practicalMitigations": "Use local extraction mode (not cloud) for any sensitive scraping — data stays on your machine. Never scrape login-protected sites through Octoparse's cloud if the credentials or scraped content are sensitive. Export data locally and delete cloud projects promptly. For investigative scraping, use open-source tools (Scrapy, Playwright) running entirely on your own machine. Check robots.txt and terms of service of target sites. Be aware that the U.S. subsidiary's parent company is based in China.", "owner": "Octopus Data Inc. (U.S. subsidiary, Walnut, California). Parent company: Shenzhen Skieer Information Technology Co. Ltd (SVIT), Shenzhen, China. Founded by Keven Liu (Liu Baoqiang) in 2012.", "fundingModel": "VC-backed. $16.2M raised from investors including Huayi Ventures, Miracleplus (formerly Y Combinator China), Redpoint China Ventures, Viewpoint Capital, and CITIC Capital. Chinese venture capital backing.", "businessModel": "Freemium SaaS. Free tier for local extraction. Revenue from Standard ($89-119/mo), Professional ($209-299/mo), and Enterprise subscriptions. Pre-built template marketplace with plan-tier discounts. Revenue reached $5.7M with a 22-person team.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "caution", "securityRatingNote": "The dual corporate structure — U.S. subsidiary with Chinese parent company — is the primary concern. Cloud-scraped data passes through infrastructure controlled by a company with roots in Shenzhen. The company claims GDPR, CCPA, and Privacy Shield compliance, and its cloud providers have SOC 2 and ISO 27001 certifications. But Meta's 2022 lawsuit against Octopus Data for scraping Facebook/Instagram data raises questions about corporate oversight. For public data scraping, the risk is manageable. For sensitive investigations, use the local extraction mode or switch to open-source scraping tools you control entirely." }, { "name": "Ollama", "slug": "ollama", "url": "https://ollama.com/", "tagline": "Run AI models locally — your data never leaves your machine.", "category": "ai", "openSource": true, "threatLevel": "sensitive-reporting", "whoItsFor": "Journalists, researchers, and activists who need AI assistance on sensitive material without sending data to cloud providers. Also useful for anyone in restrictive network environments or working under legal constraints that prohibit cloud AI.", "pricing": "Free for local use. No account required. Ollama Cloud (optional): Free tier, Pro $20/month, Max $100/month for cloud GPU inference.", "freeOption": true, "editorialTake": "Ollama is the privacy-first answer to cloud AI. When you're investigating a company and don't want your queries flowing to OpenAI or Anthropic servers, Ollama runs a capable model on your own hardware. The trade-off is quality — a local 7B model won't match Claude or GPT-4o on complex reasoning. But for summarization, drafting, and document Q&A on sensitive material, it's good enough, and the privacy guarantee is absolute. 165K+ GitHub stars, MIT license, one-command install, and as of v0.20 it supports 100+ models including Llama 4, Gemma 4, DeepSeek, and Qwen. The real risk isn't data leakage — it's that Ollama's API has had multiple critical CVEs (remote code execution, authentication bypass). If you expose the API to a network, you need to lock it down.", "bestFor": "Running AI on sensitive investigative material without cloud exposure. Summarizing leaked documents locally. Analyzing source communications offline. Processing court records, financial filings, or whistleblower documents where the queries themselves reveal what you're investigating.", "notFor": "Users who need GPT-4/Claude-level quality on complex reasoning tasks. Machines with less than 8GB RAM (even small models will struggle). Non-technical users uncomfortable with command line — use GPT4All or LM Studio instead. Anyone who needs the API exposed on a network without a firewall (Ollama has no built-in authentication).", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Local only — models run on your hardware. No data sent anywhere. Ollama Cloud (optional) uses cloud GPU infrastructure, but the core local tool has zero network dependency after model download.", "privacyPolicyTldr": "Truly local. The only outgoing network call is an automatic update check that sends OS and architecture info (disable with OLLAMA_NO_TELEMETRY=1). No prompts, responses, or documents are transmitted. No account required. Once a model is downloaded, works entirely offline — verified by running with network disabled.", "practicalMitigations": "Set OLLAMA_NO_TELEMETRY=1 to disable update checks. Bind the API to localhost only (default) — never expose 0.0.0.0 without a reverse proxy and auth layer. For air-gapped setups, download models on a separate machine and transfer via USB. Use smaller quantized models (Q4) on laptops: a 7B Q4 model needs ~5GB RAM. Pair with Open WebUI for a ChatGPT-like interface. Keep Ollama updated — versions before 0.7.0 have known RCE vulnerabilities via malicious model files.", "owner": "Ollama Inc. (founded 2023 by Jeffrey Morgan, CEO, and Michael Chiang)", "fundingModel": "Y Combinator (W21). Pre-seed $125K from YC, Sunflower Capital, Essence VC, Rogue Capital. Revenue hit $3.2M in 2024. Team grew from 21 to 46 employees by January 2026.", "businessModel": "Free local tool + optional Ollama Cloud (paid tiers for cloud GPU inference). Revenue comes from cloud subscriptions, not the local tool.", "knownIssues": "Multiple critical CVEs. CVE-2024-37032 ('Probllama'): remote code execution, fixed in v0.1.34. CVE-2024-39720: out-of-bounds read causing crashes (CVSS 8.2), fixed in v0.1.46. CVE-2024-39721: DoS via resource exhaustion (CVSS 7.5), fixed in v0.1.34. CVE-2024-39722: server file existence disclosure (CVSS 7.5), fixed in v0.1.47. Critical out-of-bounds write via malicious model files in versions before 0.7.0. CVE-2025-63389: authentication bypass on API endpoints (CVSS 9.3), affecting v0.13.5 and earlier — no built-in API authentication exists, so any network-exposed instance is vulnerable. CVE-2025-51471: authentication bypass. CVE-2025-48889: arbitrary file copy. Ollama's Windows installer had a code execution hijack vulnerability reported in December 2024; fix was still in progress as of April 2026. Bottom line: keep Ollama updated and never expose the API port to untrusted networks.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Truly local processing with zero data transmission earns a 'strong' rating for privacy. But that rating assumes localhost-only use. The moment you expose Ollama's API to a network, the rating drops to 'caution' — multiple critical CVEs (including a CVSS 9.3 auth bypass) show the API was not designed for untrusted network exposure. For the intended use case of local-only AI on sensitive documents, nothing is more private. Keep it updated, keep it on localhost, and the security guarantee is absolute." }, { "name": "OnionShare", "slug": "onionshare", "url": "https://onionshare.org", "tagline": "Share files, host websites, and chat anonymously over Tor. No third-party services.", "category": "security", "openSource": true, "threatLevel": "high-risk", "whoItsFor": "Journalists receiving sensitive documents from sources who cannot use established platforms like SecureDrop. Researchers and activists transferring files without a third-party intermediary. Anyone who needs an ephemeral, anonymous chat room or temporary website with zero infrastructure.", "pricing": "Free", "freeOption": true, "editorialTake": "OnionShare turns your computer into a temporary Tor onion service. Files transfer peer-to-peer — no cloud, no accounts, no metadata on anyone else's servers. It does four things: share files, receive files (anonymous dropbox mode), host a static website, and run an anonymous chat room. All over Tor. The project was created in 2014 by Micah Lee after David Miranda was detained at Heathrow carrying encrypted files on a USB stick for Glenn Greenwald. Lee spent a decade as Director of Information Security at The Intercept before being laid off in March 2024. He now runs Lockdown Systems, a worker-owned collective of former Intercept and SecureDrop engineers. OnionShare 2.6.1 was the first release made entirely by community maintainers without Lee — a healthy sign for project longevity. The current version is 2.6.3 (February 2025), which fixed censorship circumvention bridge-fetching and added persistent onion tabs that auto-start when the app launches. The tool passed a Radically Open Security penetration test funded by the Open Technology Fund: 2 elevated, 3 moderate, 4 low severity findings, zero critical or high. All were patched in version 2.5. The auditors concluded they could not de-anonymize users or achieve code execution. The limitation remains: both parties need Tor Browser, and both machines must be online simultaneously. That makes it impractical for asynchronous drops. But for real-time, zero-infrastructure file transfers where anonymity matters, nothing else comes close.", "bestFor": "Receiving documents from sources when SecureDrop is unavailable. One-off file transfers that must leave no trace on third-party servers. Hosting a temporary anonymous website for a specific audience. Spinning up a disposable encrypted chat room with no logs and no accounts.", "notFor": "Large newsroom tip pipelines (use SecureDrop). Transferring files to non-technical sources who cannot install Tor Browser. Asynchronous file drops where the sender and receiver are not online at the same time. High-bandwidth transfers — Tor adds latency. Teams that need Magic Wormhole's simpler code-word UX without anonymity requirements.", "encryptionInTransit": "yes", "encryptionAtRest": "no", "dataJurisdiction": "Local — files never leave your machine except through the direct Tor connection to the recipient. No servers, no cloud storage, no relay. Your computer is the server, and the onion address is ephemeral.", "privacyPolicyTldr": "There is no privacy policy because there is no data collection. OnionShare has no servers, no accounts, no analytics, no telemetry. Files transfer directly between machines over Tor. The onion address exists only while the share is active. Chat messages are never stored — not even locally. The only metadata that exists is on your own machine.", "practicalMitigations": "Share the .onion address through an already-encrypted channel (Signal, encrypted email) — the address is the only secret. Use 'stop sharing after files have been sent' for one-time transfers. Enable the private key option so only people with both the address and key can connect. Run on Tails OS for maximum anonymity — OnionShare is pre-installed. Keep updated to get Tor dependency patches (2.6.3 fixed broken bridge-fetching). For receive mode, set a data directory on an encrypted volume. Use the CLI with --log-filenames if you need to audit what was accessed in share mode.", "owner": "Micah Lee. Former Director of Information Security at The Intercept (laid off March 2024). Now leads Lockdown Systems, a worker-owned collective building privacy tools. Also created Dangerzone and contributed to the Tor Browser Launcher. Board member of the Freedom of the Press Foundation.", "fundingModel": "Open-source community project. Historical development funded by grants from the Open Technology Fund (which also funded the security audit). No recurring institutional funding. Sustained by volunteer contributors and Lee's commitment.", "businessModel": "None. Free open-source software (GPL-3.0) with no commercial component, no premium tier, no data monetization. The absence of a business model is itself the trust architecture — there is nothing to monetize.", "knownIssues": "Development pace is slow — three minor releases (2.6.1, 2.6.2, 2.6.3) across 2024-2025, mostly dependency bumps and security patches. The 2.6.2 release (March 2024) patched input validation issues in Receive and Chat modes: unsanitized newlines in file paths, no message length limits, and control characters in chat usernames. These were low-severity but reflected gaps in input handling that should have been caught earlier. Tor connection can be unreliable in heavily censored regions even with built-in bridge support — 2.6.3 had to fix broken meek transport and bridge-fetching. The chat feature is functional but minimal: no message persistence, no identity verification, no file sharing within chat. The iOS and Android versions lag behind desktop significantly. Only 15 GitHub contributors total — bus factor is a concern despite the 2.6.1 community release milestone.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "No third-party servers, no metadata collection, peer-to-peer over Tor, open-source under GPL-3.0. Passed a funded penetration test by Radically Open Security with no critical or high findings — auditors could not de-anonymize users. The architecture eliminates most attack vectors by removing intermediaries entirely. Input validation issues in 2.6.2 were patched promptly. The main risk is Tor-level vulnerabilities, which are upstream and outside OnionShare's control." }, { "name": "Open WebUI", "slug": "open-webui", "url": "https://openwebui.com", "tagline": "Self-hosted chat interface for local and cloud LLMs. The privacy-first alternative to ChatGPT.", "category": "ai", "openSource": true, "whoItsFor": "Journalists who run local models with Ollama and want a ChatGPT-like interface without sending data to a third party. Also useful for newsrooms that want a shared AI interface connected to their own API keys — OpenAI, Anthropic, or local models.", "pricing": "Free and self-hosted. No paid tier. Optional cloud hosting services exist from third parties.", "freeOption": true, "editorialTake": "Open WebUI is the missing frontend for local AI. Ollama gives you the models; Open WebUI gives you the chat interface. Together they form a fully private AI stack — no accounts, no telemetry, no data leaving your machine. The project has 80K+ GitHub stars and ships features fast: RAG document upload, web search, multi-model conversations, and tool calling. The catch is setup. You need Docker or Python installed, and pairing it with Ollama means managing two services. For journalists already running Ollama, this is the obvious next step. For everyone else, ChatGPT or Claude will be easier. The security story is strong when self-hosted — your prompts and documents stay on your hardware. But if you expose the instance to a network, you own the access control. Open WebUI has basic auth built in, but it is not hardened for public-facing deployment.", "bestFor": "Running a private ChatGPT-like interface on sensitive investigative material. Newsrooms that want shared AI access without per-seat SaaS costs. Uploading documents for RAG-based Q&A without cloud exposure. Pairing with Ollama for a fully offline AI workflow.", "notFor": "Non-technical users who want zero setup. Anyone who needs GPT-4o or Claude-level reasoning — local models are weaker. Teams that need enterprise SSO, audit logs, or compliance certifications.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Local only when self-hosted. All data stays on your hardware. No telemetry. No external API calls unless you configure cloud model providers.", "privacyPolicyTldr": "Fully self-hosted. No data collection. No analytics. No telemetry phone-home. Chat history, uploaded documents, and model configurations are stored locally in a SQLite database on your server. The project is MIT-licensed and the codebase is fully auditable.", "practicalMitigations": "Run behind a reverse proxy (Caddy, nginx) with HTTPS if exposing to a network. Enable the built-in authentication and set strong passwords. Keep Docker images updated — the project ships frequent security patches. For air-gapped use, pull the Docker image and Ollama models on a connected machine, then transfer. Bind to localhost only if running on a personal machine.", "owner": "Open WebUI (community-led open source project, founded by Timothy Jaeryang Baek)", "fundingModel": "Open source, community-funded. GitHub Sponsors and community contributions. No venture capital as of April 2026.", "businessModel": "Free open-source software. No paid tier. No monetization. Sustained by community contributions and sponsorships.", "knownIssues": "Default installation exposes an unauthenticated web interface on port 3000 — anyone on the same network can access it unless you enable auth or bind to localhost. The built-in auth system uses basic username/password without MFA support. No formal security audit has been published. Rapid release cadence means breaking changes can appear between versions. Some users report high memory usage when loading multiple large model contexts simultaneously.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "relatedPrograms": [], "securityRating": "strong", "securityRatingNote": "Strong rating assumes self-hosted, localhost-only deployment paired with local models. No data leaves your machine, no accounts required, no telemetry. Rating drops to 'adequate' if exposed to a network without proper access controls — the default install has no authentication enabled." }, { "name": "OpenCorporates", "slug": "open-corporates", "url": "https://opencorporates.com", "tagline": "World's largest open database of company information. 230+ million entities from 140+ jurisdictions. Free for journalists.", "category": "newsgathering", "additionalCategories": [ "data" ], "openSource": false, "builtForJournalism": false, "whoItsFor": "Investigative journalists tracing corporate structures across borders. OSINT researchers mapping shell company networks. Compliance teams running KYB checks. Anyone who needs to search company registrations in 140+ jurisdictions from one place instead of hitting each registry individually.", "pricing": "Free web search with result limits. Paid API plans start at £2,250/year (Essentials), £6,600/year (Starter), £12,000/year (Basic). Enterprise pricing on request. Journalists and NGOs can apply for free API access under a share-alike public benefit licence.", "journalistDiscount": "Registered journalists, media organizations, academics, and NGOs can apply for free API access via OpenCorporates' Public Benefit programme. Independent journalists need to show published work and may be asked for a press pass. Attribution required in published work. Apply at their service desk portal.", "freeOption": true, "editorialTake": "OpenCorporates solves one specific problem well: instead of searching the UK's Companies House, then Delaware's Division of Corporations, then the Cayman Islands registry, you search once across 140+ jurisdictions. That's its core value and it's genuinely useful. The database holds 230+ million entities and was used in the Panama Papers, Pandora Papers, Troika Laundromat, and Global Witness investigations. ICIJ matched Panamanian companies from the Panama Papers against OpenCorporates' registry data to track companies that changed agents after the leak. In February 2026, OpenCorporates launched the plei (proto legal entity identifier) — a free, open alternative to the paid LEI system, starting with all US entities and expanding globally. It's a certified B-Corp with a genuine corporate transparency mission. The catch: this is raw registry data, not enriched intelligence. No beneficial ownership graphs, no financial data, no risk scoring. Nearly half of its data sources are labeled 'offline' — meaning they no longer receive regular updates from government registries. You get what public registries publish, with all the gaps that implies. For journalists, it's a strong first stop alongside Aleph and ICIJ Offshore Leaks, but you'll always need to verify against original registries for the most current filings.", "bestFor": "Cross-border company lookups from a single search. Finding officers, directors, and registered agents across jurisdictions. Tracing corporate networks and subsidiaries. Cross-referencing company names with ICIJ Offshore Leaks or Aleph. Bulk entity verification via API. Matching company registration data against leaked document sets.", "notFor": "Beneficial ownership analysis — OpenCorporates shows registered officers, not always the real owners behind shell structures. Use Open Ownership or Sayari for UBO data. Financial statements or credit data — check Orbis (Moody's/BvD, from $20K/year) or local registries. US-only investigations where individual state Secretary of State databases may have more current data. Real-time monitoring or risk scoring — this is a registry mirror, not an intelligence platform.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United Kingdom (OpenCorporates Ltd is a UK-registered company, certified B-Corp).", "privacyPolicyTldr": "No account required for basic web searches. The underlying data comes from public government registries. OpenCorporates collects standard usage analytics. Paid and Public Benefit accounts require contact and billing information. API usage is logged. The company's Articles of Association commit it to open corporate data as a public benefit.", "practicalMitigations": "Free web search caps results — create a free account for expanded access, or apply for a Public Benefit API key if you're a working journalist. Always cross-reference OpenCorporates results with the original registry (data freshness varies by jurisdiction — check their coverage heatmap). Pair with Aleph for document-level searches and ICIJ Offshore Leaks for leaked datasets. For beneficial ownership, supplement with Open Ownership's BODS data or the UK PSC register. Note that 'no results' API calls still count against your monthly quota.", "owner": "OpenCorporates Ltd (United Kingdom, certified B-Corp)", "fundingModel": "Revenue from paid API access, bulk data licensing, and enterprise compliance clients. Mission-driven: Articles of Association enshrine open corporate data as public benefit.", "businessModel": "Freemium. Free web search, free API for qualifying journalists/NGOs (share-alike licence), paid API tiers for commercial users (£2,250–£12,000/year), enterprise bulk data licensing for compliance and fintech. Competes for compliance dollars against Orbis ($20K+/year) and Sayari ($50K+/year), but positioned as the open, affordable option.", "knownIssues": "Nearly half of data sources are labeled 'offline' — they no longer receive regular registry updates, so dissolved or restructured companies may show stale data. Data is 'as is' from registries with no enrichment or validation layer. Beneficial ownership coverage is limited to jurisdictions that publish it (mainly UK PSC data). US coverage is uneven — some states like Alaska publish extensive data while others provide almost nothing. Paid API plans cap at 500 calls/month and 200 calls/day even on the Basic tier, and empty-result queries still consume quota. No financial data, no credit reports, no risk scoring.", "reviewedBy": "Deepened evaluation by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "UK-based certified B-Corp with a corporate transparency mission enshrined in its Articles of Association. The data is public registry information — low sensitivity. Free web search requires no account. Standard web analytics present. API keys are issued per account. No evidence of data breaches or security incidents. Low-risk for journalists; the main concern is data freshness, not security." }, { "name": "OpenRefine", "slug": "openrefine", "url": "https://openrefine.org", "tagline": "Clean, transform, and reconcile messy data with reversible operations.", "category": "data", "openSource": true, "whoItsFor": "Data journalists, researchers, and anyone who regularly cleans messy datasets. No programming required.", "pricing": "Free", "freeOption": true, "editorialTake": "OpenRefine is the duct tape of data journalism. Messy CSV from a FOIA request full of inconsistent names, duplicate entries, and broken formatting? OpenRefine fixes it in minutes, not hours. Every operation is logged and reversible — your data cleaning is reproducible and auditable, which matters when an editor or lawyer asks how you got from raw data to published numbers. Built as Freebase Gridworks by Metaweb in 2010, acquired by Google that same year and renamed Google Refine, then released to the community as OpenRefine in 2012. Current version is 3.10.0, which added geospatial functions, new compression format support (XZ, LZMA, 7zip, ZStandard), and better error handling for Excel imports. The 3.9 series averaged 20,000 downloads per month. The killer feature is clustering: it identifies 'John Smith', 'JOHN SMITH', and 'Smith, John' as the same entity without you writing a single regex. Reconciliation against Wikidata and OpenCorporates lets you link messy local data to canonical identifiers. Compared to Excel, OpenRefine keeps a full operation history (Excel doesn't), handles faceting and clustering natively, and won't silently corrupt your data types. Compared to Python/pandas, it requires zero code and has a gentler learning curve, but can't match Python for automation or datasets above ~500K rows. ProPublica used it for their Pulitzer-winning Dollars for Docs investigation. Runs entirely locally — your data never leaves your machine unless you explicitly query reconciliation services.", "bestFor": "Cleaning dirty datasets from FOIA responses, government databases, or scraped data. Standardizing names, addresses, and categorical data. Reconciling records against Wikidata, OpenCorporates, or custom SPARQL endpoints. Deduplicating entries across large spreadsheets. Auditable data transformations where you need to show your work.", "notFor": "Datasets above ~500K rows (performance degrades significantly). Statistical analysis or modeling (use R or Python). Visualization (use Datawrapper or Flourish). Fully automated pipelines (Python/pandas is better for repeatable batch processing).", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Local only — runs as a desktop application on localhost. Data never leaves your machine. No cloud component.", "privacyPolicyTldr": "No data collection. No telemetry. No network requests unless you explicitly invoke reconciliation services (Wikidata, OpenCorporates, custom endpoints) or database imports. Project data, history, and preferences are stored locally. OpenRefine developers cannot access your data.", "practicalMitigations": "Runs entirely on your machine — no cloud exposure. Be aware that reconciliation queries send entity names to external services (Wikidata, OpenCorporates), so don't reconcile columns containing source names or sensitive identifiers. Export your operation history JSON for reproducibility and audit trails. OpenRefine binds to localhost by default but has no built-in authentication — if you change the bind address to make it network-accessible, anyone on that network can access your instance. Keep OpenRefine updated: versions before 3.8.3 had serious vulnerabilities including remote code execution.", "owner": "OpenRefine Project (open-source, fiscally sponsored by Code for Science & Society). Originally Freebase Gridworks (Metaweb, 2010), then Google Refine (2010-2012), then OpenRefine (2012-present).", "fundingModel": "Historically grant-funded: Chan Zuckerberg Initiative EOSS program (2020-2025, now concluded), Wikimedia Foundation, NFDI. 2025 fundraising campaign raised ~$595 in direct donations plus $804/year from eight recurring donors. FLOSS/fund and the Antoine Bello Philanthropic Fund contributed in 2025. Multiple 2026 grant applications in progress. Funding is thin — this is a critical tool running on a shoestring.", "businessModel": "None. Volunteer and grant-maintained open-source project. No commercial entity. No paid features. Advisory committee governs direction.", "knownIssues": "Serious CVE history, all patched in recent versions. CVE-2024-47881: SQLite integration allowed remote code execution via malicious extension loading (fixed in 3.8.3). CVE-2024-23833: JDBC vulnerability let attackers read host filesystem files (fixed in 3.7.9). Pre-3.7.5 versions had unauthenticated remote code execution. Pre-3.8.3 versions lacked CSRF protection on expression preview. A Log4j vulnerability (CVE-2025-68161) was reported in 2025 with a patch request pending. No built-in authentication — if exposed beyond localhost, anyone with network access can control the instance. The CZI EOSS grant that funded most development ended December 2025. The project's 2025 fundraising campaign raised under $1,500 total. Long-term sustainability is an open question.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Runs entirely locally with no cloud dependency. Open-source with transparent operation logging. Data never leaves your machine unless you use external reconciliation services. Historical CVEs are serious but all patched in 3.8.3+. The lack of authentication is a non-issue for default localhost usage but becomes a real risk if you change the bind address. Keep it updated." }, { "name": "OpenSanctions", "slug": "opensanctions", "url": "https://www.opensanctions.org", "tagline": "Open-source sanctions, PEP, and criminal-watchlist database — 2.1 million entities aggregated from 328 official sources, free for journalists and non-commercial use.", "category": "newsgathering", "additionalCategories": [ "verification" ], "openSource": true, "whoItsFor": "Investigative journalists tracing sanctioned individuals, oligarchs, shell companies, and politically exposed persons. Also used by anti-money-laundering compliance teams at banks, fintech KYC providers, NGOs, and OSINT researchers. Free for non-commercial users including newsrooms.", "pricing": "Free for non-commercial use under Creative Commons Attribution-NonCommercial 4.0. Commercial users pay for either bulk data licenses or pay-as-you-go API access through opensanctions.org/licensing — pricing scales with usage and entity volume. Journalists working on commercial publications still qualify for free use under the non-commercial editorial exemption, though OpenSanctions encourages newsrooms to support the project.", "freeOption": true, "editorialTake": "OpenSanctions is the most useful open dataset for sanctions and PEP research that has been built in the last decade. It aggregates 2.1 million entities from 328 official sources — OFAC, EU consolidated sanctions, UK HMT, UN Security Council, Interpol notices, national PEP registries, debarment lists, and watchlists from dozens of jurisdictions — into a single deduplicated, structured graph. The data updates daily for most collections and is published as bulk downloads, an API, and a searchable web interface.\n\nThe project was founded by Friedrich Lindenberg, who built Aleph at OCCRP and ran its data team from 2016 to 2021. Aleph powered investigations into the Russian Laundromat, the Azerbaijani Laundromat, and dozens of other transnational money-laundering stories. Lindenberg spun OpenSanctions out of that work to focus specifically on entity data — sanctions, PEPs, sanctioned vessels, sanctioned aircraft, criminal designations — and to give the same dataset to journalists, banks, and compliance teams under one license.\n\nThe technical work is the differentiator. OpenSanctions runs an open-source data pipeline (FollowTheMoney + Zavod) that normalizes wildly inconsistent government source files into a clean entity graph. Names are transliterated and deduplicated across alphabets. Date formats are standardized. Aliases, birth dates, passport numbers, and corporate registry IDs are linked. The result is a dataset you can actually query against a name in a story, instead of grepping 50 PDFs from 50 government websites.\n\nFor journalists, the workflow is straightforward. Use the web search to check whether a person, company, or vessel appears on any sanctions or PEP list. Use the API to enrich a list of names from a leak or court filing. Download the bulk dataset for offline analysis. Cross-reference hits against ICIJ Offshore Leaks, Aleph, or company registries to map the broader network.\n\nThe limits are real. OpenSanctions only aggregates published official sources — it will not surface unpublished intelligence, leaked documents, or beneficial-ownership data that governments do not release. PEP coverage is uneven across jurisdictions because national PEP registries are uneven. A negative result is not proof of innocence; it is proof of absence from these specific lists. Always verify hits against the original source URL, which OpenSanctions provides for every entity.\n\nThe project is run by OpenSanctions Datenbanken GmbH, a Berlin-based company with about 15 staff as of late 2025. It is funded by commercial licensing revenue from compliance customers, which subsidizes the free non-commercial tier. The pipeline code, the schema (FollowTheMoney), and the data are all open. This is the trust architecture that makes OpenSanctions usable in investigations: you can verify exactly where every claim comes from.\n", "bestFor": "Checking whether a person, company, vessel, or aircraft appears on any official sanctions or PEP list. Enriching leaked datasets or court filings with sanctions metadata. Cross-jurisdictional investigations involving Russian, Iranian, North Korean, or Venezuelan sanctions. Tracing oligarch networks and politically exposed persons. Building reproducible, citable evidence for stories that name individuals.", "notFor": "Beneficial-ownership investigations where the data is not in any government registry — use OCCRP Aleph and ICIJ datasets instead. General background checks on private individuals — OpenSanctions only covers people on official lists. Real-time alerting on emerging designations — daily updates are fast but not instant. Anything that requires unpublished intelligence.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Germany (European Union). OpenSanctions Datenbanken GmbH is headquartered in Berlin and operates under GDPR. The web platform and API run on EU-based infrastructure. The dataset itself is published openly and mirrored widely.", "privacyPolicyTldr": "OpenSanctions collects minimal user data on the public website — basic analytics and account information for API users. Search queries on the public web interface are not tied to identifiable accounts unless you create one. API users authenticate with API keys and usage is logged for billing and abuse prevention. As a German entity, OpenSanctions operates under GDPR, which gives users rights to access, deletion, and data portability. The project publishes a Trust Center with detailed compliance documentation. The underlying entity data is itself public — every record links back to the original government source.\n", "practicalMitigations": "For sensitive investigations, download the bulk dataset and run queries locally rather than querying the public API or web interface. The bulk download is a single file you can analyze offline with no logging. If you must use the API, use a dedicated API key per investigation and rotate it after the story publishes. Verify every hit against the original source URL OpenSanctions provides — do not cite OpenSanctions alone in a story. Cross-reference matches against ICIJ Offshore Leaks, Aleph, and corporate registries. Remember that absence from OpenSanctions is not proof of innocence — it only proves the entity is not on the lists OpenSanctions aggregates.\n", "owner": "OpenSanctions Datenbanken GmbH, a German limited liability company headquartered in Berlin. Founded by Friedrich Lindenberg, formerly head of data at OCCRP and creator of Aleph. The company has approximately 15 staff as of late 2025.", "fundingModel": "Self-sustaining commercial licensing. Revenue comes from banks, fintech KYC providers, AML compliance vendors, and corporate customers who license the data or use the API at scale. Commercial revenue subsidizes the free non-commercial tier for journalists, NGOs, researchers, and academics. The project has also received some grant funding for specific dataset additions.", "businessModel": "Dual-license open data. The dataset is free under CC BY-NC 4.0 for non-commercial use. Commercial users pay for bulk data licenses or pay-as-you-go API access. The data pipeline (Zavod) and schema (FollowTheMoney) are open source under MIT license. This commercial-subsidizes-free model is similar to MapBox or PostgreSQL vendors.", "knownIssues": "Coverage depends on government transparency: OpenSanctions can only aggregate sources that are actually published. PEP coverage is excellent in jurisdictions with public PEP registries (most of the EU, the US, the UK) and weaker in jurisdictions that do not publish them. Beneficial-ownership data is generally not in OpenSanctions because most countries do not publish it.\n\nName matching across alphabets is hard: Russian, Arabic, Chinese, and Persian names create transliteration challenges. OpenSanctions normalizes aggressively, but a query in one transliteration may miss a record in another. Search by date of birth, passport number, or corporate registry ID when possible.\n\nNegative results are not exonerating: A name not appearing in OpenSanctions only means it is not on the official lists OpenSanctions aggregates. It does not mean the person is not sanctioned in some jurisdiction not covered, not under investigation, or not a PEP in a country without a public registry.\n\nNo leaked or unpublished data: OpenSanctions does not include leaked datasets, FinCEN files, Pandora Papers, or any non-public intelligence. For that, journalists need to use OCCRP Aleph, ICIJ Offshore Leaks, and direct collaboration with leak holders.\n\nUpdate lag for some sources: Most collections update daily. A few obscure or low-priority sources update weekly or monthly. Always check the source's \"last updated\" date in the entity record before relying on a result for time-sensitive reporting.\n", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-07", "relatedPrograms": [], "securityRating": "strong", "securityRatingNote": "OpenSanctions runs on EU infrastructure under GDPR, with encryption in transit and at rest, minimal data collection, and a published Trust Center. The dataset itself is public and verifiable — every entity record links back to its original government source, which is the strongest possible form of provenance for investigative work. The pipeline code is open source. The project is run by a journalist with a decade of experience in investigative data work at OCCRP. There is no record of a security incident. For sensitive investigations, the bulk-download workflow lets journalists query offline with no server-side logging at all. Rating reflects strong baseline security plus an unusually transparent trust architecture.\n" }, { "name": "OpenSecrets", "slug": "opensecrets", "url": "https://www.opensecrets.org", "tagline": "Campaign finance, lobbying, and dark money database for US politics.", "category": "newsgathering", "additionalCategories": [ "data", "newsgathering" ], "openSource": false, "builtForJournalism": true, "whoItsFor": "Political reporters, investigative journalists, researchers, and civic advocates tracking money in US politics. Newsrooms covering elections, lobbying, or policy influence. Data journalists pulling bulk datasets for analysis.", "pricing": "Free. Bulk data downloads require a free account and approval. API was discontinued in April 2025 — custom data solutions available by contacting OpenSecrets directly.", "freeOption": true, "editorialTake": "OpenSecrets is the single most important database for tracking political money in the United States. Campaign contributions, lobbying expenditures, revolving door records, personal financial disclosures, dark money flows, 527 organizations — it is all here, cleaned, coded, and searchable. The raw data originates from the FEC, Senate Office of Public Records, IRS 990 filings, and state agencies. OpenSecrets standardizes employer names, applies industry codes to PACs and individual contributions, and manually inputs dark money data from 990 forms — work the FEC does not do. The 2021 merger with the National Institute on Money in Politics (FollowTheMoney.org) added state-level campaign finance for all 50 states. In late 2024 the organization laid off a third of its staff due to funding shortfalls, which is worth knowing: the data is still being updated, but the pace may slow. Lobbying data through 2025 shows firms took in a record $5 billion. Every political reporter in America uses this.", "bestFor": "Tracking campaign donations to specific candidates or from specific donors. Investigating lobbying expenditures by industry or company. Following the revolving door between government and private sector. Researching dark money and outside spending groups. Pulling bulk datasets for data journalism projects.", "notFor": "State and local campaign finance before 2006 (FollowTheMoney coverage starts there). Non-US political finance. Real-time contribution tracking — FEC filing lag means data can be weeks or months behind. Granular ward- or precinct-level donation analysis. Since the API was discontinued in 2025, programmatic access now requires bulk downloads or custom arrangements.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (Washington, DC).", "privacyPolicyTldr": "OpenSecrets is a 501(c)(3) nonprofit. No account required for most searches. Bulk data downloads require a free registered account. OpenSecrets does not sell user data. Standard web analytics present. All political finance data is derived from public government records.", "practicalMitigations": "No account needed for basic searches. Cross-reference OpenSecrets data with FEC.gov filings directly for the most current numbers. Use bulk data downloads for large-scale analysis (API no longer available). Check the data cycle dates — contribution data can lag by weeks or months depending on FEC filing schedules. Dark money data from IRS 990s lags even further, sometimes a year or more.", "owner": "OpenSecrets (formed 2021 from merger of Center for Responsive Politics, est. 1983, and National Institute on Money in Politics)", "fundingModel": "Nonprofit. Funded by foundations (Carnegie Corporation, Democracy Fund, Hewlett Foundation, Omidyar Network, Open Society Foundations, Rockefeller Brothers Fund, others), individual donations, and some earned revenue from research fees and data contracts.", "businessModel": "501(c)(3) nonprofit. Free public resource. No advertising revenue. Revenue was $2.5M in 2023 against $4.3M in expenses. Laid off ~10 employees (a third of staff) in late 2024 due to funding gaps. Executive director Hilary Braseth cited donors shifting to partisan causes over nonpartisan infrastructure. Organization remains operational into 2026 but at reduced capacity.", "knownIssues": "API discontinued April 2025 — developers must now use bulk data downloads or request custom data solutions. Bulk data tables lag months behind the website. Data update frequency is a couple of times per year for current cycle, timing dependent on staff capacity. Dark money data from IRS 990 forms can lag a year or more behind real-time spending. FEC data does not include state-level races filed only with state agencies. After 2024 layoffs (one-third of staff), update cadence and research output may slow. Occasional data errors exist; some require confirmation from the original government source before correction. The organization's financial position remains precarious — $2.5M revenue vs. $4.3M expenses in 2023.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "Nonprofit-operated public database built from government records. No account required for most use. Standard web analytics present. Low-risk for journalists — the data you are searching is already public. Bulk data account requires email registration." }, { "name": "OpenStates", "slug": "openstates", "url": "https://openstates.org", "tagline": "Open legislative data from all 50 states, DC, and Puerto Rico — bills, votes, and legislators searchable in one place.", "category": "newsgathering", "additionalCategories": [ "data" ], "openSource": true, "whoItsFor": "Political reporters covering state legislation across multiple states. Data journalists building legislative datasets. Advocacy organizations tracking bills by issue area. Civic technologists building applications on legislative data. Researchers studying state policy trends. Local newsrooms that need to monitor their state legislature without navigating clunky government sites.", "pricing": "Free for public use at openstates.org. API access is free with rate limits. Bulk data downloads are free under a CC-0 license. Plural (the parent company) sells premium policy intelligence features to organizational customers, but the core open data and tools remain free.", "freeOption": true, "editorialTake": "OpenStates is the largest open collection of US state legislative data — bills, votes, legislators, and committees from all 50 states, DC, and Puerto Rico, standardized into a single searchable format. The project started as a Sunlight Foundation initiative in 2009, went through various stewards, and was adopted by Plural (a policy intelligence company) in 2021. The deal matters: Plural keeps the data open and free under a CC-0 license, and funds ongoing maintenance by selling premium features to professional policy teams. The web scrapers that collect data from state legislature websites remain open source on GitHub. The Plural app itself is proprietary. For journalists, OpenStates solves a real problem: state legislature websites are inconsistent, often poorly designed, and rarely interoperable. OpenStates normalizes the data so you can search for 'book ban' bills across all 50 states in one query. The API (v3, updated January 2026) is well-documented and supports programmatic access for data journalism. The main limitation is timeliness — data depends on scrapers that run on variable schedules, so there can be a lag between when a bill is introduced and when it appears. For real-time alerts, Plural's paid product or BillTrack50 may be better. But for free, open, bulk legislative data, nothing else comes close.", "bestFor": "Searching legislation across multiple states simultaneously. Building datasets of state bills by keyword or policy area. Finding legislator information and voting records. Powering civic tech applications with legislative data via the API. Bulk downloading standardized legislative data for research. Tracking how model legislation spreads across states.", "notFor": "Real-time legislative alerts (data lags behind official sources — use Plural's paid product or BillTrack50 for that). Federal legislation (use Congress.gov or ProPublica's Congress API). Bill text analysis or legal interpretation. Lobbying and campaign finance data. Committee hearing schedules or testimony. Regulation and rulemaking tracking.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States. Operated by Plural, a US-based company. The underlying legislative data is public record sourced from state government websites.", "privacyPolicyTldr": "The public-facing openstates.org requires no account for searching and browsing. API keys require an email address. The legislative data itself is public record. Plural's privacy practices apply to the hosted platform. The open data is licensed CC-0 — no restrictions on use.", "practicalMitigations": "No account required to search and browse legislation on the website. API access requires a free API key (email registration). The data is public legislative records, so no sensitivity in accessing it. For maximum independence, download the bulk data and run your own analysis rather than depending on the hosted API. Verify bill status against official state legislature websites — scraper lag means OpenStates may be hours or days behind. The open-source scrapers on GitHub can be self-hosted if you need more control over data freshness.", "owner": "Plural (formerly Civic Eagle). Open States data project originally created by the Sunlight Foundation.", "fundingModel": "Commercially sustained. Plural funds OpenStates through revenue from its premium policy intelligence product sold to organizational customers (lobbying firms, advocacy groups, enterprises). The open data and public tools are cross-subsidized by paid features.", "businessModel": "Hybrid open-source/commercial. The legislative data is free and open (CC-0). The web scrapers are open source. Plural's premium policy intelligence platform — with AI-powered analysis, predictive analytics, and real-time alerts — is a paid SaaS product. The free tier is the community contribution; the paid tier is the business.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "The data itself is public legislative records with no security sensitivity. The website uses HTTPS. No account required for basic use. The main consideration is that Plural is a commercial entity — your API usage patterns and search queries are visible to the company. For the vast majority of legislative research this is a non-issue. If you are tracking politically sensitive legislation and want no usage trail, download the bulk data instead of using the API." }, { "name": "OpenStreetMap", "slug": "openstreetmap", "url": "https://www.openstreetmap.org", "tagline": "Open map data used by the Washington Post, LA Times, and Chicago Tribune. Free, community-maintained, no tracking.", "category": "data", "additionalCategories": [ "newsgathering" ], "openSource": true, "whoItsFor": "Data journalists building maps for stories. Reporters who need locator maps, disaster coverage maps, or geographic analysis without Google Maps licensing restrictions. Newsrooms that want to own their map data.", "pricing": "Free. Map data is open under the Open Data Commons Open Database License (ODbL). Map tiles served free by the OpenStreetMap Foundation for light use. High-volume newsrooms should use a commercial tile provider (Mapbox, Stadia Maps, Thunderforest) or self-host.", "freeOption": true, "editorialTake": "OpenStreetMap is the Wikipedia of maps. 10 million+ registered contributors maintain a global dataset that often has better coverage of local detail than Google Maps — especially in regions underserved by commercial mapping. The Washington Post, LA Times, and Chicago Tribune use OSM data for news mapping. Mapbox, which powers many newsroom map projects, runs on OSM data.\n\nThe data is licensed under ODbL: you can use, modify, and share it freely as long as you attribute OpenStreetMap contributors and share any modifications to the database under the same license. You do not need to open-source your entire application — only changes to the OSM data itself. This makes it practical for newsroom use.\n\nFor journalists who need to create embeddable maps without writing code, uMap (umap-project.org) is the companion tool. uMap lets you drop markers, draw shapes, import GeoJSON or CSV data, and generate embed codes — all using OpenStreetMap layers. No account required to create a map. Free. Open-source (AGPLv3).\n\nThe OpenStreetMap Foundation is a UK nonprofit. It pays for servers, one site reliability engineer, and the annual State of the Map conference. Funding comes from donations and corporate supporters. The Foundation does not control the data — the community does. This is both a strength (no single corporate gatekeeper) and a limitation (data quality varies by region and contributor activity).\n\nPrivacy is strong by design. Viewing OSM maps requires no account and generates no user-tracking cookies from OSM itself. Editing requires an account, but the Foundation's privacy policy limits data collection to what's necessary for the service. If you embed OSM tiles on your news site, your readers' browsers contact OSM tile servers — consider self-hosting tiles or using a CDN for high-traffic stories to reduce third-party requests.\n\nThe main limitation: OSM is raw data, not a polished product. Google Maps has Street View, business hours, real-time traffic, transit routing, and indoor maps. OSM has none of that out of the box. You need additional tools (Mapbox, Leaflet, QGIS, uMap) to turn OSM data into publishable maps. For newsrooms with GIS skills, that's fine. For reporters who just need a quick map, the learning curve is real.\n", "bestFor": "Data journalism maps, locator maps for stories, disaster and conflict coverage mapping, geographic analysis, embedding interactive maps in articles (via uMap or Leaflet), newsroom projects that need open licensing without Google Maps restrictions.", "notFor": "Quick consumer-style maps with business listings and reviews (use Google Maps). Real-time traffic or transit routing. Street View photography. Reporters who need a polished map in under five minutes with no GIS experience — the learning curve requires investment.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United Kingdom (OpenStreetMap Foundation registered in the UK). Tile servers distributed globally. Map data itself is open and mirrored worldwide — no single jurisdiction controls it.", "privacyPolicyTldr": "Viewing maps requires no account and no tracking cookies from OSM. Editing requires an account — the Foundation collects email, username, and IP addresses. GPS traces uploaded by contributors are stored. The Foundation's privacy policy strives to balance project needs with user rights. No advertising. No third-party data sharing beyond what's needed to operate the service.", "practicalMitigations": "For high-traffic news stories, self-host tiles or use a commercial tile provider (Mapbox, Stadia Maps) rather than hitting OSM's volunteer-funded servers. When embedding maps, note that readers' browsers make requests to tile servers — if privacy is critical, self-host. Use uMap for quick embeddable maps without coding. For sensitive geographic reporting (conflict zones, source locations), be careful about what you publish — OSM data is public and editable, and map markers in your stories can reveal locations you may not intend to disclose. Verify OSM data against official sources for accuracy-critical reporting — community-maintained data can contain errors or vandalism.", "owner": "OpenStreetMap Foundation (OSMF), a UK nonprofit (not-for-profit company limited by guarantee). Established 2006. Board elected by members. The Foundation stewards infrastructure but does not own or control the map data — the community does under ODbL.", "fundingModel": "Donations from individuals and organizations. Corporate supporters include Mapbox, Meta, Microsoft, Apple, Amazon, and others who use OSM data commercially. The Foundation's budget covers servers, one SRE, and the annual State of the Map conference. Tile serving is donation-funded.", "businessModel": "OpenStreetMap is free. The Foundation does not sell the data. Commercial companies (Mapbox, TomTom, Apple Maps) build products on OSM data and contribute back through corporate sponsorship, code contributions, and data improvements. The ecosystem is sustained by the value companies extract from open data, not by monetizing users.", "knownIssues": "Data quality varies by region: Urban areas in North America and Europe have excellent coverage. Rural areas, developing countries, and rapidly changing environments may have outdated or incomplete data. Always verify against official sources for accuracy-critical reporting.\n\nVandalism: As with any wiki, OSM data can be vandalized. Edits are tracked and reversible, but false data can persist until caught. Newsrooms should not treat OSM as authoritative without verification for sensitive stories.\n\nTile usage policy: OSM's tile servers are funded by donations and intended for light use. Newsrooms with high-traffic stories that embed OSM tiles directly may be blocked for excessive usage. Use a commercial provider or self-host for production.\n\nNo Street View equivalent: OSM has no first-party street-level imagery. Third-party projects (Mapillary, KartaView) provide crowd-sourced street photos but coverage is inconsistent.\n\nOverpass API complexity: Querying raw OSM data requires learning the Overpass query language, which has a steep learning curve. Tools like Overpass Turbo provide a visual interface but still require geographic data literacy.\n\nAttribution required: ODbL requires crediting \"OpenStreetMap contributors\" on any published map. Failure to attribute is a license violation. Most newsroom map tools handle this automatically, but check your embeds.\n", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-03", "relatedPrograms": [], "securityRating": "strong", "securityRatingNote": "No user tracking, no advertising, no data monetization. Viewing maps requires no account. The data is open and mirrored globally — no single point of control. The Foundation's privacy policy is minimal by design because minimal data is collected. The main considerations are practical: verify community-maintained data for accuracy, self-host tiles for high-traffic embeds, and be careful about publishing sensitive geographic coordinates. Infrastructure security is adequate for a nonprofit — encryption in transit and at rest, distributed tile servers.\n" }, { "name": "Opus Clip", "slug": "opus-clip", "url": "https://www.opus.pro", "tagline": "AI-powered clip extraction from long-form video. Identifies hooks, reframes for vertical, adds captions, and scores clips for engagement potential. A first-draft machine for repurposing.", "category": "visuals", "additionalCategories": [ "ai" ], "openSource": false, "whoItsFor": "News podcasters and video journalists who produce long-form content and need short clips for social distribution. Newsroom social media teams repurposing interviews, press conferences, and panel discussions into vertical clips. Solo journalists who lack time to manually cut highlight reels. Newsletter creators adding video clips to grow audience on TikTok, Reels, and Shorts.", "pricing": "Free: 3 credits (3 minutes of source video processed). Starter: approximately $15/month. Pro: approximately $29/month (billed monthly) or $14.50/month (billed annually). Credits are consumed per minute of source video uploaded — 1 credit equals 1 minute regardless of how many clips are generated. Business tier with custom pricing for teams. All paid plans include multi-aspect reframing, brand templates, and social scheduling.", "freeOption": true, "editorialTake": "Opus Clip scans a long video, identifies potential hooks using a GPT-4-powered model, and outputs a set of short clips with captions, vertical reframing, and a Virality Score predicting engagement potential. Founded in 2022 by Young Zhao and Grace Wang in Palo Alto. Over 10 million users. Raised $50M total, including $20M from SoftBank Vision Fund 2 in March 2025 at a $215M valuation. The tool does one thing well: it eliminates the tedious first pass of scrubbing through a 45-minute interview to find the three best 60-second moments. For a newsroom social editor handling five press conferences a day, that time savings is real. The output is a first draft, not a final product. Expect to discard or re-edit 20-40% of what the AI selects. The Virality Score optimizes for engagement, not editorial judgment — it will surface confrontational moments over substantive ones. Captions are auto-generated and need fact-checking. The tool uploads your full video to Opus Clip's servers for processing, which means pre-publication footage leaves your control. For published content being repurposed, this is fine. For embargoed or sensitive material, it is not. No C2PA credentials on outputs. No offline processing option.", "bestFor": "Repurposing published long-form interviews and panels into social clips. Podcast highlight reels for cross-platform distribution. Press conference clip packages for newsroom social accounts. Any workflow where the source material is already public and you need volume.", "notFor": "Pre-publication or embargoed footage. Sensitive interviews where source identity matters. Content requiring editorial judgment about what to highlight (the AI optimizes for engagement, not news value). Final-cut production — outputs need human review and editing. Any material you cannot afford to have stored on a third-party cloud server.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States. OpusClip Inc. headquartered in Palo Alto, California. Processing on US-based cloud infrastructure.", "privacyPolicyTldr": "Account required. Full source video is uploaded to Opus Clip servers for AI processing. The company's privacy policy does not explicitly state retention periods for uploaded video. Credit-based system means the platform stores and processes your content during generation. No public SOC 2 or ISO 27001 certification documented. Standard Silicon Valley startup data practices.", "practicalMitigations": "Only upload published or public content — never pre-publication footage, embargoed material, or sensitive source interviews. Review every clip before publishing: the AI optimizes for engagement, not accuracy or editorial standards. Fact-check auto-generated captions against the original transcript. Do not rely on the Virality Score for editorial decisions. Delete source videos from the platform after processing if retention concerns you. Consider downloading clips and hosting them yourself rather than using the built-in social scheduler if you want to control distribution.", "owner": "OpusClip Inc. Private company founded January 2022. Co-founders Young Zhao and Grace Wang. Headquartered in Palo Alto, California.", "fundingModel": "Venture-backed. Raised $50M total. $20M from SoftBank Vision Fund 2 (March 2025) at $215M valuation. Earlier investors include DCM Ventures and AIGrant.", "businessModel": "Freemium SaaS with credit-based usage. Revenue from Starter, Pro, and Business subscriptions. Credits consumed per minute of source video processed.", "knownIssues": "AI clip selection optimizes for engagement over editorial substance — confrontational or emotional moments surface above policy substance. Auto-generated captions contain errors that require manual review. Virality Score has no transparency into its ranking methodology. TikTok publishing connections are known to drop and require re-authentication. No documented security certifications. Full source video must be uploaded to third-party servers for processing — no local or on-premise option.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "Opus Clip is a standard venture-backed SaaS product with US-based infrastructure and no documented security red flags. The 'adequate' rating reflects reasonable baseline practices (encryption in transit, US jurisdiction, established investors) balanced against the lack of published security certifications and the requirement to upload full video content to third-party servers. Appropriate for repurposing public content; not appropriate for sensitive pre-publication material." }, { "name": "Orbot", "slug": "orbot", "url": "https://orbot.app", "tagline": "Free, open-source Tor proxy for Android and iOS. Routes your mobile traffic through the Tor network to mask your identity and location. Built by the Guardian Project.", "category": "security", "openSource": true, "whoItsFor": "Journalists working in hostile network environments who need to hide their internet activity from local ISPs, government surveillance, or network operators. Reporters accessing censored websites or communicating with sources in countries that block Tor Browser. Mobile-first reporters who need Tor protection without a laptop. Anyone who needs to access .onion services from a phone.", "pricing": "Free", "freeOption": true, "editorialTake": "Orbot does one thing well: it puts the Tor network between your mobile device and the internet. On Android, it can route all device traffic or selective per-app traffic through Tor using Android's VPN interface. On iOS, it provides a VPN-mode tunnel for all traffic. The result: your real IP address is hidden from the websites and services you access, your ISP sees only encrypted Tor traffic, and you can reach .onion services that are otherwise inaccessible. The Guardian Project — the team behind Orbot — has been building privacy tools for journalists and activists since 2009. Nathan Freitas and team have deep roots in the press freedom community. Orbot integrates with other Guardian Project tools and has been recommended by CPJ, EFF, and Reporters Without Borders for journalists in restrictive environments. The honest limitations: Tor is slow. Routing traffic through three relays adds significant latency — expect 2-10x slower connections depending on circuit quality. Many services block Tor exit nodes (Google CAPTCHAs become relentless, some banking apps refuse to load, streaming services block access). On iOS, per-app routing is not possible — it is all-or-nothing VPN mode. Battery drain is real on mobile devices. And Tor protects network-layer metadata but does nothing if you log into an account tied to your real identity — Tor anonymity requires behavioral discipline, not just technical setup. Orbot also supports Tor bridges (obfs4, Snowflake) for users in countries that actively block Tor (China, Iran, Russia, Turkmenistan). This is critical for journalists in those environments — standard Tor connections are fingerprinted and blocked, but bridges disguise the traffic. For journalists who need mobile Tor access — whether to research sensitive topics without revealing their IP, access blocked sites, or communicate via .onion services — Orbot is the standard tool. There is no credible alternative on mobile.", "bestFor": "Hiding your IP address and location from websites you visit on mobile. Accessing .onion services (SecureDrop instances, darknet research) from a phone. Circumventing internet censorship in restrictive countries. Protecting your browsing from local network surveillance (hotel Wi-Fi, airport networks, compromised ISPs). Research on sensitive topics where you do not want your IP in server logs.", "notFor": "Everyday browsing — the speed penalty makes it impractical for routine use. High-bandwidth activities (video streaming, large downloads). Situations where Tor exit node blocking makes services unusable. Protection against sophisticated state actors who can perform traffic correlation attacks. Anonymity if you then log into accounts linked to your real identity. iOS users who need per-app routing (not supported).", "encryptionInTransit": "yes", "encryptionAtRest": "partial", "dataJurisdiction": "No central server. Orbot is a local application that connects to the decentralized Tor network. The Guardian Project (US-based nonprofit) develops the app but operates no data-collecting infrastructure. Tor traffic passes through volunteer-operated relays worldwide — no single entity controls or monitors the full path. Your traffic exits from a random Tor exit node, so the destination sees that node's IP, not yours.", "privacyPolicyTldr": "Orbot collects no user data. There is no account, no registration, no telemetry, and no central logging. The Guardian Project does not operate Tor relays and has no visibility into your traffic. The app connects to the public Tor network — the same infrastructure used by Tor Browser. Your ISP sees encrypted Tor traffic but not its content or destination. The destination sees a Tor exit node IP but not your real IP. No single party in the chain can see both who you are and what you are doing.", "practicalMitigations": "Do not assume Tor alone makes you anonymous — if you log into Gmail or Facebook over Tor, those services still know who you are. Use Tor Browser for web browsing when possible (stronger fingerprinting protection than Orbot + a regular browser). On Android, use per-app VPN mode to route only sensitive apps through Tor rather than all traffic. Enable Tor bridges (Settings > Bridges) if you are in a country that blocks Tor. Be aware of DNS leaks — ensure your device is not resolving DNS outside the Tor tunnel. Expect slower connections and plan accordingly. Do not torrent over Tor (it deanonymizes you and degrades the network for others). Combine with a hardened browser (Firefox with strict settings, or Tor Browser's Android version) for strongest protection. Check the Tor Project's documentation on operational security — the technology is only one layer of anonymity.", "owner": "Guardian Project (US-based open-source nonprofit)", "fundingModel": "Guardian Project is funded through grants from organizations including the Open Technology Fund, the Ford Foundation, and other press freedom and digital rights funders. Orbot development is supported by community donations. No commercial revenue, no advertising, no data monetization.", "businessModel": "Free and open source. No revenue from users. Guardian Project operates as a grant-funded nonprofit building privacy and security tools for journalists, activists, and human rights defenders. Orbot's development is sustained by institutional grants and individual donations.", "knownIssues": "Tor's fundamental limitation applies: a global passive adversary (a state actor monitoring both the entry and exit of your Tor circuit) can theoretically perform traffic correlation attacks to deanonymize users. This is a known Tor network limitation, not an Orbot-specific bug. iOS support is more limited than Android — no per-app routing, VPN-only mode. Some Tor exit nodes are operated by malicious actors who can intercept unencrypted (non-HTTPS) traffic exiting the network — always use HTTPS. Speed is consistently slower than direct connections (2-10x latency increase). Many commercial services actively block Tor exit node IPs, making the tool impractical for certain websites. Battery consumption is higher than normal network usage. The app occasionally loses connection to the Tor network and requires manual reconnection. In some countries, merely using Tor (even with bridges) may attract unwanted attention from authorities — assess your local risk before enabling.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "strong", "securityRatingNote": "Orbot is the mobile implementation of Tor — the most studied and battle-tested anonymity network in existence. The Guardian Project has a 15+ year track record building privacy tools for journalists and activists. The code is fully open source, the Tor network itself undergoes continuous academic scrutiny, and the tool is recommended by CPJ, EFF, RSF, and Freedom of the Press Foundation. The 'strong' rating reflects the tool's provenance, transparency, and the maturity of the underlying Tor network. It does not mean Tor provides absolute anonymity — traffic correlation attacks by nation-state adversaries remain theoretically possible, and operational security mistakes can deanonymize users regardless of the technology. Orbot is strong infrastructure used correctly; it is not a magic cloak." }, { "name": "OSINT Framework", "slug": "osint-framework", "url": "https://osintframework.com", "tagline": "Clickable directory of 500+ OSINT tools organized by investigation type — the table of contents for online research.", "category": "verification", "additionalCategories": [ "newsgathering" ], "openSource": true, "whoItsFor": "Investigative journalists, OSINT researchers, security analysts, and anyone starting an online investigation who needs to find the right tool fast. Covers people search, social media, domain/IP, geolocation, public records, blockchain, instant messaging, dating platforms, and 30+ other categories. Also useful for journalism educators building OSINT training curricula.", "pricing": "Free. No accounts, no tiers, no upsells.", "freeOption": true, "editorialTake": "OSINT Framework is a directory, not a tool. It organizes 500+ open-source intelligence resources into a clickable tree so you can find what you need without memorizing URLs. Justin Nordine created it and maintains it through the lockfale GitHub org. After a quiet period, the project saw a burst of enrichment activity in March 2026 — dozens of commits adding metadata, cleaning dead links, and restructuring categories. The repo has 11.1K GitHub stars and 1.8K forks, making it one of the most-starred OSINT projects on GitHub. The main alternative for journalists is Bellingcat's Online Investigation Toolkit (launched September 2024), which is more curated and journalism-focused but covers fewer tools. IntelTechniques (Michael Bazzell) moved its free tools behind a paywall in 2019 and now charges $650+ for training access. OSINT.sh is a different beast entirely — it runs tools server-side (SSL lookups, DNS, WHOIS) rather than linking to them, but it collects query data. For a free, zero-data-collection starting point, OSINT Framework remains the best option, provided you verify individual links before relying on them.", "bestFor": "Starting an investigation when you don't know which tool exists for the job. Discovering new OSINT resources by category. Training new investigators on the landscape of available tools. Building a personal bookmark collection of vetted resources.", "notFor": "OSINT Framework doesn't execute anything — it's a directory of links. If you already know your tools, skip it. Some linked tools are defunct, paywalled, or have changed scope since they were added. The framework doesn't vet linked tools for security or privacy — that's on you.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "GitHub Pages (United States). Static site — no user data collected or stored. No server-side processing.", "privacyPolicyTldr": "No accounts, no cookies, no analytics, no tracking. Static HTML/JS served from GitHub Pages CDN. Your browser fetches arf.json (the tool database) and renders it client-side. GitHub sees your IP address as the CDN host — that's the only data exposure.", "practicalMitigations": "OSINT Framework links to 500+ third-party tools, each with its own privacy and security posture. Before using any linked tool for sensitive investigations: (1) verify the tool still exists and hasn't been acquired or compromised, (2) check whether it logs queries, (3) use a VPN or Tor when exploring tools if your research interests are sensitive, (4) cross-reference tools against Bellingcat's vetted toolkit for a second opinion on trustworthiness.", "owner": "Justin Nordine (lockfale GitHub organization)", "fundingModel": "Unfunded community project. No sponsors, no grants, no ads. Runs on GitHub Pages (free hosting).", "businessModel": "None. Free community resource. Justin Nordine maintains it as a side project. Contributors submit pull requests to add or fix tool entries in arf.json.", "knownIssues": "Dead links are the chronic problem. With 500+ entries, tools shut down, move URLs, or get acquired regularly. Nordine acknowledged in May 2024 that maintenance had lapsed and pledged to resume active updates — March 2026 commits confirm follow-through. Bellingcat's 2024 research found that 80% of OSINT researchers say finding up-to-date toolkits is a challenge, and 8 of 40 interviewees specifically cited stale links as the top barrier to using any toolkit. The framework doesn't rate or review the tools it links to — a tool appearing in the directory says nothing about its quality, accuracy, or security. Some categories (dating, dark web) link to tools that could expose investigators if used carelessly. No mobile-optimized view — the tree visualization works poorly on phones.", "reviewedBy": "Deepened evaluation by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "The framework itself is a static site with zero data collection — minimal attack surface. The risk is downstream: it links to 500+ tools without vetting their security posture, and some linked tools collect query data, require accounts, or operate in adversarial jurisdictions. Treat the framework as a phone book, not an endorsement. Evaluate each linked tool independently before using it on sensitive investigations." }, { "name": "Otter.ai", "slug": "otter-ai", "url": "https://otter.ai", "tagline": "AI-powered meeting transcription and note-taking — fast and accurate, but your audio trains their models.", "category": "newsgathering", "whoItsFor": "Journalists who need to transcribe interviews, press conferences, or meetings. Works in real-time via OtterPilot (joins Zoom, Google Meet, Teams automatically) or from uploaded audio/video files. Mobile app records in the field. Not for journalists handling sensitive sources.", "pricing": "Free: 300 min/month, 30 min per conversation. Pro: $16.99/month ($8.33/month billed annually), 1,200 min/month. Business: $30/month ($20/month annually), 6,000 min/month. Enterprise: custom pricing (average ~$6,300/year per Vendr data). All paid plans include OtterPilot, AI summaries, and action item extraction.", "journalistDiscount": "None known.", "freeOption": true, "editorialTake": "Otter is the default transcription tool for a reason: it's accurate, fast, and the real-time meeting integration is genuinely useful for press conferences and routine interviews. But the privacy picture got significantly worse in 2025. A class action lawsuit (Brewer v. Otter.ai) alleges the company records conversations without proper consent from non-host participants and uses that data for AI training. A hospital breach in Ontario exposed patient health data through an unsanctioned Otter recording. The privacy policy still permits using your content to 'improve and develop' services. For routine, non-sensitive journalism work, Otter remains the most polished option. For anything involving confidential sources, use Good Tape (EU-hosted, no AI training) or local Whisper. The convenience isn't worth the exposure.", "bestFor": "Press conferences, routine interviews, meeting notes, lecture transcription — anything where the content is not sensitive and speed matters.", "notFor": "Confidential source interviews, sensitive investigations, legally privileged conversations, any recording where content could put someone at risk if accessed by third parties. Also not ideal for non-English transcription (accuracy drops significantly).", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (AWS servers). Certified under EU-US, UK-US, and Swiss-US Data Privacy Frameworks for cross-border transfers, but all processing happens in the US.", "privacyPolicyTldr": "Otter stores audio and transcripts on US-based cloud servers. The privacy policy permits using your content to 'improve and develop' their services — which means AI model training. They claim data is de-identified before training use, but a 2025 class action lawsuit challenges whether de-identification is meaningful for voice data and conversational context. Otter's OtterPilot bot joins meetings automatically when calendar-integrated, and only seeks consent from the meeting host — other participants cannot opt out or disable recording. Deleted conversations go to Trash and are removed after 30 days, but there is no guarantee that data already used for model training is retroactively purged.", "practicalMitigations": "If you use Otter for non-sensitive work: (1) delete recordings immediately after downloading transcripts, (2) never name confidential sources in any recorded conversation, (3) disable OtterPilot auto-join for meetings where you don't control the guest list, (4) use the desktop app rather than sharing transcript links, (5) review Otter's sharing settings — default behavior shares notes with all attendees. For sensitive interviews: use Good Tape (EU servers, no AI training, AES-256 encryption) or run OpenAI Whisper locally (free, fully offline, no data leaves your machine).", "owner": "Otter.ai Inc. (formerly AISense Inc.). Founded 2016 by Sam Liang (CEO) and Yun Fu (CTO). Headquartered in Mountain View, California.", "fundingModel": "Venture-backed. $70M+ raised over 4 rounds: Seed (2016, Draper Associates), Series A (2017, $10M led by Horizons Ventures), strategic round (2020, $10M from NTT DOCOMO Ventures), Series B (2021, $50M led by Spectrum Equity). Key investors include Spectrum Equity, Horizons Ventures, GGV Capital, and NTT DOCOMO Ventures. Hit $100M ARR in March 2025.", "businessModel": "Freemium SaaS. Free tier drives adoption; Pro/Business/Enterprise tiers generate revenue. Enterprise includes SSO, advanced security, and OtterPilot for Sales. $100M ARR milestone suggests strong commercial traction but also heavy dependence on continued growth — which incentivizes maximizing data collection.", "knownIssues": "Class action lawsuit (Brewer v. Otter.ai, filed August 2025) alleges Otter records conversations without consent from non-host participants and uses data for AI training — claims violations of ECPA, CFAA, and California privacy laws, ongoing as of April 2026. Ontario hospital breach (September 2024): OtterPilot auto-joined a medical meeting and transcribed PHI of seven patients, sent transcript to a former physician. Separate incident (September 2024): Otter captured sensitive post-meeting VC investor discussions and sent transcript to a participant who had already left. Privacy policy permits using content for AI model training — de-identification claims are contested since voice data resists true anonymization. OtterPilot joins meetings automatically via calendar integration; non-host participants cannot opt out, creating legal exposure in two-party consent states. No journalist-specific data handling commitments. No option to exclude data from AI training on Free or Pro plans.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "caution", "securityRatingNote": "SOC 2 Type II and HIPAA compliance show genuine security investment, but the core problem is structural: Otter uploads all audio to US cloud servers and uses content for AI training. The 2025 class action lawsuit and 2024 hospital breach demonstrate real-world consequences of this architecture. Adequate for routine journalism. Not recommended for any work involving confidential sources or sensitive material." }, { "name": "Our World in Data", "slug": "our-world-in-data", "url": "https://ourworldindata.org", "tagline": "Open-source research and data on global development, health, energy, poverty, and environment — from the University of Oxford.", "category": "data", "openSource": true, "whoItsFor": "Journalists covering global development, public health, climate, energy, poverty, education, or population trends. Reporters who need contextualized long-term data with ready-made visualizations for stories. Data journalists who want clean, well-documented global datasets. Fact-checkers verifying claims about global trends. Educators and students studying global change. Anyone writing about how the world is changing and needing reliable data to support the narrative.", "pricing": "Completely free. All data, charts, articles, and code are open access. All visualizations can be embedded or downloaded. All datasets are downloadable.", "freeOption": true, "editorialTake": "Our World in Data is the best single source for contextualized global data. Founded by Max Roser at the University of Oxford in 2011, it is a research project of the Global Change Data Lab and the Oxford Martin Programme on Global Development. A team of nearly 30 researchers, developers, and data specialists compiles data from official sources (World Bank, WHO, UN, national statistical offices, peer-reviewed research) and publishes it in standardized, interactive formats with explanatory articles. The key differentiator is not just the data but the research context. Each topic page explains methodology, limitations, and how to interpret trends — something raw data portals never provide. The interactive charts are embeddable with a single click, CC-BY licensed, and automatically cite their sources. For journalists, this means you can go from 'I need a chart of global life expectancy trends' to an embeddable, properly sourced visualization in under a minute. The entire codebase is open source on GitHub, including the data pipeline (ETL), the charting library (Grapher), and all article content. Data is downloadable in CSV format from every chart. Coverage is strongest on global development topics: poverty, health, education, energy, environment, food, population, technology, and conflict. It is weaker on country-specific politics, economics below the national level, or topics not covered by international statistical agencies. The platform's long-term perspective — showing trends over decades or centuries — is particularly useful for countering presentism in news coverage.", "bestFor": "Embeddable charts and visualizations for global trend stories. Long-term data on health, poverty, energy, climate, education, and population. Cross-country comparisons on development indicators. Contextualizing breaking news with historical trends. Downloading clean, well-documented global datasets. Understanding methodology and limitations of global statistics.", "notFor": "US-specific or subnational data (use Census, BLS, Data.gov). Real-time or breaking news data. Country-specific political or economic analysis below the national level. Proprietary or paywalled datasets. Topics not covered by international statistical agencies. Primary source data — Our World in Data is a secondary source that compiles and standardizes data from original sources.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United Kingdom. The Global Change Data Lab is registered as a charity in England and Wales. Research team is based at the University of Oxford.", "privacyPolicyTldr": "No account required for any functionality — all data, charts, articles, and downloads are freely accessible without registration. Standard web analytics. No advertising. No paywall. No data collection beyond basic site analytics. All content is CC-BY licensed.", "practicalMitigations": "No account required for anything — search, read, download, and embed all work without registration. All data is from public international sources and carries no sensitivity. Always follow source citations to the original data provider (WHO, World Bank, UN) for primary sourcing in reporting. Check the 'last updated' date on charts — some datasets update annually. For maximum independence, download the data and the open-source charting code from GitHub. When embedding charts, note that they pull from Our World in Data's servers — for archival purposes, take a screenshot as well.", "owner": "Global Change Data Lab (registered charity, England and Wales) in collaboration with the Oxford Martin Programme on Global Development, University of Oxford.", "fundingModel": "Nonprofit funded by grants and donations. Major funders include the Bill & Melinda Gates Foundation, the UK Foreign, Commonwealth & Development Office, and other philanthropic foundations. No advertising revenue. No premium subscriptions. Fully open access.", "businessModel": "Nonprofit open-access research publication. All output — data, charts, articles, code — is freely available under open licenses (CC-BY for content, MIT for code). Revenue comes entirely from grants and donations. The organization's mission is to make research and data on global problems accessible and understandable.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "strong", "securityRatingNote": "No account required. No personal data collected. HTTPS throughout. No advertising or commercial tracking. Open-source codebase auditable on GitHub. Nonprofit with transparent funding. Hosted at the University of Oxford. From a privacy and security perspective, this is among the lowest-risk tools in the directory — a public research website with no user accounts, no tracking, and open-source code." }, { "name": "Overpass Turbo", "slug": "overpass-turbo", "url": "https://overpass-turbo.eu", "tagline": "Web-based query tool for OpenStreetMap data. Extract hospitals, roads, buildings, or any mapped feature from the world's largest open geographic database.", "category": "data", "openSource": true, "whoItsFor": "Data journalists who need geospatial data for investigations — locating every hospital in a conflict zone, mapping infrastructure before and after a disaster, tracking urban development patterns, or extracting any category of geographic feature that OpenStreetMap volunteers have mapped. The tool has a real learning curve (its query language is not intuitive), but Bellingcat includes it in their open-source investigation toolkit for a reason: it unlocks a massive, free geographic database.", "pricing": "Completely free. No accounts, no plans, no limits beyond server capacity.", "freeOption": true, "editorialTake": "Overpass Turbo is a power tool, not a consumer product. It gives you a web interface to query OpenStreetMap's database of billions of geographic features — every road, building, hospital, bridge, military installation, and park that OSM's volunteer community has mapped worldwide. You write queries in the Overpass Query Language (or use the built-in Wizard for simple searches), and results render on an interactive map that you can export as GeoJSON, GPX, or KML. Bellingcat uses it for geolocation investigations. Data journalists use it to extract infrastructure data for entire countries. The catch: the query language is its own thing. It's not SQL, it's not a standard API — it's a domain-specific language with a learning curve. The Wizard helps for basic queries ('hospital in Damascus'), but complex queries require reading the documentation. The data itself is crowdsourced, so completeness varies by region. Western Europe and urban areas are mapped exhaustively. Rural areas in developing countries may have gaps. For journalism, the key advantage is that this data is open, free, and not controlled by any government or corporation. No one can revoke your access or change the terms.", "bestFor": "Extracting geographic datasets for investigations. Finding all features of a specific type in a region (hospitals, schools, military bases, bridges). Comparing infrastructure before and after events. Supporting geolocation and verification work. Feeding data into QGIS or other GIS tools for further analysis.", "notFor": "Making publication-ready maps (use Felt, Datawrapper, or QGIS for that). Real-time data — OSM data has variable update frequency. Areas with sparse volunteer mapping coverage. Journalists who need point-and-click simplicity with no learning curve.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "Queries run against public Overpass API servers hosted in Europe (primarily Germany). No user accounts or personal data stored. The underlying OpenStreetMap data is hosted by the OpenStreetMap Foundation (UK-registered charity). All queried data is public and openly licensed under ODbL.", "privacyPolicyTldr": "Overpass Turbo uses tracking cookies for basic analytics. No user accounts exist — no personal data is collected beyond standard web server logs. All data you query is public OpenStreetMap data. Your queries are sent to public API servers and are not encrypted beyond standard HTTPS. There is no privacy policy in the traditional sense because the tool collects almost nothing.", "practicalMitigations": "Queries are sent over HTTPS but reveal what geographic features and locations you're researching. If your investigation is sensitive, use a VPN when querying. Download results and work offline in QGIS for analysis. Verify crowdsourced data against authoritative sources before publishing — OSM data can be incomplete or outdated. Be aware that query patterns could theoretically reveal investigation targets if monitored at the network level.", "owner": "Open-source project maintained by Martin Raifer. Built on top of the Overpass API, which queries the OpenStreetMap database maintained by the OpenStreetMap Foundation (UK-registered charity).", "fundingModel": "Volunteer-maintained open-source project. MIT licensed. Overpass API servers are funded by donations and operated by the OSM community. No commercial entity behind it.", "businessModel": "None. Completely free, open-source, community-maintained. No revenue model. Sustained by volunteer effort and donated server resources.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "No user accounts, no personal data collection, no data storage — the attack surface is minimal. All queried data is public. HTTPS in transit. The privacy consideration is that your queries reveal what locations and features you're investigating, which matters for sensitive geolocation work. Use a VPN for sensitive queries. The tool itself is open-source (MIT license) and auditable. Adequate for journalism use with basic network-level precautions." }, { "name": "Overview", "slug": "overview", "url": "https://github.com/overview/overview-server", "tagline": "Open-source document clustering and visualization for large investigative sets. Self-host only — the hosted service is gone.", "category": "data", "openSource": true, "builtForJournalism": true, "whoItsFor": "Investigative journalists or researchers with large document sets (FOIA dumps, court records, leaked archives) who can self-host Docker containers. Technical users comfortable running infrastructure. Legal teams doing e-discovery.", "pricing": "Free and open-source. Self-hosting costs are your own infrastructure.", "freeOption": true, "editorialTake": "Overview was a breakthrough when it launched. Jonathan Stray built it at the AP with Knight Foundation funding to solve a real problem: you get 10,000 FOIA pages and need to find the story. Overview clusters documents by topic similarity and visualizes the relationships, so you can spot patterns without reading every page. AP reporter Jack Gillum used it to sift 9,000 pages of Paul Ryan documents. The clustering algorithm remains genuinely useful for surfacing structure in unstructured document sets. But the project has been effectively abandoned. The hosted service at overviewdocs.com is gone — it redirects to the self-hosting repo. The blog is down. The help site has expired TLS certificates. The last formal release on GitHub was May 2014. Stray moved on to UC Berkeley's Center for Human-Compatible AI, where he works on recommender systems. For most journalists today, Google Pinpoint does what Overview did — document analysis, entity extraction, search across large sets — with zero setup, active development, and better OCR. Overview still works if you self-host it, and the clustering visualization has no direct equivalent in Pinpoint. But you need Docker skills and a tolerance for unmaintained software.", "bestFor": "Topic clustering across thousands of documents. Finding structure in large FOIA responses or leaked archives. Visualizing document relationships. Self-hosted document analysis where you control the infrastructure.", "notFor": "Anyone who wants a hosted service — it no longer exists. Non-technical journalists — use Google Pinpoint instead. Publishing documents publicly — use DocumentCloud. Small document sets — just read them.", "encryptionInTransit": "partial", "encryptionAtRest": "unknown", "dataJurisdiction": "Self-hosted — your infrastructure, your jurisdiction. No hosted service remains.", "privacyPolicyTldr": "No privacy policy applies — the hosted service is gone. Self-hosted Overview stores all data locally on your own infrastructure. No data leaves your servers. This is actually the strongest possible privacy posture for document analysis, provided you secure your own setup.", "practicalMitigations": "Self-host on your own infrastructure for complete data control. The Docker setup via overview-local requires at least 3GB RAM. Enable SSL through the built-in configuration options. Back up your PostgreSQL database and blob storage regularly. Be aware this is unmaintained software — do not expose it to the public internet without additional hardening.", "owner": "Overview Project (originally developed at the Associated Press by Jonathan Stray)", "fundingModel": "Knight Foundation News Challenge grant (original development). No current funding.", "businessModel": "Open-source, no commercial entity. Overview Services Inc. previously offered paid support and custom development — unclear if still operational.", "knownIssues": "Hosted service at overviewdocs.com shut down and redirects to self-hosting repo. Blog (blog.overviewdocs.com) is down. Help site (help.overviewdocs.com) has invalid TLS certificates. Last formal GitHub release was May 2014. Codebase is Scala/CoffeeScript — a dated stack that limits community contributions. Creator Jonathan Stray no longer works on the project. Google Pinpoint now covers most of the same use cases with zero setup cost. The clustering visualization — Overview's unique strength — has no direct replacement, but the project is functionally unmaintained.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "caution", "securityRatingNote": "Open-source and self-hostable, which is good for data sovereignty. But the software is unmaintained — no security patches since at least 2020 (copyright range 2011-2020). Running unmaintained server software with document upload capabilities is a real risk. The Scala/Play framework and PostgreSQL stack may have unpatched vulnerabilities. Only run on isolated infrastructure, never internet-facing without additional security layers." }, { "name": "ParseHub", "slug": "parsehub", "url": "https://www.parsehub.com", "tagline": "Visual web scraper. Point-and-click data extraction from JavaScript-heavy websites. No coding required. Desktop app builds the scraper; cloud servers run it.", "category": "newsgathering", "additionalCategories": [ "data" ], "openSource": false, "whoItsFor": "Journalists who need structured data from websites without writing code — public records, directories, price lists, government databases. Particularly useful for reporters who need to scrape JavaScript-rendered or infinite-scroll pages that simpler browser extensions can't handle.", "pricing": "Free: 5 public projects, 200 pages/run, 14-day data retention, no IP rotation, no scheduling. Standard: $189/month (20 private projects, 10,000 pages/run, 14-day retention, IP rotation, Dropbox/S3 integration, scheduling). Professional: $599/month (120 private projects, unlimited pages/run, 30-day retention, priority support). Enterprise: custom pricing.", "freeOption": true, "editorialTake": "ParseHub occupies a specific niche: scraping complex, JavaScript-heavy sites without code. You build scraper projects in an Electron desktop app using point-and-click selection, then deploy them to ParseHub's cloud servers. It handles AJAX, infinite scroll, and dynamic content that choke simpler tools like Instant Data Scraper. The tradeoff is real: all scraped data passes through ParseHub's cloud infrastructure (Canadian-hosted), and the free tier gives you only 200 pages per run with no IP rotation — meaning target sites can block you quickly. For public-data investigations, it works. For sensitive source material, the cloud-processing model is a dealbreaker. Brazilian journalists used ParseHub to monitor 20,000+ court pages weekly tracking political censorship lawsuits — a good example of its strength on repeatable, large-scale public-data scraping.", "bestFor": "Extracting structured data from JavaScript-heavy websites without coding. Government databases, court records, directories, price monitoring, any repeatable scrape from dynamic sites. Works well for weekly scheduled scrapes of public data sources.", "notFor": "Sensitive or source-identifying data you don't want on third-party servers. Quick one-off table grabs (use Instant Data Scraper instead — it's free and instant). Scraping at scale beyond 200 pages without paying $189/month. Real-time monitoring. Sites that require login credentials you'd rather not share with a third party.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "Canada (ParseHub Inc. headquartered in Toronto). Scraped data is processed and stored on ParseHub's cloud servers. Claims GDPR compliance for EU users. Integrates with Dropbox and AWS S3 for external storage.", "privacyPolicyTldr": "ParseHub encrypts data in transit via HTTPS. Scraped data is stored on their cloud servers with configurable retention (14 days free/Standard, 30 days Professional). The company states it does not sell personal data to third parties. You can delete projects and their data from your account. The desktop app uses MomentCRM for analytics and chat. No transparency report published.", "practicalMitigations": "Never scrape login-protected or sensitive data through ParseHub — your credentials and scraped content pass through their servers. Export data locally and delete cloud projects promptly. Use the S3/Dropbox integration to route data to infrastructure you control. Check robots.txt and terms of service of target sites. For sensitive investigations, use Scrapy or BeautifulSoup instead — they run entirely on your own machine.", "owner": "ParseHub Inc. (private, Toronto, Canada)", "fundingModel": "Seed-funded. Investors include Ontario Centres of Excellence and Creative Destruction Lab. No known follow-on rounds.", "businessModel": "Freemium SaaS. Revenue from Standard ($189/mo) and Professional ($599/mo) subscriptions. Free tier limited enough to push serious users to paid plans.", "knownIssues": "Desktop app required — no browser-only option. Electron app can be resource-heavy. No auto-pagination; you must configure page navigation manually for each project. Test runs sometimes succeed while full cloud runs fail with no clear error. Free plan has no IP rotation, so target sites block scrapes frequently. Cannot handle some intermediate-complexity JSON/XML that open-source tools (BeautifulSoup, Scrapy) parse fine. Scraping speed is throttled by plan tier. No native API for building custom integrations (despite having a REST API for retrieving run data). Limited debugging — when extraction fails, diagnosing why is opaque.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "HTTPS encryption in transit. Cloud-based processing means all scraped data — and any credentials you use for authenticated scraping — passes through ParseHub's servers in Toronto. Canadian jurisdiction with reasonable privacy laws (PIPEDA). No published security audit or SOC 2 certification. Adequate for scraping public data. Not appropriate for investigations involving sensitive sources, whistleblower material, or login-protected content where credential exposure to a third party is unacceptable." }, { "name": "Perplexity", "slug": "perplexity", "url": "https://www.perplexity.ai", "tagline": "AI search engine with source citations — useful for research, controversial for how it gets those sources.", "category": "ai", "whoItsFor": "Journalists who need fast background research with linked sources. Perplexity searches the web in real time, synthesizes results, and cites where each claim came from. It's genuinely faster than Google for building context on unfamiliar topics. But the company has been sued by The New York Times, Condé Nast, News Corp, Encyclopedia Britannica, and others for scraping their reporting without permission. That context matters when deciding whether to use it.", "pricing": "Free (limited searches, GPT-4o-mini). Pro: $20/month (unlimited searches, GPT-4o, Claude, file uploads, Deep Research). Max: $200/month (higher limits, priority access). Enterprise: custom pricing with zero data retention.", "journalistDiscount": "None known. Perplexity donated $250K to Northwestern Medill for AI-journalism research, but offers no journalist pricing.", "freeOption": true, "editorialTake": "Perplexity is the most useful AI research tool available — and one of the most ethically complicated. It synthesizes web sources with citations faster than any competitor. Its Deep Research mode scored 21.1% on expert-level benchmarks, outperforming Google's AI summaries. For background research on public topics, it saves real time. But the company built its product on other people's journalism. Forbes caught Perplexity turning a Forbes exclusive into an AI-generated article, podcast, and video with no attribution — the Perplexity version outranked the original on YouTube. Wired found Perplexity reproducing sentences verbatim. The NYT lawsuit alleges Perplexity used disguised crawlers and hidden IP addresses to evade detection while scraping millions of articles. By early 2026, Perplexity faces 40+ copyright cases in U.S. courts. The company launched a Publisher Program and abandoned advertising (Feb 2026) to rebuild trust, but the fundamental tension remains: Perplexity's product depends on ingesting the journalism it competes with. For journalists, there's also a privacy dimension. Your search queries reveal what stories you're working on, what sources you're investigating, what angles you're pursuing. Perplexity collects and retains this data by default. Free and Pro users' queries can be used for AI model training unless you opt out in settings. Use it for non-sensitive research with eyes open.", "bestFor": "Background research on public topics, fact-checking public claims, exploring unfamiliar beats, building source lists, synthesizing publicly available information quickly.", "notFor": "Research related to active investigations. Source-identifying queries. Any search that reveals an unpublished story angle. Do not search for confidential sources by name. The company retains query data and has shown a pattern of treating others' content as raw material.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States", "privacyPolicyTldr": "Perplexity collects search queries, browsing behavior, device info, IP addresses, and interaction patterns. Free, Pro, and Max users have AI Data Retention enabled by default — your queries can train their models unless you manually opt out in settings. Enterprise and API (Sonar) customers get zero data retention and no training use. Perplexity uses third-party analytics and shares data with service providers. Account deletion removes personal data within 30 days. The opt-out exists but is buried, not surfaced during onboarding.", "practicalMitigations": "Use Perplexity only for non-sensitive research. (1) Go to Settings and disable AI Data Retention immediately — it's on by default. (2) Never search for confidential sources by name. (3) Don't research story angles that reveal an unpublished investigation. (4) Use a VPN and incognito mode for anything approaching sensitive. (5) Consider DuckDuckGo + Claude or ChatGPT as an alternative workflow that separates search from AI synthesis, giving you more control over what each service sees. (6) Verify every citation — Perplexity cites real URLs but sometimes fabricates the claims it attributes to them.", "owner": "Perplexity AI Inc.", "fundingModel": "VC-backed. $1.72B raised across 11 rounds from 49 investors. Valuation reached $22.6B (Jan 2026). Key investors: Jeff Bezos, NVIDIA, IVP, Institutional Venture Partners. Grew from $500M valuation to $22.6B in under two years — a 40x jump for a company with ~250 employees.", "businessModel": "Subscription-driven. Free tier for adoption; Pro ($20/mo) and Max ($200/mo) for revenue; Enterprise for large organizations. Tried advertising in late 2024 but abandoned it in Feb 2026, citing user trust concerns. Now targeting $500M ARR entirely from subscriptions. Launched Comet Plus ($5/mo) in Aug 2025 with 80/20 revenue split favoring publishers — $42.5M allocated to publisher payouts. ~$200M ARR as of Feb 2026, 100M+ users, 780M monthly queries.", "knownIssues": "The New York Times sued Perplexity in Dec 2025 for copyright infringement, alleging Perplexity used disguised crawlers, undeclared user agents, and hidden IP addresses to scrape millions of articles while evading detection — violating both copyright law and the NYT's terms of service. Condé Nast (July 2024) and Forbes (June 2024) sent cease-and-desist letters accusing Perplexity of plagiarism and unauthorized content use. News Corp (Wall Street Journal), Encyclopedia Britannica, Merriam-Webster, Nikkei, Asahi Shimbun, Reddit, and the Chicago Tribune have also filed suits or complaints. By early 2026, Perplexity faces 40+ copyright-related cases in U.S. courts. Cloudflare confirmed Perplexity's crawlers bypassed robots.txt restrictions. Forbes documented Perplexity turning a Forbes exclusive into an AI article, podcast, and video with no attribution. Wired found verbatim sentence reproduction. On citation accuracy: a GPTZero investigation found the average user encounters an AI-generated source within three queries. A Columbia Journalism Review test found Perplexity had a 37% hallucination rate on citations — it cites real URLs but fabricates the claims attributed to those sources. The Publisher Program (launched July 2024, expanded 2025) attempts to address content licensing, but most major publishers who've sued are not participants.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "relatedPrograms": [ "perplexity-publisher-program" ], "securityRating": "caution", "securityRatingNote": "Search queries are sensitive journalist data. Perplexity collects and retains them by default, with AI training opt-out buried in settings. The company's documented pattern of bypassing robots.txt, disguising crawlers, and reproducing publisher content without permission reveals how it treats consent. 40+ copyright lawsuits pending. Useful tool, real risks. Use only for non-sensitive, public-record research." }, { "name": "PhantomBuster", "slug": "phantombuster", "url": "https://phantombuster.com", "tagline": "Social media scraping and automation. Extract data from LinkedIn, Twitter, Instagram for investigations.", "category": "data", "whoItsFor": "Investigative journalists mapping social networks, tracking public figures' connections, or building datasets from social media profiles. Also used by OSINT researchers, data journalists, and anyone who needs structured data from platforms that don't offer APIs.", "pricing": "Starter: $69/month (5 phantoms, 20 hours runtime). Pro: $159/month (15 phantoms, 80 hours). Team: $439/month (50 phantoms, 300 hours). 14-day free trial on all plans.", "freeOption": false, "editorialTake": "PhantomBuster automates what journalists used to do manually — scraping public profiles, extracting follower lists, building connection maps. For investigative work, it can turn a LinkedIn profile into a structured dataset of connections, or pull every public post from a Twitter account for analysis. The tool works by running 'phantoms' (pre-built scrapers) in the cloud, which means your targets' data passes through PhantomBuster's servers. The elephant in the room: most of these scrapers violate the target platforms' terms of service. LinkedIn has sued scrapers. Twitter/X has restricted API access. PhantomBuster operates in a legal gray zone that investigative journalists should understand before using it. Courts have generally upheld that scraping public data is legal (hiQ Labs v. LinkedIn, 2022), but platform ToS violations can lead to account suspension. The other concern: PhantomBuster requires your social media cookies or session tokens to operate, meaning you hand your login credentials to a third party.", "bestFor": "Building social network maps for investigations. Extracting public profile data at scale from LinkedIn, Twitter, Instagram. Monitoring public figures' connections and activity. Data journalism projects that need structured social media datasets.", "notFor": "Journalists who cannot risk their social media accounts being suspended. Anyone working under strict legal compliance requirements — ToS violations may be unacceptable for some newsrooms. Reporters who need to keep their investigative targets confidential — PhantomBuster's servers process the queries. Budget-constrained freelancers — $69/month minimum is steep for occasional use.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "France and EU. PhantomBuster is a French company (SAS). Data processed and stored in European data centers. Subject to GDPR.", "privacyPolicyTldr": "PhantomBuster stores your social media session tokens and cookies on their servers to run automations. Scraped data is stored in your PhantomBuster account. The company states they do not sell user data. They process your queries and extracted data through their cloud infrastructure. GDPR compliant. You are responsible for how you use scraped data — PhantomBuster's ToS places legal liability on the user.", "practicalMitigations": "Use a dedicated social media account for scraping — not your primary journalist profile. Expect account suspensions on LinkedIn and Twitter; plan accordingly. Do not scrape private or protected accounts. Store extracted data in your own systems and delete from PhantomBuster after export. Review the legal landscape in your jurisdiction before using for published investigations. Consider whether the same data is available through official APIs or FOIA requests first. Use a VPN to separate your scraping activity from your regular browsing.", "owner": "PhantomBuster SAS (French company, founded 2016 by Guillaume Cabane and David Music)", "fundingModel": "Bootstrapped and profitable as of 2024. No disclosed venture capital funding. Revenue from subscriptions.", "businessModel": "Subscription SaaS. Tiered pricing based on number of automations and runtime hours. Revenue comes entirely from subscriptions.", "knownIssues": "Requires sharing your social media session cookies/tokens with PhantomBuster's servers — if their systems are compromised, your social accounts are exposed. Most scrapers violate target platforms' terms of service. LinkedIn, Twitter/X, and Instagram actively detect and block scraping — automations break frequently and require maintenance. Account suspensions are common on target platforms. Scraped data may include personal information subject to GDPR or other privacy regulations — journalists must handle responsibly. Pricing is high for individual journalists. The legal status of web scraping remains unsettled in some jurisdictions despite favorable US court rulings.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "relatedPrograms": [], "securityRating": "caution", "securityRatingNote": "Caution rating reflects two concerns: (1) you must share social media session tokens with PhantomBuster's servers, creating credential exposure risk, and (2) most automations violate target platforms' ToS, risking account suspension. The tool itself uses standard cloud security (TLS, encrypted storage, GDPR compliance). For journalists, the operational risk — losing your LinkedIn or Twitter account mid-investigation — is the primary concern. Use dedicated accounts and understand the legal landscape before deploying." }, { "name": "PimEyes", "slug": "pimeyes", "url": "https://pimeyes.com", "tagline": "Facial recognition reverse-image search engine — finds photos of a face across the open web. Powerful for identification work, ethically fraught, used by journalists and stalkers alike.", "category": "newsgathering", "additionalCategories": [ "verification" ], "whoItsFor": "OSINT researchers, investigative journalists doing identification work, fact-checkers verifying images, and human-rights investigators tracing perpetrators. Also used by individuals monitoring their own image online, by stalkers, by doxers, and increasingly by activists identifying ICE personnel and far-right figures. The user base is genuinely mixed and ethically uncomfortable.", "pricing": "Free tier shows blurred matches without source URLs. Paid plans: Open Plus $29.99/month (75 daily searches, 10 alerts), PROtect $34.99/month (100 searches, takedown assistance), PROtect Plus $70.99/month (125 searches, 200 takedowns), PROtect Pro $159.99/month (150 searches, 400 takedowns), Advanced $299.99/month (unlimited searches, 1,000 takedowns). Yearly plans get 20% off. One-time $14.99 unlocks results for a single search session.", "freeOption": true, "editorialTake": "PimEyes is the most powerful publicly available facial recognition search engine, and that fact alone is the story. For journalism, it can be useful — verifying whether a person in one photo is the same as in another, identifying anonymous figures in crowd photos, tracing image reuse across the open web, finding additional photos of a public figure during background research. The Bellingcat-style OSINT community uses it routinely for identification work. The New York Times called it \"alarmingly accurate.\" The BBC called it \"facial recognition on steroids.\" Both descriptions are correct.\n\nBut this is not a tool that can be recommended without a long ethical discussion. PimEyes scrapes billions of face images from the open web — news sites, blogs, personal pages, court records, conference photos, university directories, anything indexable that contains a human face. It does not scrape Facebook, Instagram, or video platforms (officially). It builds biometric vectors from those faces and lets anyone with $30 search them. The opt-out process exists, but multiple investigations have shown opt-out is unreliable, the company is structurally opaque, and the tool has been used to identify children, stalk private individuals, and dox protesters and federal employees.\n\nThe owner is Giorgi Gobronidze, a Tbilisi-based AI academic who bought PimEyes in December 2021 through a Dubai-registered shell corporation, EMEARobotics. The company's prior owners were a Polish team, then a Seychelles shell. Legal entities tied to PimEyes include corporations in Belize, Poland, Dubai, and the United States. An Illinois Biometric Information Privacy Act (BIPA) plaintiff's attorney spent two years trying to serve the company notice of a lawsuit and could not find a valid contact in any of those jurisdictions. This is not how a trustworthy data processor structures itself.\n\nThe misuse record is severe. The New York Times, NPR, Washington Post, and Business and Human Rights Resource Centre have documented PimEyes returning images of children labeled \"potentially explicit.\" In October 2023, after sustained pressure, PimEyes added age detection to block child searches. Harvard students built a Ray-Ban Meta glasses demo using PimEyes to identify strangers in real time and pull their addresses and phone numbers. Activists have used it to dox ICE officers. UK and German privacy regulators have opened investigations. An Illinois BIPA class action remains ongoing.\n\nFor journalism, the honest framing is this: PimEyes is genuinely useful for legitimate identification work, especially in human-rights investigations where you have a perpetrator photo and need to find the person's name. It is also a tool that, by existing, makes mass surveillance of ordinary people trivially cheap. Using it for journalism funds a company whose business model depends on private individuals being identifiable. There is no clean answer. If you use it, use it sparingly, only for clear public-interest identification, never on private individuals or minors, and never as the only basis for identification — always corroborate with other evidence. Consider whether your story can be done with FaceCheck.id, Yandex reverse image search, or Google Lens instead, none of which are clean either but each of which makes different tradeoffs.\n\nDocument your methodology in the story. If you used facial recognition to identify someone, say so, and explain how you verified the match. Readers should know.\n", "bestFor": "Verifying whether two photos depict the same public figure. Identifying perpetrators in human-rights investigations where you have a face but no name. Tracing image reuse across news sites and the open web. Background research on public figures. Confirming claimed identities in romance-scam, deepfake, and impersonation investigations.", "notFor": "Identifying private individuals, minors, protesters, or anyone whose identification serves no public interest. Stories where the identification is the only piece of evidence and cannot be corroborated. Routine background checks. Anyone who is not prepared to disclose facial recognition use in their methodology. Newsrooms with strict ethics policies prohibiting biometric surveillance tools.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "Highly opaque. Owner Giorgi Gobronidze is based in Tbilisi, Georgia. Parent corporation EMEARobotics is registered in Dubai, UAE. Other linked entities are registered in Belize (Carribex LTD), Poland (Pimeyes Sp. z o.o.), and the United States (Transaction Cloud, Inc.). This structural opacity is itself a meaningful red flag — it makes legal accountability and data-rights enforcement effectively impossible.", "privacyPolicyTldr": "PimEyes uploads of search photos are processed for biometric matching and, according to the company, deleted after the search session. The underlying face index is built from web-scraped images and biometric vectors derived from them — billions of faces of people who never consented. The opt-out form requires submitting government ID and a current photo (which is itself a biometric submission to the same company you are trying to opt out of). Multiple journalists and researchers have documented opt-outs failing or being reversed when new images of the same person appear online. The company does not publicly disclose its data retention, breach history, or third-party processors. The privacy policy is published in English from a Dubai entity.\n", "practicalMitigations": "Treat PimEyes as a hostile data processor. Never upload photos of confidential sources, victims, minors, or anyone whose face you do not have explicit permission to query. Use a dedicated browser profile, ideally on a separate device, with a payment method that does not link to your real identity if your investigation is sensitive. Pay with a virtual card or prepaid card if possible. Do not use single sign-on. Never enable the alerts feature — it persists your query subject indefinitely on PimEyes infrastructure. Save results immediately, since opt-outs and takedowns can remove evidence later. Document in your story methodology that you used facial recognition and how you verified the match. Consider whether the same identification could be done with non-biometric tools first (Yandex, Google Lens, FaceCheck.id, or direct outreach). For your own personal protection, submit an opt-out request — but do not assume it will be permanent.\n", "owner": "EMEARobotics, a Dubai-registered corporation owned by Giorgi Gobronidze, an AI academic based in Tbilisi, Georgia. Gobronidze purchased PimEyes in December 2021 from prior owners — Polish engineers Lukasz Kowalczyk and Denis Tatina, then a Seychelles-based shell called Face Recognition Solutions Ltd. Other linked corporations are registered in Belize, Poland, and the United States.", "fundingModel": "Privately held, owner-funded and revenue-funded. PimEyes does not disclose investors or financial backers publicly. PitchBook lists a company profile but no detailed funding rounds. Revenue comes entirely from user subscriptions.", "businessModel": "Subscription SaaS. Free tier surfaces blurred match thumbnails to drive paid conversions. Paid tiers ($30 to $300/month) unlock source URLs, daily search quotas, alerts, and takedown assistance. The PROtect product line is positioned as personal-image protection but uses the same underlying face index that powers all searches. A separate OSINT by PimEyes division sells access to law enforcement, institutional clients, and (per company statements) vetted investigators.", "knownIssues": "Child safety failures: Investigations by NPR, NYT, and the Business and Human Rights Resource Centre documented PimEyes returning images of children, some labeled \"potentially explicit,\" to anonymous searchers. PimEyes added age detection in October 2023 only after sustained press pressure. Whether the fix is reliable is contested.\n\nDoxing and stalking: PimEyes has been used to identify ICE officers, far-right figures, romance-scam victims, and private individuals at protests. A 2024 Republican senator letter targeted PimEyes for ICE doxing specifically. The Washington Post documented stalking use cases. Harvard students built a real-time identification demo using PimEyes plus Ray-Ban Meta glasses.\n\nOpt-out unreliability: The opt-out process requires submitting government ID and a current photo to the same company you are trying to escape from. Multiple journalists have shown opt-outs being reversed when new images of the same person appear online, since the system re-identifies and re-indexes faces continuously.\n\nStructural opacity: The company is registered across Dubai, Belize, Poland, Seychelles, and the United States, with no clear single legal home. An Illinois BIPA class action plaintiff's attorney spent two years trying to serve notice and could not find a valid contact in any jurisdiction. This makes data-rights enforcement under GDPR, BIPA, or CCPA effectively impossible.\n\nActive regulatory investigations: The UK Information Commissioner's Office (via Big Brother Watch complaint, November 2022), Germany's Hamburg DPA (December 2022), and the Illinois BIPA class action (May 2023) have all opened proceedings against PimEyes. None has resulted in a final binding order yet.\n\nConsent: The face index is built from web-scraped images of billions of people who never consented to being added to a biometric search engine. This is the core ethical problem and is not a bug to be fixed — it is the product.\n", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-07", "relatedPrograms": [], "securityRating": "caution", "securityRatingNote": "The caution rating is not primarily about technical security — it is about trust, governance, and ethical risk. PimEyes uses HTTPS and standard payment processing, but the company is structurally opaque (registered across Dubai, Belize, Poland, and Seychelles), refuses to disclose data retention or breach history, has been the subject of three open regulatory investigations (UK, Germany, Illinois BIPA), and has been documented enabling stalking, child-image searches, and protest doxing. The opt-out process requires submitting ID to the same company you are trying to escape. For journalism, the tool can produce useful identifications, but using it means trusting an entity with no meaningful accountability and a track record of misuse. Newsrooms should treat PimEyes as a tool of last resort, document its use in published methodology, never query private individuals or minors, and never upload photos of confidential sources. If a comparable result can be obtained with Yandex reverse image search, Google Lens, or direct reporting, prefer those.\n" }, { "name": "Privacy Badger", "slug": "privacy-badger", "url": "https://privacybadger.org", "tagline": "EFF-built browser extension that blocks invisible trackers and sends Global Privacy Control signals on every page you visit.", "category": "security", "openSource": true, "threatLevel": "baseline", "whoItsFor": "Journalists, researchers, and anyone who wants a second layer of tracker blocking alongside uBlock Origin. Especially useful if you visit sites with embedded social widgets (YouTube, Bluesky, Instagram, Threads) that track reading behavior silently.", "pricing": "Free. Open source (GPLv3). No donations required to use.", "freeOption": true, "editorialTake": "Privacy Badger is a solid companion blocker, not a standalone solution. It scores 63/100 on AdBlock Tester versus uBlock Origin's perfect 100 — because it only blocks ads that contain trackers, not ads themselves. The real value is threefold: it sends Global Privacy Control (GPC) signals that carry legal weight under CCPA, it replaces social embeds (YouTube, Bluesky, Instagram, Threads, Spotify) with click-to-activate placeholders, and it opts you out of Google's Privacy Sandbox. The 2020 learning-mode removal was the right call — local learning was a fingerprinting vector discovered by Google's security team. Now it ships pre-trained tracker lists updated via Badger Swarm (distributed cloud scans). Actively maintained: 10 releases in 2025 alone. Manifest V3 transition is complete in Chrome, though some features (like stripping Google tracking redirects) remain broken under MV3 constraints. Run it alongside uBlock Origin on Firefox for best results.", "bestFor": "Layered tracker blocking alongside uBlock Origin. GPC legal opt-out signals. Widget replacement for social embeds. Opting out of Google Privacy Sandbox.", "notFor": "Primary ad blocking (use uBlock Origin). YouTube ad blocking. Users who need a single comprehensive blocker.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Local only. All tracker data, learning state, and settings stay on your device. Pre-trained tracker lists fetched from EFF CDN.", "privacyPolicyTldr": "No data sent to EFF or anyone else. No telemetry, no analytics, no account required. Sends GPC and DNT signals to sites you visit (opt-out available in settings). Canvas fingerprinting detection runs locally.", "practicalMitigations": "Install alongside uBlock Origin for layered protection — overlap is moderate but Privacy Badger catches behavioral trackers that filter lists miss. Use Firefox over Chrome: Firefox still supports Manifest V2, giving Privacy Badger (and uBlock Origin) full blocking capabilities. Review the tracker slider controls if a site breaks. Disable learning mode if you re-enabled it — local learning creates a fingerprinting surface.", "owner": "Electronic Frontier Foundation (nonprofit, San Francisco)", "fundingModel": "EFF donations and grants. No corporate sponsors for the extension itself.", "businessModel": "Nonprofit. No monetization, no premium tier, no data sales.", "knownIssues": "Local learning mode (disabled by default since 2020) was a fingerprinting vector — Google Security Team showed attackers could manipulate which domains Privacy Badger blocked to create unique user fingerprints and perform limited history sniffing. Manifest V3 on Chrome limits Privacy Badger's ability to strip Google tracking redirects on Google properties — this remains unresolved as of 2026.2.20. Cookie blocking (yellow slider) broke in Chrome/Edge/Opera in mid-2025 and required a hotfix (2025.9.5). Canvas fingerprinting detection works but broader fingerprinting protections remain incomplete. AdBlock Tester score of 63/100 means many ads pass through — by design, but users expecting ad blocking will be disappointed.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "Open source (GPLv3), backed by EFF, 3.5k GitHub stars, actively maintained with 10+ releases in 2025. No data collection. GPC signals carry legal weight under CCPA. The 2020 fingerprinting vulnerability in learning mode was responsibly handled — disabled by default, pre-trained lists shipped instead. Manifest V3 transition complete but with reduced capabilities in Chrome. Strong choice as a secondary blocker; not comprehensive enough alone." }, { "name": "ProJourn Legal Help", "slug": "projourn-legal", "url": "https://projourn.org/", "tagline": "Connects journalists to pro bono attorneys for legal help with their reporting.", "category": "legal", "builtForJournalism": true, "whoItsFor": "US-based journalists who need legal assistance but can't afford a media lawyer.", "pricing": "Free", "freeOption": true, "editorialTake": "ProJourn is a matchmaking service between journalists and volunteer attorneys — run by RCFP, which means the lawyer network is credible and media-law fluent.", "bestFor": "Freelancers and independent journalists who need pre-publication legal review, source protection advice, or help responding to legal threats.", "notFor": "Journalists outside the US. International journalists should look at Media Defence or TrialWatch.", "owner": "Reporters Committee for Freedom of the Press", "fundingModel": "Nonprofit donations", "businessModel": "Nonprofit", "reviewedBy": "Preliminary assessment by Fieldwork", "lastReviewedDate": "2026-04-12" }, { "name": "ProPublica Nonprofit Explorer", "slug": "propublica-nonprofit-explorer", "url": "https://projects.propublica.org/nonprofits/", "tagline": "Search 1.9 million US nonprofits. Every Form 990 filing, executive salary, audit flag, and financial trend — free, no account required.", "category": "newsgathering", "additionalCategories": [ "data", "newsgathering" ], "openSource": false, "builtForJournalism": true, "whoItsFor": "Investigative journalists following nonprofit money. Researchers analyzing sector trends. Donors verifying how organizations spend. Local reporters checking executive compensation at regional nonprofits. Anyone who wants to know where a tax-exempt organization's money goes.", "pricing": "Free. No account required for searching. Email alerts require an email address. API is free with no authentication. No rate limits documented, though PDF downloads are rate-limited.", "freeOption": true, "editorialTake": "The single best free tool for nonprofit financial research. 1.9 million active organizations, 18 million tax filings, $4.1 trillion in total revenue tracked. ProPublica indexes every Form 990, 990-EZ, and 990-PF the IRS releases — then makes it actually usable. You get revenue, expenses, executive compensation, board members, and multi-year financial trends without reading a single PDF. But you can also pull the original 990 PDFs when you need line-item detail. Since late 2023, the platform added email alerts for filing updates, full-text search across e-filed documents, state-level pages ranking top nonprofits and highest-paid executives, and visual flags for organizations with audit deficiencies or reported theft. The December 2024 update added searchable audit data from the Federal Audit Clearinghouse — 33,400 organizations that spent $750K+ in federal grants. You can now filter for going-concern warnings, material noncompliance, and significant control deficiencies. No other free tool surfaces this data so cleanly. GuideStar (now Candid) offers richer self-reported profiles and grantmaking data but requires an account and paywalls deeper features. Charity Navigator rates charities but only covers organizations above $1M revenue. ProPublica wins on raw data access, speed, and zero friction.", "bestFor": "Checking executive compensation at any US nonprofit. Tracking revenue and expense trends over time. Finding organizations flagged by auditors for financial problems. Pulling original 990 PDFs for Schedule B (donor lists on private foundations), Schedule I (grants made), or any line-item detail. Bulk analysis via the free API. Investigating whether a nonprofit is solvent, overpaying executives, or misusing federal grant money.", "notFor": "Churches and religious organizations exempt from filing 990s. Small nonprofits under $50K revenue filing 990-N e-Postcards (not in the database). Real-time financials — 990s are filed annually with 6-18 month lag from fiscal year end, and IRS processing adds further delay. Self-reported program impact data (use GuideStar/Candid for that). International nonprofits. Private foundation donor lists on Schedule B are available, but public charity donor lists are redacted by the IRS.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. ProPublica is a 501(c)(3) headquartered in New York City. All underlying data is public IRS filings.", "privacyPolicyTldr": "No account required for core functionality. Email alerts require only an email address. ProPublica is a nonprofit newsroom — no advertising, no data sales. Standard web analytics may be present. The data you're searching is already public record (IRS filings). ProPublica has disclosed that the IRS has accidentally included Social Security numbers in some 990 filings, and ProPublica has worked to redact these.", "practicalMitigations": "No account needed for searching or API access. Cross-reference 990 data with the organization's own audited financial statements — 990s are self-reported and not audited by the IRS. Check the Federal Audit Clearinghouse flags now surfaced in the tool for organizations spending $750K+ in federal grants. Use Schedule B on private foundation 990-PFs for donor lists. Compare executive compensation against similar-sized organizations using state pages. Use the API (no auth required) for bulk analysis across multiple organizations — 25 results per page, paginated. For the fullest picture, pair with GuideStar/Candid for self-reported program data and Charity Navigator for third-party ratings.", "owner": "ProPublica", "fundingModel": "Nonprofit newsroom. Core funding from the Sandler Foundation. Additional support from foundations (including the Knight Foundation, MacArthur Foundation) and individual donations. ProPublica's total revenue was approximately $51M in FY2023.", "businessModel": "501(c)(3) nonprofit newsroom. Nonprofit Explorer is a free public resource — no paywalls, no advertising, no data licensing fees. Built and maintained by a team of developer-journalists (Andrea Suozzo, Alec Glassford, Brandon Roberts led the 2023 redesign). The tool serves ProPublica's mission of investigative journalism in the public interest.", "knownIssues": "IRS data lag is the biggest problem. The IRS has fallen behind on releasing 990 data — at one point nearly 500,000 filings were delayed. COVID-era staffing issues caused months-long gaps in the IRS's monthly data uploads to its public Amazon S3 bucket. Summary data processed by the IRS covers 2012-2019 calendar years (generally FY2011-2018 filings), though individual filings are more current. The IRS has twice accidentally uploaded nonpublic forms, and has failed to redact Social Security numbers from some filings — ProPublica removed 990 PDFs temporarily in the past while these issues were resolved. Form 990-N e-Postcards (filed by small orgs under $50K) are not included. The API reduced results per page from 100 to 25 in September 2023 with no documented rate limits. The 527 Explorer for political nonprofits is a separate tool with different data coverage.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "Nonprofit-operated public database of government records. No account required. Minimal data collection — email alerts are the only feature requiring personal information. The underlying data is public IRS filings. ProPublica has a strong track record on data handling and has proactively addressed IRS data quality issues (SSN redaction, nonpublic form removal). No authentication on the API means no credentials to protect." }, { "name": "Proton Drive", "slug": "proton-drive", "url": "https://proton.me/drive", "tagline": "End-to-end encrypted cloud storage from Proton AG. Swiss jurisdiction. Zero-access encryption means Proton cannot read your files — even under court order.", "category": "security", "openSource": true, "threatLevel": "sensitive-reporting", "whoItsFor": "Journalists storing sensitive source documents, legal filings, or investigation notes. Anyone in the Proton ecosystem (Mail, VPN, Pass, Docs) who wants integrated encrypted storage. Researchers and activists who need a cloud provider that cannot comply with content-level subpoenas.", "pricing": "Free: 5GB (2GB default, 5GB after completing setup steps). Drive Plus: €4.99/month (annual) for 200GB. Proton Unlimited: €9.99/month (annual) for 500GB — includes Mail, VPN, Pass, Calendar, Docs, Sheets. Duo: €14.99/month (annual) for 1TB shared across 2 users. Business: from €6.99/user/month (1TB/user). Cost per GB roughly 3x Google One.", "freeOption": true, "editorialTake": "Proton Drive is the strongest zero-knowledge cloud storage option for journalists who don't need Google-level collaboration. The encryption architecture is real: client-side key generation, hierarchical folder encryption, signed passphrases to prevent server-side tree forgery. All client apps are open source and audited by Securitum (no outstanding vulnerabilities found). Proton completed SOC 2 Type II attestation in July 2025 and holds ISO 27001 certification since May 2024. The Swiss jurisdiction story is more nuanced than marketing suggests — Proton processed 11,023 legal orders in 2024, contesting only 5.9%. That rate improved to 10.6% contested in 2025 (9,301 orders). File contents remain encrypted and undisclosable, but metadata, IP addresses, and payment info are fair game under a Swiss court order. Since 2025, Proton Docs and Proton Sheets bring encrypted real-time collaboration into the suite — still behind Google Docs in features, but the gap is closing. Desktop sync now works on Windows and macOS (macOS 2.0 shipped with Documents/Desktop folder sync). No native Linux client yet — CLI and WebDAV only. The free 5GB tier is enough for critical documents; the paid tiers compete on privacy, not on price.", "bestFor": "Encrypted storage for source documents and investigation files. Secure file sharing with non-Proton users via encrypted links. Journalists who already use Proton Mail and want a unified encrypted workflow with Docs and Sheets.", "notFor": "Heavy real-time collaboration (Google Docs still wins on co-editing speed and features). Users who need full-text search across file contents (encryption prevents server-side indexing). Linux desktop users who need native sync (CLI/WebDAV only as of early 2026). Anyone who needs more than 500GB at a competitive price — Google and Dropbox are far cheaper per GB.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Switzerland. Servers in Switzerland and the EU. Subject to Swiss Federal Data Protection Act (revDSG). Under Article 271 of the Swiss Criminal Code, Proton cannot transmit data directly to foreign authorities — requests must go through Swiss courts or MLAT treaties. In January 2024, Swiss authorities provided the FBI with Proton Mail subscriber info via MLAT.", "privacyPolicyTldr": "Zero-access encryption: Proton cannot decrypt file contents, file names, or folder structure. Metadata encrypted client-side using hierarchical key tree with signed passphrases. Proton does not sell data. However: IP addresses can be logged under Swiss court order, and payment info (credit card) is stored if you pay that way. In 2024, Proton received 11,023 legal orders and contested 5.9%. In 2025, 9,301 orders received, 10.6% contested. File contents remain undisclosable regardless.", "practicalMitigations": "Enable two-factor authentication. Pay with Bitcoin or cash (gift cards) to avoid payment metadata exposure. Use Proton VPN or Tor to mask IP address — Proton can be compelled to log IPs under Swiss court order. Use a strong, unique password: if you lose it and your recovery method, files are permanently unrecoverable. Sharing links create decryptable URLs — share only with trusted recipients. For highest-risk scenarios, consider an air-gapped backup alongside Proton Drive.", "owner": "Proton AG (Geneva, Switzerland). Founded 2014 by CERN scientists.", "fundingModel": "Self-sustaining since 2014 crowdfunding campaign. No venture capital. Revenue from paid subscriptions across Mail, VPN, Drive, Pass, and business plans.", "businessModel": "Freemium. Free tier (5GB) subsidized by paid subscribers. Revenue from individual plans (Drive Plus, Unlimited, Duo) and business/enterprise tiers. No advertising. No data monetization.", "knownIssues": "No native Linux desktop client — limited to CLI, WebDAV, or web app. Full-text search impossible across encrypted file contents (filename/tag search only). Video preview limited to files under 100MB. Sync speeds historically slower than Google Drive due to encryption overhead, though the January 2026 SDK rewrite significantly improved performance. No presentation tool (Slides equivalent) in the Proton suite yet. Proton's contest rate on legal orders dropped from 21.2% (2021) to 5.9% (2024) as order volume nearly doubled — partly attributed to Switzerland's 2024 switch to flat-rate compensation for law enforcement data requests. The rate recovered to 10.6% in 2025. Non-Proton collaborators get encrypted access via sharing links but cannot use Docs/Sheets editing without a Proton account.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "relatedPrograms": [ "proton-journalism" ], "securityRating": "strong", "securityRatingNote": "Zero-access E2E encryption with client-side key generation and hierarchical signed key tree. Open-source clients audited by Securitum (no outstanding vulnerabilities). ISO 27001 certified (May 2024). SOC 2 Type II attested (July 2025). Swiss jurisdiction with FDPA protections. File contents are cryptographically undisclosable even under court order. Metadata (IP, payment info) is the attack surface — mitigated by VPN use and anonymous payment. Contest rate on legal orders trending upward (10.6% in 2025 vs 5.9% in 2024)." }, { "name": "Proton Mail", "slug": "proton-mail", "url": "https://proton.me/mail", "tagline": "E2E encrypted email under Swiss jurisdiction — but Swiss privacy protections are eroding, and Proton is moving infrastructure to the EU.", "category": "messaging", "openSource": true, "threatLevel": "sensitive-reporting", "whoItsFor": "Journalists who need encrypted email for source communication and receiving tips.", "pricing": "Free tier (500MB, 150 messages/day). Paid plans from $3.99/month.", "freeOption": true, "editorialTake": "Proton Mail offers zero-access encryption and was long considered the strongest email option for journalists. That reputation needs updating. In September 2025, Proton suspended accounts of two Phrack journalists investigating North Korean cyberattacks (Kimsuky APT) — mid-reporting — after an unspecified cybersecurity agency flagged them. Accounts were reinstated only after weeks of public outcry. In March 2026, court documents confirmed Proton shared payment metadata with the FBI via Swiss MLAT in the Stop Cop City case, enabling identification of an activist through bank card identifiers — no charges have been filed. Proton complied with 89% of approximately 9,000 law enforcement requests in 2025. Switzerland's proposed VÜPF surveillance revision (public consultation ended May 2025) would require providers with 5,000+ users to log IP addresses and retain data for six months, mandate government ID verification for all accounts, and under Article 50a require providers to decrypt data they encrypted — though E2E messages between users are exempt. Proton responded by investing €100M+ in a 'EuroStack' across Germany and Norway, with its AI product Lumo relocating first. On March 31, 2026, Proton launched Workspace and Meet (encrypted video conferencing using the MLS protocol), expanding well beyond email. Proton provides privacy, not anonymity. E2E encryption only works Proton-to-Proton; otherwise it is standard TLS. Use it with eyes open.", "bestFor": "Encrypted email with sources when both parties use Proton. Receiving tips via an address outside US/EU jurisdiction (for now).", "notFor": "High-volume email workflows. Situations requiring true anonymity. Sole communication channel for at-risk sources — pair with Signal.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Switzerland (€100M+ infrastructure move to Germany and Norway underway in response to proposed VÜPF surveillance revision). Swiss court orders required for data requests, but compliance rate is 89%.", "privacyPolicyTldr": "Proton cannot read email content — zero-access encryption. But metadata is another story. Proton logs IP addresses when compelled by Swiss court order. Payment information (bank card identifiers) has been shared with the FBI via MLAT — confirmed in the Stop Cop City case (March 2026 court filings). Proton complied with approximately 89% of ~9,000 legal requests in 2025. Law enforcement requests have grown 423x since 2017. The proposed Swiss VÜPF revision would additionally require government ID verification for all accounts, eliminating anonymous sign-up.", "practicalMitigations": "Access via Tor or VPN to prevent IP logging. Pay with cryptocurrency or cash-bought gift cards to avoid payment metadata exposure — bank card identifiers are the specific data point the FBI used in the Stop Cop City case. Use Proton-to-Proton for true E2E encryption. Enable two-factor authentication. Do not rely solely on Swiss jurisdiction protections — they are weakening, and if the VÜPF revision passes, anonymous account creation will end. For the most sensitive source communication, use Signal instead of email. Consider Proton Meet for encrypted video calls — it uses MLS protocol and requires no account.", "owner": "Proton AG (Switzerland)", "fundingModel": "Freemium SaaS. Revenue: $105M. Originally crowdfunded, now self-sustaining. SOC 2 Type II certified (July 2025).", "businessModel": "Free tier (500MB, 150 messages/day). Paid plans from $3.99/month. Proton Workspace launched March 2026 (from €12.99/user/month) bundling Mail, Calendar, Drive, Docs, Sheets, Meet, VPN, and Pass. Also offers Wallet.", "knownIssues": "September 2025: Two Phrack journalist accounts suspended mid-investigation into North Korean Kimsuky APT — flagged by an unspecified cybersecurity agency. Reinstated after weeks of public pressure. March 2026: Court documents confirmed payment metadata (bank card identifiers) shared with FBI via Swiss-US MLAT in Stop Cop City case — no charges filed against identified account holder. April 2025: Karnataka High Court in India directed government to block Proton Mail over deepfake abuse complaint; block not enforced as of May 2025. July 2025: Swiss VÜPF surveillance revision proposed requiring IP logging, 6-month data retention, government ID verification, and provider-side decryption (Article 50a) for services with 5,000+ users. February 2026: Civil society groups urged Swiss government to rethink. 2021: IP address of French climate activist logged and shared with French authorities via Swiss court order.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "relatedPrograms": [ "proton-journalism" ], "securityRating": "caution", "securityRatingNote": "Zero-access encryption remains strong technically. But the pattern of journalist account suspensions, payment metadata sharing with the FBI, 89% law enforcement compliance rate, and the proposed VÜPF revision (ID verification, mandatory decryption, IP logging) represents systemic erosion of the trust assumptions journalists relied on. Proton is responding — €100M+ EuroStack investment, SOC 2 Type II certification, Workspace launch — but the gap between privacy and anonymity continues to widen." }, { "name": "PubMed", "slug": "pubmed", "url": "https://pubmed.ncbi.nlm.nih.gov", "tagline": "NIH/NLM biomedical literature database. 40M+ citations from MEDLINE and life science journals. Free. The definitive starting point for health and science journalism research.", "category": "newsgathering", "builtForJournalism": false, "whoItsFor": "Health reporters, science journalists, medical writers, and any journalist covering topics that touch biomedical research. Reporters fact-checking health claims, investigating drug safety, or backgrounding experts by their publication record. Researchers and students in biomedical fields.", "pricing": "Free", "freeOption": true, "editorialTake": "PubMed is the single most important database for health and science journalism. Run by the National Library of Medicine (part of NIH), it indexes over 40 million citations from MEDLINE, life science journals, and online books — covering everything from clinical trials to molecular biology to public health. If someone makes a health claim, PubMed is where you go to check what the evidence actually says. The search interface is functional if not beautiful. Basic keyword searches work, but the real power is in MeSH (Medical Subject Headings) — NLM's controlled vocabulary that standardizes how topics are indexed. Searching 'heart attack' also pulls results indexed under 'myocardial infarction' because MeSH maps the terms together. For journalists, this means you find relevant studies even when researchers use different terminology than the public. PubMed is a citation database, not a full-text database. It gives you abstracts, metadata, and links to full text — but the full text often lives behind publisher paywalls. PubMed Central (PMC), a separate but linked repository, provides free full-text access for articles funded by NIH and other open-access research. The 2026 baseline release includes updated MeSH terms and improved FTP data distribution matching the website and API. Recent usability updates (2025) added date stamps to search history downloads, improved reference list rendering, and streamlined sharing. The E-utilities API allows programmatic access for data journalists who need to search at scale. PubMed does not evaluate study quality — it indexes what journals publish. A poorly designed study in a predatory journal sits alongside a landmark randomized controlled trial in The Lancet. Learning to assess study design, sample size, and journal quality is your responsibility. PubMed is the starting line, not the finish line.", "bestFor": "Researching the evidence base for any health or medical claim. Finding published studies on drugs, treatments, diseases, and public health topics. Backgrounding medical experts by their publication history. Identifying systematic reviews and meta-analyses that synthesize evidence across multiple studies. Tracking emerging research on infectious diseases, drug safety, environmental health, and other ongoing stories.", "notFor": "Evaluating study quality (PubMed indexes everything regardless of rigor — you must assess methodology yourself). Getting full text (PubMed provides abstracts and links; full text is often paywalled unless available through PMC). Non-biomedical research (use Google Scholar, JSTOR, or discipline-specific databases for social sciences, humanities, or engineering). Real-time information (studies take months to years from research to publication — PubMed is not a news source).", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (National Library of Medicine, National Institutes of Health, US Department of Health and Human Services). Hosted on US government infrastructure at NIH's National Center for Biotechnology Information (NCBI) in Bethesda, Maryland.", "privacyPolicyTldr": "PubMed is a US government service. No account required for searching. If you create an NCBI account (for saving searches and setting alerts), NIH collects your email and search preferences. NIH's privacy policy follows federal guidelines — no advertising, no data sales, no third-party tracking. Web traffic analytics are collected for service improvement under standard government website practices. Your search queries are not linked to your identity unless you are logged in.", "practicalMitigations": "No account is needed for basic searching — use PubMed without logging in if you want no search history tied to your identity. For sensitive health investigations (e.g., researching specific rare diseases that could identify sources), consider that search queries on a government server could theoretically be subject to FOIA or legal process, though this is extremely unlikely for routine use. Use PubMed Central (PMC) to find free full-text versions before paying for paywalled articles. Set up email alerts for ongoing stories — PubMed will notify you when new studies matching your search are published. Learn basic MeSH terms for your beat; they dramatically improve search precision.", "owner": "National Library of Medicine (NLM), National Institutes of Health (NIH), US Department of Health and Human Services", "fundingModel": "US federal government. Funded through congressional appropriations to NIH/NLM. NLM's annual budget is approximately $480 million (FY2024). PubMed is a core NLM service with no separate funding stream.", "businessModel": "Free public service. No revenue model. PubMed exists as part of NLM's congressional mandate to collect, preserve, and disseminate biomedical information. Sustained by US taxpayer funding.", "knownIssues": "PubMed indexes publications regardless of quality — predatory journals, retracted studies, and low-quality research appear alongside rigorous work. Retracted articles are marked but remain in the database (by design, for the scholarly record). Full text is frequently paywalled; PubMed links to publishers who charge $30-50 per article. Not all biomedical literature is indexed — conference abstracts, preprints, and publications from some international journals may be missing. Search results default to 'Best Match' ranking, which uses an algorithm that may not surface the most recent or most relevant results for journalism purposes (switch to 'Most Recent' for breaking science stories). The E-utilities API has rate limits (3 requests/second without API key, 10 with key).", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "strong", "securityRatingNote": "US government service operated by NIH/NLM with no advertising, no data sales, and no third-party tracking. No account required for searching. Federal security standards apply to infrastructure. The only data you provide is your search query, and the service returns publicly available citation data. There is effectively zero security risk in using PubMed for journalism research. The 'strong' rating reflects the institutional credibility, absence of commercial incentives, and minimal data collection." }, { "name": "QGIS", "slug": "qgis", "url": "https://qgis.org", "tagline": "Open-source geographic information system used by every serious data journalism team.", "category": "data", "openSource": true, "whoItsFor": "Data journalists mapping election results, environmental contamination, demographic shifts, or disaster zones. OSINT researchers doing geospatial analysis. Anyone who needs to work with shapefiles, geodatabases, or census geography.", "pricing": "Free. No paid tiers, no feature gates, no usage limits.", "freeOption": true, "editorialTake": "QGIS is the free ArcGIS — and for most journalism work, it is ArcGIS. Current stable is 3.44 (the final 3.x LTR); QGIS 4.0 ships February 2026 with a Qt6 rewrite. The learning curve is real: expect 10-20 hours before you're productive, longer for geoprocessing or Python scripting. But no other free tool matches its analytical depth. Opened ~22 million times per month as of late 2025. GIJN, IRE, and Berkeley AMI all teach workshops on it. Bellingcat lists it in their investigation toolkit. Runs entirely locally — zero cloud exposure by default. The 2,000+ plugin ecosystem is both a strength and a risk: some plugins are unmaintained or buggy, and any plugin can connect to external services. For journalists handling sensitive location data, QGIS with network disabled is the gold standard.", "bestFor": "Publication-quality maps from geographic data. Election mapping, pollution tracking, demographic analysis, disaster coverage. Analyzing government GIS data (shapefiles, geodatabases, Census TIGER files). Geocoding incident locations and running buffer/proximity analysis for investigative stories. OSINT geolocation work.", "notFor": "Quick web maps for a story due in an hour (use Datawrapper or Flourish). Interactive embeddable maps (use Mapbox GL JS or Leaflet). Simple point-on-a-map graphics (Google Earth Pro is easier). If you've never touched GIS, budget real learning time.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Local only — desktop application. All data stays on your machine unless you add tile layers or plugins that fetch from external servers.", "privacyPolicyTldr": "No data collection. No telemetry. No accounts. No analytics. Processing is 100% local. Third-party plugins may connect to external tile servers (OpenStreetMap, Google, Bing) or geocoding APIs — those connections are visible and optional.", "practicalMitigations": "Runs entirely on your machine. For sensitive geographic data (source locations, conflict zones): disconnect from the network before opening project files, which prevents base map tile fetches. Audit installed plugins — remove any you didn't intentionally install. Avoid third-party geocoding plugins for sensitive addresses; do offline geocoding instead.", "owner": "QGIS Project (open-source, OSGeo foundation member). Registered as QGIS.ORG in Switzerland.", "fundingModel": "141 sustaining members across 34 countries (companies and government agencies), 8,000+ individual donors, OSGeo chapter contributions, and a competitive grant programme (6 grants funded in 2025). No venture capital. No corporate parent.", "businessModel": "None. Pure community project. Commercial ecosystem exists around training and consulting (companies like Lutra, North Road, Gispo), but the software itself has no revenue model.", "knownIssues": "Steep learning curve — plan 10-20 hours minimum before productive use. Performance degrades with very large vector/raster files on modest hardware. Plugin quality is uneven: some of the 2,000+ plugins are unmaintained, crash-prone, or incompatible across versions. 3D visualization still lags behind ArcGIS Pro. Print composer requires manual fiddling for truly polished cartographic output. CVE-2024-55565 (nanoid dependency, low severity) was patched in 3.42.1. A 2025 Swiss NCSC penetration test of QGIS Server found no directly exploitable vulnerabilities — only one low-criticality issue found via source code review.", "reviewedBy": "Deepened evaluation by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Runs entirely locally with no telemetry, no accounts, no cloud dependency. Open-source with 579 contributors and active security response. Backed by the OSGeo foundation and 141 sustaining member organizations. 2025 Swiss NCSC penetration test confirmed strong security posture. The only real risk vector is third-party plugins that phone home — manageable by auditing your plugin list and disconnecting when handling sensitive data." }, { "name": "QuillBot", "slug": "quillbot", "url": "https://quillbot.com", "tagline": "AI paraphrasing and rewriting tool. Free tier with limits. Owned by Learneo (Course Hero, LanguageTool, Scribbr).", "category": "writing", "openSource": false, "whoItsFor": "Journalists who need to rephrase wire copy or press releases in their own voice. Writers working in a second language who want grammar and fluency checks. Anyone who needs to restructure sentences without changing meaning. Students and early-career reporters building writing fluency.", "pricing": "Free plan with limited daily paraphrases and basic features. Premium: $19.95/month, $13.31/month semi-annual ($39.95 billed quarterly), or $8.33/month annual ($99.95/year). Student plan: $6.25/month (requires verification). Teams: from $7.50/user/month for 2-10 seats. 3-day money-back guarantee.", "freeOption": true, "editorialTake": "QuillBot does one thing well: it rewrites text in multiple modes (Standard, Fluency, Formal, Creative, etc.) while preserving meaning. The free tier is genuinely usable for occasional paraphrasing. The concern is what sits behind it. Learneo (formerly Course Hero) acquired QuillBot in 2021 and now runs seven brands — Course Hero, CliffsNotes, LitCharts, LanguageTool, Scribbr, Symbolab, and QuillBot — all targeting the education and writing markets. In November 2025, QuillBot updated its privacy policy to store text inputs from browser extension users by default, with opt-out rather than opt-in consent. That's a meaningful change: everything you type through the extension now gets stored unless you actively disable it. QuillBot says it doesn't sell data and doesn't let third parties train AI on your inputs, but the shift from opt-in to opt-out storage is a trust signal worth noting. For journalists, the tool is useful for rephrasing — not for generating original reporting. Don't paste confidential source material into it.", "bestFor": "Rephrasing press releases or wire copy into your own voice. Grammar and fluency polishing, especially for non-native English writers. Restructuring sentences for clarity. Quick synonym suggestions.", "notFor": "Original reporting or investigative writing — paraphrasing tools don't replace reporting. Anything involving confidential sources or sensitive information (text is processed on QuillBot servers). Plagiarism laundering — academic integrity tools can detect QuillBot output.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States (Learneo, Inc., headquartered in Redwood City, CA). Text inputs processed on QuillBot servers. As of November 2025, browser extension text inputs are stored by default (opt-out available).", "privacyPolicyTldr": "Account required for Premium features. Free tier works without an account but with limited functionality. As of November 2025, QuillBot stores text inputs from extension users by default — previously this was opt-in. QuillBot says it does not sell data and does not allow third-party AI training on user inputs. Sensitive fields (passwords, credit cards) are not accessed. GDPR and CCPA compliant.", "practicalMitigations": "Do not paste confidential source material, unpublished story drafts, or sensitive information into QuillBot — text is processed on their servers and may be stored. If using the browser extension, check your privacy settings and opt out of text storage if available. Use the web interface for one-off paraphrasing rather than the always-on extension. For sensitive writing, use a local tool like LanguageTool's offline mode instead.", "owner": "Learneo, Inc. (formerly Course Hero, Inc.), Redwood City, California. Learneo acquired QuillBot in September 2021. CEO of QuillBot: Rohan Gupta. Learneo also owns Course Hero, CliffsNotes, LitCharts, LanguageTool, Scribbr, and Symbolab.", "fundingModel": "Venture-backed via parent company Learneo. Learneo investors include NewView Capital, Lumina Capital, and GSV Ventures.", "businessModel": "Freemium SaaS. Revenue from Premium subscriptions and Teams plans. Part of Learneo's portfolio of education and writing tools. Cross-selling across Learneo brands.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "caution", "securityRatingNote": "Text is processed on QuillBot servers and, as of November 2025, stored by default for browser extension users (opt-out available). The shift from opt-in to opt-out storage is a meaningful trust signal change. Owned by Learneo, a portfolio company with seven brands in the education/writing space. QuillBot states it does not sell data or allow third-party AI training, but the data collection posture has expanded over time. Not appropriate for confidential source material or sensitive reporting." }, { "name": "Raindrop.io", "slug": "raindrop", "url": "https://raindrop.io", "tagline": "Bookmark and research manager. Save, organize, search, and archive web content across every device.", "category": "newsgathering", "additionalCategories": [], "whoItsFor": "Journalists building research libraries, reporters tracking sources across beats, investigators collecting web evidence, and anyone who needs structured, searchable bookmarks. Strong fit for reporters migrating from Pocket, which Mozilla shut down in July 2025.", "pricing": "Free: unlimited bookmarks, collections, tags, browser extension, mobile apps, basic search. Pro: $3/month (billed annually at $28/year) or $3.54/month billed monthly. Pro adds full-text search, permanent copies (web archive), nested collections, highlights/annotations, duplicate finder, AI suggestions, daily backups, 10GB monthly file uploads.", "freeOption": true, "editorialTake": "Raindrop.io is a one-person product built by Rustem Mussabekov, who quit his day job in 2018 to work on it full-time. Bootstrapped, no outside funding, no investors. The free tier is genuinely useful: unlimited bookmarks, collections, tags, and cross-platform sync. The Pro tier at $28/year is where it becomes a research tool. Full-text search indexes the entire content of every saved page and PDF. Permanent copies cache a cleaned version of each page (ads and trackers stripped), so your sources survive link rot. Highlights let you annotate directly on saved pages. Browser extensions work on Chrome, Firefox, Safari, and Edge. Mobile apps on iOS and Android. There is also a web clipper, API, and integrations with Zapier, IFTTT, and Obsidian. After Pocket shut down in July 2025, Raindrop became the most capable cross-platform bookmark manager still standing. It lacks end-to-end encryption, and the founder has been transparent about why: E2EE would break full-text search and web archiving, the two features that make Pro valuable.", "bestFor": "Building searchable research libraries across beats and investigations. Archiving web pages before they disappear. Replacing Pocket after its July 2025 shutdown. Organizing source material with nested collections and tags. Collaborative research through shared collections.", "notFor": "Citation management or bibliography generation (use Zotero). Storing confidential or classified documents (no E2EE, data stored on AWS). Court-ready evidence chains with cryptographic hashing (use Hunchly). Offline-first workflows (requires sync for most features).", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. All data hosted on AWS. Company registered in Kazakhstan (founder based in Astana), but infrastructure is US-based.", "privacyPolicyTldr": "Raindrop.io collects account data and usage analytics. Bookmarks and their cached content are stored on AWS servers. No end-to-end encryption. The founder has stated publicly that the business model is subscriptions, not data sales. No third-party advertising. Permanent copies (web archive) are only visible to the account holder.", "practicalMitigations": "Do not store confidential source identities or sensitive documents in Raindrop. Use it for public-facing web research, not private communications. Export your data regularly (JSON, CSV, or HTML export available). For sensitive investigations, pair with a local-first tool like Obsidian or Hunchly. Review shared collection permissions before adding collaborators. The browser extension requests broad permissions to clip pages — review what it can access.", "owner": "Rustem Mussabekov (sole founder and developer, based in Astana, Kazakhstan)", "fundingModel": "Bootstrapped. No venture capital, no outside investors. Revenue-funded since 2013.", "businessModel": "Freemium SaaS. Free tier for basic bookmarking. Pro subscriptions ($28-$42/year) fund development and infrastructure. No advertising. No data sales.", "knownIssues": "Single-developer operation — bus factor of one. No end-to-end encryption, and the founder has said it is unlikely to be added because it conflicts with full-text search and web archiving features. Permanent copies strip JavaScript, so dynamic/interactive content may not render fully. Mobile apps are functional but less polished than the web and desktop experiences. No offline mode for the web app. API rate limits may affect heavy automation users.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "TLS in transit, encryption at rest on AWS, and a subscription-funded business model with no advertising or data sales. The founder is transparent about limitations, including the deliberate absence of E2EE. Data is hosted on US-based AWS infrastructure. The single-developer model is a trust consideration in both directions: no corporate pressure to monetize data, but also no team for security audits or incident response. Adequate for organizing public web research. Not appropriate for storing confidential source material or sensitive documents." }, { "name": "RAWGraphs", "slug": "raw-graphs", "url": "https://www.rawgraphs.io", "tagline": "Open-source data visualization for unconventional chart types. All processing happens in your browser.", "category": "data", "openSource": true, "whoItsFor": "Data journalists who need chart types beyond bar and line — alluvial diagrams, bump charts, circle packing, streamgraphs, Voronoi diagrams. Designers building custom visualizations for print or web. Researchers exploring complex datasets without writing code. Used by Bellingcat and recommended by the EU Open Data Portal.", "pricing": "Free. Open source under Apache 2.0 license.", "freeOption": true, "editorialTake": "RAWGraphs is the missing link between a spreadsheet and a vector graphics editor. Paste data, pick from ~30 chart types (alluvial, Sankey, sunburst, hexagonal binning, horizon graph, parallel coordinates, and more), map dimensions, export SVG. The entire pipeline runs client-side in JavaScript — your data never touches a server. No account, no login, no cloud storage. Built by the DensityDesign Research Lab at Politecnico di Milano since 2013, maintained jointly with design studio Calibro and dev firm Inmagik. Current version is 2.0.1 (Jan 2024 release). Development has slowed — the team has signaled plans for a new major version but hasn't shipped updates in over two years. That said, for its purpose — turning data into unusual chart types with zero privacy risk — nothing else matches it. Export your SVG into Illustrator or Inkscape for final polish. Datawrapper and Flourish are better for publication-ready interactive embeds; RAWGraphs is better for chart types those tools don't offer.", "bestFor": "Unconventional chart types that Datawrapper and Flourish don't support. Quick exploratory visualization of complex relationships. Privacy-sensitive data that must stay local. SVG export for post-processing in vector editors. Teaching data visualization concepts.", "notFor": "Interactive embeddable web charts (exports are static SVG/PNG). Real-time dashboards. Large datasets — browser-based processing chokes on big files with no documented row limits. Publication-ready output without post-processing in a vector editor.", "encryptionInTransit": "yes", "encryptionAtRest": "no", "dataJurisdiction": "Local browser only. No data is sent to any server. Zero server-side processing.", "privacyPolicyTldr": "All data processing happens in your browser via client-side JavaScript. No data is uploaded, stored, or transmitted. No account required. The website uses Google Analytics cookies for traffic measurement (not essential — can be blocked without affecting the tool). Self-hosting eliminates even this minimal analytics exposure.", "practicalMitigations": "No special precautions needed — data stays local by design. For maximum assurance, clone the open-source repo and run locally, or use the self-hosted option to avoid even Google Analytics cookies on rawgraphs.io. Important: exported SVG files can embed your raw data values in the DOM structure. Review SVGs before publishing if working with sensitive data. Strip metadata using a text editor or SVG optimizer.", "owner": "DensityDesign Research Lab (Politecnico di Milano)", "fundingModel": "Academic research lab plus corporate stewardship. Originally developed by DensityDesign Lab. Contactlab (Italian martech company) sponsors the project. Calibro (Milan design studio) and Inmagik (Bergamo dev firm) co-maintain. No VC funding. Apache 2.0 license.", "businessModel": "Free and open source. No monetization, no paid tiers. Sustained by academic funding, Contactlab sponsorship, and contributed labor from Calibro and Inmagik.", "knownIssues": "Development has stalled — last release (v2.0.1) shipped Jan 2024 with no updates since. The team has announced plans for a 'brand new version' but no timeline. Browser-based processing means no hard performance limits are documented; large datasets can crash tabs silently. Exported SVGs embed raw data values in the markup — a privacy risk if you publish without reviewing the file. No desktop app exists despite occasional claims; running locally means cloning the repo and serving it via a local web server. Google Analytics is active on rawgraphs.io (can be blocked or avoided by self-hosting).", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Data never leaves your browser. No server-side processing, no accounts, no data collection. Open source under Apache 2.0 and academically maintained. One of the most privacy-respecting data tools available. Only caveat: exported SVGs can contain raw data values, so review before publishing sensitive work." }, { "name": "RCFP Legal Defense Hotline", "slug": "rcfp-legal-hotline", "url": "https://www.rcfp.org/legal-hotline", "tagline": "Free legal assistance for subpoenas, records access, newsgathering rights, and defamation threats.", "category": "legal", "builtForJournalism": true, "whoItsFor": "Working journalists in the US who need quick legal guidance on press freedom issues.", "pricing": "Free", "freeOption": true, "editorialTake": "The RCFP hotline is the first call most US journalists should make when they hit a legal wall — staffed by attorneys who specialize in media law and respond fast.", "bestFor": "Responding to subpoenas, fighting for access to public records, understanding newsgathering rights, and handling defamation threats or cease-and-desist letters.", "notFor": "Non-US legal issues or matters unrelated to journalism. For international cases, see Media Defence or TrialWatch.", "owner": "Reporters Committee for Freedom of the Press", "fundingModel": "Nonprofit donations", "businessModel": "Nonprofit", "reviewedBy": "Preliminary assessment by Fieldwork", "lastReviewedDate": "2026-04-12" }, { "name": "Readwise Reader", "slug": "readwise-reader", "url": "https://readwise.io/read", "tagline": "Read-later app with highlighting, RSS, annotations, and AI summaries. A power user's Pocket replacement built for people who read for a living.", "category": "newsgathering", "additionalCategories": [ "writing" ], "whoItsFor": "Journalists who read dozens of articles, reports, and documents daily and need a system to capture, annotate, and retrieve what they've read. Reporters building source files and background research for stories. Newsletter writers who need to process large volumes of content. Anyone who has outgrown Pocket or Instapaper and wants highlights that actually sync somewhere useful.", "pricing": "Readwise Full: $11.99/month or $95.88/year ($7.99/month). Reader is included with the Readwise Full subscription — there is no Reader-only plan. 30-day free trial. No free tier after trial.", "freeOption": false, "editorialTake": "Readwise Reader is the best read-later app for journalists who treat reading as work infrastructure. It combines Pocket-style save-for-later with full-text RSS, PDF reading, YouTube transcript highlighting, newsletter intake, and EPUB support — all in one interface with search across everything. The highlight and annotation system is the real differentiator. Every highlight you make in Reader syncs to your note-taking tool of choice: Obsidian, Notion, Roam Research, Logseq, or Evernote. Highlights from Kindle, Apple Books, and Instapaper also sync in. This creates a searchable personal archive of every passage you've ever marked — across books, articles, PDFs, and web pages. For beat reporters building institutional knowledge over years, this is transformative. The AI features (branded 'Ghostreader') let you ask questions about documents, generate summaries, define terms, and create flashcards from highlights. The local-first architecture means the app works offline and loads fast. Full-text search works across all saved content. The keyboard-driven interface is fast once learned. The honest downside: there is no free tier. At $11.99/month (or $7.99/month annually), it's a real subscription. Pocket is free. Instapaper's free tier covers basic read-later needs. The price is justified if you're a heavy reader who needs the annotation pipeline — highlights syncing to Obsidian or Notion is the killer feature. It's not justified if you just want to save articles to read on the subway. Founded by Daniel Doyon and Tristan Homsi, Readwise is a small, profitable company. No venture capital hype cycle. The product improves steadily and the team is responsive. The API is public and well-documented, which matters for custom workflows.", "bestFor": "Beat reporters building long-term research archives. Newsletter writers processing dozens of sources per issue. Journalists who annotate heavily and need highlights synced to Obsidian, Notion, or Roam. Consolidating RSS feeds, newsletters, PDFs, and saved articles in one searchable interface. Anyone who reads 2+ hours per day for work.", "notFor": "Casual readers who just want to save a few articles per week — Pocket is free and sufficient. Journalists who don't use a note-taking system — the highlight sync pipeline is the main value. Anyone unwilling to pay $8-12/month for a reading tool. Teams needing shared annotation — Reader is individual-focused.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States. Readwise Inc. is a US company. Content you save is processed and stored on US infrastructure. Highlights, annotations, and reading history are stored in Readwise's systems.", "privacyPolicyTldr": "Readwise stores your saved content, highlights, annotations, and reading history to provide the service. Local-first architecture means the web app caches content on your device for offline access, but data is synced to Readwise's servers. The company does not sell user data. Used by individuals — no enterprise data processing agreements. Privacy policy and terms of service available on their website.", "practicalMitigations": "Do not save highly sensitive source documents or confidential materials in Reader — this is a cloud service that stores your content. Use it for published articles, reports, and public documents. For sensitive research, save to a local tool like Obsidian directly. Be aware that your reading history and highlights create a detailed profile of your interests and research topics. Review connected integrations periodically and revoke unused OAuth tokens.", "owner": "Readwise Inc.", "fundingModel": "Bootstrapped and profitable. No venture capital. Revenue from subscriptions. The company has stated it is profitable and growing on subscription revenue alone. Small team.", "businessModel": "Subscription SaaS. Single plan (Readwise Full) at $11.99/month or $95.88/year includes both the original Readwise highlight manager and Reader. No advertising. No data resale. No free tier — 30-day trial only. Referred users get an extended trial.", "knownIssues": "No free tier — the 30-day trial is the only way to use it without paying. At $11.99/month, it's one of the more expensive read-later apps. No team or shared annotation features — this is a solo tool. Ghostreader AI features work well but require sending your content to AI providers for processing. The local-first web app can be slow to initial-load on large libraries. RSS implementation occasionally misses items from feeds with non-standard formatting. EPUB support is functional but not as polished as dedicated e-reader apps.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "Encrypted in transit. Small, bootstrapped company with no incentive to monetize user data. The privacy posture is reasonable for a reading tool, but this is a US-hosted cloud service that stores your full reading history, highlights, and annotations. For published articles and public documents, this is fine. For sensitive research materials, use a local tool instead." }, { "name": "RECAP / CourtListener", "slug": "recap-free-law", "url": "https://free.law/recap", "tagline": "Free access to tens of millions of federal court documents. Browser extension archives PACER purchases and shares them publicly through CourtListener.", "category": "newsgathering", "additionalCategories": [ "newsgathering", "newsgathering" ], "openSource": true, "builtForJournalism": false, "whoItsFor": "Journalists covering courts, lawyers, researchers, civic technologists, and anyone who needs federal court documents without paying PACER's per-page fees. RECAP auto-archives documents you access on PACER; CourtListener provides the searchable database with 10+ million opinions, the world's largest oral argument audio collection (1M+ minutes), and a database of thousands of federal and state judges.", "pricing": "Free. RECAP is a browser extension. CourtListener is a free search engine and API. PACER itself charges $0.10/page (capped at $3/document), but fees are waived if you accrue $30 or less per quarter. RECAP shares documents so others don't pay again.", "freeOption": true, "editorialTake": "PACER charges $0.10 per page for public records created by a publicly funded judiciary. Free Law Project built RECAP to fix that. Install the extension, and every PACER document you buy gets archived to CourtListener for anyone to find for free. The RECAP Archive now holds tens of millions of documents, hundreds of millions of docket entries, and nearly every federal case. CourtListener's v4 API crossed 100 million requests by mid-2025. The 2025 launch of RECAP Search Alerts — essentially Google Alerts for federal courts — is a genuine breakthrough for beat reporters: get notified the moment a person or organization appears in a new filing. Free Law Project won the 2025 AWS Imagine Grant ($150K) and the 2025 American Legal Technology Award for AI. They are building a Litigant Portal using Amazon Bedrock for AI-assisted court navigation, with pilot launches planned for September 2026. This is essential infrastructure for journalism and civic accountability.", "bestFor": "Searching federal court records without PACER fees. Monitoring cases and people through docket alerts and RECAP Search Alerts. Building a growing public archive of court documents as you research. Accessing case law, oral arguments, judicial financial disclosures, and judge profiles. Bulk data access via API for data journalism projects.", "notFor": "State court records — RECAP covers federal courts only. Documents nobody has accessed through RECAP yet still require a PACER account (RECAP then archives them for others). The RECAP archive is broad but not complete; for guaranteed coverage of a specific filing, go to PACER directly. Alert system cannot handle high-volume queries (e.g., a search returning 200+ results/day will be rejected).", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. Archive also mirrored to the Internet Archive for permanent preservation.", "privacyPolicyTldr": "Free Law Project is a 501(c)(3) nonprofit. The RECAP extension only activates on PACER and CourtListener domains — it does not track browsing elsewhere. Your PACER purchases are anonymously uploaded to the public archive. CourtListener accounts require email only. No data selling, no advertising, no user tracking.", "practicalMitigations": "Documents you access on PACER with RECAP installed will be publicly archived. If you are researching sensitive dockets or building a story you don't want to telegraph, disable the extension temporarily. RECAP cannot access sealed documents — it lacks login credentials for ECF 'magic links' and never touches restricted content. On rare occasions, documents that should have been sealed by the court are inadvertently uploaded; Free Law Project works with courts to remove them quickly. If you use an ECF account instead of a PACER account, log in carefully — RECAP encourages PACER-only logins to avoid any risk of sharing restricted filings.", "owner": "Free Law Project (501(c)(3) nonprofit, founded 2010)", "fundingModel": "Nonprofit. Grants (Knight Foundation, Open Society Foundations, AWS Imagine Grant), individual donations, and revenue from bulk data services to legal tech companies.", "businessModel": "501(c)(3) nonprofit. Free for all individual users. Revenue from bulk data licensing to legal tech companies and law firms. Won the 2025 AWS Imagine Grant ($150K unrestricted + AWS credits) for the Litigant Portal project. Reached 1,000 verified government users on CourtListener by 2025.", "knownIssues": "RECAP archive coverage depends entirely on what other users have purchased — if nobody has bought a specific document, it won't be in the archive. Alert system rejects broad queries that would generate 200+ results per day; narrowing by court or date range helps but doesn't always resolve it. Occasionally, improperly unsealed documents appear in the archive before courts fix their own errors; Free Law Project removes these but the window can expose sensitive information. The extension adds slight latency to PACER page loads while checking the archive. No mobile browser support — extension requires desktop Chrome, Firefox, Edge, or Safari. CourtListener search can lag behind real-time PACER filings by hours or days depending on contribution patterns.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "Open-source, nonprofit-operated, privacy-focused by design. The extension only activates on PACER/CourtListener domains and does not track users. Sealed documents are architecturally excluded — RECAP cannot access ECF magic links. Strong institutional commitment to open access, backed by 15+ years of operation, major foundation funding, and government adoption (1,000+ verified government users). The main risk is operational: your PACER activity feeds a public archive, which could reveal reporting interests to anyone monitoring new additions." }, { "name": "Remotion", "slug": "remotion", "url": "https://www.remotion.dev", "tagline": "Programmatic video creation using React and TypeScript. Write components, feed data, render MP4s.", "category": "visuals", "openSource": true, "whoItsFor": "Newsroom developers, data teams, and technically inclined journalists who need templated or data-driven video at scale. You must know React and TypeScript — there is no visual editor.", "pricing": "Free for individuals, nonprofits, and companies with 3 or fewer employees. Company license required for larger orgs — starts at $100/month minimum spend. Enterprise tier starts at $500/month with custom terms. See remotion.pro for current pricing.", "freeOption": true, "editorialTake": "Remotion turns video into a coding problem. That sounds limiting until you realize most newsroom video is repetitive — breaking news templates, data visualizations, social clips with updated numbers. For those workflows, Remotion eliminates the bottleneck of manual editing entirely. It uses React for composition and FFmpeg under the hood for encoding. The Remotion Player provides browser-based preview with timeline scrubbing and fast refresh. Version 4.x (current: v4.0.443, 41.6k GitHub stars) is mature and actively maintained. The custom license is not OSI-approved open source, but source is fully readable on GitHub. For a newsroom with even one React developer, this is the fastest path to automated video at scale. For a newsroom without developers, skip it entirely.", "bestFor": "Automated, templated video — data-driven news graphics, breaking news clips with variable text, social media video at scale, election results visualizations, earnings report animations. Anything where the structure repeats and the data changes.", "notFor": "Manual creative editing (use DaVinci Resolve or Premiere). Non-technical users with no React knowledge. One-off narrative storytelling. Complex motion graphics better suited to After Effects.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "All local by default — videos render on your machine or your own cloud infrastructure. Remotion Lambda renders on AWS in your own account. No data passes through Remotion's servers during rendering.", "privacyPolicyTldr": "Remotion runs locally. The company does not process user video data server-side. The licensing package (@remotion/licensing) phones home to validate license status, but rendering itself is entirely local. Source-available means you can verify this yourself.", "practicalMitigations": "Audit environment variables — Remotion passes REMOTION_-prefixed vars to the headless browser. Never expose renderMediaOnLambda() or renderMedia() APIs without authentication and rate limiting. If using disableWebSecurity flag, understand the CORS implications. Run npm audit regularly. Review rendered output before publishing.", "owner": "Remotion (founded by Jonny Burger, Zurich, Switzerland)", "fundingModel": "Seed-funded (180K CHF). Revenue from company and enterprise licenses. Jonny Burger is also an Expert for Innosuisse (Swiss Innovation Agency) as of January 2026.", "businessModel": "Dual-license model. Source-available custom license (not OSI open source). Free for individuals, nonprofits, and orgs with 3 or fewer employees. Company license required above that threshold — minimum $100/month. Enterprise license from $500/month with custom terms and dedicated support. Cloud rendering via Remotion Lambda on your own AWS account.", "knownIssues": "Audio syncing can be clunky, especially in longer compositions. Thinking in frames instead of seconds has a learning curve. Large projects get messy without disciplined code organization. Limited built-in animations — creative quality depends entirely on your React skills. Media Parser was deprecated in February 2026 in favor of Mediabunny. No ISO 27001 or SOC 2 certification (though the company doesn't process user data). Custom license is not OSI-approved, which may matter for some institutional procurement policies.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Source-available, local rendering, no data collection during video creation. 41.6k GitHub stars and 604 releases signal active maintenance. The team monitors GitHub's vulnerability scanner and patches moderate-severity issues and above. No SOC 2 or ISO 27001, but the local-first architecture means Remotion never touches your footage or data. The custom license is auditable — you can read every line of code." }, { "name": "Remove.bg", "slug": "remove-bg", "url": "https://www.remove.bg", "tagline": "AI-powered background removal — upload a photo, get a transparent PNG in seconds.", "category": "visuals", "whoItsFor": "Journalists and editors who need quick background removal for headshots, product photos, or social graphics. Useful for newsroom designers creating clean cutouts without Photoshop skills.", "pricing": "Free for preview resolution (up to 0.25 megapixels). Paid plans start at $9/month for 40 credits. One credit = one full-resolution image. API access available.", "freeOption": true, "editorialTake": "Remove.bg does one thing well: strip backgrounds from photos using AI. Results are consistently good on people and distinct objects, weaker on complex edges like hair or translucent materials. The free tier is genuinely useful for web-resolution images — 0.25 megapixels is enough for social media thumbnails and web graphics. Full-resolution output requires credits. The catch: every image you process gets uploaded to Canva's servers. For newsroom headshots or generic product shots, that's fine. For photos involving sensitive sources, locations, or unpublished investigative material — don't upload them to a third-party cloud service. The optional 'Improvement Program' lets Canva use your images to train AI models; it's opt-in but worth knowing about. Google Analytics, Meta Pixel, and LinkedIn tracking are present on the website.", "bestFor": "Quick background removal for social graphics. Clean headshot cutouts. Creating transparent PNGs for presentations or web content. Batch processing via API for design teams.", "notFor": "Sensitive or unpublished photos — all images are uploaded to Canva's cloud. Complex compositing or advanced masking (use Photoshop or GIMP). Offline workflows. Situations where you need full control over where your image data goes.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "Canva Austria GmbH (Vienna). Images are processed on Canva's cloud infrastructure. Canva operates globally with data centers in multiple regions.", "privacyPolicyTldr": "Governed by Canva's privacy policy. Images are uploaded for processing. Optional 'Improvement Program' allows Canva to use uploaded images for AI training — opt-in. Website includes Google Analytics, Meta Pixel, and LinkedIn tracking. Canva states it won't use your content to improve AI features unless consistent with your privacy settings.", "practicalMitigations": "Never upload photos of sensitive sources, unpublished investigative material, or location-identifying images. Opt out of the Improvement Program if you don't want images used for AI training. Use a privacy-focused browser or ad blocker to limit tracker exposure on the website. For sensitive work, use a local alternative like GIMP's foreground select tool or Photoshop.", "owner": "Canva Austria GmbH (formerly Kaleido AI, acquired by Canva in February 2021)", "fundingModel": "Canva-backed. Originally venture-funded as Kaleido AI (founded 2013, Vienna). Acquired by Canva in 2021 for an undisclosed sum reportedly near nine figures.", "businessModel": "Freemium SaaS. Free preview-resolution processing drives conversion to credit-based paid plans. API access for developers and enterprise. Revenue flows to Canva.", "knownIssues": "All images are uploaded to Canva's cloud for processing — no local option. Website has extensive third-party tracking (Google Analytics, Meta Pixel, LinkedIn). The optional Improvement Program could use your images for AI training if enabled. Free tier limited to one image per 24 hours at preview resolution. Canva's privacy policy is broad and covers many products — remove.bg-specific data handling isn't broken out separately.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "reviewDepth": "editorial", "lastReviewedDate": "2026-04-11", "securityRating": "caution", "securityRatingNote": "Images are uploaded to Canva's cloud with no local processing option. Third-party tracking on the website. Broad Canva privacy policy. The tool works well for non-sensitive images, but journalists should never upload photos involving sources, unpublished material, or sensitive locations. Adequate for routine newsroom graphics work with appropriate caution." }, { "name": "Research Rabbit", "slug": "research-rabbit", "url": "https://www.researchrabbit.ai", "tagline": "Visual academic research discovery — 'Spotify for papers.' Start with one paper, discover hundreds through citation mapping, author networks, and AI recommendations. Free, with Zotero integration.", "category": "newsgathering", "openSource": false, "whoItsFor": "Journalists who need to quickly map the research landscape around a topic for reporting. Science and health reporters building source lists by identifying key researchers in a field. Investigative journalists tracing how ideas, funding, or influence flow through academic citation networks. Any reporter who has found one relevant paper and needs to find everything related to it — without spending hours in database searches.", "pricing": "Free", "freeOption": true, "editorialTake": "Research Rabbit solves the hardest part of academic research for journalists: you found one good paper, now what? Traditional academic databases force you to craft keyword searches and manually follow citations. Research Rabbit inverts this: drop in a paper (or a set of papers), and it maps the citation network visually — showing you what that paper cited, what cited it, related work by the same authors, and algorithmically similar papers you might have missed. The visual interface is genuinely useful: you can see clusters of related research, identify the foundational papers in a field, and spot the most-cited researchers — all potential expert sources for your story. The 'Spotify for papers' analogy is apt: like a recommendation engine, it gets better as you feed it more seeds. Build a collection of 5-10 papers on a topic and the recommendations become remarkably targeted. Zotero integration means you can sync discoveries directly into your reference manager without manual export. Over 270 million papers indexed. Used by researchers at Harvard, MIT, Stanford, Oxford, and Cambridge — which suggests the recommendation algorithms are producing results academics trust. For journalists specifically, the value is efficiency. A health reporter investigating a new treatment can map the entire evidence base in an afternoon. A tech journalist can trace whether a company's cited research actually supports their claims by following the citation graph. An investigative reporter can identify co-authorship networks that reveal undisclosed conflicts of interest. The limitation: Research Rabbit helps you find papers, not read them. Paywalled papers still require institutional access or other means. And like any recommendation system, it can create filter bubbles — if you seed it with papers from one perspective, it will recommend more of the same. Cross-reference with Semantic Scholar or Google Scholar to ensure you are not missing contrarian or critical work.", "bestFor": "Mapping the full research landscape around a topic starting from a single paper. Identifying key researchers and potential expert sources in any scientific field. Visual exploration of citation networks for investigative stories about research influence. Building comprehensive literature collections quickly for deadline reporting. Discovering papers you would never find through keyword search alone.", "notFor": "Accessing full text of paywalled papers (discovery only, not access). Real-time research monitoring (it is not an alerting tool). Non-academic literature — government reports, news articles, legal documents are not indexed. Quick factual lookups where you already know what you need. Comprehensive systematic reviews that require explicit search methodology documentation (the algorithm is a black box).", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (Research Rabbit is a US-based company). Account data, saved collections, and usage patterns stored on their infrastructure. Subject to US law enforcement requests. An account is required to use the service.", "privacyPolicyTldr": "Account required (email signup). Research Rabbit collects your saved papers, collections, and usage data to power recommendations. The company does not run advertising on the platform. Your research collections and reading patterns reveal your interests — this is inherent to a recommendation engine. The specific data retention and sharing policies are not prominently detailed on their website. No advertising trackers visible on the platform.", "practicalMitigations": "Your saved collections and browsing patterns reveal exactly what you are researching. For sensitive investigative work, consider using a separate account not tied to your newsroom email. Do not save collections related to active investigations on an account linked to your real identity if source protection is a concern. Cross-reference Research Rabbit findings with Semantic Scholar and Google Scholar — no single discovery tool catches everything, and recommendation algorithms can create blind spots. Verify that recommended papers are actually relevant by reading abstracts rather than trusting algorithmic similarity scores alone. Export important findings to Zotero or another local reference manager so your research survives if the service changes or disappears.", "owner": "Research Rabbit (private company, US-based — founding team and ownership structure not prominently disclosed)", "fundingModel": "Not publicly disclosed. Research Rabbit offers its product for free to all users, suggesting either venture funding, institutional partnerships, or a planned future monetization strategy (premium features, enterprise licensing). The lack of transparency about funding is worth noting — free academic tools sometimes monetize through data licensing or institutional sales.", "businessModel": "Free to individual users. The long-term business model is not clearly stated. Possible future paths include premium features for power users, enterprise/institutional licensing, or data analytics products built on aggregated usage patterns. The current free tier with no visible revenue source suggests the company is in a growth phase funded by outside capital. This is not inherently problematic but means the tool's future availability and terms could change.", "knownIssues": "Opaque ownership and funding — the company does not prominently disclose its investors, revenue model, or long-term sustainability plan. This matters because journalists may build workflows dependent on the tool. Recommendation algorithms are a black box — you cannot inspect why certain papers are suggested or what is being excluded. The tool can create filter bubbles if seeded narrowly. Account required (no anonymous usage). Coverage may lag behind the very latest publications. Visual interface, while powerful, can become cluttered with large collections. Limited export options beyond Zotero integration. No API for programmatic access (unlike Semantic Scholar). The service's long-term viability depends on an undisclosed business model — free tools without clear revenue paths sometimes shut down abruptly or pivot to models that compromise user interests.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "Standard security for a free research discovery tool. HTTPS throughout, no visible advertising trackers. The 'adequate' rating reflects two concerns: first, the company's ownership and funding model are opaque — journalists should know who is behind their tools. Second, an account is required and your research collections inherently reveal your investigative interests. There is no anonymous usage path. For routine academic research this is fine. For sensitive investigative work where your research topics themselves are sensitive, the mandatory account and unclear data practices warrant caution. Use a pseudonymous account for sensitive research and do not rely solely on Research Rabbit for critical work." }, { "name": "Riverside", "slug": "riverside", "url": "https://riverside.fm", "tagline": "Remote recording studio. Records locally on each participant's device — up to 4K video and 48kHz WAV audio, regardless of internet quality.", "category": "visuals", "whoItsFor": "Journalists recording remote interviews, podcast producers, video creators, and newsrooms that need broadcast-quality audio and video from remote guests. Riverside records locally on each participant's device and uploads progressive tracks after the session — so a guest on hotel Wi-Fi still delivers 4K video and uncompressed audio.", "pricing": "Free: 2 hours of multi-track recording, 720p video, 44.1kHz audio, Riverside watermark. Pro: $29/month ($24/month annual) — 15 hours/month, 4K video, 48kHz audio, no watermark, AI tools (Magic Audio, transcription, silence removal). Live: $39/month ($34/month annual) — 15 hours/month, 1080p, multistreaming to YouTube/LinkedIn/Twitch. Webinar: $99/month ($79/month annual) — unlimited hours, 1080p, up to 1,000 registrants. Business: custom pricing — 4K, API access, up to 10,000 webinar registrants.", "freeOption": false, "editorialTake": "Riverside solves the biggest problem in remote journalism: interview quality. Most video call platforms (Zoom, Google Meet, Teams) compress audio and video through a central server. If your guest's connection dips, the recording degrades. Riverside records locally on each participant's machine — uncompressed 48kHz WAV audio and up to 4K video at a constant frame rate — then progressively uploads separate tracks after the session. If the internet drops mid-interview, the local recording continues. Each participant gets an isolated track, perfectly synced. Founded in 2019 by brothers Nadav Keyson (CEO) and Gideon Keyson (CTO) in Palo Alto. Raised $35M Series B led by Zeev Ventures, with investors including Alexis Ohanian (Reddit co-founder) and Lachy Groom (early Stripe). Backed by creators including Guy Raz (NPR), Gary Vaynerchuk, and Marques Brownlee. SOC 2 certified. The built-in transcription and text-based editing are genuinely useful — edit the transcript and the audio/video cuts follow. The free tier exists but is limited: 2 hours total, 720p, watermarked. Most journalists will need the $29/month Pro plan. The domain moved from riverside.fm to riverside.com in 2024, reflecting the company's push beyond podcasting into webinars and live events.", "bestFor": "Recording remote interviews with broadcast-quality audio and video. Podcast production with separate tracks per guest. Text-based editing (edit the transcript, video follows). Producing clips for social media from long-form recordings. Live streaming to multiple platforms simultaneously (Live tier).", "notFor": "Journalists who need end-to-end encrypted recording for source protection — Riverside records locally but uploads to cloud servers, and recordings are accessible to Riverside's infrastructure. For confidential source interviews, use Signal voice calls or Jitsi Meet (self-hosted). Also not ideal for one-off quick calls where a phone recording would suffice. The $29/month minimum for usable quality is a cost journalists should weigh against free alternatives like OBS Studio (local-only) or Audacity + Zoom.", "encryptionInTransit": "yes", "encryptionAtRest": "partial", "dataJurisdiction": "United States (Palo Alto, CA). Some data processors may be located outside the EEA. EU transfers governed by adequacy decisions or standard contractual clauses.", "privacyPolicyTldr": "Riverside collects account data (name, email, IP), usage analytics, and recording content. Recordings upload to cloud storage after local capture. Payment processing handled by third-party processors — Riverside does not store payment details. Data shared with internal teams, analytics providers (Google Analytics), and HubSpot. GDPR rights for EU residents. Recordings may contain personal information disclosed during sessions. Riverside can share data in merger/acquisition scenarios or with law enforcement when legally required.", "practicalMitigations": "Recordings upload to Riverside's cloud after each session. (1) Download and delete recordings from Riverside's servers promptly if you handle sensitive material. (2) Inform interview subjects that recording occurs locally on their device and uploads to Riverside's cloud — get consent. (3) For confidential sources, do not use Riverside — use Signal, Jitsi Meet (self-hosted), or record locally with OBS. (4) Disable YouTube API integration if you don't need it — it grants Google access to session metadata. (5) Use a dedicated email for your Riverside account to limit cross-platform tracking.", "owner": "Riverside.fm, Inc. (Palo Alto, CA). Founded 2019 by Nadav Keyson (CEO) and Gideon Keyson (CTO).", "fundingModel": "Venture-backed. $35M Series B led by Zeev Ventures. Investors include Alexis Ohanian (Seven Seven Six), Lachy Groom, and creator advisors (Guy Raz, Gary Vaynerchuk, Marques Brownlee).", "businessModel": "SaaS subscriptions. Free tier as acquisition funnel; revenue from Pro ($29/month), Live ($39/month), Webinar ($99/month), and Business (custom) plans. Expanding from podcast recording into webinars, live streaming, and enterprise content production.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "SOC 2 certified. Local-first recording architecture means audio/video quality is not compromised by network conditions. Recordings upload to cloud servers post-session — not end-to-end encrypted between participants. VC-backed with standard data sharing (analytics, marketing tools). Suitable for standard journalism workflows. Not suitable for confidential source interviews where recordings must never touch third-party infrastructure." }, { "name": "Runway", "slug": "runway", "url": "https://runwayml.com", "tagline": "The professional AI video platform. Gen-4.5 leads the Video Arena leaderboard. Used in film and editorial. Training data lawsuits remain unresolved.", "category": "visuals", "additionalCategories": [ "ai" ], "openSource": false, "builtForJournalism": false, "whoItsFor": "Visual journalists, documentary teams, and video editors experimenting with generative video for explainers, archival recreation, and motion graphics. Editorial designers who need image-to-video, inpainting, and AI rotoscoping inside a single tool. Newsrooms with serious video operations who want the most capable AI video model on the market and can navigate the ethical questions in-house.", "pricing": "Free tier: 125 one-time credits, basic features, watermarked output. Standard: $12/month (625 credits/month, 720p, no watermark). Pro: $28/month (2,250 credits/month, 4K upscale, custom voices). Unlimited: $76/month billed annually (unlimited generations in Explore Mode, plus 2,250 credits/month for fast generations). Enterprise: custom. A 10-second Gen-3 Alpha clip costs about 100 credits; a 20-second clip doubles that. API pricing is separate and metered per generation.", "freeOption": true, "editorialTake": "Runway is the most capable AI video tool you can buy and the most legally exposed. Founded in 2018 by Cristobal Valenzuela, Anastasis Germanidis, and Alejandro Matamala-Ortiz, Runway has raised roughly $860M from General Atlantic, Nvidia, Google, SoftBank, Fidelity, and others. The April 2025 Series D valued the company at $3B; a February 2026 round pushed valuation to $5.3B. Gen-3 Alpha launched in 2024, Gen-4 in March 2025, and Gen-4.5 in December 2025 with native audio, one-minute clips, multi-shot consistency, and the No. 1 spot on the Video Arena leaderboard above Google Veo and OpenAI Sora. In December 2025 Adobe and Runway announced a multi-year partnership to bring Runway models exclusively into Adobe video apps. The capability is real. The legal exposure is also real. In July 2024, 404 Media reported on a leaked internal spreadsheet showing Runway had scraped thousands of YouTube channels — including The New Yorker, VICE News, Pixar, Disney, Netflix, and Sony — to train the Gen-3 model under an internal codename 'Jupiter.' A class-action copyright suit was filed in California federal court in February 2026. The cases are unresolved. For newsrooms, this creates a hard question: the tool that does the work best is the tool whose training data may have included your competitors' content without permission. Use it knowing what it is.", "bestFor": "Image-to-video for archival photo animation in documentary work. Style transfer and motion graphics for explainer pieces. Inpainting and AI rotoscoping inside the broader Runway editor. Concept work and storyboarding where final output will be re-shot or hand-animated. Editorial teams that have an explicit AI-disclosure policy and are willing to publish about their workflow.", "notFor": "News footage. Documentary recreations presented as factual. Anything depicting real people, real events, or real locations without explicit AI labeling. Newsrooms that have committed to C2PA provenance standards — Runway's provenance story is far weaker than Adobe Firefly's. Any workflow where unresolved copyright litigation is a deal-breaker for legal review.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (Runway AI, Inc., headquartered in New York). Compute provided by CoreWeave under a multi-year agreement announced in 2024. Data processed across US infrastructure.", "privacyPolicyTldr": "Account required (email or Google login). Uploaded media and generated outputs are stored on Runway servers. Runway's terms grant the company broad rights to use customer content for service operation. Free-tier content may be used for product improvement; paid plans offer stronger opt-out controls. Commercial rights to outputs are granted to paid plan users, but Runway does not provide IP indemnification against third-party copyright claims — meaning if a Gen-3 output resembles training data, you carry that risk.", "practicalMitigations": "Don't upload source material you don't have rights to. Don't upload sensitive or unpublished editorial content — it sits on Runway's servers and falls under broad terms of use. Use a paid plan if you need commercial rights to outputs. Label all Runway-generated content as AI in your captions and on-screen text. Keep generations away from depictions of real people in news contexts. If your newsroom has C2PA commitments, this tool probably does not fit. Watch the copyright litigation — outcomes could change the risk picture quickly.", "owner": "Runway AI, Inc. Private company headquartered in New York. Co-founders Cristobal Valenzuela (CEO), Anastasis Germanidis, Alejandro Matamala-Ortiz.", "fundingModel": "Venture-backed. Total funding roughly $860M as of February 2026. Investors: General Atlantic (lead, Series D and E), Nvidia, Google, SoftBank, Fidelity Management & Research, Baillie Gifford, Amplify Partners. Series D (April 2025): $308M at $3B valuation. Series E (February 2026): $315M at $5.3B valuation. CoreWeave provides compute under a multi-year deal.", "businessModel": "Subscription SaaS plus API. Consumer plans from $12 to $76/month. Enterprise contracts for studios, ad agencies, and platform partners. December 2025 Adobe partnership brings Runway models into Adobe applications under exclusive terms. API access metered per generation.", "knownIssues": "July 2024: 404 Media published a leaked internal spreadsheet showing Runway had categorized and scraped thousands of YouTube channels — including The New Yorker, VICE News, Pixar, Disney, Netflix, and Sony — to train Gen-3 under the internal codename 'Jupiter.' Runway has not substantively denied the report. February 2026: a class-action copyright suit was filed in California federal court by YouTuber David Gardner, alleging Runway circumvented YouTube's protections to download videos for training. Litigation is ongoing. Outputs can include visible artifacts that resemble specific source content, raising downstream IP risk for users. Runway does not offer IP indemnification on consumer plans. Provenance metadata support is weaker than Adobe Firefly's C2PA implementation.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-07", "relatedPrograms": [], "securityRating": "caution", "securityRatingNote": "The technical security posture is standard for a venture-backed AI startup at this scale — encryption in transit and at rest, US infrastructure, account-based access. The 'caution' rating reflects unresolved copyright litigation, the leaked internal training data spreadsheet, the absence of IP indemnification on consumer plans, and the broad terms of use Runway claims over uploaded content. None of these are security failures in the traditional sense. They are governance and provenance failures that matter for newsroom adoption." }, { "name": "SciLine", "slug": "sciline", "url": "https://www.sciline.org", "tagline": "Free expert-matching service from AAAS. Connects journalists with scientists on deadline for science and health reporting.", "category": "newsgathering", "builtForJournalism": true, "whoItsFor": "Journalists covering science, health, environment, technology, or policy stories who need credentialed scientist sources. Reporters on deadline who need a vetted expert fast. Broadcast producers who need on-camera scientist interviews. Beat reporters building a source network in scientific disciplines.", "pricing": "Free. All services — expert matching, media briefings, crash courses, reporting resources — are fully funded by philanthropies. No fees for journalists or scientists.", "freeOption": true, "editorialTake": "SciLine is one of the most underused resources in journalism. Run by AAAS (the American Association for the Advancement of Science, publisher of Science magazine) and based at their Washington, DC headquarters, it provides free expert matching, media briefings, on-camera interviews, and reporting guides — all funded by philanthropy with no fees for journalists or scientists. Submit a request through their 'I Need an Expert' portal and they'll connect you with a vetted scientist, often within hours. Their media briefings feature panels of researchers on timely topics. The 'Experts on Camera' program provides broadcast-quality one-on-one interviews. SciLine also publishes fact sheets and reporting resources on complex science topics. The editorial independence claim is credible — they're housed at AAAS but explicitly state editorial separation from both their funders and host institution. The limitation: this is science and health only. You won't find political scientists, economists, or legal scholars here. And SciLine reserves the right to deny service to outlets that don't meet 'widely accepted journalistic practices' — a reasonable filter but worth noting. For science journalism, SciLine is the gold standard free sourcing service. Pair with Expertise Finder for broader academic sourcing.", "bestFor": "Finding scientist sources for deadline stories on health, climate, technology, and policy. Getting broadcast-quality expert interviews. Accessing media briefings on emerging science topics. Building a science source network beyond your existing contacts.", "notFor": "Non-science sourcing — SciLine covers STEM and health only. Finding sources outside academia (industry, government, advocacy). Investigative reporting where you need independent verification of a scientist's claims or conflicts. Breaking news where you need an expert in minutes, not hours.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States. SciLine is based at AAAS headquarters, 1200 New York Ave NW, Washington, DC 20005. Data governed by US law and AAAS privacy policies.", "privacyPolicyTldr": "SciLine operates under AAAS privacy policies. Journalist requests include contact information shared with matched scientists for the purpose of facilitating interviews. Scientist profiles are voluntarily provided. Standard web analytics on site visits. No advertising or data monetization — funded entirely by philanthropy.", "practicalMitigations": "Your contact information is shared with scientists you're matched with — use a professional email, not a personal one. Independently verify any expert's credentials, funding sources, and potential conflicts of interest before publishing quotes. SciLine vets for scientific expertise, not for conflicts of interest with industry funders. For sensitive health stories, check whether a matched expert has pharmaceutical or industry consulting relationships via disclosure databases (Open Payments, Dollars for Docs).", "owner": "American Association for the Advancement of Science (AAAS), Washington, DC. AAAS is the world's largest multidisciplinary scientific society, publisher of Science, Science Translational Medicine, and other journals. SciLine operates as an editorially independent program within AAAS.", "fundingModel": "Nonprofit, philanthropically funded. Specific donors not publicly disclosed. No government funding mentioned. No fees charged to journalists or scientists.", "businessModel": "Free public service. Entirely funded by philanthropic grants to AAAS. No advertising, no data monetization, no subscription fees. Scientists participate voluntarily for media exposure and public engagement.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "Nonprofit service with no commercial data incentives. Minimal data collection — journalist requests and scientist profiles for matching purposes only. US jurisdiction under AAAS governance. No advertising or tracking beyond standard analytics. The main consideration is that your story topic and source needs are shared with AAAS staff and matched scientists, which is inherent to the service. Low-risk for standard science reporting. Adequate security posture for a free public interest service." }, { "name": "Scribe", "slug": "scribe", "url": "https://scribehow.com", "tagline": "Auto-generates step-by-step how-to guides from screen recordings. 5M+ users. $1.3B valuation.", "category": "writing", "openSource": false, "whoItsFor": "Newsroom managers documenting workflows and SOPs for reporters. Journalism educators creating tool tutorials. Data journalists documenting repeatable analysis processes. Anyone who needs to turn a screen workflow into a shareable guide without writing it manually.", "pricing": "Free (Basic): unlimited guides, screenshots, and text. Pro Personal: $29/month — video guides, AI features, custom branding, analytics. Pro Team: $12/user/month annual ($15/month monthly), 5-seat minimum ($59/month minimum) — shared workspace, permissions, integrations. Enterprise: custom pricing — SSO, SCIM, advanced security, custom workflows. Note: Enterprise quotes reported as high as $18,000/year for small teams.", "freeOption": true, "editorialTake": "Scribe watches you do something on screen and automatically generates a step-by-step guide with annotated screenshots and descriptions. Click through a CMS workflow, a data analysis process, or a source verification method, and Scribe produces a visual how-to you can share, embed, or export as PDF. For newsrooms, this is useful for onboarding new reporters on tools and workflows, documenting editorial processes, and creating training materials without the tedium of manual screenshot capture. Founded by Jennifer Smith (CEO) and Aaron Podolny (CTO), Scribe hit a $1.3B valuation in November 2025 after a $75M Series C led by StepStone. The free tier is genuinely useful — unlimited guides with screenshots and text. The paid tiers add video recording, AI-powered editing, custom branding, and team collaboration. The main consideration: Scribe captures your screen activity to generate guides, which means it sees everything on screen during recording. Don't record workflows that expose confidential source names, sensitive documents, or credentials.", "bestFor": "Documenting CMS and editorial workflows. Creating tool tutorials for newsroom onboarding. Recording repeatable data analysis processes. Building training libraries for journalism students. Standardizing reporting procedures across a team.", "notFor": "Recording workflows that expose confidential source identities or sensitive documents. Creative writing or story drafting (Scribe documents processes, not prose). Simple tasks that don't need visual documentation. Environments where screen recording raises security or compliance concerns.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (Scribe, formerly ScribeHow, Inc.). Guides and screen captures stored on Scribe's cloud infrastructure. Enterprise tier supports Azure SSO and advanced data controls.", "privacyPolicyTldr": "Account required. Screen recordings and generated guides are stored on Scribe servers. Free tier guides can be set to private or shared via link. Pro and Enterprise tiers add permissions, workspace controls, and SSO. Review privacy settings before recording workflows that may capture sensitive on-screen information.", "practicalMitigations": "Close all sensitive tabs, documents, and applications before starting a Scribe recording — the tool captures everything visible on screen. Do not record workflows that display confidential source names, passwords, API keys, or internal documents. Review generated guides before sharing to verify no sensitive information was captured in screenshots. Use workspace permissions on Team and Enterprise plans to control access. Export guides as PDFs for offline storage.", "owner": "Scribe (formerly ScribeHow, Inc.), United States. Co-founders: Jennifer Smith (CEO) and Aaron Podolny (CTO).", "fundingModel": "Venture-backed. Total raised: $100M+. Seed and Series A from Amplify Partners, Tiger Global, XYZ Ventures. Series B: $25M (February 2024) led by Redpoint Ventures. Series C: $75M at $1.3B valuation (November 2025) led by StepStone, with Amplify Partners, Redpoint, Tiger Global, Morado Ventures, and New York Life Ventures.", "businessModel": "Freemium SaaS. 5M+ users, 600K+ organizations. Revenue from Pro Personal, Pro Team, and Enterprise subscriptions. Forbes Next Billion-Dollar Startup and LinkedIn Top Startup recognition. The company noted it had not needed to draw down its $25M Series B capital before raising Series C.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "Encryption in transit and at rest. Enterprise tier supports SSO (including Azure) and advanced data controls. The inherent risk is that Scribe captures everything visible on screen during recording — any sensitive information displayed will be included in the generated guide. No published SOC 2 or ISO 27001 certifications found in public materials. Adequate for documenting non-sensitive workflows. Review recordings carefully before sharing." }, { "name": "Scribus", "slug": "scribus", "url": "https://www.scribus.net", "tagline": "Free open-source desktop publishing for newsletters, reports, and print layouts.", "category": "visuals", "openSource": true, "whoItsFor": "Journalists and newsrooms producing newsletters, reports, print publications, or PDF documents who need a free alternative to Adobe InDesign. Also used by independent publishers, NGOs, and activist organizations on tight budgets.", "pricing": "Free", "freeOption": true, "editorialTake": "Scribus handles professional print layouts — CMYK color management, PDF/X-1a output, ICC profiles, master pages, bleeds. It is not InDesign. The interface feels dated, text flow has quirks, and the learning curve is real. But it costs nothing, runs entirely offline, and has no subscription. Version 1.6.5 (December 2025) is the current stable release. The 1.8 branch will port to Qt 6 for a modern UI, but there is no release date. Janayugom, a daily newspaper in Kerala, India, migrated all desktop publishing to Scribus and GIMP in 2019, saving over 10 million rupees. If InDesign's $23/month is not justified for your output volume, Scribus does the job — just budget time for the learning curve.", "bestFor": "Newsletters, annual reports, print layouts, PDF production, catalogs. Any desktop publishing task where InDesign's subscription cost is not justified.", "notFor": "Quick one-off documents (use Google Docs or LibreOffice Writer). Digital-first web layouts. Teams that need real-time collaboration on layout files. Workflows that require round-tripping files with InDesign users — Scribus can import IDML but cannot export back to any InDesign format.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Local only. Scribus is a desktop application — all files stay on your device. No cloud component, no accounts, no telemetry. Prior to 1.6.5, SVG images could trigger outbound network requests for remote resources — that was removed as a security fix.", "privacyPolicyTldr": "Scribus is a desktop application with no cloud component. No data is sent to any server. No accounts, no telemetry, no tracking. Your files exist only on your machine. The website (scribus.net) has its own privacy policy, but the software itself makes zero network calls.", "practicalMitigations": "Enable full-disk encryption on your device to protect layout files. Back up project files regularly since there is no cloud sync. Keep Scribus updated — version 1.6.5 removed remote SVG image loading that could be exploited via malicious documents. Do not open untrusted .sla files from unknown sources, as complex document formats can contain unexpected payloads.", "owner": "Scribus Community (open-source project, hosted on GitLab)", "fundingModel": "Community-driven open-source. Volunteer contributors. Donations. No corporate sponsor.", "businessModel": "None. Free and open-source under GPL v2+ license. No premium tier, no paid features.", "knownIssues": "Text flow has known bugs — words can split illogically at frame boundaries, and orphan/widow controls do not always behave as expected. Scrolling performance can be poor on large documents. macOS builds run via Rosetta on Apple Silicon (no native ARM build in the stable branch). Cannot open native InDesign .indd files — only IDML import, and that import is one-directional (no export back). Wayland support on Linux is buggy; some users report the app is unusable under Wayland. Font loading on macOS can fail to pick up all installed styles. The development pace is slow — the project has a small core contributor base and releases are months apart.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Local-only desktop application with no cloud dependency, no accounts, and no telemetry. Open-source under GPL v2+. The only meaningful attack vector is opening malicious document files — the 1.6.5 SVG fix addressed the most notable instance. No network surface. Strong rating for a desktop tool." }, { "name": "Scrivener", "slug": "scrivener", "url": "https://www.literatureandlatte.com/scrivener", "tagline": "Long-form writing tool with binder, corkboard, and outliner. One-time purchase. Built by a writer who couldn't find anything better.", "category": "writing", "openSource": false, "whoItsFor": "Investigative journalists working on long-form projects, book authors, reporters managing complex multi-source stories, and anyone who needs to organize research alongside drafts. Writers who think in fragments and need to rearrange sections easily.", "pricing": "One-time purchase: $59.99 Mac or Windows, $23.99 iOS. Educational license: $50.99. Mac + Windows bundle: $95.98. Household license — install on all machines you own plus family members in same household. 30-day free trial counts only days you actually open the app. Upgrades between major versions (e.g., Scrivener 3 to 4) are paid, with discounts for existing users.", "freeOption": false, "editorialTake": "Scrivener is the tool investigative journalists and book authors reach for when a story outgrows a single document. The binder (hierarchical file tree), corkboard (index cards you can drag to reorder), and split-screen editor let you keep research, notes, and draft sections visible simultaneously. It stores everything in a local project file — no cloud dependency, no account required. Literature & Latte is a small independent company founded in Cornwall, UK by Keith Blount, who taught himself to code because the writing software he wanted didn't exist. That origin story matters: the tool is designed for writers, not for growth metrics. The learning curve is real — Scrivener has depth that takes time to explore — but the 30-day trial (which counts actual usage days, not calendar days) gives you honest time to evaluate. Compile lets you export to Word, PDF, ePub, and other formats with fine-grained formatting control. No AI features, no telemetry, no subscription. It just works.", "bestFor": "Book-length journalism projects. Investigative stories with many sources, documents, and threads to organize. Series or multi-part features. Any project where you need research and drafts in the same workspace. Writers who outline, rearrange, and restructure as they work.", "notFor": "Quick blog posts or short articles (overkill — use iA Writer or a plain text editor). Real-time collaboration (no multi-user editing). Web publishing (Scrivener compiles to files, not to CMS). Writers who want AI writing assistance built in.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "All local. Projects are stored as local files on your device. Scrivener makes an optional HTTPS connection to literatureandlatte.com to check for updates — no data is sent or stored during this check, and it can be disabled in Preferences. Sync between devices uses Dropbox or iCloud (iOS only), putting data jurisdiction under those providers.", "privacyPolicyTldr": "No account required. No telemetry. No analytics. The only network connection is an optional update check via HTTPS to literatureandlatte.com, which sends no user data. All project files are stored locally. Literature & Latte does not collect, process, or store any user content.", "practicalMitigations": "Disable automatic update checks in Preferences if you want zero network activity. For cross-device sync, Dropbox is the recommended method — be aware Dropbox holds encryption keys. On iOS, iCloud sync is an option but Apple controls the keys (unless Advanced Data Protection is enabled). Keep local backups of .scriv project files. Use Scrivener's built-in backup feature (Preferences > Backup) to auto-save zipped copies.", "owner": "Literature & Latte Ltd, Cornwall, UK. Founded by Keith Blount (director and lead developer). Small independent company, no outside investors.", "fundingModel": "Bootstrapped. Revenue from software sales only. No venture capital.", "businessModel": "One-time software purchases for Mac, Windows, and iOS. Also sells Scapple (freeform brainstorming tool). No subscription, no ads, no data monetization.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "strong", "securityRatingNote": "Fully local architecture with no account, no telemetry, and no content transmission. Independent company with no investor pressure. The only network connection is an optional update check that can be disabled. Privacy posture is excellent — your data never leaves your machine unless you choose to sync via Dropbox or iCloud." }, { "name": "SEC EDGAR", "slug": "sec-edgar", "url": "https://www.sec.gov/edgar", "tagline": "SEC's electronic filing system. Every public company filing since 1993 — 10-Ks, 10-Qs, 8-Ks, proxy statements, insider trades. Free. The foundation of financial and business journalism.", "category": "newsgathering", "builtForJournalism": false, "whoItsFor": "Financial reporters, business journalists, investigative reporters following corporate money, and any journalist who needs to verify claims made by public companies. Essential for anyone covering Wall Street, corporate governance, executive compensation, mergers, or securities fraud.", "pricing": "Free", "freeOption": true, "editorialTake": "EDGAR is where public companies cannot hide. Every 10-K (annual report), 10-Q (quarterly), 8-K (material event), DEF 14A (proxy statement), S-1 (IPO registration), and Form 4 (insider trade) filed with the SEC since 1993 is here — searchable, downloadable, and free. When a CEO says 'we had a great quarter,' EDGAR has the filing that shows exactly how great. When a company claims it has no material risks, EDGAR has the risk factors section where lawyers wrote the truth. The full-text search system (EFTS) is the most powerful feature for journalists. Search any word or phrase across every filing since 2001 — find every mention of a person's name, a specific chemical, a subsidiary, a contract term. Filter by date, company, filing type, or location. This is how investigative reporters find the buried paragraph on page 147 of a 10-K that contradicts what the company told the press. EDGAR also provides structured data: XBRL-tagged financial statements for quantitative analysis, company filing histories, and insider transaction feeds. The API (10 requests/second rate limit, no authentication required) enables data journalists to build monitoring systems for SEC filings. The interface is utilitarian — this is a government database, not a Bloomberg terminal. For a more polished experience, commercial tools like Sentieo, AlphaSense, and SEC API (sec-api.io) layer better search, alerting, and analytics on top of EDGAR data. But the underlying data is the same, and EDGAR is free. Every financial journalist should know how to use EDGAR directly, even if they also use commercial tools. Key filing types for journalists: 10-K (annual financials + risk factors + legal proceedings), 8-K (breaking material events — firings, acquisitions, restatements), DEF 14A (executive compensation, board composition, shareholder proposals), Form 4 (insider buying and selling — often the earliest signal of trouble or confidence), and S-1 (IPO prospectus with the most honest description a company will ever publish about its business).", "bestFor": "Verifying any financial claim made by a public company. Researching executive compensation, insider trading, and corporate governance. Finding buried disclosures in risk factors, legal proceedings, and footnotes. Monitoring SEC filings for breaking news (8-Ks filed after market close often contain material events). Building datasets of corporate disclosures for investigative projects. Backgrounding companies before interviews.", "notFor": "Private company filings (private companies do not file with the SEC unless issuing public debt or conducting certain offerings). Real-time stock data or market analysis (EDGAR is for filings, not pricing). International companies that do not list on US exchanges (unless they file as foreign private issuers). Understanding what the filings mean — EDGAR provides the documents, but interpreting financial statements requires accounting literacy.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (Securities and Exchange Commission, Washington, DC). Hosted on US government infrastructure.", "privacyPolicyTldr": "EDGAR is a US government service. No account required for searching or downloading filings. The SEC collects standard web analytics under federal government website practices — no advertising, no data sales, no third-party tracking. The EDGAR API requires a User-Agent header with your name and email (for rate-limit communication, not tracking). All filings are public records.", "practicalMitigations": "For sensitive investigations (e.g., researching a company that might monitor who is looking at its filings), note that the SEC's EDGAR logs are subject to FOIA — though the likelihood of a company FOIA-ing SEC web logs is extremely low. Use the full-text search (efts.sec.gov/LATEST/search-index) for cross-filing keyword searches. Set up RSS feeds for specific companies to monitor new filings automatically. For large-scale data projects, use the EDGAR API rather than manual searching — respect the 10 requests/second rate limit. Learn to read 10-K risk factors and 8-K disclosures; they contain the information companies are legally required to disclose but would prefer you not notice.", "owner": "US Securities and Exchange Commission (SEC)", "fundingModel": "US federal government. Funded through congressional appropriations and SEC filing fees paid by registrants. SEC's annual budget is approximately $2.2 billion (FY2024). EDGAR is a core SEC infrastructure system.", "businessModel": "Free public service. No revenue model for EDGAR itself. All filings are public records accessible without charge. Commercial providers (Bloomberg, Sentieo, AlphaSense, sec-api.io) build value-added products on top of EDGAR data.", "knownIssues": "The search interface is functional but dated — commercial tools provide better UX for the same underlying data. Full-text search covers filings from 2001 onward; older filings (1993-2000) are available but not full-text indexed. Some filings are submitted as scanned PDFs rather than searchable text, especially older documents and certain exhibits. XBRL data quality varies — companies sometimes tag financial data incorrectly, which can produce misleading results in quantitative analyses. The 10 requests/second API rate limit can slow large-scale data collection projects. EDGAR does not send push notifications — you need RSS feeds or third-party tools for real-time filing alerts. Filing delays exist: companies have deadlines (60-90 days for 10-Ks depending on filer size, 4 business days for 8-Ks), so information can be weeks old by the time it appears.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "strong", "securityRatingNote": "US government service operated by the SEC with no advertising, no data sales, and no third-party tracking. No account required. All data is public record. The only information you provide is your search query and (for API use) a User-Agent header. There is effectively zero security risk in using EDGAR for journalism research. The 'strong' rating reflects institutional credibility, absence of commercial incentives, and minimal data collection." }, { "name": "SecureDrop", "slug": "securedrop", "url": "https://securedrop.org", "tagline": "Whistleblower submission platform. Sources submit anonymously via Tor.", "category": "security", "openSource": true, "builtForJournalism": true, "threatLevel": "sensitive-reporting", "whoItsFor": "Newsrooms that need a secure channel for anonymous tips and document submissions. Over 60 organizations run SecureDrop instances, including The Washington Post, The New York Times, ProPublica, The Guardian, and The Globe and Mail.", "pricing": "Free. Hardware costs ~$1,500–$2,500 for two dedicated servers and a firewall appliance. FPF offers pro-bono installation support for independent and nonprofit newsrooms (you cover travel). Priority support contracts available for larger organizations.", "freeOption": true, "editorialTake": "SecureDrop is how major investigations start. It is the gold standard for anonymous source communication — Tor-only access, end-to-end encryption, no metadata retention, air-gapped document viewing. Six independent security audits since launch, most recently by 7ASecurity in mid-2024, which found only one medium-severity and two low-severity issues across the entire codebase. The new SecureDrop Workstation (Qubes-based) entered open beta in July 2024 and is rolling out to all SecureDrop newsrooms. A fully rewritten journalist app is feature-complete and awaiting its security audit in early 2026. This is institutional infrastructure — it requires dedicated hardware, on-site servers, and IT staff. Not a tool for individuals. But for newsrooms doing sensitive work, nothing else comes close.", "bestFor": "Receiving anonymous tips and documents. Running a secure tip line for investigative reporting. Any newsroom where source protection is non-negotiable.", "notFor": "Individual freelancers (requires two dedicated servers on-premises). Small teams without IT support. Quick back-and-forth communication (asynchronous by design — sources check back for replies).", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "On-premises only. Documents stored on newsroom-controlled servers inside your building. No third-party cloud. Air-gapped viewing recommended via dedicated Secure Viewing Station. Because there is no third-party host, any government subpoena must go directly to the news organization — which can fight it on First Amendment grounds.", "privacyPolicyTldr": "SecureDrop is designed to know nothing about sources. No IP logging, no browser fingerprinting, no metadata retention. Documents are encrypted on submission with the newsroom's public key. The architecture assumes the server could be compromised and still protects source identity. Even printer tracking dots are addressed in operational guidance.", "practicalMitigations": "Follow FPF's installation guide precisely — a 2017 audit found a vulnerability in the install process (fetching packages over HTTP without signature verification). Use air-gapped machines for viewing submissions. Train all journalists who access the system on operational security — Reality Winner was caught partly because The Intercept mishandled printer steganography dots, not because SecureDrop failed. Regularly update the SecureDrop installation (the Ubuntu 20.04-to-24.04 migration in 2025 was fully automated for most instances). Consider upgrading to SecureDrop Workstation for integrated Qubes-based isolation.", "owner": "Freedom of the Press Foundation (501(c)(3) nonprofit)", "fundingModel": "Donations, grants, and major gifts. Jack Dorsey's #startsmall donated $10M in January 2024 — the largest gift in FPF history. Open Technology Fund sponsors security audits. FPF reported $5.25M income and $20.7M net assets in 2024 IRS filings.", "businessModel": "Nonprofit. Software is free. FPF provides installation support, training, and priority support contracts. No revenue from the tool itself. FPF published a 2025–2026 strategic plan and is led by board president Rainey Reitman (succeeding Edward Snowden). Dr. Jennifer Helsby joined as CTO in 2025, replacing VP of Engineering Erik Möller after seven years.", "knownIssues": "High operational burden — requires two dedicated servers, a firewall appliance, physical security, and ongoing IT maintenance. Not viable for freelancers or small outlets without technical staff. SecureDrop Workstation (Qubes-based) is still in open beta as of early 2026; the new journalist app rewrite is awaiting its security audit. The 2024 audit found the project meets only SLSA Level 1 because builds happen on developer workstations, not a dedicated build machine. GlobaLeaks is a lighter alternative for organizations that do not need Tor-only access — it supports clearnet and has been deployed in over 2,000 projects globally — but GlobaLeaks was not designed specifically for journalism and lacks SecureDrop's air-gapped viewing model.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Purpose-built for source protection. Tor-only access, E2E encryption, no metadata retention, air-gapped viewing. Open-source with six completed security audits (most recent: 7ASecurity, mid-2024 — one medium, two low findings, all patched in v2.10.0). No known incidents of source exposure through SecureDrop itself. Backed by Freedom of the Press Foundation with $20.7M in assets and a dedicated security engineering team led by CTO Jennifer Helsby." }, { "name": "Semantic Scholar", "slug": "semantic-scholar", "url": "https://www.semanticscholar.org", "tagline": "AI-powered academic search engine with 234 million papers. Free, fast, and built by the Allen Institute for AI. The best way to find and understand scientific literature for reporting.", "category": "newsgathering", "openSource": false, "whoItsFor": "Journalists covering science, health, technology, policy, or any beat where peer-reviewed research matters. Reporters who need to quickly find the most relevant and influential papers on a topic. Data journalists building literature-based datasets. Investigative reporters tracing citation networks to understand who funds or influences research. Any journalist who needs to go beyond Google Scholar's basic keyword matching.", "pricing": "Free", "freeOption": true, "editorialTake": "Semantic Scholar indexes 234 million papers across all scientific disciplines and uses AI to surface what matters. Unlike Google Scholar (which is essentially keyword search over academic PDFs), Semantic Scholar understands papers semantically — it can find relevant research even when you do not know the exact terminology. The TLDR feature generates one-sentence plain-language summaries of papers, which is invaluable when you are scanning dozens of results trying to find the right expert or study for a story. Citation graphs show you not just who cited a paper, but which citations are most influential — helping you trace how an idea spread through the literature or identify the foundational work in a field. For journalists, the practical value is speed and precision. A health reporter covering a new drug can find the pivotal clinical trials in minutes rather than hours. A tech journalist investigating an AI company's claims can trace whether their cited research actually supports their product claims. An investigative reporter can map funding relationships through co-authorship networks. Semantic Scholar's API is also free and well-documented — data journalists can programmatically query the database for stories about publication patterns, citation manipulation, or research trends. The Allen Institute for AI (Ai2) is a nonprofit research institute founded by Paul Allen. Semantic Scholar has no advertising, no paywall, and no commercial incentive to bias results. The limitation: Semantic Scholar indexes metadata and abstracts comprehensively, but full-text access depends on whether the paper is open access. For paywalled papers, you still need institutional access, Unpaywall, or direct author contact. The tool finds the research — accessing it is a separate problem.", "bestFor": "Finding the most cited and influential research on any scientific topic. Getting plain-language summaries (TLDRs) of papers to quickly assess relevance. Tracing citation networks to understand how research builds on prior work. Identifying key researchers and experts in a field for source-finding. API access for data journalism projects analyzing publication patterns.", "notFor": "Accessing full text of paywalled papers (Semantic Scholar finds them but cannot bypass paywalls). Non-academic sources — news articles, government reports, and grey literature are not indexed. Legal documents, court records, or regulatory filings. Real-time information (there is a lag between publication and indexing). Replacing domain expertise — AI summaries can miss nuance that matters for reporting.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (Allen Institute for AI, Seattle, WA). Search queries, reading history, and any account data stored on Ai2's infrastructure in the US. Subject to US law enforcement requests. No account required for basic search — you can use it without providing any personal information.", "privacyPolicyTldr": "No account required for core search functionality. If you create an account (for personalized recommendations and library features), Ai2 collects standard account data. The Allen Institute for AI is a nonprofit — it does not sell user data or run advertising. Search queries and usage data may be used to improve the service and for research purposes (Ai2 is a research institute). The tool does not track you across the web. No advertising pixels or third-party ad trackers.", "practicalMitigations": "Use without creating an account if you want to leave no trace of your research interests. For sensitive investigative research, access Semantic Scholar through a VPN or Tor to avoid IP-based logging. Be aware that your search history, if tied to an account, reveals your reporting interests. Cross-reference findings with Google Scholar and PubMed to ensure comprehensive coverage — no single index catches everything. Verify TLDR summaries against actual abstracts — AI-generated summaries can occasionally miss critical qualifications or caveats. When citing research in stories, always read the full paper (or at minimum the abstract and methodology) rather than relying on the AI summary alone.", "owner": "Allen Institute for AI (Ai2) — nonprofit research institute, Seattle, WA", "fundingModel": "Ai2 is a nonprofit research institute founded by the late Paul Allen (Microsoft co-founder) in 2014. Funded by endowment, grants, and research partnerships. Semantic Scholar is a free public service — part of Ai2's mission to contribute to scientific progress through AI.", "businessModel": "Free to all users. No advertising. No paywall. No premium tier for individuals. Ai2 offers an enterprise API for organizations needing high-volume programmatic access, but the core product is entirely free. Revenue is not the goal — advancing AI for the common good is the stated mission.", "knownIssues": "Coverage gaps exist in some disciplines — humanities and social sciences are less comprehensively indexed than STEM fields. There is an indexing lag between publication and availability in Semantic Scholar (days to weeks for new papers). TLDR summaries are AI-generated and occasionally miss important qualifications, limitations, or context — they should never replace reading the actual abstract. Citation counts can be gamed (citation rings, self-citation) and Semantic Scholar does not fully filter for this. Some papers are indexed with incomplete metadata (missing authors, wrong publication dates). The tool does not distinguish between peer-reviewed papers and preprints by default — users must check the venue. Full-text search is limited; most search operates on titles, abstracts, and metadata. No integration with institutional library access — you cannot seamlessly get full text even if your institution subscribes.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "Standard security for a free academic search tool. HTTPS throughout, no advertising trackers, nonprofit operator with no data monetization incentive. The 'adequate' rather than 'strong' rating reflects that this is a search tool, not a security tool — it does not claim or need exceptional privacy protections. The main consideration for journalists: your search queries reveal your investigative interests. Use without an account and through a VPN if researching sensitive topics. Ai2's nonprofit status and research mission align with user interests, but US jurisdiction means data could theoretically be subject to legal process." }, { "name": "Session", "slug": "session", "url": "https://getsession.org", "tagline": "Decentralized encrypted messenger that requires no phone number, no email, and routes messages through onion paths. The most metadata-resistant messenger available — if it survives its funding crisis.", "category": "messaging", "openSource": true, "whoItsFor": "Journalists and sources who need the strongest possible metadata protection — where even the fact that a communication occurred must be deniable. Reporters in authoritarian environments where centralized servers can be compelled or seized. Whistleblowers who cannot risk any link between their identity and a messaging account. Privacy researchers and activists operating under state surveillance.", "pricing": "Free", "freeOption": true, "editorialTake": "Session solves the one problem Signal cannot: metadata. Signal encrypts message content but still requires a phone number and routes messages through centralized Signal Foundation servers — meaning Signal knows who is talking to whom, even if it cannot read what they say. Session eliminates both requirements. No phone number. No email. No centralized server. Messages route through an onion network of community-operated nodes (originally built on Oxen's Lokinet infrastructure), meaning no single node knows both the sender and recipient. Your Session ID is a randomly generated public key. The encryption uses the Signal protocol's Double Ratchet adapted for Session's decentralized architecture, with X25519 key agreement and XChaCha20-Poly1305. The architecture is genuinely novel: instead of trusting one company's servers (Signal Foundation, Meta, Threema GmbH), you trust a distributed network of nodes incentivized by cryptocurrency staking. This is both Session's strength and its vulnerability. The Session Foundation — a Swiss nonprofit stewarding the project — announced in early 2026 that it has entered its final 90 days of funding. Without reaching donation goals, all paid staff would have their final working day on April 9, 2026. This is an existential threat to a security tool that journalists might depend on. A messenger is only as trustworthy as its long-term maintenance: unfixed vulnerabilities in abandoned software become attack vectors. The honest assessment: Session's privacy architecture is superior to Signal's on metadata resistance. But Signal has a $50M+ foundation, a proven track record under legal pressure (subpoenas that yielded nothing because Signal had nothing), and millions of users. Session has a funding crisis, a smaller development team, and far fewer users. For journalists, the calculus is: do you need metadata resistance badly enough to depend on a tool whose survival is uncertain? If you cover intelligence agencies, surveillance states, or organized crime at the highest level — and your threat model specifically includes traffic analysis — Session offers protections no other messenger matches. For everyone else, Signal remains the safer bet because it will still exist next year.", "bestFor": "Communication where metadata exposure (who talked to whom, when) is as dangerous as content exposure. Sources in authoritarian countries where server seizure or legal compulsion is a realistic threat. Whistleblowers who cannot link any personal identifier to a messaging account. Journalists covering surveillance technology, intelligence agencies, or state-sponsored hacking. Backup communication channel when Signal is blocked or monitored at the network level.", "notFor": "Day-to-day newsroom communication — the funding uncertainty makes it unsuitable as a primary tool. Journalists whose sources will not install an unfamiliar app. Large group conversations (Session groups are limited in size and features). Voice/video calling (Session offers audio messages but not real-time calls with the reliability of Signal). Anyone who needs confidence their tool will receive security updates in 12 months.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Decentralized — no single jurisdiction. The Session Foundation is a Swiss nonprofit, but messages route through a global network of community-operated nodes. No central server stores messages or metadata. Messages are held temporarily on swarm nodes (encrypted) until delivered, then deleted. No single entity can be compelled to produce communication records because no single entity holds them.", "privacyPolicyTldr": "Session collects no personal data. No phone number, no email, no IP address logging. Messages route through onion paths so no single node sees both sender and recipient. The Session Foundation states it has no trackers, never collects private data, and never sells data to third parties. Your Session ID is a cryptographic key pair generated locally — it is not linked to any real-world identity. The only data that exists is encrypted messages temporarily stored on swarm nodes awaiting delivery.", "practicalMitigations": "Understand the funding risk: as of early 2026, Session's continued development is uncertain. Do not make Session your only secure communication channel — maintain Signal as a fallback. Back up your Session ID recovery phrase securely (offline, encrypted). Use Session over Tor or a VPN for additional network-layer protection if your ISP might flag Lokinet traffic. Verify that you downloaded Session from official sources (getsession.org, official app store listings). For maximum anonymity, install Session on a device not linked to your identity. Be aware that Session's smaller user base means your use of it may itself be a signal — in some environments, having Session installed could attract attention.", "owner": "Session Foundation (Swiss nonprofit)", "fundingModel": "Originally funded by the Oxen Privacy Tech Foundation (OPTF) through Oxen cryptocurrency. Now stewarded by the Session Foundation, a Swiss nonprofit relying on community donations and grants. As of early 2026, the foundation faces a critical funding shortfall and may cease paid operations. No venture capital. No advertising. No data monetization.", "businessModel": "Free and open source. No revenue model beyond donations and grants. The original Oxen/Loki cryptocurrency mechanism provided node operator incentives, but Session's messaging layer is free to users. The Session Foundation operates as a nonprofit with no commercial product. This is both principled and financially precarious.", "knownIssues": "Funding crisis (2026): The Session Foundation announced it has entered its final 90 days of operation without meeting donation targets. All paid staff face termination if funding is not secured. This creates existential risk for ongoing security maintenance. Smaller development team than Signal means slower vulnerability response. The onion routing architecture, while privacy-superior, introduces latency — messages can take seconds longer to deliver than Signal. No independent security audit results are publicly prominent (unlike Signal's extensive audit history). The cryptocurrency origins (Oxen/Loki) created reputational complexity — some security researchers view crypto-adjacent projects with skepticism. Group messaging is limited compared to Signal. No voice or video calling feature parity with Signal. User base is small enough that Session usage itself could be a distinguishing signal in traffic analysis. Desktop and mobile sync has historically been unreliable.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "Session's privacy architecture is technically superior to Signal for metadata resistance: no phone number, no central server, onion-routed message delivery. The encryption is sound (adapted Signal protocol with modern primitives). The 'adequate' rather than 'strong' rating reflects operational reality: the Session Foundation faces an existential funding crisis as of early 2026, the audit trail is less extensive than Signal's, the development team is smaller, and long-term maintenance is uncertain. A security tool is only as good as its next vulnerability patch. If Session's funding stabilizes and independent audits confirm its implementation, this rating should be revisited upward. For now, journalists should treat Session as a specialized high-metadata-threat tool, not a primary messenger." }, { "name": "Sherlock", "slug": "sherlock", "url": "https://github.com/sherlock-project/sherlock", "tagline": "Find social media accounts by username across 400+ platforms. Command-line OSINT.", "category": "verification", "additionalCategories": [ "newsgathering" ], "openSource": true, "threatLevel": "sensitive-reporting", "whoItsFor": "Investigative journalists and OSINT researchers tracing a subject's username across platforms. Law enforcement, fraud investigators, and anyone mapping online identity reuse. Requires comfort with the command line — no GUI.", "pricing": "Free", "freeOption": true, "editorialTake": "Sherlock checks a username against 400+ social media sites and returns matching profile URLs. It runs locally — your queries never touch a Sherlock server, which matters when you don't want to alert a target. The tool is fast and simple: one username in, a list of URLs out. But accuracy is the real issue. A December 2024 deep dive found 32% of detected accounts were false positives (pages that existed but had no real profile), and another 44% were valid accounts belonging to someone else entirely. That means roughly three-quarters of raw results are noise. Maigret, a Sherlock fork, searches 3,000+ sites (vs. Sherlock's 400+), parses profile pages for personal info, and supports recursive searches — it's the stronger tool for serious investigations. Sherlock remains useful as a quick first pass, but treat every result as unverified until you click through.", "bestFor": "Quick username enumeration across 400+ platforms. First-pass OSINT to see where a username appears. Building a starting list for deeper manual investigation.", "notFor": "Real-name searches (username-only matching). Verified identity confirmation — a matching username doesn't mean the same person. Monitoring accounts over time (one-shot scan only). Investigations requiring accuracy without manual verification. High-confidence attribution.", "encryptionInTransit": "partial", "encryptionAtRest": "no", "dataJurisdiction": "Local — runs entirely on your machine. No data sent to Sherlock servers. HTTP requests go directly to each social media platform, so each platform sees your IP and query.", "privacyPolicyTldr": "No server component. No data collection by Sherlock's developers. Your searches are visible to every platform queried — each site receives an HTTP request checking for the username. Some platforms log these lookups. Rate limiting or IP blocking is possible if you query aggressively.", "practicalMitigations": "Run through a VPN or Tor to mask your IP from target platforms (though --tor is deprecated in v0.16.0 — use an external Tor proxy). Reduce thread count to avoid rate limiting and false positives from blocked requests. Manually verify every result — expect 30-50% false positive rates on common usernames. Cross-reference with Maigret or WhatsMyName for better coverage and accuracy. Use --site flags to limit scope when you know which platforms matter. Output to CSV or XLSX for structured review.", "owner": "Sherlock Project (open-source community). Originally created by Siddharth Dushantha.", "fundingModel": "Unfunded community project. No grants, no sponsors, no commercial backing. Maintained entirely by volunteers.", "businessModel": "None. MIT-licensed open-source software. Community-maintained with 200+ contributors. Available as a Debian/Ubuntu package as of v0.16.0.", "knownIssues": "False positive rate is high — a December 2024 analysis found 32.3% of detected accounts didn't actually exist, and 44.1% belonged to different people. The project has removed 124+ sites historically due to persistent false positives. Sherlock doesn't detect platform censorship or geo-blocking — a blocked page can register as a confirmed account. --tor and --unique-tor flags are deprecated in v0.16.0. Aggressive thread counts cause rate limiting and additional false positives. Facebook, Discord, and many dating apps block automated enumeration entirely, so coverage on those platforms is zero. No profile parsing — Sherlock only confirms URL existence, unlike Maigret which extracts names, bios, and linked accounts. Site list requires constant maintenance as platforms change their page structures.", "reviewedBy": "Deepened evaluation by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "Open-source, runs locally, no data collection. The operational security concern is real: every platform you query sees your IP address and the username you're searching. Some platforms log lookup attempts. Since v0.16.0, built-in Tor support is deprecated — you need an external proxy for anonymity. The tool itself is trustworthy; the risk is in how you use it and whether targets or platforms detect your enumeration activity." }, { "name": "Signal", "slug": "signal", "url": "https://signal.org", "tagline": "E2E encrypted messaging. No ads, no tracking, no compromises.", "category": "messaging", "openSource": true, "threatLevel": "baseline", "whoItsFor": "Every journalist. Period.", "pricing": "Free (paid backup tier at $1.99/month for 100GB media storage)", "freeOption": true, "editorialTake": "Gold standard for source communication. E2E encryption by default, minimal metadata retention, open-source protocol audited extensively. The March 2025 'Signalgate' incident — where Trump administration officials accidentally added an Atlantic editor to a classified discussion — was human error, not a protocol flaw. It actually demonstrated how deeply Signal is trusted at the highest levels. In February 2025, Russian threat actors exploited Signal's linked devices feature using malicious QR codes to hijack accounts. The NSA warned employees about this vector. Signal has since upgraded to post-quantum cryptography (PQXDH and SPQR protocols) to protect against harvest-now-decrypt-later attacks. The SPQR (Sparse Post Quantum Ratchet) upgrade in October 2025 added forward secrecy to the post-quantum layer. Secure encrypted backups launched September 2025 with free and paid tiers — a zero-knowledge architecture that stores backups without linking them to specific Signal accounts. Signal president Meredith Whittaker has publicly warned that AI agents at the OS level pose an 'existential threat' to secure messaging, calling out reckless deployments that bypass security teams. Every journalist should have this installed.", "bestFor": "All journalist communication with sources. Default recommendation for any sensitive conversation.", "notFor": "Large group video calls (limited to 40). Not a phone replacement for non-sensitive calls.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Minimal — messages stored on-device, not on servers. Secure Backups are end-to-end encrypted with zero-knowledge architecture.", "privacyPolicyTldr": "Signal retains almost nothing. No message content, no contact lists, no group metadata. The only data Signal can produce in response to a subpoena: account creation date and last connection date. Post-quantum cryptography now protects against future decryption of intercepted traffic. Group attributes (membership, admin status, message permissions) are now end-to-end encrypted.", "practicalMitigations": "Enable disappearing messages for sensitive conversations. Verify safety numbers with sources in person. Use registration lock to prevent SIM-swap account takeover. Review your linked devices regularly — remove any you don't recognize. Be cautious of QR codes from untrusted sources (phishing vector used by Russian threat actors in Feb 2025). Enable secure backups for message recovery. Do not use third-party Signal clones (TeleMessage TM SGNL was added to CISA's Known Exploited Vulnerabilities catalog in May 2025 for storing cleartext message copies despite claiming E2E encryption).", "owner": "Signal Technology Foundation (nonprofit)", "fundingModel": "Donations and grants. Brian Acton (WhatsApp co-founder) provided $105M in zero-interest loans due 2068. Operating costs reached ~$50M in 2025. First paid feature (backup storage at $1.99/month) launched September 2025. Shifting toward small-donor sustainability model.", "businessModel": "Nonprofit. No monetization of user data. Sustained by donations, with first optional paid tier for backup storage.", "knownIssues": "Linked devices phishing: Russian threat actors used malicious QR codes to hijack accounts via the linked devices feature (February 2025). NSA warned employees about this vector. Signal has since added in-app warnings and safeguards against this attack. Academic researchers demonstrated metadata timing analysis that can expose online status via delivery receipts (October 2025). New users' contacts receive a notification when they join Signal, which domestic violence organizations have flagged as a risk. TeleMessage TM SGNL — a third-party Signal clone used by some US government officials — was breached in May 2025, exposing cleartext message copies. CISA added it to the Known Exploited Vulnerabilities catalog (CVE-2025-47729). This is not a Signal vulnerability but a risk of using unauthorized clones.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Open-source protocol with extensive independent audits and post-quantum cryptography upgrades (PQXDH and SPQR). Sealed sender minimizes metadata. Group attributes now E2E encrypted. No business incentive to weaken privacy. Named to TIME100 Most Influential Companies 2025. ~85 million monthly active users as of late 2025." }, { "name": "Sky Follower Bridge", "slug": "sky-follower-bridge", "url": "https://github.com/kawamataryo/sky-follower-bridge", "tagline": "Browser extension that finds your Twitter/X contacts on Bluesky — migrate your professional network without starting over.", "category": "publishing", "openSource": true, "whoItsFor": "Journalists moving from X/Twitter to Bluesky who don't want to rebuild their professional network from scratch. Also works with Instagram, TikTok, Threads, and Facebook follower lists.", "pricing": "Free", "freeOption": true, "editorialTake": "Sky Follower Bridge solves a real problem for journalists leaving X: finding the colleagues, sources, and organizations you already follow on Bluesky. Install the extension, visit your X follower/following list, press Alt+B, sign in with Bluesky OAuth, and it scans for matching accounts. It works across Chrome, Firefox, and Edge. The matching isn't perfect — it searches Bluesky's API for similar usernames and display names, so you should verify each match before following. v3.1.0 added support for self-hosted Bluesky PDS servers. The extension has 863 GitHub stars, is MIT-licensed, and the code is readable. It authenticates to Bluesky via OAuth or app password — your X credentials are never touched (it just reads the public follower list displayed in your browser). Rate limiting from Bluesky's API can slow down large migrations. Built by kawamataryo, a solo developer active on Bluesky.", "bestFor": "Migrating your X/Twitter following list to Bluesky. Finding journalist colleagues who've moved to Bluesky. Rebuilding professional networks after platform shifts. One-time migration rather than ongoing use.", "notFor": "Automated cross-posting between platforms. Managing multiple Bluesky accounts. Mobile browsers (desktop only). Ongoing follower synchronization — it's a one-time migration tool.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Local browser extension. Follower matching happens via Bluesky's public API. No data is sent to the extension developer's servers.", "privacyPolicyTldr": "The extension runs locally in your browser. It reads your X follower lists from the page you're viewing (no X API access needed) and queries Bluesky's public API for matches. Authentication is via Bluesky OAuth or app password — your X credentials are never requested or accessed. No data is sent to third-party servers beyond Bluesky's API. No analytics or telemetry in the extension code.", "practicalMitigations": "Use Bluesky OAuth rather than app passwords when possible — OAuth is more granular and revocable. Review each suggested match before following — the matching algorithm can produce false positives. Be aware that bulk following via 'Follow All' may trigger Bluesky rate limits. Review the extension's permissions in your browser before installing.", "owner": "kawamataryo (solo developer, @kawamataryo.bsky.social)", "fundingModel": "Community-driven open source. No disclosed funding or sponsorship.", "businessModel": "None — free, open-source tool under MIT license. No paid tier, no premium features, no data collection.", "knownIssues": "Matching accuracy varies — false positives occur when usernames or display names are similar but refer to different people. Bluesky API rate limits can interrupt large migrations (wait 2-3 minutes and retry). Solo developer project — bus factor of one. Desktop browsers only, no mobile support. 'Follow All' button can trigger aggressive rate limiting if used on large lists.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "reviewDepth": "editorial", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "Open-source under MIT license with readable code. Runs locally in the browser with no third-party data collection. The main trust consideration is that it authenticates to your Bluesky account — use OAuth rather than app passwords for better security. Solo developer project means slower security response if issues arise, but the codebase is small and auditable." }, { "name": "Slack", "slug": "slack", "url": "https://slack.com", "tagline": "Team messaging platform. Not end-to-end encrypted — your employer and Salesforce can access messages.", "category": "messaging", "openSource": false, "whoItsFor": "Newsroom teams coordinating daily operations, story assignments, and non-sensitive communication.", "pricing": "Free: 90 days of message history, 10 app integrations. Pro: $8.75/user/month. Business+: $12.50/user/month. Enterprise Grid: custom.", "freeOption": true, "editorialTake": "Slack is the default newsroom messaging tool — and the worst place to discuss anything confidential. It is not end-to-end encrypted. Workspace admins can export messages. Salesforce (parent company since July 2021) can access data. Courts treat Slack messages identically to email in discovery. In July 2024, the hacker group NullBulge exfiltrated 1.1TB from Disney's internal Slack — 44 million messages, 18,800 spreadsheets, 13,000 PDFs — via a compromised employee device. Disney moved its entire workforce to Microsoft Teams by Q2 FY2025. In November 2025, Nikkei confirmed attackers stole credentials from a malware-infected personal laptop and accessed Slack data for 17,368 employees and partners. In August 2024, security firm PromptArmor demonstrated that Slack AI was vulnerable to indirect prompt injection — an attacker in the same workspace could exfiltrate private channel data via crafted messages. Slack initially called this \"intended behavior\" before patching it a week later. In May 2024, users discovered Slack had been quietly using customer data to train its ML models since September 2023, with opt-out requiring an email to feedback@slack.com. Slack later clarified that its generative AI features do not train on customer data, but its traditional ML models (search, recommendations) still use de-identified aggregate data by default. For newsrooms, the calculus is simple: use Slack for logistics, never for journalism. Source names, sensitive tips, and confidential discussions belong on Signal or, for teams that need Slack-like features with end-to-end encryption, Element (Matrix) or Mattermost self-hosted.", "bestFor": "Newsroom coordination, story assignments, non-sensitive team communication, integrations with editorial tools.", "notFor": "Source communication. Sensitive editorial discussions. Anything you would not want your employer, Salesforce, or a court order to reveal. Use Signal for those conversations.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (Salesforce infrastructure). Data residency options available on Enterprise Grid — encryption key storage in Frankfurt, London, Paris, Sydney, Tokyo, Montreal.", "privacyPolicyTldr": "Slack encrypts data in transit and at rest but is not end-to-end encrypted. Workspace owners and admins can export all messages, including DMs on paid plans with Compliance exports enabled. Salesforce, as the parent company, can access customer data. Slack requires a search warrant before producing message content to law enforcement, and a subpoena or court order for non-content data (metadata, login records). Federal law prohibits Slack from producing content in response to civil subpoenas. Slack states it does not conduct real-time surveillance and is not eligible for FISA Section 702 upstream surveillance. Traditional ML models (search ranking, channel recommendations, emoji suggestions) use de-identified aggregate customer data by default — opt-out requires workspace owners to email feedback@slack.com. Generative AI features (Slack AI add-on) do not train on customer data and use LLMs hosted on Slack's own AWS infrastructure. Transparency reporting is published annually but lags — the most recent detailed report covers 2021. Deleted data persists in security backups for up to 14 days.", "practicalMitigations": "Never discuss sources, tips, or sensitive editorial material on Slack — assume every message can be read by your employer, Salesforce, and potentially produced in court. Minimize third-party app integrations: the Disney breach (1.1TB via compromised device) and the PromptArmor Slack AI exploit both demonstrate that integrations and AI features are active attack surfaces. Audit connected apps quarterly via workspace admin settings. If your newsroom uses Slack AI, understand that any workspace member could potentially exploit prompt injection to exfiltrate private channel data — disable Slack AI on channels with editorial sensitivity. Opt out of ML training: have your workspace owner email feedback@slack.com with subject line \"Slack Global model opt-out request.\" If your organization requires Slack, advocate for Enterprise Grid with Enterprise Key Management (EKM), which lets you control encryption keys via AWS KMS and revoke access if needed — but EKM is only available on Enterprise Grid (custom pricing). Set message retention policies to the shortest window your organization allows. For sensitive conversations, use Signal (mobile) or Element/Matrix (team messaging with E2EE). For newsrooms that need self-hosted Slack alternatives, evaluate Mattermost (open source, self-hosted, popular with defense/government) or Element (Matrix protocol, end-to-end encrypted by default).", "owner": "Salesforce, Inc. (acquired Slack Technologies in July 2021 for $27.7B)", "fundingModel": "Subsidiary of Salesforce (NYSE: CRM, FY2026 revenue $41.5B). Salesforce CEO Marc Benioff stated in April 2026 that Slack revenue is expected to reach $3B for the year. Slack was valued at $26.5B at time of acquisition. Salesforce does not break out Slack revenue in earnings but has integrated it deeply into its Agentforce and platform strategy.", "businessModel": "Freemium SaaS. Revenue from Pro, Business+, and Enterprise Grid subscriptions. Slack AI is a separately purchased add-on.", "knownIssues": "July 2024: Hacker group NullBulge exfiltrated 1.1TB from Disney's Slack — 44 million messages, 18,800 spreadsheets, 13,000 PDFs. Disney moved its entire workforce off Slack to Microsoft Teams by early 2025. August 2024: Security firm PromptArmor disclosed an indirect prompt injection vulnerability in Slack AI that allowed data exfiltration from private channels. Slack initially dismissed it as \"intended behavior\" before patching. The risk increased after Slack AI began ingesting uploaded files on August 14, 2024, creating new injection vectors — meaning an attacker might not even need to be a workspace member. May 2024: Users discovered Slack had been training ML models on customer data since September 2023 with opt-out buried behind an email request, triggering widespread backlash. November 2025: Nikkei confirmed attackers compromised its Slack workspace via malware-stolen credentials from an employee's personal laptop, exposing data for 17,368 employees and partners. January 2024: FTC issued guidance confirming Slack messages are subject to document preservation and production in regulatory investigations, same as email. A Slack-connected GenAI tool gained unauthorized administrative access to a linked Salesforce instance, demonstrating SaaS-to-SaaS integration risk.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "relatedPrograms": [ "slack-nonprofits" ], "securityRating": "adequate", "securityRatingNote": "Encrypted in transit (TLS 1.2+) and at rest (AES-256), with SOC 2 Type II, SOC 3, ISO 27001 certifications. FedRAMP Moderate authorized since May 2020; GovSlack holds FedRAMP High authorization. Not end-to-end encrypted — Salesforce and workspace admins can read all messages. Enterprise Key Management (EKM) available only on Enterprise Grid, using AWS KMS for customer-controlled encryption keys. Three major real-world incidents in 18 months (Disney 1.1TB exfiltration, Nikkei 17K-user breach, Slack AI prompt injection) demonstrate that Slack's attack surface — particularly through integrations, AI features, and credential theft — is actively exploited. The May 2024 ML training controversy revealed Slack's default opt-in approach to data usage. Adequate for non-sensitive newsroom coordination. Not appropriate for any communication involving sources, confidential tips, or sensitive editorial material." }, { "name": "Social Blade", "slug": "social-blade", "url": "https://socialblade.com", "tagline": "Social media analytics platform. Track follower growth, engagement trends, and channel statistics across YouTube, Twitch, Instagram, and TikTok.", "category": "newsgathering", "whoItsFor": "Journalists investigating social media influence — verifying follower counts, spotting bot-driven growth, tracking engagement patterns over time. Reporters covering creators, influencers, or disinformation campaigns. Fact-checkers assessing whether a social media account's growth is organic. Media reporters tracking platform trends.", "pricing": "Free tier with basic stats. Premium plans not publicly listed on site (previously Bronze $3.99/month, Silver $9.99/month, Gold $39.99/month, Platinum $99.99/month). Premium adds extended historical data, custom reports, and API access.", "freeOption": true, "editorialTake": "Social Blade pulls data from YouTube, Twitch, Instagram, and TikTok public APIs to show follower counts, growth trajectories, estimated earnings, and engagement metrics over time. Founded in 2008 by Jason Urgo, incorporated as an LLC in 2012, based in Raleigh, North Carolina. For journalists, the killer feature is historical growth charts — you can see whether an account's followers grew organically or in suspicious spikes (a telltale sign of purchased followers or bot activity). The estimated earnings ranges are rough but useful for context in stories about creator economics. Social Blade became a household name during the 2018-2019 PewDiePie vs. T-Series subscriber race, which it livestreamed. In March 2025, Social Blade dropped support for Twitter/X, Trovo, Mixer, Dailymotion, and DLive — reflecting API access changes and platform consolidation. The free tier gives you basic stats for any public account. The main limitation: Social Blade can only show what public APIs expose. As platforms restrict API access (Twitter/X shut the door entirely), Social Blade's coverage narrows. Use it alongside CrowdTangle (for Facebook/Instagram, while it lasts), Botometer (for bot detection), and manual investigation.", "bestFor": "Tracking social media account growth over time. Spotting suspicious follower spikes that suggest bot activity or purchased followers. Estimating YouTube channel revenue ranges. Comparing influencer metrics across platforms. Verifying claims about social media reach.", "notFor": "Deep bot detection (use Botometer for that). Twitter/X analytics (support dropped March 2025). Facebook analytics. Private account data. Real-time monitoring — data updates on API refresh cycles, not live. Any analysis requiring data from platforms that have restricted API access.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States. Social Blade LLC is based in Raleigh, North Carolina.", "privacyPolicyTldr": "Social Blade collects account data if you register, plus standard analytics (IP, browser, cookies). The analytics data it displays is pulled from public platform APIs — not private user data. The 2022 data breach exposed registered user emails and hashed passwords. Privacy policy available on site. Ad-supported with display advertising on free tier.", "practicalMitigations": "You don't need an account to look up public stats — use Social Blade without logging in to avoid having your data stored. If you have an existing account from before December 2022, change your password immediately (data breach). Use an ad blocker — Social Blade's free tier is heavily ad-supported. Cross-reference Social Blade data with platform-native analytics when possible. Don't cite estimated earnings as fact — they're rough ranges based on public CPM data, not actual creator revenue. Screenshot your findings — historical data availability depends on ongoing API access.", "owner": "Social Blade LLC (Raleigh, North Carolina, United States). Founded by Jason Urgo in 2008, incorporated October 2012.", "fundingModel": "Bootstrapped. No disclosed venture funding.", "businessModel": "Freemium with advertising. Free tier is ad-supported. Premium subscriptions add extended data, custom reports, and API access. Also offers consulting and channel management services for creators and multi-channel networks.", "knownIssues": "December 2022: Data breach exposed 5.6 million user records. Social Blade confirmed the breach. If you created a Social Blade account before December 2022, your email and hashed password were likely exposed — change your password and check HaveIBeenPwned. March 2025: Dropped support for Twitter/X, Trovo, Mixer, Dailymotion, and DLive. Estimated earnings figures are rough approximations based on public CPM ranges — not actual revenue data. Historical data accuracy depends on YouTube and other platform API availability, which has become increasingly restricted.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "caution", "securityRatingNote": "The December 2022 data breach (5.6 million records) is a significant mark against Social Blade's security posture. The platform itself is useful for journalists as a read-only analytics tool, but creating an account carries documented risk. Use it without logging in whenever possible. The free tier's heavy advertising also introduces tracker exposure. Rated caution rather than warning because the core use case (looking up public social media stats) doesn't require sharing sensitive information — but the breach history means you should treat any account data as potentially compromised." }, { "name": "Source of Sources", "slug": "source-of-sources", "url": "https://www.sourceofsources.com", "tagline": "Free expert-finding email service for journalists, from the founder of HARO.", "category": "newsgathering", "builtForJournalism": true, "whoItsFor": "Journalists who need expert sources on deadline. SOS sends two to three emails per day with journalist queries — sources reply directly. No dashboard, no login, no software. Also used by PR professionals and subject-matter experts who want earned media. 30,000+ subscribers as of 2025.", "pricing": "Free. No paid tiers for journalists or sources. Peter Shankman runs it lean and asks users to donate to animal rescue organizations instead of paying him. There is no premium tier — everyone gets the same emails.", "journalistDiscount": "N/A — completely free for all users.", "freeOption": true, "editorialTake": "SOS is the spiritual successor to HARO, built by Peter Shankman after he watched Cision turn HARO into what he called 'a wasteland of spam and AI-generated sludge.' The value proposition is simple: real queries from real journalists, delivered by email, with a zero-tolerance policy for AI-generated pitches and off-topic spam. Shankman personally monitors the platform and bans violators without appeal. The Muck Rack partnership (May 2024) adds journalist verification and profile links to each query, which helps sources vet reporters before responding. Compared to Qwoted (dashboard-based, freemium, profile-driven) or the revived HARO (now owned by Featured.com, plagued by quality issues), SOS is deliberately low-tech. That simplicity is a feature for deadline reporters who just want expert names in their inbox. The trade-off: no search, no filtering, no archive. If you miss an email, the opportunity is gone. For sensitive investigations, the same caveat applies as with any source-matching platform — your query topics are visible to the platform and its 30K subscribers.", "bestFor": "Deadline-driven source finding, diversifying expert lists, quick turnaround stories where you need a quotable expert in hours not days.", "notFor": "Sensitive investigations where query topics could reveal unpublished stories. Also not ideal if you need to search for sources proactively — SOS is inbound-only (queries go out, sources respond). Use Qwoted or direct outreach for proactive expert discovery.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States (New York, NY — Jessa and Waffle LLC d/b/a Source of Sources, 350 West 42nd Street, Suite 56B, New York, NY 10036)", "privacyPolicyTldr": "Collects name, email, IP address, browser info, search terms, query posts and responses, session analytics. Uses four cookie types including advertising and analytics cookies. Data shared with service providers, partners, and affiliates. Does not sell personal data for monetary gain, but disclosure to third parties lacks explicit use limitations. No journalist-specific protections — nothing prevents disclosure of journalist queries or search patterns to law enforcement. Data retention is vague: 'as long as necessary for business or legal reasons.' Privacy policy effective June 2025.", "practicalMitigations": "SOS is low-risk for routine source finding. Practical steps: (1) Your query topics are broadcast to 30K subscribers — don't use SOS for stories where the topic itself is sensitive. (2) Use a work email, not personal, since the platform logs query posts and responses. (3) No journalist-specific legal protections exist in the privacy policy — if subpoenaed, your query history could be disclosed. (4) The platform uses advertising cookies; consider blocking them. (5) For sensitive investigations, use direct outreach or encrypted channels instead.", "owner": "Jessa and Waffle LLC d/b/a Source of Sources", "fundingModel": "Bootstrapped. No VC funding. Peter Shankman runs SOS as a lean operation — the Muck Rack partnership (2024) provides infrastructure support but SOS itself charges nothing. Shankman has said running SOS takes only a few minutes per day.", "businessModel": "Free email newsletter monetized through the Muck Rack partnership. Muck Rack integrates journalist profile links into SOS emails, giving Muck Rack distribution to 30K+ subscribers. SOS generates no direct revenue from users. This is a reputation play for Shankman, not a venture-scale business.", "knownIssues": "No search or filtering — you get every query regardless of beat or topic. No archive; missed emails are gone. Email-only format means deliverability matters — SOS emails can land in spam or promotions tabs. The zero-tolerance ban policy is enforced by Shankman personally, which is effective at current scale but creates key-person risk. No API, no integrations beyond Muck Rack. The platform's privacy policy includes advertising cookies and vague data-sharing language that doesn't meet the standard you'd expect from a journalism-focused tool. As a free, bootstrapped service with no paying customers, there's inherent longevity risk — the service depends on one person's willingness to keep running it.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "Standard HTTPS. Low-risk for routine source finding. But the privacy policy has no journalist-specific protections, uses advertising cookies, and data-sharing terms are vague. Your query topics are visible to 30K subscribers and logged by the platform. Adequate for everyday reporting; not suitable for sensitive investigations." }, { "name": "SPJ Legal Defense Fund", "slug": "spj-legal-defense", "url": "https://www.spj.org/ldf.asp", "tagline": "Financial assistance for journalists facing legal challenges related to their reporting.", "category": "legal", "builtForJournalism": true, "whoItsFor": "Journalists who need financial help covering legal costs tied to their reporting work.", "pricing": "Free", "freeOption": true, "editorialTake": "SPJ's Legal Defense Fund provides actual money for legal fees — not just advice or referrals — which fills a gap most other press freedom orgs don't cover.", "bestFor": "Journalists who already have legal representation but need help paying for it. FOI litigation, subpoena fights, and other legal costs related to newsgathering.", "notFor": "Finding a lawyer (use RCFP hotline or ProJourn for that). SPJ funds legal costs, not legal counsel.", "owner": "Society of Professional Journalists", "fundingModel": "Member dues and donations", "businessModel": "Nonprofit", "reviewedBy": "Preliminary assessment by Fieldwork", "lastReviewedDate": "2026-04-12" }, { "name": "Spotify for Creators", "slug": "spotify-creators", "url": "https://creators.spotify.com", "tagline": "Free unlimited podcast hosting from Spotify. Audio and video podcasts, built-in monetization, and distribution to all major platforms.", "category": "publishing", "whoItsFor": "Journalists launching podcasts who want zero hosting costs. Independent reporters and commentators who need video podcast support. Small newsrooms that want to publish audio without a hosting budget. Creators who want built-in monetization without managing separate ad platforms.", "pricing": "Free. No hosting fees, no upload limits, no episode caps. Monetization available through the Spotify Partner Program.", "freeOption": true, "editorialTake": "Spotify for Creators (formerly Spotify for Podcasters, formerly Anchor) is the free podcast hosting platform from Spotify. You get unlimited hosting, distribution to all major podcast directories, basic analytics, and video podcast support — all at no cost. The Spotify Partner Program adds monetization through ad revenue sharing across both audio and video. The platform includes a web dashboard and mobile apps for recording, editing, and publishing. For journalists, the appeal is obvious: zero hosting cost removes the barrier to launching a podcast alongside your reporting. The trade-off is equally obvious: you're hosting your content on a platform controlled by Spotify (NYSE: SPOT, $113B market cap as of early 2026). Spotify has made aggressive moves in podcasting — acquiring Anchor in 2019 for ~$150M, Megaphone for $235M, and spending hundreds of millions on exclusive content deals before pulling back in 2023-2024. The strategic priority shifts are real. Spotify killed its live audio feature, restructured its podcast team multiple times, and has pivoted from exclusives to an open ecosystem model. Your content is portable via RSS, but your analytics history and subscriber relationships live on Spotify's infrastructure. For a free tier, this is the most feature-complete option available. For journalists who want more control and are willing to pay, Transistor.fm or Buzzsprout offer independence from a platform that has its own content agenda.", "bestFor": "Starting a podcast with zero budget. Video podcasting distributed to Spotify's audience. Journalists who want the simplest path from recording to published episode. Shows that benefit from Spotify's discovery and recommendation algorithms.", "notFor": "Newsrooms that need to own their hosting infrastructure. Journalists who want platform independence (your analytics and subscriber data live on Spotify). Shows that need advanced analytics, dynamic ad insertion with third-party networks, or private podcast feeds. Organizations with data sovereignty requirements — all data is on Spotify's US infrastructure.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States and Sweden. Spotify Technology S.A. is incorporated in Luxembourg, headquartered in Stockholm, with major operations in New York. Podcast data processed on Spotify's global infrastructure, primarily US-based.", "privacyPolicyTldr": "Spotify collects extensive data on creators and listeners: account information, content metadata, listening behavior, device information, and advertising data. Spotify uses this data for recommendations, advertising, and platform analytics. Creator analytics show aggregate listener data but not individual listener identities. Spotify's privacy policy covers all its products — podcast hosting is governed by the same data practices as Spotify's music streaming. GDPR compliant with EU data subject rights. Spotify shares data with advertising partners and third-party analytics providers.", "practicalMitigations": "Always maintain your own copy of every episode file and your RSS feed URL — if Spotify changes terms or deprecates features, you need to be able to migrate. Export your subscriber data regularly (to the extent the platform allows). Use a custom domain for your podcast website if possible. Understand that Spotify collects listener analytics that you see in aggregate but Spotify sees in full detail — this includes listener location, device, and behavior data. If your podcast covers sensitive topics (surveillance, whistleblowing, activism), consider whether Spotify's data collection on your listeners is acceptable. Your content, once uploaded, is subject to Spotify's content policies, which have changed multiple times.", "owner": "Spotify Technology S.A. (NYSE: SPOT). Headquarters: Stockholm, Sweden. CEO: Daniel Ek. Market cap approximately $113 billion (early 2026). Podcast division has undergone multiple reorganizations since 2023.", "fundingModel": "Public company. Spotify is funded by public equity markets, subscription revenue, and advertising revenue.", "businessModel": "Platform play. Spotify for Creators is a free loss leader to attract podcast content to Spotify's ecosystem, where it generates advertising revenue and drives listener engagement. Spotify takes a revenue share on Partner Program monetization. The podcast hosting product exists to feed Spotify's advertising and subscription business — not as a standalone revenue center.", "knownIssues": "Spotify has restructured its podcast strategy multiple times since 2023 — moving from exclusive content deals to an open platform model. Feature stability varies: Spotify killed its live audio feature (Greenroom/Spotify Live) after acquiring it. Creator support is inconsistent — automated systems handle most issues. The platform was previously Anchor, then Spotify for Podcasters, now Spotify for Creators — brand confusion persists. Some creators report analytics discrepancies between Spotify's dashboard and third-party podcast analytics. Monetization thresholds and requirements change without extended notice.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "Spotify is a publicly traded company with enterprise-grade infrastructure and GDPR compliance. Encryption in transit is standard. The security concern for journalists is not infrastructure quality but data collection scope — Spotify collects extensive listener behavior data that feeds its advertising business. Your podcast content and listener analytics are on a platform with its own commercial interests. No known breaches of the podcast hosting product specifically. Adequate for most journalism podcast use cases, but journalists covering sensitive topics should weigh Spotify's data practices against the zero-cost hosting." }, { "name": "Squarespace", "slug": "squarespace", "url": "https://www.squarespace.com", "tagline": "Design-forward website builder. Zero code required. The default portfolio platform for freelance journalists.", "category": "publishing", "whoItsFor": "Freelance journalists who need a professional portfolio site without touching code. Writers building a personal brand, showcasing clips, or promoting editorial services. Photojournalists and multimedia reporters who want image-first layouts. Anyone who wants a polished web presence in a weekend.", "pricing": "Four plans, billed annually: Basic $16/month, Core $23/month, Plus $39/month, Advanced $99/month. Monthly billing runs 30-40% higher (Basic $25/month, Core $33/month, Plus $49/month, Advanced $139/month). All annual plans include a free custom domain for the first year. 14-day free trial on all plans. No free tier — the trial expires and you must pay to keep your site live.", "freeOption": false, "editorialTake": "Squarespace is the most popular website builder for journalist portfolios, and for good reason: the templates are beautiful, mobile-responsive, and require zero technical skill. Four journalist-specific templates (Myhra, Carroll, Suhama, Adri) handle common portfolio layouts out of the box. Drag-and-drop editing, built-in SEO tools, free SSL, and custom domain support. Over 5 million active subscriptions across the platform. The tradeoff is control. Squarespace is a closed ecosystem — no open-source code, no self-hosting, no plugin marketplace, limited CMS flexibility compared to WordPress. You cannot export your site and run it elsewhere. If Squarespace raises prices or changes terms, your options are rebuild or pay. The 2024 Permira acquisition ($7.2B) took the company private. Founder Anthony Casalena remains CEO and largest shareholder, with Accel and General Atlantic retaining equity. Private equity ownership introduces long-term pricing risk — Permira needs returns, and the lever is revenue per customer. For newsletter-driven publishing, Ghost and Substack are stronger. For complex CMS needs, WordPress wins. For maximum design control without code, Squarespace is hard to beat. One significant incident: in July 2024, weak security defaults during the Google Domains migration (10 million domains acquired for $180M in 2023) allowed attackers to hijack domains by registering accounts with emails tied to unmigrated domains. No MFA was required. At least 12 organizations were affected, mostly in crypto. Squarespace patched the flaw, but it revealed a gap in their migration security design.", "bestFor": "Freelance journalist portfolio sites. Personal brand websites for writers, editors, and photojournalists. Simple professional sites that need to look polished without developer involvement. Journalists who want a clip archive they control outside of publication websites.", "notFor": "Newsletter-first publishers — Ghost and Substack have native email tools Squarespace lacks. Newsrooms that need a full CMS with custom workflows, memberships, or complex content structures — WordPress is the better fit. Anyone who needs open-source software or the ability to self-host. Journalists on a tight budget who need a free option — WordPress.org or a free Ghost(Pro) tier costs less.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States. Squarespace is headquartered in New York. Data transfers from the EU, UK, and Switzerland use the EU-U.S. Data Privacy Framework and its extensions. No option to choose a non-US data jurisdiction.", "privacyPolicyTldr": "Squarespace collects account data, payment info, device/browser data, IP addresses, and site usage analytics. Does not sell personal information. Shares data with payment processors (Stripe, PayPal), advertising partners, and service vendors. De-identifies data for research purposes. Domain registration data processed per ICANN rules. PCI-DSS compliant for payment handling — sensitive card data goes directly to processors, never stored by Squarespace. Two-factor authentication phone numbers are not sold. EU/UK residents have GDPR rights; US state privacy law residents can opt out of targeted advertising data sharing.", "practicalMitigations": "Enable two-factor authentication on your Squarespace account immediately — the 2024 domain hijacks exploited accounts without MFA. Use a custom domain from day one so your URL is portable if you leave Squarespace. Export your content regularly — Squarespace supports XML export, but it does not preserve design or layout. Keep a local backup of all images and media files separately. If you use Squarespace Domains as your registrar, monitor your domain settings and ensure your account email is current. Use a strong, unique password managed by a password manager — Squarespace hashes passwords but does not disclose the algorithm.", "owner": "Squarespace Inc. (acquired by Permira in October 2024 for $7.2B; taken private, delisted from NYSE)", "fundingModel": "Private equity. Permira acquired Squarespace at $46.50/share in an all-cash transaction. Founder Anthony Casalena rolled over most of his equity and remains CEO and chairman. Accel and General Atlantic retained equity stakes. Previously publicly traded on NYSE (2021-2024). Estimated revenue ~$1B in 2024, ~$1.06B in 2025. Approximately 1,800-2,000 employees.", "businessModel": "Subscription SaaS. Revenue from website hosting plans ($16-$139/month), domain registrations, e-commerce transaction fees, and add-on services. Squarespace Domains is a standalone registrar (inherited ~10 million domains from Google Domains acquisition in 2023 for $180M). No advertising on customer sites. No commission on content — but e-commerce plans charge transaction fees on non-Squarespace payment processing.", "knownIssues": "July 2024 domain hijacking: During the Google Domains migration, attackers exploited weak account creation defaults to hijack at least 12 domains. No email verification was required to claim a migrated domain. No MFA was enforced. Squarespace had assumed users would authenticate via social login (Google, Apple), not email registration. Attackers redirected domains to phishing sites targeting cryptocurrency users. Squarespace patched the vulnerability and mandated MFA for domain management. Closed-source platform with no public vulnerability disclosure database or CVE history. No SOC 2 or ISO 27001 certifications publicly claimed. Vendor lock-in is real: site designs cannot be exported to other platforms, only content via XML. Private equity ownership (Permira) creates long-term pricing and product direction uncertainty.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "TLS encryption on all customer domains with automatic free SSL certificates. HSTS enforced. Passwords hashed. Two-factor authentication available. Web Application Firewall deployed. Regular penetration testing. PCI-DSS compliant for payment processing. EU-U.S. Data Privacy Framework certified. The July 2024 domain hijacking incident — caused by weak defaults during the Google Domains migration — is the most significant security event in Squarespace's history. The flaw was patched and MFA was mandated for domain management, but it demonstrated that security was not the top priority during a major infrastructure transition. No encryption-at-rest details are publicly disclosed. No SOC 2 or ISO 27001 certifications are publicly claimed. Closed-source platform means no independent code audit is possible. Rating reflects solid baseline security practices offset by the 2024 incident, lack of transparency on at-rest encryption, and absence of third-party security certifications." }, { "name": "Standard Notes", "slug": "standard-notes", "url": "https://standardnotes.com", "tagline": "E2E encrypted note-taking with zero-knowledge sync across devices.", "category": "writing", "additionalCategories": [ "security" ], "openSource": true, "threatLevel": "sensitive-reporting", "whoItsFor": "Journalists who need encrypted notes that sync across devices without trusting the server. Reporters working on sensitive stories who want notes protected at rest and in transit. Researchers and activists who need a simple, audited note-taking tool that cannot be read by the provider — even under legal compulsion.", "pricing": "Free plan: $0 (unlimited plaintext notes, unlimited devices, E2E encryption, sync, tags, passcode lock, biometric unlock). Productivity plan: $90/year (~$7.50/month) — adds Super rich text editor, markdown, spreadsheets, daily encrypted email backups, 100+ editors and themes. Professional plan: $120/year ($10/month) — adds 100GB encrypted file storage, maximum note version history, family sharing (up to 5 accounts). All paid plans include 2FA. 14-day refund on Productivity, 90-day refund on Professional.", "freeOption": true, "editorialTake": "Standard Notes does one thing well: encrypted notes that sync everywhere. The free tier is genuinely useful — unlimited notes, unlimited devices, E2E encryption, no catch. Your notes are encrypted client-side before leaving your device using XChaCha20-Poly1305, a modern cipher recommended by Cloudflare and Google as the successor to AES-256. Keys derive from your password via Argon2, which is resistant to GPU brute-force attacks. Proton AG acquired Standard Notes in April 2024 (not 2022 as sometimes reported — the partnership was announced in 2022, formal acquisition closed April 2024). That strengthens the privacy alignment: Proton has a track record of fighting government data requests from Switzerland. The app is deliberately simple, which is a feature for security-conscious users. But the free tier's plaintext-only limitation is a real constraint — no formatting, no images, no markdown without paying $90/year. Obsidian gives you local-first markdown for free (no E2E sync though). Joplin gives you E2E sync with your own cloud storage for free. Standard Notes' advantage is that encryption is default, zero-config, and audited. Freedom of the Press Foundation lists Standard Notes among its five recommended secure note-taking apps for journalists. The Super editor (paid) is a capable block-based editor, but it still lags behind Obsidian's plugin ecosystem by a wide margin. Development velocity slowed significantly after the Proton acquisition — no iOS releases for 9+ months in 2024-2025 — but the team shipped incremental fixes throughout 2025 and published a roadmap. Worth watching, not abandoning.", "bestFor": "Encrypted interview notes and source materials. Story drafts that must stay private. Journalists who want zero-knowledge sync without configuring their own server. Quick capture across phone and laptop with encryption by default.", "notFor": "Collaborative editing (no shared documents, no real-time co-authoring). Rich multimedia notebooks on the free tier (plaintext only). Plugin-heavy knowledge management workflows (Obsidian is better). Users who want local-only storage with no cloud dependency (Obsidian again). Teams that need shared workspaces.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Servers in the US and EU. Owned by Proton AG (Geneva, Switzerland) since April 2024. All note content is E2E encrypted client-side before upload — Standard Notes and Proton cannot read your notes regardless of server location or jurisdiction. Self-hosting is available via Docker for users who want full server control (AGPL-3.0 licensed, though Proton has signaled potential future license change to Creative Commons non-commercial).", "privacyPolicyTldr": "Zero-knowledge encryption. Standard Notes cannot access note content, tags, or file attachments. Only account metadata (email, subscription status) is stored in readable form. No analytics in the app. No ads. No tracking. Proton's Swiss jurisdiction provides strong legal privacy protections — Switzerland's Federal Act on Data Protection (FADP) is among the strictest in Europe.", "practicalMitigations": "Use a strong, unique account password — it directly derives your encryption keys. If you forget it, your notes are unrecoverable by design. Enable two-factor authentication (TOTP). Export encrypted backups regularly (paid plans include daily encrypted email backups). Use the passcode lock feature for on-device protection (separate from account password). On mobile, enable biometric unlock but understand it stores a local key — if your device is seized unlocked, notes are accessible. For maximum protection, use a self-hosted server instance.", "owner": "Proton AG (Geneva, Switzerland). Acquired Standard Notes in April 2024. Proton is a private company founded in 2014 by CERN scientists. Also operates Proton Mail, Proton VPN, Proton Drive, and Proton Calendar. Standard Notes was originally created by Mo Bitar in 2017.", "fundingModel": "Part of the Proton ecosystem. Proton has raised $100M+ (including a 2022 round led by Fidelity), but Standard Notes was bootstrapped and self-sustaining before acquisition. Proton is not VC-dependent — revenue-positive across its product suite.", "businessModel": "Freemium SaaS. Free tier with unlimited encrypted plaintext notes. Revenue from Productivity ($90/year) and Professional ($120/year) plans that add rich text editors, file storage, and advanced features. Standard Notes maintains its own pricing and subscription separate from Proton's bundle offerings. No affiliate programs, no advertising, no data monetization.", "knownIssues": "Development velocity concern: After the April 2024 Proton acquisition, releases slowed dramatically. No iOS update for 9+ months. A GitHub issue titled 'Is the project dead?' gained traction in the community. The team responded with a 2025 roadmap and shipped incremental updates, but the cadence remains slower than pre-acquisition. Licensing uncertainty: Standard Notes server code is AGPL-3.0, but Proton has discussed changing to Creative Commons non-commercial license, which would restrict self-hosting for commercial use and weaken the open-source commitment. Super editor bugs: Users report undo (CTRL-Z) failures on Linux, tables jumping to document top, formatting inconsistencies between desktop and mobile, and paste issues from Google Docs (bold always applied). Import problems: Markdown imports can fragment tables and produce random HTML artifacts. Free tier limitation: Plaintext only — no formatting, images, or markdown — pushes users toward paid plans for basic note-taking features that competitors offer free. Security audits are aging: The Cure53 penetration test and Trail of Bits cryptography audit were conducted in 2021. No public audit since the Proton acquisition. Trail of Bits found the protocol robust with strong cryptographic primitives, but a 4+ year gap without a fresh audit is a gap worth noting.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Open-source clients and server (AGPL-3.0), E2E encryption with XChaCha20-Poly1305 and Argon2 key derivation, zero-knowledge architecture, independent audits by Cure53 (penetration test) and Trail of Bits (cryptography audit) in 2021 with all findings resolved. Proton ownership adds organizational credibility — Swiss jurisdiction, track record of resisting government data requests. Freedom of the Press Foundation recommends it for journalists. No business incentive to weaken encryption. Rating would be higher if audits were more recent and development velocity were stronger post-acquisition." }, { "name": "Substack", "slug": "substack", "url": "https://substack.com", "tagline": "Newsletter publishing platform. Free to publish, 10% commission on paid subscribers. Built-in social network and recommendation algorithm.", "category": "publishing", "additionalCategories": [ "writing" ], "whoItsFor": "Independent journalists building direct audience relationships and monetizing through subscriptions. Reporters supplementing or replacing institutional bylines. Writers who want zero upfront costs and built-in discovery via Substack's recommendation network. Not ideal for journalists who need full infrastructure control or object to the platform's content moderation stance.", "pricing": "Free to publish. Substack takes 10% of paid subscription revenue, plus Stripe processing fees (~2.9% + 30 cents). No monthly fee. No cap on free subscribers. Custom domain included at no cost.", "freeOption": true, "editorialTake": "Substack made newsletter publishing accessible, and over 5 million paid subscriptions prove the model works. The economics are clear: free until you charge, then 10% forever. That 10% gets expensive fast — a writer earning $100K/year pays Substack $10K plus ~$3K in Stripe fees, while Ghost or Buttondown would cost under $1K/year for the same list size. What you get for that 10%: a recommendation algorithm, a built-in social network (Notes), an app with 47+ million monthly visitors, and zero infrastructure management. The tradeoff is real platform dependency. Substack controls your email deliverability, app distribution, and algorithmic visibility. The 2024 Nazi content controversy revealed something deeper: Substack's co-founders view themselves as free-speech absolutists, and that philosophical commitment shapes moderation decisions. Nearly 1,000 creators migrated to Beehiiv in Q1 2025 alone. High-profile departures include Alison Roman (343K subscribers, moved to Ghost) and Anne Helen Petersen (moved to Patreon). The counter-argument: Substack's network effects remain unmatched for discovery, and the subscriber export works — you can leave with your email list. You just can't take the algorithm with you.", "bestFor": "Solo journalists launching an independent newsletter with zero upfront cost. Writers who want built-in discovery and are willing to trade revenue share for network effects. Reporters whose audience skews toward the Substack app's engaged reader base.", "notFor": "Publications earning $50K+ in annual subscription revenue — the 10% cut becomes hard to justify vs. flat-fee alternatives. Journalists who need API access, webhooks, or custom integrations (Brad Hargreaves left for Ghost specifically for this). Writers who object to Substack's content moderation philosophy. Organizations that need white-label branding without Substack's identity.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. Substack Inc. is headquartered in San Francisco. Data processed and stored on US infrastructure via AWS and Cloudflare. No EU data residency option.", "privacyPolicyTldr": "Substack collects account data, reading behavior, IP addresses, device identifiers, and payment information via Stripe. Direct messages are not end-to-end encrypted — Substack personnel can access them. The platform uses first-party analytics (visit tracking, anonymous IDs) and third-party trackers including Google, Facebook, Parse.ly, FullStory, and Datadog. When you subscribe to a publication, Substack shares your name and email with the writer. Substack now shares data with generative AI service providers (added to privacy policy). Privacy Watchdog scored Substack 40/100 (grade C), citing subscriber data used for network recommendations. Contact syncing uploads hashed email addresses and phone numbers from your address book. Account deletion removes posts but public content 'may remain available' and Substack cannot guarantee removal from backups.", "practicalMitigations": "Export your subscriber list regularly — CSV export includes emails, subscription dates, status, and plan type. Use a custom domain so your URL is portable if you migrate. Back up all posts via Settings > Exports. Understand that Substack controls email deliverability and app algorithmic placement. Ghost, Beehiiv, and Buttondown all accept Substack imports. Do not use Substack DMs for sensitive communications — they are not encrypted. Disable contact syncing if you don't want address book data uploaded. Test a migration path before your list gets too large to move.", "owner": "Substack Inc. (United States). Co-founded in 2017 by Chris Best (CEO, ex-Kik Messenger), Hamish McKenzie (ex-PandoDaily journalist), and Jairaj Sethi (ex-Kik engineer). All three studied or worked in Canada before relocating to San Francisco.", "fundingModel": "VC-funded. Raised ~$200M total: $2M seed (2018), $15.3M Series A (2019, Y Combinator), $65M Series B (2021, Andreessen Horowitz, valuation $650M), $100M Series C (July 2025, Bond and Chernin Group, valuation $1.1B). Other investors include Rich Paul (Klutch Sports), Jens Grede (Skims CEO). Reached positive cash flow in Q1 2025.", "businessModel": "Platform takes 10% of all paid subscription revenue. At ~$450M in annualized gross writer revenue (2025), that generates ~$45M/year for Substack. No advertising revenue. Previously ran Substack Pro (advance payments to select writers, typically $10K–$300K+, in exchange for higher revenue share) — formally ended 2022 but custom deals reportedly still exist for high-profile writers. Substack does not disclose which writers have special arrangements. Notes and social features drive engagement and discovery but are not separately monetized.", "knownIssues": "Content moderation controversy (2024): The Atlantic found 16+ newsletters with overt Nazi symbols on the platform. 247 Substack writers signed an open letter. Substack removed 5 of 6 flagged accounts but refused to change its content policy or proactively moderate extremist content. CEO Chris Best defended the stance as anti-censorship. This triggered a sustained writer exodus — nearly 1,000 creators moved to Beehiiv in Q1 2025. Alison Roman (343K subscribers) moved to Ghost in September 2025. Anne Helen Petersen moved to Patreon. Journalist Lyz Lenz cited bot subscribers tanking engagement while the algorithm prioritized 'rage, Nazis, transphobia, and conspiracies.' Separately: Substack's publisher agreement grants a 'worldwide, nonexclusive, sublicensable, royalty-free' license to use writer content for marketing. Substack can terminate any writer 'at any time, for any reason' and halt distribution at their discretion. Writers bear all refund obligations if they leave mid-subscription cycle. The platform's shift toward social features (Notes, app, recommendation engine) means Substack increasingly controls distribution in ways that mirror the social media platforms many journalists joined Substack to escape.", "reviewedBy": "Deep evaluation by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "Standard web platform security with TLS and encrypted storage. The risk is not data breach — it is platform dependency and data practices. Substack controls email deliverability, app distribution, and algorithmic visibility. DMs are not end-to-end encrypted. The privacy policy now includes data sharing with AI service providers. Subscriber data is exportable (emails, dates, status), which is the critical safety valve. The real question for journalists is not security but governance: Substack can terminate any writer at any time, and its content moderation philosophy has proven divisive. For journalists covering sensitive topics, the lack of encrypted messaging and the platform's data collection (IP, device, reading behavior, contact syncing) warrant caution." }, { "name": "Substack Defender", "slug": "substack-defender", "url": "https://substack.com/defender", "tagline": "Pre-publication legal review, cease-and-desist response, and up to $1M in legal fee coverage for Substack writers.", "category": "legal", "builtForJournalism": false, "whoItsFor": "Substack writers in the US who publish journalism or commentary and face legal threats.", "pricing": "Free", "freeOption": true, "editorialTake": "Substack Defender offers real legal muscle — up to $1M in coverage, partnered with FIRE — but it's locked to the Substack platform and US jurisdiction only.", "bestFor": "Substack writers facing defamation threats, cease-and-desist letters, or legal intimidation. Pre-publication legal review to catch problems before they publish.", "notFor": "Writers on other platforms, journalists outside the US, or legal issues unrelated to published content. Platform lock-in is the tradeoff.", "owner": "Substack Inc.", "fundingModel": "Venture-backed", "businessModel": "Platform fee on paid subscriptions", "reviewedBy": "Preliminary assessment by Fieldwork", "lastReviewedDate": "2026-04-12" }, { "name": "SunCalc", "slug": "suncalc", "url": "https://www.suncalc.org", "tagline": "Sun position and shadow calculator for chronolocation and photo verification. The standard tool in OSINT shadow analysis.", "category": "verification", "openSource": true, "whoItsFor": "Verification journalists, OSINT researchers, and visual investigators who need to confirm when or where a photo was taken by analyzing shadow direction, length, and sun position. Also used by photojournalists planning golden-hour shoots and conflict-zone reporters verifying airstrike timelines.", "pricing": "Free. No account required.", "freeOption": true, "editorialTake": "SunCalc is the default shadow-analysis tool in investigative journalism. Set a location on the map, pick a date, drag the time slider — you get sun azimuth, altitude, shadow direction, and daylight phase boundaries. Bellingcat's 2024 Shadow Finder tool uses the SunCalc library (v0.1.3) under the hood, which tells you how foundational this is. The math is accurate. The bottleneck is always the investigator's ability to measure shadow angles and object heights from imagery — SunCalc itself introduces negligible error. Two things to know: suncalc.org (Torsten Hoffmann) and suncalc.net (Volodymyr Agafonkin) are different projects by different developers. Agafonkin's suncalc.net hasn't been updated in 15+ years; he says a new version is coming. SunCalc.org is the actively maintained version with shadow-length overlays, eclipse data, and photovoltaic analysis. Both use Google Maps, which means Google sees every location you search. For sensitive investigations, note coordinates offline and use a non-Google calculator.", "bestFor": "Chronolocation — confirming when a photo or video was taken by matching shadow direction and length against sun position. Geolocation cross-referencing when shadow angle narrows candidate locations. Verifying claimed timestamps on conflict imagery (airstrikes, military movements). Planning photo/video shoots around specific lighting conditions.", "notFor": "Overcast conditions — no shadows, no signal. Indoor photos. Images where shadow edges are ambiguous or objects lack clear vertical profiles. SunCalc gives you the theoretical sun position; you still need geometry skills to measure shadow ratios from imagery. If you need 3D terrain shadow modeling, use ShadeMap instead.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Client-side calculations run entirely in your browser. No server-side processing. The map layer loads tiles from Google Maps, so Google receives your IP address and every location coordinate you view. Google's privacy policy and data retention apply to those requests.", "privacyPolicyTldr": "No account. No login. No data stored server-side. All sun-position math executes locally in JavaScript. The Google Maps tile layer is the privacy exposure: Google logs map tile requests with your IP, location coordinates, and timestamps. No first-party analytics or tracking visible in the source.", "practicalMitigations": "Use a VPN when researching sensitive locations — Google Maps tile requests reveal coordinates and your IP. For high-risk investigations, note GPS coordinates from a separate source and use an offline sun-position calculator (NOAA's solar calculator or the Python pvlib library). Cross-reference SunCalc results with Stellarium (offline planetarium software) for independent verification. Bellingcat's Shadow Finder automates the global search that SunCalc requires you to do manually — use it when you have shadow measurements but no candidate location.", "owner": "SunCalc.org: Torsten Hoffmann. The underlying suncalc JavaScript library: Volodymyr Agafonkin (GitHub @mourner), a Ukrainian developer based in Kyiv who also created Leaflet.js (the most widely used open-source web mapping library, 42k+ GitHub stars) and 40+ other JS libraries. Agafonkin works at Mapbox.", "fundingModel": "Unfunded open-source project. No sponsors, grants, or institutional backing. Agafonkin maintains the library as part of a broader portfolio of geographic/cartographic open-source tools.", "businessModel": "None. The suncalc npm library has ~100k weekly downloads and is a dependency in dozens of tools (including Bellingcat's Shadow Finder), but generates no revenue. SunCalc.org runs display ads on the site.", "knownIssues": "Agafonkin's suncalc.net site hasn't been updated in 15+ years and he acknowledges it's 'falling apart' — a new version has been promised but not shipped. The npm library (mourner/suncalc) has 3.4k GitHub stars but sees only occasional maintenance commits. SunCalc.org and suncalc.net are separate projects by different developers — easy to confuse. The suncalc library doesn't account for atmospheric refraction at very low sun angles (sunrise/sunset), which can introduce ~0.5° error. Shadow-length measurements from photos are inherently imprecise — accuracy depends on the investigator, not the tool. If you only know the month and year, expect ±15 minutes accuracy on chronolocation estimates.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "Open-source, client-side calculations with no server-side data processing. The sole privacy concern is Google Maps: every location you view generates tile requests to Google's servers, exposing coordinates and your IP address. No account, no cookies, no first-party tracking. Rating stays 'adequate' rather than 'strong' because the Google Maps dependency is baked in with no option to swap map providers, and investigators working on sensitive locations (conflict zones, source locations) should treat those tile requests as a metadata trail." }, { "name": "Superdesk", "slug": "superdesk", "url": "https://www.superdesk.org", "tagline": "Open-source newsroom CMS built by Sourcefabric. Used by national news agencies. Headless architecture for multi-platform publishing.", "category": "publishing", "openSource": true, "builtForJournalism": true, "whoItsFor": "News agencies and mid-to-large newsrooms that need a full editorial workflow system — story planning, assignment, editing, wire ingestion, and multi-platform publishing. Organizations that want to own their CMS infrastructure rather than paying enterprise SaaS fees. News agencies distributing content to multiple outlets via APIs and feeds.", "pricing": "Self-hosted: free (AGPLv3 license). Sourcefabric offers paid hosting, implementation, and support services — pricing is custom and project-based, typically in the tens of thousands for full deployment. No public per-seat pricing.", "freeOption": true, "editorialTake": "Superdesk is the only open-source CMS purpose-built for professional news production at the wire-service level. Developed by Sourcefabric, a Czech nonprofit founded in 2010, it powers editorial workflows at national news agencies including the Australian Associated Press (AAP), Agence France-Presse (AFP) for some operations, and the Canadian Press. The Norwegian News Agency (NTB) runs a customized Superdesk deployment. This is not a blogging platform. Superdesk handles the full newsroom pipeline: story planning boards, assignment management, collaborative editing, wire ingestion (IPTC NewsML-G2 and NINJS), media management, and publishing to multiple outputs — web, mobile, print, social, and API feeds. The headless architecture separates the editorial backend from the presentation layer, meaning you can publish to any frontend. Superdesk Publisher handles web delivery; Live Blog (another Sourcefabric tool) handles real-time coverage. The trade-off is complexity. This is enterprise newsroom software. Deploying Superdesk requires backend development resources — it runs on Python (Flask), MongoDB, Elasticsearch, and Redis. You will need developers for deployment and customization. There is no hosted version you can sign up for in 5 minutes. Sourcefabric provides implementation services, but expect a real project timeline. Compared to Arc XP: Superdesk is free and open source but requires your own dev team; Arc XP is turnkey but costs six to seven figures annually. Compared to WordPress: Superdesk is purpose-built for news production workflows that WordPress requires dozens of plugins to approximate. For newsrooms with development capacity that want full ownership of their editorial infrastructure, Superdesk is the strongest open-source option available.", "bestFor": "News agencies distributing content to multiple outlets. Newsrooms with development teams that want full ownership of their CMS. Wire service ingestion and multi-format publishing. Organizations that need IPTC-standard content exchange. Collaborative editorial workflows with planning, assignment, and approval stages.", "notFor": "Solo journalists or small outlets without development resources. Anyone who needs a turnkey hosted CMS — use WordPress or Ghost instead. Newsrooms that just need a blog or simple website. Teams without backend developers comfortable with Python, MongoDB, and Elasticsearch.", "encryptionInTransit": "yes", "encryptionAtRest": "partial", "dataJurisdiction": "Self-hosted: wherever you deploy it. Sourcefabric is headquartered in Prague, Czech Republic (EU) with offices in Berlin and Toronto. For hosted deployments via Sourcefabric, infrastructure is typically EU-based.", "privacyPolicyTldr": "Self-hosted Superdesk sends no data to Sourcefabric. You own and control all content, user data, and analytics on your own infrastructure. Sourcefabric is a Czech nonprofit — not a VC-backed company with incentives to monetize your data. For Sourcefabric-hosted deployments, data handling is governed by project-specific agreements under EU data protection law.", "practicalMitigations": "Self-host on infrastructure you control for full data ownership. Keep dependencies updated — the stack includes MongoDB, Elasticsearch, Redis, and Python packages, each with their own security patch cycles. Restrict admin access with role-based permissions (built into Superdesk). Use HTTPS and reverse proxy for all web access. Back up MongoDB regularly. Review Sourcefabric's GitHub repository for security advisories. For sensitive reporting, pair Superdesk with an on-premise deployment behind a VPN.", "owner": "Sourcefabric z.ú. (Prague, Czech Republic) — a registered Czech nonprofit", "fundingModel": "Nonprofit. Sourcefabric was spun off from the Media Development Investment Fund (MDIF) in 2010. Revenue from consulting, implementation services, hosted deployments, and grants. Not venture-backed. No equity investors.", "businessModel": "Open-source software (AGPLv3) with professional services revenue. Sourcefabric generates income from custom deployments, hosting, training, and ongoing support contracts with news organizations. Also develops and supports Live Blog and Airtime (radio automation). Grant funding from media development organizations.", "knownIssues": "Deployment complexity is the main barrier — this is not plug-and-play software. Requires Python, MongoDB, Elasticsearch, and Redis, plus frontend development for custom publishing templates. Documentation exists but has gaps; some deployment steps require reading source code. The community is small compared to WordPress — fewer plugins, themes, and third-party integrations. Sourcefabric is a small nonprofit, which means development pace is slower than commercial CMS platforms. The AGPLv3 license requires that modifications to the source be shared — this is intentional but may conflict with some organizations' policies.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "relatedPrograms": [], "securityRating": "strong", "securityRatingNote": "Open-source, self-hostable, built by a nonprofit with no incentive to monetize user data. Full data ownership on your own infrastructure. The AGPLv3 license ensures the codebase remains open and auditable. EU-based organization subject to GDPR. Rating reflects self-hosted deployment — the software itself has strong architectural foundations for data control, though security depends on your own server administration and keeping the stack updated." }, { "name": "Superhuman", "slug": "superhuman", "url": "https://superhuman.com", "tagline": "AI-powered email client. Fast, keyboard-driven, $30/month.", "category": "writing", "whoItsFor": "Journalists who live in email — managing source correspondence, pitches, editor threads, and PR inbound. Particularly useful for reporters handling high volume who need fast triage, follow-up reminders, and AI-assisted drafting.", "pricing": "$30/month per user. No free tier. 14-day free trial. Team and enterprise plans available.", "freeOption": false, "editorialTake": "Superhuman is genuinely fast. The keyboard-driven interface, split inbox, and AI triage cut email processing time measurably — the company claims 4 hours saved per week, and power users confirm it feels significantly faster than Gmail's web interface. The AI features (auto-drafting replies, summarizing threads, scheduling optimization) work well for routine correspondence. The journalism-specific concern: all email flows through Superhuman's servers. They process your messages to power AI features, search indexing, and delivery optimization. For most beat reporters, this is an acceptable tradeoff — your email is already on Google or Microsoft servers. For investigative journalists communicating with sensitive sources via email, adding a third-party processor to the chain increases exposure. Superhuman Platform Inc acquired Grammarly's parent company in 2024, consolidating two AI writing tools under one roof. The combined entity processes a significant volume of professional communications.", "bestFor": "High-volume email management. Fast triage of PR pitches and source correspondence. AI-assisted reply drafting for routine emails. Reporters who use keyboard shortcuts and want speed over features.", "notFor": "Journalists on tight budgets — $30/month is steep for an email client. Investigative reporters communicating with sensitive sources via email (adds a third-party processor). Anyone who needs to keep email processing within a single jurisdiction. Users who want offline access — Superhuman requires an internet connection.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. Superhuman processes email through its own servers in addition to your email provider (Gmail, Outlook). Data stored and processed in the US.", "privacyPolicyTldr": "Superhuman accesses and processes your email to provide AI features, search, and delivery tracking. They store email metadata and content on their servers. Read receipts (tracking pixels) are on by default — disable them in settings. The company states they do not sell personal data. AI features process email content through their models. After the Grammarly acquisition, the combined privacy footprint is larger.", "practicalMitigations": "Disable read receipts (tracking pixels) immediately — they are on by default and reveal when and where recipients open your emails. Do not use Superhuman for email threads involving confidential sources — use Signal or encrypted email instead. Review which Gmail/Outlook permissions Superhuman requests and revoke if you stop using the service. Be aware that AI-suggested replies are generated from your email content processed on Superhuman's servers.", "owner": "Superhuman Platform Inc (CEO Rahul Vohra). Acquired Grammarly's parent company in 2024.", "fundingModel": "Venture-backed. Raised $108M+ including $75M Series C (2021) led by IVP and a16z. Post-Grammarly acquisition, the combined entity is one of the largest AI writing/communication companies.", "businessModel": "Subscription SaaS. $30/month per user. Team and enterprise pricing. No free tier — revenue comes entirely from subscriptions.", "knownIssues": "Read receipts (tracking pixels) enabled by default — journalists should disable these immediately to avoid revealing their location and reading habits to PR contacts and sources. All email processed through Superhuman's servers in addition to your email provider, expanding the data-access surface. The Grammarly acquisition raised questions about data consolidation across two products that process sensitive professional communications. No end-to-end encryption — Superhuman can read your email content (as can your email provider). Price increased from $25 to $30/month in 2025.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "Standard cloud email client security — TLS in transit, encrypted at rest, SOC 2 compliant. The concern is not a security flaw but an expanded data surface: your email now flows through both your provider and Superhuman's servers. Read receipts enabled by default are a privacy issue for journalists. Adequate for general newsroom use. Not recommended for source communication on sensitive investigations." }, { "name": "Tableau Public", "slug": "tableau-public", "url": "https://public.tableau.com", "tagline": "Free data visualization platform from Salesforce. Drag-and-drop charts, maps, and dashboards — but every viz you publish is visible to the entire internet, including the underlying data.", "category": "data", "whoItsFor": "Data journalists building interactive dashboards for publication. Reporters exploring datasets visually before writing. Students and aspiring data journalists building portfolios. Researchers sharing open datasets. Not for anyone working with confidential, pre-publication, or personally identifiable data.", "pricing": "Tableau Public is free. All published visualizations are public. 10GB total storage per profile, 15 million row limit per workbook. Paid Tableau Creator (Desktop + Cloud) is $75/user/month. Explorer is $42/user/month. Viewer is $15/user/month. Enterprise tier runs $115/$70/$35 respectively. All billed annually. Tableau+ bundle adds AI features (Tableau Agent, Pulse) at additional cost.", "freeOption": true, "editorialTake": "Tableau Public is the most powerful free data visualization tool available — and the most dangerous one for journalists who don't read the fine print. The power is real: multi-view dashboards, calculated fields, map layers, drill-down interactivity, and a massive community of examples to learn from. Nothing else free comes close for complex, multi-dimensional data exploration. The danger is equally real: by default, anyone can download your entire underlying dataset — every row, every column — by clicking a button on your published viz. You can disable downloads in viz settings, but the visualization itself is still public and indexable. There is no private mode on the free tier. Period. For published stories using public data (census, budget, election results), it's excellent. For anything pre-publication or sensitive, use the desktop app for local analysis only and never hit publish. The learning curve is steeper than Datawrapper or Flourish, and embeds load noticeably slower — Tableau's JavaScript payload is heavy. But for genuine data exploration (not just charting), Tableau Public has no free competitor.", "bestFor": "Exploratory data analysis during reporting. Publishing interactive dashboards alongside stories. Complex multi-dimensional datasets that need filters, drill-downs, and multiple linked views. Building a public portfolio of data work. Working with large datasets (up to 15M rows) that would choke simpler tools.", "notFor": "Sensitive, unpublished, or pre-publication investigative data — everything published is public and downloadable by default. Simple charts for articles (Datawrapper is faster and embeds lighter). Narrative-driven scrollytelling (Flourish is purpose-built for that). Embeds on pages where load speed matters (Tableau's JS is heavy). Anything requiring GDPR/CCPA compliance with personal data. Stories where the underlying dataset should not be exposed.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. Tableau is owned by Salesforce (acquired 2019, $15.7B), headquartered in San Francisco. Data stored on Salesforce cloud infrastructure. Salesforce is a major U.S. government contractor — the FTC runs its own Tableau Public privacy impact assessment. No option to choose data region on the free tier.", "privacyPolicyTldr": "Salesforce's privacy policy governs. All published visualizations and their underlying data are publicly accessible and indexable by search engines. By default, anyone can download the full dataset (.twbx workbook file) from any published viz — you can disable this per viz, but the viz itself stays public. Salesforce collects account information, usage analytics, and all data you upload. Deleted workbooks may not be immediately purged from caches or CDN. Uploading PII, confidential business data, or pre-publication investigative material violates both common sense and likely GDPR/CCPA if personal data is involved.", "practicalMitigations": "Never upload sensitive, unpublished, or personally identifiable data to Tableau Public. Use the desktop app (Tableau Public Edition) for local-only analysis — it works offline without publishing. Disable workbook downloads in viz settings before publishing to prevent raw data extraction. Aggregate or anonymize data before upload. Remove unnecessary columns. Review the underlying data tab before publishing to confirm nothing unintended is exposed. For investigative work, keep all analysis local until the story publishes, then publish only the data you're comfortable making fully public.", "owner": "Salesforce (acquired Tableau in 2019 for $15.7 billion)", "fundingModel": "Subsidiary of Salesforce (NYSE: CRM, ~$35B annual revenue). Tableau Public is a free community and marketing tool feeding the paid Tableau ecosystem. Salesforce positions Tableau Public as a portfolio-building platform and talent pipeline for enterprise Tableau adoption.", "businessModel": "Free tier drives adoption of paid products. Revenue comes from Tableau Creator ($75/month), Explorer ($42/month), Viewer ($15/month), and enterprise licenses ($115/$70/$35). Tableau+ bundle adds premium AI features (Tableau Agent, Pulse) at additional cost. Tableau Public is a loss leader — it builds brand loyalty and a trained user base that enterprises hire from.", "knownIssues": "Embeds are JavaScript-heavy and slow to load compared to Datawrapper or Flourish — complex dashboards can take 5-10 seconds on average connections. By default, underlying datasets are downloadable by anyone viewing a published viz (disable in settings, but many users don't know this). No private mode on free tier — zero exceptions. Limited to static file data sources (CSV, Excel, Google Sheets); no live database connections on Public. 10GB total storage per profile can fill up fast with large extracts. Tableau AI features (Agent, Pulse, predictive modeling) are not available on Tableau Public — they require paid Tableau+ Cloud subscriptions. The desktop app (Tableau Public Edition) can save locally but has fewer data connectors than paid Tableau Desktop. Mobile responsiveness of embedded vizzes is inconsistent. Salesforce's aggressive enterprise push means Tableau Public gets fewer feature updates than the paid tiers.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "relatedPrograms": [ "tableau-ire" ], "securityRating": "adequate", "securityRatingNote": "Salesforce enterprise-grade infrastructure protects the platform itself — encryption in transit and at rest, SOC 2 compliance, regular audits. The real risk is not a breach. It's the design: everything you publish is intentionally, irrevocably public. Underlying datasets are downloadable by default. Journalists have accidentally exposed source identities, pre-publication data, and PII by not understanding this. Adequate for published, public-interest data. Do not use for anything you wouldn't print on the front page." }, { "name": "Tabula", "slug": "tabula", "url": "https://tabula.technology", "tagline": "Extract tables from PDF files into CSV or spreadsheet format.", "category": "data", "openSource": true, "whoItsFor": "Data journalists extracting structured data from government PDFs, court filings, and financial disclosures. Reporters at small newsrooms who need a free, no-code way to turn PDF tables into spreadsheets. Anyone handling sensitive documents who cannot upload files to cloud services.", "pricing": "Free. Open-source (MIT license). No paid tiers.", "freeOption": true, "editorialTake": "Every data journalist has cursed at a PDF table. Tabula remains the standard answer — drop in a PDF, draw a box around the table, get a CSV. It runs entirely on your machine, requires no account, sends nothing over the network. ProPublica used it for Dollars for Docs. La Nación used it for election maps. DocumentCloud's 2024 tool review found Tabula still outperformed Camelot on most table types. The catch: Tabula only handles text-based PDFs (not scans), struggles with borderless layouts, and hasn't had a major feature release since 2020. AI-powered alternatives like IBM's Docling now score ~94% accuracy vs. Tabula's ~68% on complex benchmarks. But those tools require Python, cloud APIs, or both. For a journalist who needs a simple GUI, local processing, and zero cost, Tabula is still the tool. Just know its limits.", "bestFor": "Extracting data tables from government PDFs, financial reports, court documents, budget spreadsheets. Converting PDF tables to CSV for analysis in Excel, Google Sheets, or R. Batch processing via tabula-py (Python) or tabula-java for programmatic pipelines.", "notFor": "Scanned or image-based PDFs — you need OCR first (Tesseract, Adobe Acrobat). Complex multi-page tables that span page breaks. Borderless or merged-cell layouts (accuracy drops sharply). Encrypted or password-protected PDFs. Charts, images, or non-tabular content.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Local only. All processing happens on your computer. PDFs never leave your machine. No server component, no telemetry, no network calls.", "privacyPolicyTldr": "Tabula is a desktop application that runs entirely locally. No data is transmitted to any server. No account required. No analytics or telemetry. This makes it suitable for classified documents, source-protected materials, and pre-publication investigations.", "practicalMitigations": "No network mitigations needed — fully offline. For scanned PDFs, run OCR first with Tesseract (free) or Adobe Acrobat before importing. For encrypted PDFs, decrypt with qpdf or similar before use. For complex tables, try both 'Lattice' (lined tables) and 'Stream' (borderless tables) extraction modes — results vary significantly by mode.", "owner": "Open-source community project (tabulapdf on GitHub). Originally created by Manuel Aristarán, Mike Tigas (ProPublica), and Jeremy B. Merrill via a Knight-Mozilla OpenNews fellowship in 2013.", "fundingModel": "Knight Foundation grants (historical, 2013-era). No current institutional funding. Volunteer-maintained.", "businessModel": "None. Community-maintained open source. Language bindings (tabula-py, tabula-java, tabulapdf for R) maintained by individual contributors.", "knownIssues": "Last major GUI release was v1.2.1 (2018). The tabula-java engine had a bugfix release (v1.0.5) in August 2024, updating PDFBox to 2.0.24. Copyright notice on the website reads 2012-2020, signaling minimal active development. Camelot (the main competitor) is in worse shape — no GitHub commits in 5+ years. Accuracy benchmarks put Tabula at ~68% on complex table datasets vs. ~94% for AI-powered tools like IBM Docling/TableFormer, though these require Python and more setup. GPT-4 Vision can extract tables but produces inconsistent results across runs. The GUI requires Java (JRE) to run, which can be a friction point on modern machines. No native Apple Silicon build.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Fully local processing. Open-source (MIT license, auditable code). No data leaves your machine. No account, no network connection, no telemetry. The strongest privacy posture possible for a data tool — nothing to intercept, nothing to subpoena from a third party." }, { "name": "Tails", "slug": "tails-os", "url": "https://tails.net", "tagline": "Portable operating system that leaves no trace. Runs from USB, routes everything through Tor.", "category": "security", "openSource": true, "threatLevel": "high-risk", "whoItsFor": "Journalists working on highest-risk investigations where device seizure or inspection is a real threat.", "pricing": "Free", "freeOption": true, "editorialTake": "Tails is the nuclear option for journalist security — a full operating system that forgets everything when you shut down. Laura Poitras, Glenn Greenwald, and Barton Gellman all used it to communicate with Edward Snowden. Tails 7.x, now based on Debian 13 and maintained by the Tor Project after the September 2024 merger, boots 10-15 seconds faster than previous versions and auto-detects Tor bridges by region. Overkill for most reporting. Essential for some. Requires real operational security knowledge — Tails protects the endpoint, not the user. The FBI deanonymized a Tails user in 2017 by exploiting a malicious video file opened over home Wi-Fi. The tool is only as good as the tradecraft behind it.", "bestFor": "Highest-risk reporting. Working on a story where your computer could be seized or inspected. Using shared or untrusted computers. Communicating via SecureDrop in hostile environments.", "notFor": "Daily work (boot from USB each time, 3 GB RAM minimum since Tails 7.0). Beginners without security training. Tasks requiring specialized software. Mac users — Apple hardware support is very limited.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Amnesic — data wiped on shutdown unless explicitly saved to encrypted persistent storage. Persistent storage uses LUKS2 with Argon2id key derivation, audited clean by Radically Open Security in late 2024.", "privacyPolicyTldr": "Tails retains nothing by design. The entire operating system runs in RAM and is erased on shutdown, with kernel-level freed memory poisoning to resist cold boot attacks. Optional encrypted persistent storage for files you choose to keep. All internet traffic routes through Tor automatically. Video memory is not wiped — an open limitation.", "practicalMitigations": "Practice booting and using Tails before you need it under pressure. Verify the USB image before first use. Configure persistent storage only for what you absolutely need. Never log into personal accounts (Google, Facebook, email) — this immediately ties your Tor exit node to your identity. Understand cold boot limits: software-based RAM wipe fails if power is cut abruptly. Combine with good source communication practices. If you remove the USB during runtime, Tails triggers emergency memory erasure, bypassing normal shutdown.", "owner": "The Tor Project (merged with Tails on September 26, 2024)", "fundingModel": "Grants and donations via the Tor Project. Tor's 2024 budget was $7.3M, with 35% from U.S. government sources. Other funders: Ford Foundation, Open Society Foundations, Heising-Simons Foundation, Zcash Foundation, Mozilla, NLnet. Donation infrastructure merged in 2025.", "businessModel": "Nonprofit. No monetization. Tails merged into the Tor Project because it outgrew its own structure — fundraising, HR, and operations were unsustainable for the small team. The merger lets developers focus on code while Tor handles organizational overhead.", "knownIssues": "Microsoft's August 2024 Secure Boot update (KB5041585) broke Tails on UEFI hardware by enforcing SBAT level 5, effectively banning Linux distributions using shim 15.7 or older. Microsoft patched the fallout in May 2025 (KB5058385), but the incident exposed a real fragility: a single Windows update can brick your Tails USB on shared hardware. Mac support remains very limited — Apple does not cooperate with free software projects, and newer Apple Silicon Macs are unsupported. A Radically Open Security audit in late 2024 found four vulnerabilities in Tails 6.10: a high-impact privilege escalation in the Upgrader, arbitrary code execution in Python scripts, argument injection in GNOME scripts, and a lower-risk Tor Browser launcher issue. All required prior compromise of the default user. All were patched in Tails 6.11 (January 2025) before the audit report went public in May 2025. No remote code execution was found. Video memory cannot be wiped on shutdown — an open issue since 2022. Cold boot protections fail if power is cut suddenly. The 2017 FBI deanonymization case (via a malicious video file served to a Tails user on home Wi-Fi) demonstrates that Tails does not protect against targeted exploits delivered through application-layer content.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "The strongest endpoint security option available for journalists. Amnesic design eliminates forensic evidence by default. Kernel-level memory poisoning resists cold boot attacks. Tor routing for all traffic. LUKS2/Argon2id persistent storage passed a 2024 audit clean. Open-source, regularly audited, maintained by the Tor Project since September 2024. Tails 7.6 (March 2026) adds automatic Tor bridge detection. Compared to alternatives: Whonix offers similar Tor routing but runs in a VM (not amnesic, not portable); Qubes OS provides stronger VM isolation but requires dedicated hardware and is far more complex. Tails dominates the portable, leave-no-trace use case that field journalists actually need." }, { "name": "Telegram", "slug": "telegram", "url": "https://telegram.org", "tagline": "Cloud-based messaging. NOT end-to-end encrypted by default. Not recommended for journalist-source communication.", "category": "messaging", "openSource": true, "threatLevel": "sensitive-reporting", "whoItsFor": "OSINT researchers monitoring public channels. Journalists covering regions where Telegram is the dominant platform. Not for source communication.", "pricing": "Free. Telegram Premium: $4.99/month (larger uploads, faster downloads, extra features). Telegram Business and Telegram Stars available for commercial use.", "freeOption": true, "editorialTake": "Telegram is not end-to-end encrypted by default. Every regular chat — one-on-one and group — is stored on Telegram's servers with keys Telegram controls. Only 'Secret Chats' (one-to-one only, must be manually activated, not available on desktop) use E2E encryption. In August 2024, founder Pavel Durov was arrested at Le Bourget Airport in France on twelve charges including complicity in distribution of CSAM, drug trafficking facilitation, and money laundering. He faces up to 20 years in prison. Within weeks, Telegram reversed years of defiance: its September 2024 privacy policy update committed to sharing IP addresses and phone numbers with law enforcement on valid legal requests. The scale of the shift was immediate — Telegram fulfilled 900 requests from US authorities in 2024 affecting 2,253 users, compared to just 14 requests (108 users) in the first nine months before the policy change. In June 2025, an IStories/OCCRP investigation found that Telegram's network infrastructure — over 10,000 IP addresses — is controlled by companies with documented ties to Russian intelligence services, including FSB contractors. Telegram denied having servers in Russia. The platform hit 1 billion monthly active users in March 2025, but that scale brings scale-level abuse: Telegram blocked 44 million groups and channels in 2025 alone, including 952,000+ CSAM-related channels. Despite enforcement, Check Point Research found in 2026 that cybercriminals simply reappear under new names within days. Telegram uses a custom cryptographic protocol (MTProto) that has faced repeated academic criticism. A 2015 study found MTProto was not IND-CCA secure. A 2021 ETH Zurich analysis found multiple cryptographic vulnerabilities. While MTProto 2.0 has been formally verified for some properties, the server code remains closed-source — no independent audit of server-side security is possible. For journalists: Telegram is useful for monitoring public channels and following sources in regions where it dominates. It is not appropriate for source communication, confidential discussions, or any conversation where privacy matters. Use Signal.", "bestFor": "OSINT monitoring of public channels and groups. Following news sources in regions where Telegram is dominant (Russia, Iran, Ukraine, Central Asia, parts of the Middle East). Accessing propaganda channels for conflict reporting.", "notFor": "Source communication. Confidential discussions. Any conversation requiring actual end-to-end encryption. Whistleblower contact. Use Signal for all of these.", "encryptionInTransit": "yes", "encryptionAtRest": "partial", "dataJurisdiction": "Dubai, UAE (Telegram FZ-LLC headquarters). Claims servers are distributed globally with encryption keys split across jurisdictions. However, a June 2025 IStories/OCCRP investigation found over 10,000 Telegram server IP addresses belong to Global Network Management (Antigua and Barbuda), controlled by Vladimir Vedeneev — a Russian citizen who served as Telegram's CFO and whose companies have documented ties to Russian intelligence services including FSB contractors. Telegram denied the allegations.", "privacyPolicyTldr": "Regular chats are not E2E encrypted. Telegram stores messages on its servers and holds the decryption keys. Only Secret Chats (one-to-one, manually activated) are E2E encrypted. Since September 2024, Telegram shares IP addresses and phone numbers with authorities on valid legal requests — not just for terrorism cases, but for any criminal investigation. Metadata (IP address, devices, username history) retained up to 12 months. Telegram fulfilled 900 US law enforcement requests affecting 2,253 users in 2024.", "practicalMitigations": "Do not use Telegram for source communication or sensitive discussions — use Signal. If you must use Telegram, enable Secret Chats for private one-on-one conversations (not available for groups or on desktop apps). Enable two-step verification (2FA). Be aware that Telegram can access all regular chat content and will share user data with law enforcement. Use a dedicated phone number (not your personal one) for Telegram. Do not share your location. Review active sessions regularly and terminate unknown ones. Assume any message sent in a regular chat or group is accessible to Telegram and potentially to governments. For OSINT monitoring of public channels, consider using a separate account with no personal identifiers.", "owner": "Telegram FZ-LLC (privately held, founded by Pavel Durov and Nikolai Durov). Registered in the British Virgin Islands, headquartered in Dubai, UAE.", "fundingModel": "Self-funded initially by Pavel Durov. Raised $1.7B via bond sales in 2021. Revenue of $870M in H1 2025 (up 65% year-over-year). Revenue streams: Premium subscriptions ($223M in H1 2025), advertising ($125M), and TON blockchain exclusivity deals (~$300M). Posted a $222M net loss in H1 2025 due to a 69% decline in Toncoin value. Sold $450M+ in Toncoin during 2025. Targeting $2B full-year revenue for 2025. IPO expected around 2026-2027.", "businessModel": "Freemium. Revenue from Telegram Premium subscriptions (15 million subscribers as of May 2025), advertising in public channels, Telegram Stars (digital currency for in-app purchases), and deep financial ties to the TON blockchain ecosystem. The crypto dependency is a red flag — nearly a third of H1 2025 revenue came from TON-related deals, and the company's financial health swings with Toncoin's volatile price.", "knownIssues": "Not E2E encrypted by default — the single most important fact about Telegram. All regular chats (including all group chats) are stored on Telegram's servers with keys Telegram controls. MTProto custom protocol has faced repeated academic criticism: not IND-CCA secure (2015), multiple cryptographic vulnerabilities found by ETH Zurich (2021), unknown key-share attack vector in rekeying protocol. Server code is closed-source — no independent security audit possible. June 2025 IStories/OCCRP investigation linked Telegram's infrastructure to companies with FSB ties. Massive platform abuse: 44 million channels/groups blocked in 2025, including 952K+ CSAM-related and 236K+ terrorism-linked channels. Despite enforcement, threat actors reappear within days (Check Point Research, 2026). Approximately 1,500 white supremacist channels with nearly 1 million followers. Russia began restricting Telegram in February 2026, blocking voice messages and throttling downloads — plans to fully block the app in April 2026. Also banned or restricted in China, Iran, Turkmenistan, North Korea, Thailand, and temporarily in Kenya (June 2025), Nepal (July 2025), and Vietnam (May 2025). Pavel Durov under indictment in France on 12 charges (August 2024), faces up to 20 years. Fined by Australian watchdog for delays in reporting CSAM and terrorism content (February 2025).", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "warning", "securityRatingNote": "Not E2E encrypted by default. Telegram holds encryption keys for all regular and group chats. Custom MTProto protocol with documented cryptographic weaknesses. Server code closed-source. Infrastructure linked to companies with Russian intelligence ties (IStories/OCCRP, June 2025). Founder under indictment in France on 12 charges. Now shares user data with law enforcement — 900 US requests fulfilled in 2024. 1 billion monthly users but massive abuse problem (44M channels blocked in 2025). Not appropriate for journalist-source communication. Use Signal." }, { "name": "Tella", "slug": "tella", "url": "https://tella-app.org", "tagline": "Encrypts photos, video, and audio on capture. Hides files on-device. Captures verification metadata for evidence. Works offline.", "category": "security", "openSource": true, "builtForJournalism": true, "threatLevel": "high-risk", "whoItsFor": "Journalists and human rights documenters operating in hostile environments where phone seizure is a real risk. Citizen journalists at protests. Electoral observers. Activists documenting violations in conflict zones. Anyone whose captured media could endanger themselves or their sources if discovered.", "pricing": "Free. Open source (MIT license for Android, Apache 2.0 for FOSS version).", "freeOption": true, "editorialTake": "Tella is the only mobile app purpose-built for capturing and hiding evidence on a phone. Built by Horizontal, a US-registered 501(c)(3) nonprofit (EIN 83-1782268) with a distributed team across seven countries. The core problem Tella solves: a standard camera app saves photos and videos to a gallery visible to anyone who picks up the phone. Tella encrypts every file the moment it is captured — AES-256 in CTR mode, keys derived via PBKDF2 — and stores everything in an encrypted container invisible to the phone's gallery and file explorer. On Android, two camouflage modes hide the app itself: it can appear as a fully functional calculator (entering the PIN opens Tella), or its name and icon can be changed. iOS cannot camouflage due to platform restrictions. Verification mode captures forensic metadata on every photo, video, or audio recording — file hash, GPS coordinates, altitude, device ID, cell tower identifiers, nearby WiFi networks, and timestamps — exportable as CSV for evidentiary use. Quick delete lets users wipe all files, server connections, or the entire app from a homescreen slider. Works fully offline; internet is only needed to upload to connected servers (Tella Web, Uwazi, Open Data Kit, Google Drive, Nextcloud, Dropbox). Available on Android (Google Play, F-Droid, direct APK) and iOS. The FOSS version on F-Droid strips all proprietary dependencies including Google CrashLytics and Firebase Analytics. Subgraph audited Tella through the OTF Red Team Lab and found only low-to-medium issues; remediation recommendations were provided and deployed. Localized into Arabic, Burmese, French, Portuguese, Russian, Spanish, Vietnamese, and more. Used by digital security trainers in Sub-Saharan Africa, indigenous communities in Brazil documenting land rights violations, and protest documenters in Indonesia. Tella is not a communication tool — it is a capture-and-protect tool. Nothing else does this specific job.", "bestFor": "Documenting human rights violations, police violence, or electoral fraud in environments where phones are searched or seized. Capturing verifiable photo/video/audio evidence with forensic metadata. Offline evidence collection in conflict zones or areas with no connectivity. Submitting documentation to organizations running Uwazi, ODK, or Tella Web servers.", "notFor": "Secure messaging (use Signal or Briar). Daily photography or casual use — the encryption adds friction. Large file transfers over 20MB to Nextcloud servers (known size limitation). Anyone expecting iOS camouflage (not possible due to Apple platform restrictions).", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Local by default. All data is encrypted on-device and never leaves the phone unless the user explicitly uploads to a connected server. Server jurisdiction depends on the deploying organization — Horizontal does not host or control user data. If Horizontal is contracted to manage a server, it has access as a partner to the deploying organization but states it does not disclose data to third parties.", "privacyPolicyTldr": "No personally identifiable information is collected. No user data is disclosed, shared, or sold. The Google Play version includes two trackers (Google CrashLytics and Firebase Analytics) — the F-Droid FOSS version and iOS version include zero trackers. Optional privacy-preserving analytics (disabled by default) collect aggregate usage data like unlock counts and file counts. Deploying organizations that run servers own and control the data submitted to those servers. Horizontal provides the same privacy standard to all users regardless of location.", "practicalMitigations": "Use the F-Droid FOSS version to avoid all proprietary trackers. Enable verification mode in settings before capturing — it is off by default. After importing files into Tella, manually delete the originals from the phone's gallery, because import creates an encrypted copy but leaves the original unencrypted. Do not export files from Tella unless necessary — exported files lose encryption. On Android, know that the app is still visible in Settings > Apps even when camouflaged. Set a strong password lock rather than a simple PIN or pattern. Configure quick delete before entering the field. Test server connections and uploads before deployment in hostile environments. Keep the app updated — Horizontal ships fixes through OTF-funded security improvements.", "owner": "Horizontal (US-registered 501(c)(3) nonprofit, EIN 83-1782268)", "fundingModel": "Grants from Open Technology Fund (Internet Freedom Fund, Red Team Lab security audit). Grant-funded nonprofit model.", "businessModel": "Nonprofit. Free. No revenue model, no ads, no data monetization. Sustainability depends on continued grant funding.", "knownIssues": "Google Play version includes two trackers (CrashLytics and Firebase Analytics) — use the F-Droid FOSS version for zero trackers. Camouflage is Android-only; iOS cannot hide or disguise the app. Even camouflaged on Android, the app appears in Settings > Apps as 'Tella'. Importing files creates an encrypted copy but the unencrypted original remains on the phone. Exported files leave the encrypted container and are accessible to anyone with the device. Nextcloud uploads are limited to 20MB per file on Android due to a known Nextcloud issue. Quick delete (full app removal) is unavailable on some Android phones and all iOS devices. PBKDF2 iteration counts are a pending improvement acknowledged by the development team. The 88 GitHub stars on Tella-Android suggest a small development community relative to the tool's importance. Grant-dependent funding creates long-term sustainability risk.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03", "relatedPrograms": [], "securityRating": "strong", "securityRatingNote": "AES-256 encryption in CTR mode with PBKDF2 key derivation encrypts all captured media at rest. TLS encryption in transit for all server connections. Subgraph security audit through OTF Red Team Lab found only low-to-medium severity issues — no critical vulnerabilities. Android camouflage hides the app behind a functional calculator. Verification mode captures forensic metadata (file hash, GPS, device ID, cell towers, WiFi networks) for evidentiary integrity. Quick delete enables emergency data destruction. Fully open source with a dedicated FOSS version that strips all proprietary dependencies. Local-only by default — no data leaves the device without explicit user action. Built and maintained by a 501(c)(3) nonprofit with OTF grant funding and a published security audit." }, { "name": "Threads", "slug": "threads", "url": "https://www.threads.net", "tagline": "Meta's text-based social platform. 400M+ monthly active users. Instagram integration. No link demotion. ActivityPub federation in progress.", "category": "publishing", "whoItsFor": "Journalists who need reach on a text-based social platform without the link suppression penalties of X. Reporters already on Instagram who want to cross-promote stories. Newsrooms building audience across multiple platforms. Writers and commentators who want algorithmic discovery without paying for visibility.", "pricing": "Free. No paid tier. Monetization through Meta's advertising ecosystem — users are the product, not the customer.", "freeOption": true, "editorialTake": "Threads is the scale play. With 400 million monthly active users and 141 million daily active users as of early 2026, it has surpassed X's mobile daily active user count (125 million on iOS and Android, per Similarweb). For journalists, the key advantage is link handling: Threads does not algorithmically penalize posts containing external links. Adam Mosseri has confirmed this publicly. On X, posts with links see 50-90% reach reduction. On Threads, a link is a link. That matters if your job is driving readers to your reporting. The comparison with Bluesky is straightforward. Bluesky (43 million users) offers open protocol, data portability, domain-as-handle verification, and no ads. Threads offers 10x the audience, Instagram cross-posting, and algorithmic discovery — but it is a Meta product. Your data feeds the same advertising infrastructure as Facebook and Instagram. Threads collects location data, browsing history, search history, health and fitness data, contacts, and financial information, per its App Store privacy label. There is no end-to-end encryption for DMs. Meta's privacy policy allows using your interactions with generative AI features to personalize content and ad recommendations, a policy updated in December 2025. ActivityPub federation is partially live — Threads has interacted with over 75% of fediverse servers, and users can opt in to share posts across the fediverse. But federation is incomplete: polls, quote posts, and restricted replies do not federate. EU users are excluded from fediverse sharing. The 'dear algo' feature lets users write posts starting with 'dear algo' to adjust topic preferences — Meta turned a user workaround into an official feature. Verification uses Meta Verified ($14.99/month), which is a paid identity check, not the cryptographic domain-based system Bluesky offers for free. Choose Threads for reach. Choose Bluesky for independence. Use both if you have the bandwidth. Use neither for sensitive source communication.", "bestFor": "Journalists who prioritize audience size and discoverability. Reporters sharing links to published stories without algorithmic penalty. Instagram-native journalists who want text-based posting integrated with their existing audience. Beat reporters who benefit from algorithmic topic discovery. Newsrooms that need presence on the platform where the most users are.", "notFor": "Journalists who need end-to-end encrypted messaging — Threads DMs have no E2E encryption. Reporters who want data portability and platform independence — your account is tied to Instagram and Meta's ecosystem. Anyone uncomfortable with Meta's data collection practices. Journalists in the EU who want fediverse interoperability — not yet available there. Reporters who need verifiable institutional identity without paying — Meta Verified costs $14.99/month vs. Bluesky's free domain-handle system.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. Meta Platforms, Inc. is headquartered in Menlo Park, California. Threads data is processed under Meta's unified privacy policy. Meta was fined $1.3 billion by Irish regulators for transferring EU user data to the US without adequate protections. No EU-specific data residency option.", "privacyPolicyTldr": "Threads operates under Meta's unified privacy policy and the Threads Supplemental Privacy Policy. Meta collects location data, browsing history, search history, contacts, health and fitness data, financial information, and device identifiers. This data is used for ad targeting across Meta's ecosystem. Third-party services authorized by Meta can access user information for hyper-targeted advertising. As of December 2025, Meta uses interactions with generative AI features to personalize content and ad recommendations. DMs are not end-to-end encrypted — Meta ended E2E encryption support on Instagram DMs in 2025. Account deletion requires deleting your Instagram account (they are linked). Meta complies with US law enforcement data requests and has a history of providing user data to government agencies.", "practicalMitigations": "Never use Threads DMs for source communication — they are not encrypted. Assume all posts are permanently indexed and accessible to Meta, advertisers, and law enforcement. Do not link your primary reporting Instagram account if you want separation between personal and professional data. Use a dedicated device or browser profile for Threads to limit cross-site tracking. Review and restrict ad preferences in Meta's privacy settings. For sensitive reporting, use Signal or SecureDrop for source contact — not any Meta product. Enable two-factor authentication. Regularly audit connected apps and permissions in Instagram settings.", "owner": "Meta Platforms, Inc. (Menlo Park, California). Threads launched July 5, 2023. Led by Adam Mosseri (Head of Instagram). Parent company led by Mark Zuckerberg. Meta has approximately 72,000 employees.", "fundingModel": "Subsidiary of Meta Platforms, Inc. (NASDAQ: META). Meta's market capitalization exceeds $1.5 trillion. Threads is funded entirely through Meta's advertising revenue — no separate fundraising.", "businessModel": "Advertising. Threads is part of Meta's ad-supported ecosystem. Users see ads in their feeds. Meta generated $164 billion in advertising revenue in 2024. Threads monetizes through the same ad infrastructure as Facebook and Instagram. User data collected on Threads enriches Meta's cross-platform advertising profiles.", "knownIssues": "Meta's data collection is among the most extensive of any social platform — the App Store privacy label lists 28 data categories. Meta was fined $1.3 billion for GDPR violations related to EU-US data transfers. The $392 million settlement with 40 US states over deceptive location tracking (2022) applies to Meta's broader ecosystem. Instagram DMs lost end-to-end encryption support in 2025, and Threads DMs inherit this limitation. The algorithm is opaque despite the 'dear algo' workaround. ActivityPub federation is incomplete — polls, quote posts, and restricted replies do not federate, and EU users are excluded. Meta Verified ($14.99/month) is a paid verification system, unlike Bluesky's free domain-based verification. Search functionality has been criticized as limited compared to X. Content moderation at Meta's scale has documented failures — Meta's systems reportedly serve up to 15 billion high-risk scam ads daily. Threads cannot be deleted without deleting the linked Instagram account.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03", "relatedPrograms": [], "securityRating": "caution", "securityRatingNote": "TLS encryption in transit. Encryption at rest for stored data. The core concern is not technical security but data practices. Meta collects 28 categories of user data per the App Store privacy label, including location, browsing history, contacts, and financial information. This data feeds cross-platform ad targeting. DMs are not end-to-end encrypted. Meta has been fined $1.3 billion for GDPR violations and $392 million for deceptive location tracking. For standard journalism use — sharing stories, building audience, monitoring public discourse — the platform functions. For any communication involving sources, confidential information, or sensitive investigations, Meta products are the wrong tool. The 'caution' rating reflects the data collection scope, not a technical vulnerability." }, { "name": "Threema", "slug": "threema", "url": "https://threema.ch", "tagline": "Swiss encrypted messenger with no phone number required. Paid, private, and metadata-minimal — the privacy-first alternative to Signal for journalists who want to stay off the grid entirely.", "category": "messaging", "openSource": true, "whoItsFor": "Journalists, sources, and activists who need encrypted messaging without linking to a phone number or email address. Reporters covering surveillance, intelligence, or organized crime who want a communication channel that produces minimal metadata. European journalists operating under GDPR who need a compliant messaging tool for newsroom use.", "pricing": "One-time purchase (~$5.99 on iOS/Android). Threema Work plans for organizations start at CHF 1.50/user/month.", "freeOption": false, "editorialTake": "Threema is the Swiss army knife of private messaging — literally Swiss, privately held, and built around one principle: collect as little data as technically possible. Unlike Signal, which requires a phone number, Threema assigns each user a random 8-character Threema ID. No email, no phone number, no personal information required to create an account. You can verify contacts in person via QR code. Messages are deleted from servers immediately after delivery. Contact lists stay on your device. Metadata is reduced to what Threema calls 'the technical minimum.' The encryption is NaCl (Networking and Cryptography library) with Curve25519, XSalsa20, and Poly1305 — plus Perfect Forward Secrecy since 2023, meaning compromise of a long-term key cannot decrypt past messages. Threema's code is fully open source (AGPLv3 for apps, server code published for audit). Builds are reproducible, so anyone can verify the app store binary matches the published source. External security audits are conducted regularly — the most recent by Cure53 in 2024 found no critical vulnerabilities. The company is ISO 27001 certified and operates redundant server infrastructure exclusively in Switzerland, subject to Swiss data protection law (which is stronger than GDPR in several respects). The tradeoff: Threema costs money. That one-time $6 purchase is both a barrier and a feature — it means Threema has no incentive to monetize user data or attention. The real limitation is network effects. Signal has far more users globally, and most journalists already have it. Threema is strongest in the DACH region (Germany, Austria, Switzerland) where it has significant adoption — the Swiss army and German federal agencies use Threema Work. For journalists elsewhere, the challenge is getting sources onto a paid app with smaller market penetration. But for high-risk reporting where you need an encrypted channel that does not require a phone number and produces almost no metadata, Threema is arguably stronger than Signal on privacy fundamentals.", "bestFor": "Anonymous source communication where neither party wants to reveal a phone number. Newsroom-wide encrypted messaging via Threema Work. Journalists in Switzerland, Germany, and Austria where Threema adoption is high. Communication with sources who refuse to install Signal or who need deniability about the communication itself.", "notFor": "Reaching sources who do not already have Threema — the paid model and smaller user base create friction. Journalists whose entire network is on Signal. Large-scale group coordination (Signal and WhatsApp have stronger group features). Real-time voice/video calls in unreliable network conditions (Signal's calling infrastructure is more robust).", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Switzerland (Threema GmbH, Pfäffikon SZ). All servers located exclusively in Switzerland. Subject to Swiss Federal Data Protection Act (nDSG) and not subject to US, EU, or Five Eyes jurisdiction. Swiss authorities can request data but Threema holds almost nothing to hand over — no contact lists, no message content, no group memberships are stored server-side.", "privacyPolicyTldr": "Threema collects almost nothing. No phone number or email required. Messages deleted from servers after delivery. Contact lists stored only on-device. No advertising, no tracking, no profiling. Metadata reduced to technical minimum (sender ID, recipient ID, timestamp — all deleted after delivery). Threema does not know who communicates with whom. Key material generated and stored on-device only. Swiss law applies. No data sharing with third parties. Anonymous usage is the default, not an option you have to enable.", "practicalMitigations": "Verify contacts via QR code in person for maximum trust level (three green dots). Enable Threema's built-in app lock. Use a strong passphrase for Threema Safe backups (encrypted, stored on Threema's Swiss servers or your own WebDAV server). For maximum anonymity, purchase Threema with cryptocurrency or a prepaid card and create your ID without linking any personal information. Review linked devices periodically. Enable disappearing messages for sensitive conversations. For newsroom deployment, use Threema Work with MDM integration for device management and compliance.", "owner": "Threema GmbH (privately held Swiss company, Pfäffikon SZ, Switzerland)", "fundingModel": "Self-funded through app sales and Threema Work subscriptions. No venture capital, no advertising revenue, no data monetization. The paid model is the business model — users are customers, not products.", "businessModel": "One-time app purchase for consumers (~$6). Threema Work subscriptions for organizations (per-user monthly pricing). Threema OnPrem for enterprises wanting self-hosted infrastructure. Threema Gateway API for businesses integrating encrypted messaging. No advertising. No data sales. Revenue comes entirely from users and organizations paying for the product.", "knownIssues": "A 2023 ETH Zurich academic paper identified theoretical weaknesses in Threema's legacy protocol (Ibex) — specifically, the lack of forward secrecy in the original design allowed theoretical attacks if a server were compromised. Threema responded by deploying a new protocol with Perfect Forward Secrecy (Ibex successor) within weeks and disputed the practical exploitability of the findings. The new protocol was independently audited. Network effects remain the biggest practical issue: Threema has ~12 million users versus Signal's 40-70 million and WhatsApp's 2+ billion. Getting sources to install and pay for a new app is real friction. Voice and video calling quality lags behind Signal. No desktop app without mobile — Threema Web requires the phone to be online (similar to WhatsApp Web's original limitation, though a standalone desktop client is in development).", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "strong", "securityRatingNote": "Threema earns a strong rating on privacy architecture: no phone number required, metadata minimized to near-zero, servers exclusively in Switzerland, open source with reproducible builds, regular external audits (Cure53), ISO 27001 certified, Perfect Forward Secrecy, and a business model aligned with user privacy (paid product, no ads, no data monetization). The 2023 ETH Zurich protocol critique was addressed rapidly with a new protocol and independent audit. The one area where Signal edges ahead: Signal's sealed sender feature hides even the sender's identity from Signal's servers, which Threema does not yet implement. But Threema's overall metadata posture — especially the no-phone-number requirement — makes it arguably the strongest option for journalists who need anonymous, unlinkable communication channels." }, { "name": "TinEye", "slug": "tineye", "url": "https://tineye.com", "tagline": "Reverse image search built for finding the oldest instance of an image and tracking how it was modified.", "category": "verification", "whoItsFor": "Journalists verifying whether a viral photo is original or recycled from an older event. OSINT researchers tracking image manipulation chains. Photographers and publishers enforcing copyright.", "pricing": "Free for manual searches on tineye.com (limited daily volume, exact cap undisclosed). API search bundles start at $200 for 5,000 searches (pay-as-you-go or auto top-up at 75% usage). MatchEngine (private collection matching) runs $200/mo (Starter: 5K images, 1K searches) to $1,500/mo (Corporate: 500K images, 150K searches). Enterprise pricing is custom.", "freeOption": true, "editorialTake": "TinEye indexes 78+ billion images and does one thing well: finding exact and near-exact copies of an image across the web, sorted by date. That 'sort by oldest' feature is genuinely unique — neither Google nor Yandex offer it — and it is the fastest way to debunk a photo claimed to be from a current crisis but actually published years earlier. TinEye also detects crops, color shifts, overlays, and resolution changes that Google Lens misses. But its coverage has real gaps. User reports from late 2024 describe sub-2% hit rates on some queries, and Google's broader crawl regularly surfaces results TinEye does not. Yandex outperforms both for facial recognition (85-95% accuracy vs. TinEye's ~30-40%) and Eastern European/Asian content. TinEye cannot identify people, objects, or scenes — it matches pixel patterns, not semantics. The right workflow for verification: run TinEye first for date-sorted provenance, then Google Lens for broader coverage, then Yandex if faces matter. No single tool is sufficient.", "bestFor": "Verifying whether a viral photo is original or recycled from an older event. Finding the earliest known appearance of an image online (sort-by-oldest). Detecting cropped, filtered, or watermarked versions of a photo. Copyright enforcement for photographers and publishers.", "notFor": "Identifying people in photos — TinEye matches images, not faces. Finding visually similar but non-identical images (it needs pixel-level overlap). Real-time social media monitoring. AI-generated image detection. Any use case requiring object or scene recognition.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "Canada. TinEye (Idee Inc.) is headquartered in Toronto. Operates its own infrastructure. Subject to Canadian privacy law (PIPEDA).", "privacyPolicyTldr": "Strong for a search tool. Uploaded images are fingerprinted, matched against the index, and deleted within seconds — TinEye explicitly states images are never saved, never indexed, and never used for training. No search history is stored. No account required for free web searches. No data sold to third parties. API users have separate terms. Canadian jurisdiction under PIPEDA is favorable compared to US-based alternatives.", "practicalMitigations": "Do not upload images that could identify a confidential source — even though TinEye deletes uploads, the image crosses the network. Use TinEye alongside Google Lens and Yandex for broader coverage. For sensitive verification, download the image locally and upload it rather than sharing the original URL. Consider that TinEye's index skews toward Western web content; verify coverage gaps with regional tools.", "owner": "Idee Inc. (Toronto, Canada). Co-founded by Leila Boujnane (CEO) and Paul Bloore (CTO) in 2008.", "fundingModel": "Bootstrapped. No outside funding raised. Privately held and reportedly profitable.", "businessModel": "Freemium with API revenue. Free reverse image search drives awareness. Revenue from API search bundles (pay-per-search for commercial reverse image search), MatchEngine (private collection matching for brands, stock agencies, and publishers), and enterprise contracts. No advertising. No data monetization.", "knownIssues": "Hit rate has degraded — multiple user reports from late 2024 describe finding zero results on queries that Google and Yandex match easily. TinEye's 78B-image index sounds large but covers a fraction of the web. No facial recognition — matches pixel patterns, not faces; Yandex or PimEyes are far more effective for identifying people. Free web search has an undisclosed daily limit; heavy verification workflows will hit it with no clear error. Cannot detect AI-generated images. API pricing is steep for small newsrooms ($200 for 5K searches, no free API tier). No mobile app — field verification requires browser workarounds.", "reviewedBy": "Deepened evaluation by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Canadian jurisdiction under PIPEDA. No account required for basic use. Images deleted within seconds of search — never stored, indexed, or used for training. No search history retained. No data sold. Bootstrapped company with no investor pressure to monetize user data. One of the cleanest privacy postures among verification tools." }, { "name": "Topaz Labs", "slug": "topaz", "url": "https://www.topazlabs.com", "tagline": "Desktop AI for image and video upscaling, denoising, and sharpening. Processes locally. Useful for enhancing low-quality source material, surveillance footage, and archival media.", "category": "visuals", "additionalCategories": [ "ai" ], "openSource": false, "whoItsFor": "Investigative journalists working with low-resolution surveillance footage, leaked documents, or degraded archival video. Visual editors who need to publish usable stills from poor-quality source material. Documentary producers restoring historical footage. Photo editors upscaling images for print from web-resolution originals.", "pricing": "Photo AI: $199/year. Video AI: $299/year. Gigapixel (standalone upscaler): $99/year. Bundle (all three): $499/year. Topaz switched from perpetual one-time licenses to subscription-only pricing in September 2025. Monthly options available at higher rates. Free trial with watermarked output. No free tier.", "freeOption": false, "editorialTake": "Topaz Labs makes desktop software that uses AI models to upscale, denoise, sharpen, and stabilize images and video. Founded in 2005 by Albert Yang in Texas, the company has been doing computational photography enhancement for nearly two decades — long before the current AI wave. The key differentiator for journalism: processing happens locally on your machine. No footage leaves your computer. No cloud upload. For investigative journalists working with surveillance footage, leaked material, or source-provided video of uncertain provenance, this matters. You can enhance a blurry license plate or stabilize shaky protest footage without sending it to a third-party server. Photo AI handles noise reduction, sharpening, upscaling, and face recovery in a single pass. Video AI does the same for moving footage plus frame interpolation and stabilization. Gigapixel is the standalone image upscaler for print-resolution enlargements. Output quality is strong — Topaz consistently outperforms free alternatives like waifu2x or Real-ESRGAN in professional blind tests, particularly on real-world degraded content rather than synthetic benchmarks. The September 2025 shift to subscription-only pricing drew significant user backlash. Previous customers had paid $200-$300 for perpetual licenses; now everyone pays annually. At $499/year for the bundle, it is expensive compared to free open-source alternatives, but you get a polished GUI, regular model updates, and hardware optimization that open-source tools lack. Requires a capable GPU (NVIDIA recommended) for reasonable processing speeds.", "bestFor": "Enhancing surveillance or security camera footage for investigative reporting. Upscaling low-resolution source images to publication quality. Denoising and sharpening video from smartphones or body cameras. Restoring archival footage for documentary work. Any enhancement workflow where source material cannot leave your local machine.", "notFor": "Real-time or near-real-time video processing (batch processing is slow on complex footage). Journalists without a dedicated workstation with a capable GPU. Anyone expecting AI to recover information that does not exist in the source (upscaling adds plausible detail, not ground truth). Budget-constrained freelancers who cannot justify $199-$499/year (open-source alternatives exist). Creating or altering evidence — enhanced footage should be disclosed as processed.", "encryptionInTransit": "unknown", "encryptionAtRest": "unknown", "dataJurisdiction": "United States (Topaz Labs LLC, Addison, Texas). Core image/video processing is entirely local — no user content is transmitted to Topaz servers. License activation and software updates require internet connection.", "privacyPolicyTldr": "Desktop application processes all media locally. No user images or video are uploaded to Topaz servers during normal operation. Account required for license activation. Usage telemetry and crash reports may be transmitted. No cloud processing dependency for core enhancement features. Your source material stays on your machine.", "practicalMitigations": "Ideal for sensitive material because processing is local — no cloud exposure. Disclose any AI enhancement in your methodology notes or caption metadata when publishing enhanced footage. Do not represent AI-upscaled detail as ground truth (the AI infers plausible detail, it does not recover actual information). Keep original unprocessed files alongside enhanced versions for evidentiary integrity. Test on your specific hardware before committing — processing speed depends heavily on GPU. Consider free alternatives (Real-ESRGAN, waifu2x) if budget is constrained and you are comfortable with command-line tools.", "owner": "Topaz Labs LLC. Private company founded 2005 by Dr. Feng (Albert) Yang. Headquartered in Addison, Texas (expanding from 7,000 to 27,000 sq ft in 2025). Approximately 51 employees.", "fundingModel": "Largely bootstrapped. Minimal outside funding ($200K documented). Revenue-funded growth over nearly two decades.", "businessModel": "Subscription software (switched from perpetual licenses September 2025). Revenue from annual subscriptions to Photo AI, Video AI, Gigapixel, and bundled plans. No API or platform play — purely desktop software sold to individual users and small teams.", "knownIssues": "Switched from perpetual licenses to subscription-only in September 2025, drawing significant user backlash from long-time customers. Requires capable GPU hardware (NVIDIA recommended) — performance on integrated graphics or older hardware is poor. AI upscaling adds plausible detail that may not reflect reality — a real concern for evidentiary use. Processing speed on long video files can be very slow even on high-end hardware. No batch automation API for newsroom integration. Model updates occasionally change output characteristics, making results non-reproducible across versions.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "relatedPrograms": [], "securityRating": "strong", "securityRatingNote": "Local-only processing is the strongest possible posture for sensitive source material. No user content leaves the machine. No cloud dependency for core features. No third-party server exposure. The 'strong' rating reflects this architecture — your footage stays on your hardware. The only network activity is license activation and software updates. For journalists working with sensitive visual material, this is the ideal model." }, { "name": "Tor Browser", "slug": "tor-browser", "url": "https://www.torproject.org/download/", "tagline": "Anonymous web browsing via the Tor network. Prevents traffic analysis and fingerprinting.", "category": "security", "openSource": true, "threatLevel": "sensitive-reporting", "whoItsFor": "Journalists researching sensitive topics, accessing SecureDrop tip lines, or circumventing censorship.", "pricing": "Free", "freeOption": true, "editorialTake": "Tor is essential infrastructure for investigative journalism — the only practical way to access SecureDrop tip lines, research sensitive subjects without creating a trail, and bypass censorship. The Tor Project merged with Tails in September 2024, combining network-level anonymity with OS-level security under one nonprofit. In October 2024, CVE-2024-9680 (CVSS 9.8) exploited a Firefox Animation timeline use-after-free against Tor Browser users in the wild; Mozilla patched it within 25 hours. In September 2024, German police confirmed they used timing analysis to deanonymize a darknet operator between 2019–2021 — the Chaos Computer Club documented four successful timing attacks in a single investigation. The Tor Project responded that the target used an outdated version of Ricochet messenger lacking guard discovery protections, and that current Tor versions have mitigations. Tor Browser 15.0, released October 2025, is based on Firefox ESR 140 and underwent a security audit by Radically Open Security. 7ASecurity conducted a separate code audit in mid-2025. The network runs ~8,000 relays (2,500 exit nodes) serving 2–3 million daily users across 200+ million total downloads. Russia, China, Iran, and Turkmenistan actively block Tor; the anti-censorship team counters with WebTunnel, Snowflake, and the new Conjure pluggable transport. Slower than regular browsing, and requires discipline — but every journalist covering sensitive topics needs this in their toolkit.", "bestFor": "Researching sensitive topics without revealing your location/identity. Accessing .onion sites (SecureDrop). Bypassing censorship in restrictive countries.", "notFor": "Everyday browsing (slow). Logging into personal accounts (defeats anonymity). Large file downloads. Users unwilling to keep software updated — outdated Tor is a real risk.", "encryptionInTransit": "yes", "encryptionAtRest": "partial", "dataJurisdiction": "No data stored. Traffic encrypted through three Tor relays (guard, middle, exit). Exit node to destination follows normal HTTPS. No single relay knows both source and destination.", "privacyPolicyTldr": "Tor Browser stores nothing by default. Browsing history, cookies, and cache are wiped on close. The Tor Project collects no user data. Your ISP can see you're using Tor but not what you're accessing. Tor metrics publishes aggregate, anonymized usage data only.", "practicalMitigations": "Never log into personal accounts while using Tor. Don't maximize the browser window (screen size is a fingerprinting vector). Use HTTPS-only mode. Don't install additional browser extensions. Use bridges if Tor is blocked in your country. Keep Tor Browser updated — the 2024 German timing attack succeeded partly because the target used outdated software. Don't download files and open them while online (use Tails for this). Consider using Tails OS for highest-risk work.", "owner": "The Tor Project (nonprofit, 501(c)(3))", "fundingModel": "Diversified: 35% US government (primarily State Dept Bureau of Democracy, Human Rights, and Labor — $2.12M), 19% Mullvad, plus Craig Newmark Philanthropies, Ford Foundation, #StartSmall, Sweden's Sida, Power Up Privacy, and individual donors ($1.1M in 2023–2024). Total budget: $7.3M. Government share dropped from 53% (2021–2022) to 35% (2023–2024).", "businessModel": "Nonprofit. No monetization. No ads, no data collection, no premium tier.", "knownIssues": "Timing analysis attacks are real — German police used them successfully between 2019–2021, confirmed by the Chaos Computer Club. CVE-2024-9680 (October 2024) was a critical Firefox zero-day (CVSS 9.8) actively exploited against Tor users; patched within 25 hours. Exit nodes can see unencrypted traffic if you're not using HTTPS. Website fingerprinting research continues to advance — adversaries who control both entry and exit points can correlate traffic. Russia, China, Iran, and Turkmenistan actively block Tor access, requiring bridges or pluggable transports. Screen size and other browser fingerprinting vectors require discipline to mitigate.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Battle-tested anonymity network with ~8,000 relays serving millions daily. Open-source, with regular independent audits (Radically Open Security for ESR transitions, 7ASecurity code audit in 2025, Cure53 for censorship circumvention tools). The 2024 German timing attack is the most significant documented deanonymization — but it targeted outdated software and required months of surveillance plus ISP cooperation. Current versions have mitigations. CVE-2024-9680 was critical but patched in under 25 hours. Merged with Tails OS in 2024, strengthening both projects. Funding is diversifying away from US government dependency. Exit-node vulnerability remains a known limitation — mitigated by HTTPS-only mode." }, { "name": "TRAC (Transactional Records Access Clearinghouse)", "slug": "trac", "url": "https://trac.syr.edu", "tagline": "Federal enforcement data obtained through FOIA — immigration courts, IRS audits, federal prosecutions, staffing. Built by and for journalists at Syracuse University.", "category": "newsgathering", "additionalCategories": [ "data" ], "builtForJournalism": true, "whoItsFor": "Investigative journalists covering immigration enforcement, federal criminal justice, IRS enforcement, and federal agency staffing. Immigration lawyers and legal aid organizations tracking court backlogs and outcomes. Researchers studying federal enforcement patterns. Policy organizations analyzing how federal agencies deploy resources. Any reporter who needs granular federal enforcement data that agencies do not voluntarily publish.", "pricing": "Free for most data tools and reports. Some advanced query tools and detailed data access may require institutional subscription. TRAC has historically provided free access to journalists and researchers.", "freeOption": true, "editorialTake": "TRAC is one of the most important data sources in American journalism, and most journalists have never heard of it. Founded in 1989 by Susan B. Long (a Syracuse University statistician) and David Burnham (a former New York Times investigative reporter who died in October 2024), TRAC uses FOIA litigation — actual lawsuits against federal agencies — to extract enforcement data the government does not voluntarily publish. The result is a unique database covering immigration court proceedings, federal criminal prosecutions, IRS audit rates, federal agency staffing levels, and more. This is not data you can get anywhere else. TRAC's immigration data is particularly valuable: case-by-case immigration court records, deportation statistics, asylum outcomes by judge, detention facility populations, and enforcement action timelines. Major newsrooms cite TRAC regularly — it has been the data backbone for immigration reporting for two decades. In February 2025, TRAC migrated from its Syracuse University domain to tracreports.org, operated by TRAC Reports Inc. The migration followed changes at the university. All reports and data tools have been moved to the new domain. In 2025, TRAC launched the David Burnham Legacy Grant ($25,000) for investigative reporting using TRAC data. The main limitation is that TRAC's data depends on FOIA — when agencies delay or resist disclosure, the data lags. The current administration's approach to FOIA compliance affects TRAC's ability to obtain current data.", "bestFor": "Immigration court data — case outcomes, asylum decisions by judge, backlog statistics, detention data. Federal criminal prosecution patterns by district, offense type, and agency. IRS audit rates by income level and geography. Federal agency staffing and resource allocation data. Any reporting that needs enforcement data the government does not voluntarily publish.", "notFor": "State or local enforcement data. Real-time enforcement activity. Campaign finance or political data. Court records and case filings (use PACER for that). Comprehensive federal spending data (use USASpending.gov). Data from agencies that have successfully resisted TRAC's FOIA requests.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States. TRAC Reports Inc. is a US nonprofit. Data is derived from federal agency records obtained through FOIA requests and litigation.", "privacyPolicyTldr": "TRAC's public data tools do not require registration for basic access. The underlying data is federal enforcement records obtained through FOIA — it is public record. TRAC is an academic and journalistic research organization, not a commercial data broker. Standard web analytics apply. No advertising or commercial tracking.", "practicalMitigations": "Most TRAC data tools are accessible without registration. The data is derived from federal records obtained through FOIA, so it is public information. Always cite TRAC as your source and note the FOIA origin of the data. Cross-reference TRAC data with official agency statistics where available — TRAC data may be more current or more granular than what agencies publish voluntarily. Note the domain migration: current URL is tracreports.org, though trac.syr.edu may still redirect. For immigration data, TRAC's judge-level outcome data is unique and cannot be verified against other public sources.", "owner": "TRAC Reports Inc. (nonprofit). Originally housed at Syracuse University's Newhouse School and Whitman School of Management.", "fundingModel": "Nonprofit funded through grants, donations, and institutional support. Previously supported by Syracuse University. Now independent as TRAC Reports Inc. The David Burnham Legacy Grant program provides $25,000 grants to journalists using TRAC data.", "businessModel": "Nonprofit research and data distribution. TRAC obtains federal data through FOIA requests and litigation, processes and analyzes it, and publishes tools and reports for free public use. Some advanced data access may require institutional subscription. Revenue comes from grants and donations, not from selling data commercially.", "knownIssues": "The February 2025 migration from Syracuse University to tracreports.org may cause broken links in older citations and bookmarks. Data freshness depends entirely on FOIA compliance — when agencies delay or deny requests, TRAC's data lags. The current political climate around immigration enforcement has increased both the demand for TRAC data and the difficulty of obtaining it. David Burnham's death in October 2024 was a significant loss; Dr. Susan Long continues as sole director. The organization's long-term sustainability as a small nonprofit depends on continued grant funding.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "Nonprofit research organization with a 35-year track record of handling sensitive federal enforcement data. HTTPS on both domains. The data itself is public record obtained through FOIA. No commercial tracking. The main considerations are organizational: TRAC is a small operation dependent on grant funding, and the domain migration introduces a transition period. For the nature of the data and the use case, security is adequate." }, { "name": "Transistor.fm", "slug": "transistor", "url": "https://transistor.fm", "tagline": "Professional podcast hosting with unlimited shows per account. Multi-show support, analytics, private podcasting, and distribution to all directories.", "category": "publishing", "whoItsFor": "Newsrooms hosting multiple podcast shows from one account. Independent journalists who want professional hosting without platform lock-in. Publishers who need private podcast feeds for subscribers or internal distribution. Podcast networks and multi-show operations that want consolidated management.", "pricing": "Starter: $19/month (20K monthly downloads, 50 private subscribers). Professional: $49/month (100K downloads, 500 private subscribers). Business: $99/month (250K downloads, 3K private subscribers). Enterprise: $199+/month (custom). Annual billing gives two months free. No free tier.", "freeOption": false, "editorialTake": "Transistor is the indie podcast host built for people who take podcasting seriously but don't want to be locked into a platform's ecosystem. Founded in 2017 by Jon Buda and Justin Jackson, it's bootstrapped — no VC funding, no acquirer's agenda. The standout feature for newsrooms is unlimited shows per account at every pricing tier. Most competitors charge per show or cap the number. With Transistor, a newsroom running five podcast feeds pays the same as someone running one — pricing is based on total monthly downloads, not show count. Other features: analytics (downloads, subscriber trends, listening apps), one-click distribution to all major directories, automatic podcast website generation, embeddable players, AI transcription, dynamic ad insertion, and private podcasting for subscriber-only or internal feeds. The private podcasting feature is worth noting: you can create members-only audio feeds, which some journalism outlets use for premium content or internal newsroom communication. Transistor supports multiple user logins per show, which matters for team-based production. The trade-off versus Spotify for Creators is cost for features: Spotify is free but you're on their platform; Transistor costs $19-99/month but you own your distribution and aren't feeding someone else's recommendation algorithm. Compared to Buzzsprout, Transistor's unlimited shows and private podcasting are the differentiators. Compared to Megaphone (Spotify-owned, enterprise-priced), Transistor is affordable and independent.", "bestFor": "Newsrooms with multiple podcast shows. Publishers who want professional hosting without platform dependence. Private podcast feeds for subscriber content or internal distribution. Team-based podcast production with multiple collaborators. Journalists who prioritize owning their distribution infrastructure.", "notFor": "Journalists who need free hosting (use Spotify for Creators). Shows that need Spotify-native features like video podcasts or Spotify-specific monetization. Operations exceeding 250K monthly downloads without enterprise pricing. Creators who want built-in audience discovery — Transistor distributes to directories but doesn't have its own listener network.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States. Transistor.fm is a US-based company. Podcast files and analytics data hosted on US infrastructure.", "privacyPolicyTldr": "Transistor collects account information, podcast analytics (downloads, geographic data, listening app data), and standard web analytics. Download analytics are based on IAB 2.1 compliant measurement. Listener data is aggregated — Transistor shows you trends, not individual listener identities. No advertising on the platform. Data is not sold to third parties. Government terms available for public sector clients.", "practicalMitigations": "Maintain local backups of all episode files — Transistor hosts your content but you should always have your own copies. Your RSS feed is portable: if you leave Transistor, set up a 301 redirect to your new host. Understand that download analytics are based on IAB standards, which count RSS feed requests — not unique listeners. Private podcast feeds use unique RSS URLs per subscriber; revoke access promptly when subscribers cancel. If using Transistor for sensitive internal newsroom podcasts, assess whether US-hosted infrastructure meets your organization's data handling requirements.", "owner": "Transistor.fm. Co-founded by Jon Buda and Justin Jackson in 2017. Indie-owned and operated — no outside investors, no parent company.", "fundingModel": "Bootstrapped. No venture capital, no outside funding. Revenue-funded from day one.", "businessModel": "SaaS subscription. Revenue from monthly/annual hosting plans. No advertising, no data sales, no revenue share on creator earnings. Pricing based on monthly download volume and private subscriber limits.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "Bootstrapped indie company with straightforward business model — revenue from subscriptions, not advertising or data. No known data breaches. IAB 2.1 compliant analytics. US-hosted infrastructure. No advertising trackers on the platform. The simplicity of the business model is a security positive: Transistor has no incentive to monetize your listener data. Adequate for journalism podcast hosting. The main consideration is that it's a small independent company — no SOC 2 certification mentioned, and long-term viability depends on continued subscription revenue." }, { "name": "Tresorit", "slug": "tresorit", "url": "https://tresorit.com", "tagline": "End-to-end encrypted cloud storage. Swiss jurisdiction. Zero-knowledge architecture. Owned by Swiss Post since 2021.", "category": "security", "additionalCategories": [ "messaging" ], "openSource": false, "threatLevel": "sensitive-reporting", "whoItsFor": "Journalists storing sensitive source documents, investigation files, or legal materials who need encryption stronger than Dropbox or Google Drive. Newsrooms handling whistleblower materials, leaked documents, or cross-border investigations where jurisdiction matters. Researchers and activists who need a cloud provider that cannot decrypt their files even under court order.", "pricing": "Personal Essential: ~$14/month for 1TB. Personal Pro: ~$34/month for 4TB. Business: $15/user/month (10+ users, 1TB/user). Small Business: $25/user/month (2-9 users). Enterprise: custom pricing. Free Basic tier: 3GB, 2 devices, 500MB file size limit. Annual billing saves ~20%.", "freeOption": false, "editorialTake": "Tresorit has the strongest security posture of any commercial cloud storage service. AES-256 client-side encryption with RSA-4096 key exchange. Zero-knowledge architecture — Tresorit cannot decrypt your files, file names, or folder structure. The encryption is not optional; every file is encrypted before it leaves your device. That is a meaningful difference from Dropbox (server-side encryption, Dropbox holds the keys) and Google Drive (Google can and does access file contents for indexing, AI features, and legal compliance). Swiss Post acquired a controlling stake in 2021, making Tresorit a subsidiary of the Swiss national postal service. That is unusual for a privacy company — but Swiss Post is government-owned, which means Tresorit operates under Swiss Federal Data Protection Act with no VC pressure to monetize data. Servers in Switzerland, Ireland, and the Netherlands. ISO 27001:2022 certified by TUV Rheinland. GDPR, HIPAA, CCPA, NIS2, and TISAX compliant. The tradeoffs are real. Tresorit costs 2-3x more than mainstream cloud storage per GB. No block-level sync — every file edit re-uploads the entire file because client-side encryption prevents delta syncing. Download speeds lag behind Dropbox and Google Drive. The web app lacks drag-and-drop upload. Files live in 'tresors' (encrypted containers), not a standard folder hierarchy, which adds friction. There is no Linux desktop client. Proton Drive is the closest competitor: also E2E encrypted, also Swiss, also zero-knowledge, and now includes Docs and Sheets. Proton is open-source and independently audited; Tresorit is closed-source. Proton's free tier is more generous (5GB vs 3GB). But Tresorit has stronger enterprise features — SSO, admin policies, data residency controls, dynamic watermarks — that Proton lacks. For solo journalists, Proton Drive is often the better value. For newsrooms that need admin controls and compliance certifications, Tresorit fills a gap no other E2E encrypted provider covers.", "bestFor": "Encrypted storage for sensitive source documents, investigation files, and legal materials. Newsrooms needing enterprise-grade admin controls (SSO, device management, audit logs) with genuine zero-knowledge encryption. Secure file sharing with external collaborators via encrypted links with access controls and expiration.", "notFor": "Budget-conscious freelancers — Proton Drive offers similar encryption at lower cost with a more generous free tier. Heavy collaboration workflows — Google Docs and Sheets are far faster for real-time co-editing. Users who need fast sync for large files — the lack of block-level sync means slow uploads on file edits. Linux desktop users (no native client). Anyone who needs full-text search across file contents — encryption prevents server-side indexing.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Switzerland. Company headquartered in Zurich. Offices in Budapest and Munich. Servers in Switzerland, Ireland, and the Netherlands. Subject to Swiss Federal Data Protection Act. Business plans offer data residency options (choose where your data is stored). Swiss Post ownership means the parent company is Swiss government-owned — subject to Swiss law, not EU or US jurisdiction for corporate decisions.", "privacyPolicyTldr": "Zero-knowledge encryption: Tresorit states it cannot decrypt file contents, file names, or encryption keys. Tresorit collects registration data (email, name, address), billing info, account metadata (folder names, sizes, member lists), access logs (IP, location, platform), and device information. Non-encrypted metadata is accessible to Tresorit. Business accounts with recovery master keys enabled allow a designated Recovery Administrator to access encrypted content — a deliberate enterprise feature, not a backdoor. Tresorit complies with Swiss law enforcement requests and may transmit personal data when legally required. No published transparency report with specific numbers on government data requests.", "practicalMitigations": "Enable two-factor authentication. Business accounts: carefully evaluate whether to enable the recovery master key — it gives the Recovery Administrator access to encrypted content. Pay with methods that minimize payment metadata if anonymity matters. Use a strong, unique password — if lost without recovery options, files are permanently unrecoverable. Review sharing link permissions and set expiration dates. For highest-risk scenarios, combine Tresorit with a VPN to mask IP addresses in access logs. Verify that your data residency setting matches your jurisdictional needs.", "owner": "Tresorit AG (Zurich, Switzerland). Founded 2011 by Istvan Lam, Szilveszter Szebeni, and Gyorgy Szilagyi. Majority owned by Swiss Post Communications Services since July 2021. Swiss Post is the sole shareholder. CEO: Istvan Hartung (since June 2023). ~100 employees.", "fundingModel": "Series B (€11.5M, 2018). Acquired by Swiss Post in 2021. No longer venture-backed. Operates as an independent subsidiary of Swiss Post.", "businessModel": "Subscription. Revenue from personal plans ($14-34/month), business plans ($15-25/user/month), and enterprise contracts. Free Basic tier (3GB) as lead generation. Additional revenue from Tresorit Engage (secure data rooms) and eSign products.", "knownIssues": "Closed-source — no independent code audit of client-side encryption implementation is publicly available (unlike Proton Drive, which is open-source and audited by Securitum). Download speeds significantly slower than mainstream cloud storage, with files frequently stalling near completion. No block-level sync due to E2E encryption — every file edit re-uploads the entire file. Web app lacks drag-and-drop file upload. No Linux desktop client. No full-text search across encrypted file contents. 'Tresor' container model adds friction compared to standard folder hierarchies. No published transparency report with specific numbers on government data requests — unlike Proton, which publishes annual figures. The Swiss Post acquisition raised questions in privacy communities about government ownership of a privacy company, though Swiss Post has no history of data access issues.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-03", "relatedPrograms": [], "securityRating": "strong", "securityRatingNote": "AES-256 client-side encryption with RSA-4096 key exchange. Zero-knowledge architecture — Tresorit cannot decrypt file contents even under court order. ISO 27001:2022 certified by TUV Rheinland. GDPR, HIPAA, CCPA, NIS2, TISAX compliant. Swiss jurisdiction under Federal Data Protection Act. Non-convergent encryption prevents content matching across users. Primary limitation: closed-source code with no publicly available independent security audit of the encryption implementation. Business recovery master key feature creates a potential access path for designated administrators. Metadata (IP, device info, account data) is not encrypted and can be disclosed under Swiss legal process." }, { "name": "TrialWatch", "slug": "clooney-trialwatch", "url": "https://cfj.org/trialwatch/", "tagline": "Free legal aid and trial monitoring for journalists facing criminal prosecution in 40+ countries.", "category": "legal", "builtForJournalism": true, "whoItsFor": "Journalists, human rights defenders, and democracy advocates facing criminal trials anywhere in the world.", "pricing": "Free", "freeOption": true, "editorialTake": "TrialWatch has secured releases and reduced charges for journalists in Morocco, Nigeria, and Peru — this is real legal firepower backed by the Clooney Foundation, not a helpline.", "bestFor": "Journalists facing criminal prosecution abroad. Trial monitoring, fair-trial assessments, diplomatic advocacy, and international court intervention.", "notFor": "Civil disputes, defamation suits, or domestic US press freedom cases. TrialWatch selects cases based on severity and strategic impact — not all requests can be accommodated.", "owner": "Clooney Foundation for Justice", "fundingModel": "Philanthropy", "businessModel": "Nonprofit", "reviewedBy": "Preliminary assessment by Fieldwork", "lastReviewedDate": "2026-04-12" }, { "name": "TrustLaw", "slug": "trustlaw", "url": "https://trfoundation.my.site.com/trustlaw/s/login/SelfRegister", "tagline": "Pro bono legal assistance from 550+ law firms in 170 countries for nonprofit newsrooms.", "category": "legal", "builtForJournalism": false, "whoItsFor": "Nonprofit newsrooms and media organizations that need legal help but lack in-house counsel.", "pricing": "Free", "freeOption": true, "editorialTake": "TrustLaw connects nonprofit newsrooms to a massive network of pro bono lawyers across 170 countries — the scale of the network is the differentiator.", "bestFor": "Nonprofit newsrooms needing help with media law, incorporation, contracts, intellectual property, or regulatory compliance in any country.", "notFor": "Individual journalists or for-profit media companies. TrustLaw serves registered nonprofits and social enterprises.", "owner": "Thomson Reuters Foundation", "fundingModel": "Thomson Reuters corporate", "businessModel": "Nonprofit arm of Thomson Reuters", "reviewedBy": "Preliminary assessment by Fieldwork", "lastReviewedDate": "2026-04-12" }, { "name": "Turboscribe", "slug": "turboscribe", "url": "https://turboscribe.ai", "tagline": "Fast AI transcription with multiple engine options. Free tier available. Cloud-processed with speaker labels, timestamps, and export formats.", "category": "visuals", "openSource": false, "builtForJournalism": false, "whoItsFor": "Journalists who need fast, affordable transcription with flexibility to choose between speed and accuracy. Reporters who transcribe interviews in bulk and want speaker labels, timestamps, and multiple export formats. Anyone who wants cloud transcription without the per-minute costs of Otter.ai's higher tiers.", "pricing": "Free: 3 files/day, up to 30 minutes each, Ninja engine only (lower accuracy). Pro: $10/month (annual) or $16/month (monthly) — unlimited files, all engines (Whisper large-v3, Nova-2, Scribe), speaker labels, AI summaries, priority processing. Business: $24/month (annual) — team features, API access, higher file size limits.", "freeOption": true, "editorialTake": "Turboscribe's value proposition is straightforward: upload audio, pick an engine, get a transcript fast. The multi-engine approach is the differentiator. You can choose OpenAI's Whisper large-v3 for accuracy, Deepgram's Nova-2 for speed, or their own Scribe engine for a balance. This lets journalists match the tool to the task — fast draft from a presser (Nova-2) vs. careful transcript of a key interview (Whisper). Accuracy on clear audio with the Whisper engine is competitive with Good Tape and Otter.ai — roughly 90-95% on clean recordings, lower on noisy audio or heavy accents. Speaker diarization (labeling who said what) works but requires review, especially with more than 2-3 speakers. The free tier (3 files/day, Ninja engine only) is genuinely useful for light users but the Ninja engine's accuracy is noticeably lower than the premium engines. Pro at $10/month annual is competitive — cheaper than Otter.ai Pro ($16.99/month) with comparable features. The privacy story is standard cloud transcription: your audio is uploaded to servers for processing. Turboscribe states it doesn't use uploads for AI training, but the privacy policy isn't as detailed as Good Tape's. No ISO certification, no published DPA, no EU-only server option. For routine transcription of non-sensitive material, it works well and the price is right. For sensitive source interviews, use Whisper locally (MacWhisper for a GUI, whisper.cpp for CLI) or Good Tape (ISO 27001, EU servers, auto-delete). Supports 98+ languages. Export to TXT, SRT, VTT, DOCX, PDF, JSON.", "bestFor": "Bulk transcription on a budget. Choosing between multiple AI engines for different accuracy/speed needs. Quick drafts of press conferences and non-sensitive interviews. Subtitle generation (SRT/VTT export). Multilingual transcription across 98+ languages.", "notFor": "Sensitive source interviews — no ISO certification, no published DPA, no auto-delete of audio. Journalists who need guaranteed local processing. Real-time or live transcription. Users who need a formal Data Processing Agreement for compliance. Newsrooms that require EU-only data residency.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States (cloud-processed). No EU-only server option documented.", "privacyPolicyTldr": "Audio uploaded to cloud servers for processing. States it does not use uploads to train AI models. Specific retention periods, deletion policies, and server locations are not prominently documented. No published Data Processing Agreement. No ISO or SOC 2 certification publicly listed. Standard cloud service privacy posture without the journalism-specific guarantees of tools like Good Tape.", "practicalMitigations": "Do not upload sensitive source interviews or recordings that could identify confidential sources. Use Turboscribe only for routine, non-sensitive transcription (press conferences, public meetings, on-the-record interviews). Delete uploaded files from the platform after downloading transcripts. For sensitive material, use Whisper locally (MacWhisper, whisper.cpp) or Good Tape (ISO 27001, auto-delete, EU servers). Always verify transcripts against original audio before publishing quotes — AI transcription errors are common across all engines.", "owner": "Turboscribe (company details not prominently published). US-based.", "fundingModel": "Not publicly disclosed. Appears to be a bootstrapped or small-team product.", "businessModel": "Freemium SaaS. Free tier (limited) converts to Pro ($10/month annual) or Business ($24/month annual). Revenue from subscriptions.", "knownIssues": "Free tier uses lower-accuracy Ninja engine only — not representative of paid tier quality. No ISO certification, SOC 2, or published security audit. Privacy policy lacks the specificity journalists need for sensitive work. No auto-delete of audio after processing. No EU server option. Speaker diarization accuracy degrades with more than 2-3 speakers. Accuracy drops significantly on noisy audio, heavy accents, and overlapping speech. Company details and ownership are not prominently disclosed — less transparency than competitors like Good Tape or Otter.ai.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "Standard cloud transcription service with HTTPS in transit. States it doesn't train on user data. However, no ISO certification, no SOC 2, no published DPA, no auto-delete, and limited transparency about data handling. Adequate for non-sensitive transcription work but not recommended for confidential source material. Good Tape and local Whisper are better choices when privacy matters." }, { "name": "uBlock Origin", "slug": "ublock-origin", "url": "https://ublockorigin.com", "tagline": "Open-source content blocker. Blocks ads, trackers, and malware domains locally in your browser with zero data collection.", "category": "security", "openSource": true, "threatLevel": "baseline", "whoItsFor": "Every journalist. Anyone who uses a web browser for research, reporting, or daily work.", "pricing": "Free. Open source under GPLv3. Raymond Hill explicitly refuses donations and has no monetization.", "freeOption": true, "editorialTake": "uBlock Origin is the single most effective thing you can install to reduce your digital footprint while browsing. It blocks the tracker ecosystem that can reveal your research interests to ad networks, data brokers, and anyone buying that data downstream. The Chrome situation is now complicated: Google killed Manifest V2 extensions in July 2025, but gorhill migrated uBlock Origin to MV3 and it returned to the Chrome Web Store at v1.70.0 in March 2026. The MV3 version uses declarativeNetRequest instead of webRequest, which means reduced dynamic filtering capability. Firefox remains the best platform — Mozilla committed to keeping the full webRequest API that uBlock Origin needs. Brave also maintains MV2 support for four specific extensions including uBlock Origin. The developer's refusal of all money eliminates every financial conflict of interest. No acceptable-ads program, no corporate partnerships, no telemetry. NOT the same as 'uBlock' (without 'Origin') — that's a different, inferior fork. Also beware Chrome Web Store clones: a 2025 EFF analysis found 73% of top-ranked 'uBlock'-branded Chrome extensions contained hidden tracking pixels or unauthorized remote code execution.", "bestFor": "Blocking trackers that follow your research across sites. Reducing attack surface from malvertising. Privacy while browsing source websites. Stripping analytics that could log journalist visits.", "notFor": "Situations where you need to see ads (competitive research, ad verification). Some paywalled sites break with aggressive blocking. Not a replacement for a VPN or Tor when source protection matters.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Local only. Filter lists are fetched over HTTPS but no user data leaves the browser. No servers, no accounts, no cloud sync.", "privacyPolicyTldr": "No data collection whatsoever. uBlock Origin operates entirely locally. No telemetry, no analytics, no phone-home behavior, no crash reporting. The extension requests broad permissions (access to all URLs) solely to perform content blocking — it transmits nothing.", "practicalMitigations": "Use medium mode for stronger default blocking with manual whitelisting of trusted sites. Keep filter lists updated (they auto-update but check quarterly). If a site breaks, use the per-site switches before disabling entirely. Use the logger to understand what's being blocked — it's the most powerful diagnostic tool in any content blocker. On Chrome, understand you're now running the MV3 version with reduced dynamic filtering. On Firefox, you get the full MV2 experience. Install from official sources only: ublockorigin.com links to the real extension on each store.", "owner": "Raymond Hill (gorhill) — independent open-source developer, sole maintainer since 2014", "fundingModel": "None. Volunteer project. Raymond Hill explicitly refuses donations and has no sponsors. The project has zero revenue.", "businessModel": "None. Pure open source, no monetization, no acceptable-ads program, no data sales, no corporate partnerships.", "knownIssues": "CVE-2025-4215 (CVSS 3.7, low severity): inefficient regex in src/js/1p-filters.js could cause denial of service via crafted filter rules. Patched in v1.63.3b17. Chrome MV3 migration (v1.70.0) loses some dynamic filtering capability compared to MV2 — cosmetic placeholders appear on ~21% of sites under MV3 vs 0% under MV2, per a January 2026 PoPETs study. uBlock Origin Lite was pulled from the Firefox Add-on Store in October 2024 after a dispute with Mozilla reviewers who falsely accused it of data collection and minified code; Hill called the review process 'hostile' and moved the Lite version to self-hosted distribution on GitHub. The classic uBlock Origin extension on Firefox is unaffected. Malicious clones remain a persistent threat — always verify the publisher is 'Raymond Hill' before installing.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Open source, zero data collection, zero monetization, zero financial conflicts. 39M+ combined users across Chrome (29M) and Firefox (10M+) as of late 2025. Code is publicly auditable on GitHub with cryptographically signed releases. One low-severity CVE in 2025, promptly patched. The developer's decade-long refusal of all money is unmatched in the extension ecosystem. Firefox version retains full MV2 capability; Chrome MV3 version is functional but reduced. The biggest real risk isn't the extension itself — it's installing a malicious clone by mistake." }, { "name": "Upscayl", "slug": "upscayl", "url": "https://upscayl.org", "tagline": "Open-source AI image upscaler — enhance low-resolution photos locally on your machine, no cloud required.", "category": "visuals", "openSource": true, "whoItsFor": "Journalists working with low-resolution source images — old archive photos, screenshots, surveillance stills, social media grabs — who need higher resolution for publication. Also useful for enhancing images from tips or documents.", "pricing": "Free (desktop app). Upscayl Cloud is a separate paid service for faster processing.", "freeOption": true, "editorialTake": "Upscayl does AI upscaling entirely on your GPU using Real-ESRGAN models via the Vulkan API. No cloud, no accounts, no network requests during processing. That's the key differentiator: your images never leave your machine. It handles up to 16x upscaling with multiple model options for different use cases — general photos, faces, anime/illustrations. Batch processing is supported. The results are genuinely useful for making low-res source material publishable, though AI upscaling inherently adds detail that wasn't in the original — something to flag in editorial contexts. The desktop app (v2.15.0, December 2024) hasn't seen a release in over a year, but the codebase remains active on GitHub with 40K+ stars. Upscayl Cloud exists as a separate paid product — the desktop app is the one that's open-source and local.", "bestFor": "Upscaling low-resolution photos for publication. Enhancing archive images. Improving screenshot quality. Batch upscaling multiple images. Any upscaling task where images must stay local.", "notFor": "Creating evidence-quality images — AI upscaling adds interpolated detail that wasn't in the original. Real-time processing (it's GPU-intensive). Systems without a compatible GPU (requires Vulkan support). Mobile workflows (desktop only).", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "All local — the desktop app makes no network connections for image processing. Images stay on your machine.", "privacyPolicyTldr": "The desktop app collects nothing and makes no network requests for processing. All computation runs locally on your GPU via the Vulkan API. No accounts, no telemetry, no analytics in the desktop version. Upscayl Cloud is a separate product with different privacy characteristics.", "practicalMitigations": "Use the desktop app, not Upscayl Cloud, for sensitive images. Note that AI-upscaled images contain interpolated detail — disclose this in editorial contexts where image authenticity matters. Verify that your GPU supports Vulkan before installing. Keep the app updated for model improvements and security patches.", "owner": "Upscayl / AI Corp (open-source community project)", "fundingModel": "Community-driven. GitHub Sponsors. Upscayl Cloud revenue likely supports development. No disclosed venture funding.", "businessModel": "Open-source desktop app (AGPL-3.0) with a separate commercial cloud product. Desktop app is fully free with no premium tier or feature gating.", "knownIssues": "Desktop app hasn't had a release since December 2024 (v2.15.0), though GitHub activity continues. Requires a GPU with Vulkan support — won't work on older hardware or many integrated graphics. AI upscaling fundamentally adds detail that wasn't in the original image, which has editorial integrity implications. Upscayl Cloud is a separate closed-source product that processes images on remote servers — don't confuse it with the local desktop app. AGPL-3.0 license has copyleft requirements if you modify and distribute the code.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "reviewDepth": "editorial", "lastReviewedDate": "2026-04-11", "securityRating": "strong", "securityRatingNote": "Open-source under AGPL-3.0, fully local processing via Vulkan GPU, no network connections, no accounts, no telemetry. Images never leave your machine. One of the few AI image tools that runs entirely offline. The separate Upscayl Cloud product does not share these properties — this rating applies only to the desktop app." }, { "name": "US Journalist Assistance Network", "slug": "journalist-assistance-network", "url": "https://cpj.org/us-journalist-assistance-network/", "tagline": "Coordinated legal, safety, immigration, and digital security resources for US journalists.", "category": "legal", "builtForJournalism": true, "whoItsFor": "US-based journalists facing threats, legal challenges, immigration issues, or digital security concerns.", "pricing": "Free", "freeOption": true, "editorialTake": "Five major press freedom organizations pooled their resources into a single intake point — CPJ, FPF, IWMF, PEN America, and RCFP — so journalists don't have to figure out which org to call first.", "bestFor": "US journalists who need help but aren't sure which organization to contact. Legal assistance, physical safety, digital security, and immigration support through one coordinated network.", "notFor": "Journalists outside the US. International journalists should look at CPJ's global programs, Media Defence, or TrialWatch.", "owner": "Committee to Protect Journalists (coalition)", "fundingModel": "Nonprofit coalition", "businessModel": "Nonprofit", "reviewedBy": "Preliminary assessment by Fieldwork", "lastReviewedDate": "2026-04-12" }, { "name": "USAFacts", "slug": "usafacts", "url": "https://usafacts.org", "tagline": "Non-partisan government data platform founded by Steve Ballmer — spending, demographics, outcomes, and trends from 100+ government databases.", "category": "data", "whoItsFor": "Journalists who need contextualized government data for stories — spending, demographics, education, health, immigration, environment. Reporters looking for quick, citable statistics from official sources without building their own datasets. Fact-checkers verifying claims about government performance. Newsrooms producing data visualizations for explainer content. Citizens and educators who want to understand government through data rather than opinion.", "pricing": "Completely free. No premium tier. No paywalls.", "freeOption": true, "editorialTake": "USAFacts takes data from 100+ government databases and makes it understandable. Founded in 2017 by Steve Ballmer (former Microsoft CEO, current LA Clippers owner), it is structured as a 501(c)(3) nonprofit with a simple premise: government data exists but is scattered across agencies in incompatible formats, so most people never see it. USAFacts normalizes and visualizes that data. In 2025, USAFacts earned the highest reliability rating and lowest bias score on the Ad Fontes Media Bias Chart. The 'Just the Facts with Steve Ballmer' video series reached over 65 million viewers before the 2024 election. For journalists, the platform is most useful as a starting point for contextualization — you need a quick chart showing federal spending trends, immigration numbers, or education outcomes, and USAFacts has it pre-built with source citations. The data comes from official government sources (BLS, Census, Treasury, OMB, CDC, etc.), and every number links back to its source. What USAFacts does not do is provide raw data access. It is a presentation and contextualization layer, not a data warehouse. You cannot download bulk datasets or run custom queries the way you can on Data.gov or USASpending.gov. For reporting that needs raw data, go to the source agencies. For reporting that needs context, trends, and visualization, USAFacts is fast and reliable. The Ballmer funding means the organization is well-capitalized relative to other civic data nonprofits — it hired a new CTO in 2025 and continues to expand.", "bestFor": "Quick access to contextualized government statistics with source citations. Visualizing trends in federal and state spending, demographics, health, education, and environment. Fact-checking claims about government performance using official data. Producing charts and data visualizations for news stories. Understanding the federal budget in plain English. Comparing state-level outcomes across metrics.", "notFor": "Raw data downloads or bulk dataset access (use Data.gov, Census, BLS directly). Custom data queries or analysis (this is a presentation layer). Real-time data — USAFacts updates on government reporting schedules. Granular local-level data below the state level for most metrics. International data (use Our World in Data). Primary source data for academic research — always go to the source agencies.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. USAFacts is a 501(c)(3) nonprofit based in the Seattle area.", "privacyPolicyTldr": "No account required to access any data or visualizations. USAFacts uses standard web analytics. The underlying data is from public government sources. No advertising. No paywall. No data brokerage. As a nonprofit, USAFacts does not monetize user data.", "practicalMitigations": "No account required for any functionality — all data and visualizations are freely accessible without registration. The data is sourced from official government databases, so always follow the source link to verify currency and methodology. USAFacts is a secondary source — cite the original government agency for primary sourcing. Use USAFacts for context and trends, but go to the source agency for the definitive numbers.", "owner": "USAFacts Institute (501(c)(3) nonprofit)", "fundingModel": "Philanthropically funded. Founded and primarily funded by Steve Ballmer. Structured as a 501(c)(3) nonprofit. No advertising revenue. No premium subscriptions.", "businessModel": "Nonprofit with philanthropic funding. All data and tools are free and publicly accessible. No revenue generation from users. Sustained by Ballmer's funding and charitable donations. The organization focuses on making government data accessible as a public service.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "strong", "securityRatingNote": "No account required. No personal data collected for basic use. HTTPS throughout. No advertising or commercial tracking. Nonprofit with well-capitalized funding. The data is entirely derived from public government sources. From a privacy and security perspective, this is one of the lowest-risk tools in the directory — you are reading public data on a nonprofit website with no tracking." }, { "name": "USASpending.gov", "slug": "usaspending", "url": "https://usaspending.gov", "tagline": "The official source for federal spending data — contracts, grants, loans, and direct payments, searchable by agency, recipient, and location.", "category": "newsgathering", "additionalCategories": [ "data" ], "whoItsFor": "Investigative journalists tracking federal contracts, grants, and financial awards. Data journalists building spending analysis projects. Reporters covering government accountability, defense spending, or federal aid distribution. Researchers studying how federal money flows to states, districts, and organizations. Newsrooms covering the federal budget at any level of granularity.", "pricing": "Completely free. All data is public and downloadable in bulk.", "freeOption": true, "editorialTake": "USASpending.gov is the single best tool for tracking where federal money goes. It covers every federal award — contracts, grants, loans, direct payments, insurance — going back to FY2001 for award data and FY2017 for account-level data. The federal government spent $7.1 trillion in FY2025, and USASpending tracks every obligation. The interactive tools are genuinely useful: the Spending Explorer lets you drill from total federal spending down to individual awards by budget function, agency, or object class. The Award Search lets you find specific contracts and grants by recipient, location, keyword, or NAICS code. The bulk download feature supports custom exports by agency, award type, and fiscal year. For data journalists, the API is well-documented and reasonably powerful. The site is operated by the Bureau of the Fiscal Service at the U.S. Treasury, and the data comes from agency financial systems and the Federal Procurement Data System. One caveat: there can be a 30-to-90-day lag between when an award is made and when it appears. Beginning in FY2026, the PARK (Program Activity Reporting Key) system replaces existing program activity codes, which will improve data consistency across agencies. For any story involving federal money — who got the contract, which district received the grant, how much an agency spent on consulting — this is where you start.", "bestFor": "Tracking federal contracts awarded to specific companies. Finding grants and financial assistance by recipient organization, state, or congressional district. Analyzing agency spending patterns over time. Building datasets of federal awards for data journalism. Investigating defense contracts, healthcare spending, or federal aid distribution. Bulk downloading award data for analysis.", "notFor": "State and local government spending (use state transparency portals or OpenTheBooks). Real-time spending — there is a 30-to-90-day reporting lag. Campaign finance or political donations (use OpenSecrets/FEC). Tax revenue data (use Treasury's Fiscal Data portal). Detailed line-item budgets before they become obligations. Non-US government spending.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. Operated by the Bureau of the Fiscal Service, U.S. Department of the Treasury. Hosted on federal government infrastructure.", "privacyPolicyTldr": "Federal government website subject to federal privacy laws and OMB policies. No account required to search, explore, or download data. Collects standard web analytics. The spending data is public record. No commercial tracking or advertising.", "practicalMitigations": "No account required — all search, exploration, and bulk download features work without registration. The data is public federal spending records, so there is no sensitivity in accessing it. Cross-reference award data with agency press releases and contract announcements for context. Be aware of the reporting lag: awards made in the current quarter may not yet appear. For large data pulls, use the API or bulk download rather than scraping the web interface. Verify recipient names carefully — the same organization can appear under multiple names or DUNS numbers.", "owner": "U.S. Department of the Treasury, Bureau of the Fiscal Service", "fundingModel": "Federally funded. Required by the DATA Act of 2014 (Digital Accountability and Transparency Act) and maintained by Treasury.", "businessModel": "Government service. No revenue model. Exists to fulfill the statutory mandate for federal spending transparency under the DATA Act.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "strong", "securityRatingNote": "Federal government website operated by the U.S. Treasury on government infrastructure. HTTPS throughout. Subject to federal cybersecurity standards (FISMA). No account required. No commercial tracking or advertising. All data is public record. One of the most straightforward government data tools from a security and privacy perspective." }, { "name": "VeraCrypt", "slug": "veracrypt", "url": "https://veracrypt.fr", "tagline": "Full-disk and volume encryption. The successor to TrueCrypt.", "category": "security", "openSource": true, "threatLevel": "sensitive-reporting", "whoItsFor": "Journalists who carry sensitive materials across borders or need encrypted storage that resists forensic analysis. Also researchers, activists, and anyone whose devices might be seized.", "pricing": "Free. Open source (Apache 2.0 + TrueCrypt License).", "freeOption": true, "editorialTake": "VeraCrypt is the gold standard for encrypting storage volumes. Two independent audits — QuarksLab (2016, funded by OSTIF/EU-FOSSA) and Fraunhofer SIT for Germany's BSI (2020) — found no serious cryptographic flaws. The FBI has stated in court filings it cannot break VeraCrypt and has no backdoor. No publicly documented case exists of VeraCrypt encryption being defeated through cryptanalysis. The hidden volume feature (plausible deniability) remains unique among encryption tools, though it has real forensic limitations journalists should understand. Current version 1.26.24 (May 2025) adds RAM encryption for master keys on 64-bit Windows, cold boot attack mitigation, and screen capture protection. The project is maintained primarily by one developer (Mounir Idrassi at IDRIX), which is both its strength (small attack surface, no corporate pressure) and its risk (bus factor of one). For border crossings with sensitive materials, VeraCrypt on an encrypted USB remains standard operational security.", "bestFor": "Encrypting hard drives, USB drives, or creating encrypted containers for sensitive documents. Protecting data if devices are seized at borders or during raids. Cross-platform encrypted volumes that work on Windows, macOS, and Linux. Creating hidden volumes for plausible deniability in hostile environments.", "notFor": "Beginners — the interface is complex and a misconfiguration can mean permanent data loss. Quick file sharing (use Signal). macOS users who only need full-disk encryption (FileVault with Apple Silicon hardware encryption is simpler and faster). Enterprise environments needing centralized key management (BitLocker or LUKS with Clevis are better fits).", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Local only. All encryption and decryption happens on your device. No data leaves your machine. No accounts, no servers, no telemetry.", "privacyPolicyTldr": "No network connectivity, no telemetry, no accounts, no crash reporting by default. VeraCrypt is a local application that never contacts a server. The 1.26.24 release added optional crash reporting via a separate VeraCrypt-CrashCollector tool, but it's opt-in only.", "practicalMitigations": "Use strong passphrases (20+ characters). Enable cascaded encryption (AES-Twofish-Serpent) for maximum protection against future cryptanalytic advances. Use hidden volumes for plausible deniability — but understand their limits (see Known Issues). On 64-bit Windows, enable RAM encryption in Performance settings to protect master keys against cold boot attacks (10% memory overhead). Back up volume headers to a separate secure location — a corrupted header means permanent, irrecoverable data loss. Never leave volumes mounted when crossing borders. On macOS with Apple Silicon, use FUSE-T instead of macFUSE for better compatibility. Use PBKDF2-SHA512 or PBKDF2-Whirlpool with high iteration counts (500,000+ for non-system volumes by default).", "owner": "IDRIX (open-source project maintained primarily by Mounir Idrassi)", "fundingModel": "Donations, EU grant (EU-FOSSA audit 2016), German BSI grant (Fraunhofer SIT audit 2020). No corporate funding. No recurring institutional support.", "businessModel": "None. Volunteer-maintained open source with a solo primary maintainer. Bus factor of one is the project's biggest structural risk.", "knownIssues": "Hidden volume plausible deniability has real limitations: forensic researchers (Kedziora et al., 2017) demonstrated detection via cross-drive analysis, Windows Volume Shadow Copies, and outer volume file system analysis. Deniability fails if the system is seized while mounted. File-hosted containers offer weak deniability because a file of pure random data is inherently suspicious. LUKS uses Argon2 (memory-hard) for key derivation by default, which is more resistant to GPU-accelerated attacks than VeraCrypt's PBKDF2. Forensic tools like Passware Kit Forensic can extract master keys from RAM dumps or hibernation files (hiberfil.sys) — always disable hibernation on encrypted systems. Cold boot attack mitigation (RAM encryption) is Windows 64-bit only and not enabled by default. The BSI/Fraunhofer audit noted RIPEMD-160 is deprecated and code quality could improve. CVE-2024-54187 (path hijacking) and CVE-2025-23021 (mounting on system directories) were fixed in 1.26.18. macOS: no full-disk encryption support — only volume/container encryption. Requires FUSE-T or macFUSE as a dependency on macOS.", "reviewedBy": "Deepened editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Two independent security audits (QuarksLab 2016 for EU-FOSSA, Fraunhofer SIT 2020 for German BSI) found no serious cryptographic vulnerabilities. FBI has stated in court it cannot break VeraCrypt and has no backdoor. No publicly documented case of VeraCrypt encryption defeated through cryptanalysis. Supports AES, Serpent, Twofish, and cascaded combinations with 500,000+ PBKDF2 iterations. RAM encryption for master keys available on 64-bit Windows (since v1.24). Active development: v1.26.24 released May 2025 with screen capture protection and ARM64 SHA-256 acceleration. Hidden volume feature provides plausible deniability unique among encryption tools, though with forensic limitations." }, { "name": "VesselFinder", "slug": "vessel-finder", "url": "https://www.vesselfinder.com", "tagline": "Real-time ship tracking via terrestrial and satellite AIS — affordable alternative to MarineTraffic with global coverage, 90-day history on top tier, and no-account browsing.", "category": "newsgathering", "additionalCategories": [ "verification" ], "whoItsFor": "Investigative journalists tracking vessel movements for sanctions evasion, smuggling, environmental damage, or maritime accident stories. OSINT researchers monitoring port activity and fleet movements. Logistics professionals and shipping analysts. Anyone who needs quick ship identification and position data without a premium enterprise contract.", "pricing": "Free tier with 1-day track history and 10-vessel fleet. Basic plan at $4/month or $12/year adds 3-day history and 20 vessels. Premium at $34/month or $179/year gives 7-day terrestrial history and 500 vessels. Satellite tier at $139/month or $1,399/year provides global satellite AIS coverage, 90-day track history, and 2,000-vessel fleet capacity.", "freeOption": true, "editorialTake": "VesselFinder is the most accessible ship-tracking platform for journalists who need quick vessel lookups without enterprise pricing. The free tier lets you search any vessel by name, MMSI, or IMO number, see its current position on a live map, and view basic specs — all without creating an account. For casual maritime lookups during breaking news, that's often enough.\n\nThe platform uses the same underlying data source as MarineTraffic — Automatic Identification System broadcasts from vessels — but packages it at significantly lower price points. The Satellite tier at $1,399/year provides 90-day track history with global satellite AIS coverage, compared to MarineTraffic where equivalent satellite archive access typically requires enterprise negotiation. For independent journalists or small newsrooms, this pricing difference matters.\n\nVesselFinder operates a network of terrestrial AIS receivers plus satellite AIS partnerships for open-ocean coverage. The terrestrial network is smaller than MarineTraffic's 13,000+ stations, which means coastal coverage gaps are more likely in remote areas. Satellite AIS (available only on the top tier) fills these gaps but with lower update frequency than real-time terrestrial data.\n\nThe platform covers the basics well: vessel search, live map, port information, container tracking (limited on lower tiers), fleet management, and photo galleries from ship spotters. Historical track playback is the key paid feature — the free tier shows only the last 24 hours, which makes it useless for reconstructing past voyages.\n\nThe same caveats that apply to all AIS-based tracking apply here: vessels can turn off transponders, spoof positions, or broadcast false identities. VesselFinder shows what AIS reports, not necessarily where ships actually are. For sanctions-evasion or dark-fleet investigations, always cross-reference with satellite imagery and independent registries.\n\nVesselFinder is based in Bulgaria. The company behind it is Astra Paging Ltd, a Bulgarian company that has operated the platform since 2011. It is a smaller, privately held company compared to MarineTraffic (now owned by Kpler). The lean corporate structure means less overhead but also less transparency about data processing practices compared to EU-headquartered competitors operating under GDPR-native governance.\n", "bestFor": "Quick vessel identification and position checks during breaking maritime stories. Budget-friendly ship tracking for independent journalists and small newsrooms. Monitoring specific vessels with the fleet tracker. Container shipment tracking. Cross-referencing vessel positions reported in press releases or official statements. Entry point for maritime OSINT before committing to enterprise tools.", "notFor": "Deep historical archive research going back years — VesselFinder's maximum history is 90 days even on the top tier (MarineTraffic archives go back to 2010). Investigations requiring vessel ownership chains and corporate structure data — use Equasis or Lloyd's List. Tracking dark vessels with AIS disabled — you need satellite imagery. Academic research requiring bulk data exports or API access at scale.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "Bulgaria (European Union). VesselFinder is operated by Astra Paging Ltd, a Bulgarian company. Bulgaria is an EU member state, so GDPR applies. Server infrastructure location is not publicly disclosed.", "privacyPolicyTldr": "Standard web analytics and account data collection for registered users. Free browsing without an account is possible with basic tracking. Payment data collected for subscribers. The platform displays publicly broadcast AIS data, which is not personal information. Privacy policy follows GDPR requirements as an EU-based company. No detailed transparency report or Trust Center published.", "practicalMitigations": "For sensitive investigations, use the free tier without logging in for initial vessel lookups — no account means no search history tied to you. If you need paid features, create a dedicated account with a work email unrelated to your investigation. The 90-day history limit on the top tier means you should screenshot and export track data immediately when you find it — unlike platforms with permanent archives, this data may age out. Cross-reference all VesselFinder positions against MarineTraffic and Equasis to confirm data consistency. Verify vessel identity by IMO number, not name. For vessels operating in areas with sparse terrestrial coverage, confirm that satellite AIS data is available before relying on position reports.\n", "owner": "Astra Paging Ltd, a privately held Bulgarian company. Founded in 2011. Operates independently — not part of a larger maritime intelligence conglomerate. Small team compared to MarineTraffic/Kpler.", "fundingModel": "Self-funded through subscription revenue and advertising on the free tier. No known venture capital or private equity investment. Revenue comes from individual subscribers, small businesses, and advertising.", "businessModel": "Freemium with advertising. Free tier supported by ads, paid tiers remove ads and unlock extended history, satellite data, and larger fleet capacity. Pricing is transparent and published, unlike enterprise-negotiated competitors. Most revenue likely comes from the Professional and Satellite tiers used by shipping companies, logistics firms, and researchers.", "knownIssues": "Limited historical depth: Maximum 90-day track history even on the most expensive tier. For investigations requiring months or years of historical vessel movements, MarineTraffic or specialized maritime intelligence platforms are necessary.\n\nSmaller terrestrial network: VesselFinder's AIS receiver network is smaller than MarineTraffic's 13,000+ stations, meaning potential coverage gaps in remote coastal areas. Satellite AIS compensates but is only available on the $139/month tier.\n\nAIS reliability: Like all AIS-based platforms, VesselFinder is vulnerable to transponder manipulation. Vessels evading sanctions routinely spoof, disable, or falsify AIS data. The platform has no built-in spoofing detection or dark-vessel alerting.\n\nLimited corporate transparency: Astra Paging Ltd publishes minimal information about its data processing practices, infrastructure, or security measures compared to larger competitors. No public Trust Center or detailed security documentation.\n\nNo API for bulk research: Unlike MarineTraffic or other enterprise platforms, VesselFinder does not offer a documented public API for programmatic access or bulk vessel queries. Research is limited to the web interface.\n", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "securityRating": "adequate", "securityRatingNote": "EU-based company operating under GDPR with HTTPS encryption in transit. The underlying data is publicly broadcast AIS information — low sensitivity. Free browsing without an account minimizes data exposure for casual lookups. Limited corporate transparency about infrastructure and security practices compared to larger competitors. No public record of data breaches. Main journalist concern is search-history exposure if using a logged-in account during sensitive investigations, not the vessel data itself." }, { "name": "Violation Tracker", "slug": "violation-tracker", "url": "https://violationtracker.goodjobsfirst.org", "tagline": "700,000+ corporate penalties totaling over $1 trillion since 2000. The largest free corporate misconduct database in the world.", "category": "newsgathering", "additionalCategories": [ "data" ], "builtForJournalism": false, "whoItsFor": "Investigative reporters covering corporate accountability, regulatory enforcement, white-collar crime, and environmental violations. Business reporters building company compliance profiles. Academic researchers studying corporate misconduct patterns. ESG analysts and labor organizers tracking repeat offenders.", "pricing": "Free search and display. Paid subscriptions for downloads and saved searches. Tier 3: $150/month ($1,500/year) for up to 10,000 downloads per search and 25 saved searches. Academic bulk datasets available by contacting Philip Mattera directly.", "freeOption": true, "editorialTake": "Violation Tracker does something no other free tool does: it aggregates enforcement actions from 450+ federal, state, and local agencies into one searchable database. Environmental fines, wage theft settlements, workplace safety penalties, consumer protection actions, antitrust cases, financial fraud penalties — all linked to parent companies. That parent-subsidiary matching is the killer feature. Agency records rarely indicate corporate ownership. Violation Tracker maps 1,900+ parent companies to their subsidiaries, so a search for 'Amazon' surfaces penalties against subsidiaries that would otherwise be invisible. The data covers 2000 to present and includes both civil and criminal cases. It's been cited by the New York Times, Wall Street Journal, Financial Times, Bloomberg BusinessWeek, Fortune, and the LA Times. EPA ECHO is deeper on environmental compliance (800,000+ regulated facilities, weekly updates, 130+ data fields per facility), but it only covers environmental statutes. Violation Tracker is shallower per agency but vastly wider — banking, labor, consumer protection, safety, discrimination, price-fixing, bribery, and more, all in one place. Launched in 2015, now expanded to Violation Tracker UK (117,000 cases from 80 UK agencies since 2010) and Violation Tracker Global (57 countries, focused on 1,600 multinationals). Directed by Philip Mattera at Good Jobs First's Corporate Research Project.", "bestFor": "Researching a company's full enforcement history across agencies before an interview. Identifying repeat corporate offenders in specific violation categories. Finding patterns in industry-wide regulatory actions. Background research for investigative business stories. Comparing penalty totals across parent companies. Academic research on corporate misconduct trends.", "notFor": "Real-time enforcement monitoring — updates happen periodically, not live. International coverage beyond the 57 countries in VT Global. Environmental compliance details at the facility level (use EPA ECHO for that). Privately held small businesses or individuals. Consent decrees or non-monetary enforcement actions that don't involve a penalty amount.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States. Good Jobs First is a 501(c)(3) based in Washington, DC. All US data sourced from public federal, state, and local government enforcement records. UK and Global versions hosted separately.", "privacyPolicyTldr": "Public database of public records. No account required for searching and viewing results. Subscribers provide email and payment info. Good Jobs First collects minimal user data. The underlying enforcement data is inherently public information drawn from government sources.", "practicalMitigations": "Always cross-reference findings with original agency records — Violation Tracker aggregates but sometimes lags behind the latest enforcement actions. Use the parent company search to capture violations across subsidiaries. Verify penalty amounts and dates against primary sources before publication. For environmental stories, supplement with EPA ECHO for facility-level compliance detail. Note that only cases with monetary penalties are included — non-monetary enforcement actions are excluded.", "owner": "Good Jobs First (501(c)(3) nonprofit, Washington, DC). Founded 1998 by Greg LeRoy. Corporate Research Project directed by Philip Mattera since 2001.", "fundingModel": "Nonprofit funded by foundations and grants, including Ford Foundation and Surdna Foundation. Subscription revenue from paid download tiers. Academic licensing fees for bulk datasets (400+ faculty and graduate students at 274 universities in 35 countries have licensed full datasets).", "businessModel": "Free public search tool supported by nonprofit funding. Revenue supplemented by tiered subscriptions for data downloads and saved searches, plus academic bulk licensing. No advertising. No commercial data resale.", "knownIssues": "Data updates are periodic, not real-time — new enforcement actions can take months to appear. Only includes cases with monetary penalties; non-monetary enforcement actions and consent decrees without fines are excluded. Parent-subsidiary matching, while excellent, covers ~1,900 parents — smaller or newly restructured corporate families may not be fully mapped. Agency source data quality varies: some agencies publish enforcement data inconsistently or with long delays. European environmental and labor enforcement data is particularly sparse in the Global version due to poor government disclosure practices. Download and saved-search features require a paid subscription. The free tier shows results but restricts some data fields.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "Public database of public records operated by an established 501(c)(3) nonprofit since 2015. No account required for basic searches. Minimal data collection. No tracking concerns for journalist use. The only privacy consideration is that paid subscribers provide payment information through the subscription system." }, { "name": "VirusTotal", "slug": "virustotal", "url": "https://www.virustotal.com", "tagline": "Scan suspicious files and URLs against 70+ antivirus engines before opening them.", "category": "security", "openSource": false, "threatLevel": "baseline", "whoItsFor": "Journalists who receive unsolicited files, links, or attachments from unknown sources. Reporters covering cybersecurity who need to verify threat claims before publishing. Anyone who wants a second opinion before opening a download.", "pricing": "Free for individual scans (web interface, 500 API requests/day at 4/minute). VirusTotal Premium starts around $20,000-$50,000/year depending on API volume and seats. Enterprise tiers with Private Scanning run into six figures.", "freeOption": true, "editorialTake": "VirusTotal is the default tool for checking whether a file or URL is malicious. It scans against 70+ antivirus engines simultaneously — far better coverage than any single product. But the privacy trade-off is severe and poorly understood. Every file you upload to the free tier is stored permanently, shared with VirusTotal's antivirus partners, and made downloadable by any premium subscriber. That includes intelligence agencies, security firms, and potentially the very threat actors you're investigating — sophisticated adversary groups actively monitor VirusTotal for submissions of their tools to track who's analyzing them. In July 2023, a VirusTotal employee accidentally uploaded a CSV containing names and emails of 5,600 premium customers, including personnel from the FBI, NSA, US Cyber Command, and German federal police. The file was downloaded before removal. Google owns VirusTotal through its Google Cloud security division (formerly Chronicle). For journalists: use hash lookups and URL checks freely. Never upload a file a source sent you. If you must analyze a suspicious file, use the SHA-256 hash lookup first — it checks whether anyone else has already submitted the same file without exposing your copy.", "bestFor": "Checking suspicious email attachments before opening. Verifying whether a URL is known-malicious. Looking up file hashes (SHA-256) without uploading the file itself. Validating threat intelligence claims before publishing.", "notFor": "Scanning confidential or sensitive documents — uploaded files are permanently stored and shared with 70+ vendors and premium subscribers. Replacing endpoint antivirus. Anything where you need to keep the file private. If you need private sandboxed analysis, look at ANY.RUN, Joe Sandbox, or Hybrid Analysis instead.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (Google Cloud infrastructure). Files uploaded to the free tier are stored indefinitely and shared with antivirus vendor partners and premium subscribers worldwide. Private Scanning (paid) keeps files within your organization's scope.", "privacyPolicyTldr": "Every file uploaded to VirusTotal is shared with antivirus vendor partners who are contractually bound to use samples for internal security purposes only. But premium subscribers can also download submitted files. URLs, file hashes, and scan metadata are logged. Submitted files cannot be reliably deleted — VirusTotal's own FAQ acknowledges removal requests but makes no guarantees. Private Scanning (enterprise paid tier) prevents third-party sharing, but only if the file hasn't also been uploaded through the standard service. Google's privacy policy applies to account data.", "practicalMitigations": "Never upload confidential source documents. Use SHA-256 hash lookups instead — this checks whether the file is already in VirusTotal's database without exposing your copy. Check URLs by pasting the link, not by uploading page content. If you must analyze a sensitive file in a sandbox, use Private Scanning (paid) or a local sandbox tool like Cuckoo. Be aware that threat actors monitor VirusTotal submissions — uploading a file can tip off the sender that you're investigating it. Use a VPN and avoid scanning from identifiable accounts when checking files related to active investigations.", "owner": "Google LLC. Acquired VirusTotal (founded in Spain by Hispasec Sistemas) in September 2012. Moved under Chronicle (Alphabet cybersecurity subsidiary) in January 2018. Chronicle merged into Google Cloud in June 2019. Now part of Google Cloud's security operations division.", "fundingModel": "Google-funded. Operating costs absorbed by Google Cloud's security portfolio.", "businessModel": "Free individual scans drive the scanning corpus — every free upload feeds the dataset that premium customers pay to access. Revenue from Premium API subscriptions ($20K-$50K+/year), Enterprise Private Scanning, and Google Threat Intelligence (GTI) bundles sold to security teams, government agencies, and antivirus vendors.", "knownIssues": "July 2023 data leak: A VirusTotal employee accidentally uploaded a CSV file containing names and email addresses of 5,600 premium customers to the platform itself. Exposed organizations included the FBI, NSA, US Cyber Command, US Department of Justice, German federal police, and intelligence agencies from the Netherlands, Taiwan, and the UK. The file was live for about an hour and was downloaded before removal. VirusTotal attributed it to human error and implemented new internal controls. Separately: uploaded files are permanently stored and accessible to premium subscribers, creating a persistent risk that sensitive documents submitted by mistake cannot be fully retracted. Adversary groups are known to monitor VirusTotal for submissions of their custom malware, using these uploads as intelligence about which organizations are investigating them.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "Strong scanning coverage across 70+ engines — best-in-class for multi-engine file and URL analysis. The privacy model is the weak point: free-tier uploads are permanently stored and shared with vendors and premium subscribers. The 2023 customer data leak demonstrated operational security gaps. Google ownership provides infrastructure reliability but means Google's data practices apply to account data. Rating stays 'adequate' because the tool works exactly as designed — the risk is users not understanding what 'upload' means here." }, { "name": "Watch Duty", "slug": "watch-duty", "url": "https://www.watchduty.org", "tagline": "Real-time wildfire tracking from 150+ trained volunteer monitors. Faster than official alerts. Critical for western US journalists covering fire.", "category": "newsgathering", "builtForJournalism": false, "whoItsFor": "Journalists covering wildfires, emergency management, and climate in the western United States. Beat reporters in California, Oregon, Washington, Colorado, and other fire-prone states. Assignment editors who need to deploy crews to active fires before official channels catch up. Any reporter who needs real-time fire intelligence faster than CAL FIRE or InciWeb.", "pricing": "Free to download and use for basic fire alerts and maps. Membership: $7.99/month or $59.99/year — adds flight tracker for firefighting aircraft, advanced notifications, and supports the nonprofit. All critical fire alerts are available on the free tier.", "freeOption": true, "editorialTake": "Watch Duty is the wildfire tracking app that changed how California journalists cover fire. Launched as a volunteer project and now operating as a 501(c)(3) nonprofit (Sherwood Forestry Service, Inc.), it provides real-time wildfire reports from a network of 150+ trained volunteer monitors — firefighters, dispatchers, and first responders who listen to scanner traffic and official channels 24 hours a day. The reports hit the app faster than official government alerts. During the 2023 and 2024 California fire seasons, Watch Duty consistently broke fire information 15-45 minutes before CAL FIRE's public updates. The Washington Post, New York Times, and Wired have covered it as a critical public safety tool. For journalists, the value is straightforward: Watch Duty tells you where fires are burning, how fast they're moving, what evacuations are ordered, and where firefighting aircraft are operating — in real time, on a map, with photos submitted by monitors on the ground. The app covers all 50 US states, though monitor density is highest in California and the western US. The flight tracker (members only) shows air tanker and helicopter operations, which is useful for both coverage and crew safety when deploying to fire zones. The satellite imagery layer shows fire perimeters derived from VIIRS and GOES-16 data. Air quality readings, wind data, and red flag warnings are integrated. The limitations are honest ones. This is a volunteer network, not an official government agency. Monitor coverage varies by region — rural areas with fewer volunteers may have slower reporting. The app depends on scanner access and official radio channels, which means it's only as fast as the first monitor who hears the dispatch. Reports are crowd-verified but not formally QA'd in the traditional editorial sense. For California and western US fire coverage, Watch Duty has become essential infrastructure. Featured in The Washington Post and NYT for a reason.", "bestFor": "California and western US wildfire coverage. Breaking fire news before official channels. Deployment decisions for photo and video crews. Real-time evacuation and road closure awareness. Air operations tracking during major incidents. Beat reporters covering fire, climate, and emergency management.", "notFor": "International wildfire coverage — this is US-only. Journalists in regions with low volunteer monitor density (coverage varies by state). Anyone needing official, verified government data for publication attribution — cite CAL FIRE or InciWeb for official sourcing, use Watch Duty for speed and situational awareness. Newsrooms covering non-wildfire emergencies (hurricanes, floods) — Watch Duty is fire-specific.", "encryptionInTransit": "yes", "encryptionAtRest": "unknown", "dataJurisdiction": "United States. Sherwood Forestry Service, Inc. is a US 501(c)(3) nonprofit. App data processed and stored on US infrastructure.", "privacyPolicyTldr": "Watch Duty collects location data to provide fire alerts relevant to your area. The app has a published privacy policy. As a nonprofit, the organization has no advertising revenue model and no incentive to sell user data. Location data is used for alert targeting. Membership data (if you subscribe) is handled via standard app store billing.", "practicalMitigations": "Be aware that Watch Duty requires location access to deliver relevant alerts — review location permission settings on your device. For journalists covering sensitive stories where location tracking is a concern, use Watch Duty on a separate device or disable location when not actively monitoring fires. Do not cite Watch Duty as an official source in published reporting — use it for situational awareness and speed, then confirm with CAL FIRE, InciWeb, or local fire agencies for attribution. Photo submissions to Watch Duty are public — do not submit images that reveal sensitive locations or ongoing investigations.", "owner": "Sherwood Forestry Service, Inc. (US 501(c)(3) nonprofit)", "fundingModel": "Nonprofit. Revenue from memberships ($7.99/month or $59.99/year), donations, and grants. No venture capital. No advertising. Featured in major media outlets (Washington Post, NYT, Wired) which has driven membership growth.", "businessModel": "Freemium nonprofit. Core fire alerts and maps are free. Membership adds flight tracker, advanced notifications, and supports operations. All revenue funds the volunteer monitoring network and app development. No advertising. No data monetization.", "knownIssues": "Monitor coverage is uneven — California has the densest network, while some states have minimal volunteer presence. Reports are volunteer-generated and scanner-sourced, not official government data — accuracy depends on monitor quality and radio access. The app has experienced high-load issues during major fire events when hundreds of thousands of users check simultaneously. Not useful for non-wildfire emergencies. Membership pricing increased from the original levels as the organization grew. The flight tracker feature is paywalled, which some users have criticized given the nonprofit mission.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "Nonprofit with no advertising or data monetization model. Encrypted in transit. Requires location data for core functionality, which is a standard trade-off for a geolocation-based alert app. No known data breaches or privacy incidents. Rating reflects a straightforward utility app from a mission-driven nonprofit — adequate for its purpose with no unusual trust concerns." }, { "name": "Wayback Machine", "slug": "wayback-machine", "url": "https://web.archive.org", "tagline": "Access archived versions of web pages going back to 1996. Over 1 trillion pages captured.", "category": "verification", "additionalCategories": [ "newsgathering" ], "openSource": false, "builtForJournalism": false, "whoItsFor": "Investigative journalists, fact-checkers, OSINT researchers, and anyone who needs to prove what a website said at a specific point in time. Also essential for researchers tracking government transparency and policy changes.", "pricing": "Free", "freeOption": true, "editorialTake": "The Wayback Machine is irreplaceable infrastructure for accountability journalism. When the Trump administration quietly removed pages from federal websites in early 2025, the Wayback Machine caught it all — journalists pulled archived .gov pages and showed exactly what text disappeared and when. When a company deletes a press release, when a politician edits a statement, when a government agency scrubs data — the Wayback Machine probably has it. Hit 1 trillion archived pages in October 2025. Nothing else comes close to that depth. But the tool is under siege from multiple directions: a 31-million-user data breach in October 2024, DOGE-driven federal funding cuts in 2025, and 241+ news publishers now blocking its crawlers over AI scraping fears. Use it while it's still comprehensive — and always pair it with archive.today for redundancy.", "bestFor": "Proving what a website said on a specific date. Recovering deleted government pages, corporate statements, or news articles. Documenting changes over time. Tracking disinformation networks through archived site analytics codes. Verifying or debunking claims about domain ownership and website history.", "notFor": "Real-time archiving of pages you're browsing now (use Hunchly or archive.today for on-demand captures). Guaranteed completeness — coverage of news homepages dropped 87% between May and October 2025 due to crawling breakdowns. Pages excluded by robots.txt or publisher blocks (NYT, Guardian, 241 Gannett properties now block the Archive's crawlers).", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States — Internet Archive is a San Francisco-based 501(c)(3) nonprofit. Operates its own data centers with 212+ petabytes of data (including redundancy).", "privacyPolicyTldr": "Browsing history and search queries may be logged. No account required for basic use. Archives are publicly accessible. After the October 2024 breach, 31 million user records (emails, screen names, bcrypt-hashed passwords) were stolen — if you had an account, assume your credentials were exposed.", "practicalMitigations": "Use 'Save Page Now' to archive pages before they disappear — also works via email (savepagenow@archive.org). Always pair with archive.today: it bypasses robots.txt blocks that stop the Wayback Machine and captures pages on demand every 5 minutes. Don't rely on the Wayback Machine alone for news content — publisher blocks are growing fast. Use Tor Browser if your search queries are sensitive. If you had an Internet Archive account before October 2024, change your password and check Have I Been Pwned.", "owner": "Internet Archive (nonprofit, 501(c)(3)), founded 1996 by Brewster Kahle", "fundingModel": "Individual donations, grants, digitization contracts. Lost $345K NEH grant and $250K IMLS grant in 2025 DOGE cuts. Federal grants later partially reinstated by court order. Donations remain the primary lifeline.", "businessModel": "Nonprofit", "knownIssues": "October 2024: SN_BLACKMETA hackers breached 31 million user accounts and launched sustained DDoS attacks; site went offline for days, returned read-only Oct 14, full service restored Nov 4. May-October 2025: 87% drop in news homepage captures due to archiving project breakdowns. February 2026: 241+ news sites (NYT, Guardian, 200+ Gannett properties) now block Internet Archive crawlers via robots.txt, citing AI scraping concerns. September 2024: Lost Hachette v. Internet Archive appeal — Second Circuit ruled controlled digital lending is not fair use; IA declined Supreme Court review in December 2024. April 2025: DOGE cut two active federal grants totaling ~$595K.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "caution", "securityRatingNote": "Downgraded from 'adequate' after the October 2024 breach exposed 31 million user records. The Archive is a trusted nonprofit with a 28-year track record, but its security posture failed under sustained attack. Browsing is logged, no E2EE for searches. Use Tor for sensitive queries. The publisher-blocking trend is a reliability concern, not a security one — but it means the archive's coverage of news content is shrinking in real time." }, { "name": "WhatsApp", "slug": "whatsapp", "url": "https://www.whatsapp.com", "tagline": "E2E encrypted messaging owned by Meta. Strong encryption, hostile metadata environment. Use Signal instead.", "category": "messaging", "openSource": false, "threatLevel": "sensitive-reporting", "whoItsFor": "Journalists in regions where WhatsApp is the dominant messaging platform — India, Brazil, sub-Saharan Africa, the Middle East — and sources will not use alternatives.", "pricing": "Free", "freeOption": true, "editorialTake": "WhatsApp uses the Signal protocol for end-to-end encryption. The cryptography is sound: Curve25519, AES-256, HMAC-SHA256, Double Ratchet with perfect forward secrecy. The problem is everything Meta wraps around it. Meta collects extensive metadata — who you talk to, when, how often, IP addresses, device info, location — and shares it across the Meta family of companies. In September 2025, former WhatsApp security head Attaullah Baig sued Meta alleging 1,500 engineers had unrestricted access to user metadata with no audit trail, and that Meta ignored 100,000+ daily account takeovers. A class action filed in January 2026 accuses Meta of misleading 3 billion users about the real scope of E2E encryption protections. In January 2025, WhatsApp disclosed that ~90 journalists and activists were targeted with Paragon Solutions' Graphite spyware via zero-click attacks. Citizen Lab confirmed three European journalists were hit, including Italian investigative reporter Francesco Cancellato. The US government purchased Graphite for ICE operations. Separately, Meta won a $167.3M jury verdict against NSO Group in May 2025 over the 2019 Pegasus campaign that targeted 1,400 users across 51 countries. A permanent injunction against NSO followed in October 2025. Meta AI is now embedded in WhatsApp with no option to fully disable or remove it. In the EU, Meta was fined €200M in April 2025 for DMA violations related to cross-platform data usage. WhatsApp Business accounts break E2E encryption entirely — messages to businesses become 'subject to the business's own privacy practices' and Meta can use that data for marketing. Cloud backups on Google Drive and iCloud are not E2E encrypted by default; WhatsApp added passkey-based encrypted backups in October 2025, but most users have not enabled them. The FBI can obtain WhatsApp metadata in near-real-time via pen register, every 15 minutes. Meta disclosed data in response to 78% of law enforcement requests in 2024. For journalists in the Global South where WhatsApp has 2 billion+ users and Signal penetration is low, WhatsApp is often the only practical option. But it should be treated as a compromise, never a first choice.", "bestFor": "Communication in regions where WhatsApp is ubiquitous and sources refuse or cannot use Signal. Reaching audiences in the Global South. Better than unencrypted SMS or email.", "notFor": "Sensitive source communication when Signal is an option. Anything involving confidential tiplines. Communication with at-risk sources in countries with aggressive surveillance programs. The metadata exposure alone can identify source relationships.", "encryptionInTransit": "yes", "encryptionAtRest": "partial", "dataJurisdiction": "United States (Meta headquarters, Menlo Park, CA). Metadata stored on Meta's servers with no geographic restrictions on access. Message content is E2E encrypted on-device but cloud backups may sit unencrypted on Google/Apple servers unless the user manually enables encrypted backups.", "privacyPolicyTldr": "Messages are E2E encrypted using the Signal protocol, but Meta collects extensive metadata: contacts, usage patterns, IP addresses, device information, location, and interaction timestamps. Meta shares data across its family of companies (Facebook, Instagram, Threads). As of December 2025, Meta uses AI chat data to personalize ads across all its platforms. In the EU, DMA compliance requires Meta to seek consent for cross-platform data combination, but enforcement has been inconsistent — Meta was fined €200M in April 2025. WhatsApp Business messages break E2E guarantees entirely. No opt-out from Meta AI integration exists. US users have no mechanism to prevent data from being used for AI training.", "practicalMitigations": "Enable encrypted backups immediately (Settings > Chats > Chat Backup > End-to-end Encrypted Backup — passkey option available since October 2025). Enable disappearing messages for all sensitive conversations. Disable cloud backup entirely if possible. Never discuss sources or sensitive reporting on WhatsApp when Signal is available. Verify security codes with contacts in person. Review linked devices regularly. Do not interact with Meta AI within WhatsApp — any AI conversation data feeds Meta's ad targeting. Avoid WhatsApp Business accounts for source communication. Be aware that even with E2E encryption, Meta knows who you talk to, when, and from where — and discloses that metadata to law enforcement in 78% of requests. In high-risk environments, use a dedicated device with a separate phone number.", "owner": "Meta Platforms, Inc. (NASDAQ: META)", "fundingModel": "Subsidiary of Meta. Acquired by Facebook in 2014 for $19B. Part of Meta's $165B+ annual revenue ecosystem.", "businessModel": "Free to users. Revenue from WhatsApp Business API, click-to-WhatsApp ads on Facebook/Instagram, and growing integration with Meta's advertising infrastructure. Ads rolling out in Status and Channels tabs, targeted using location, age, and engagement data.", "knownIssues": "Paragon Graphite spyware (January 2025): ~90 journalists and activists targeted via zero-click attacks delivered through malicious PDFs. Citizen Lab confirmed Italian journalists Francesco Cancellato and Ciro Pellegrino among victims. Vulnerability patched in iOS 18.3.1 (CVE-2025-43200). NSO Group Pegasus (2019 campaign): 1,400 users across 51 countries targeted. Court found NSO liable December 2024; Meta awarded $167.3M in damages May 2025; permanent injunction issued October 2025. Whistleblower lawsuit (September 2025): Former security head Attaullah Baig alleged 1,500 engineers had unrestricted, unaudited access to user metadata — contacts, IP addresses, profile photos. He claims Meta ignored 100,000+ daily account takeovers and retaliated when he raised concerns. Class action (January 2026): Lawsuit accuses Meta of misleading users about the scope of E2E encryption protections; no settlement as of April 2026. WhatsApp blocked accounts of Palestinian journalists in Gaza during the 2021 ceasefire, raising concerns about platform-level censorship. Meta AI embedded without consent and cannot be fully disabled. WhatsApp Business messages exit E2E encryption — businesses can store, process, and share message content with Meta for advertising.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "caution", "securityRatingNote": "Strong message encryption (Signal protocol with Curve25519, AES-256, perfect forward secrecy) undermined by Meta's metadata collection, cross-platform data sharing, lack of sealed sender, whistleblower allegations of 1,500 engineers with unaudited metadata access, documented spyware targeting of journalists (Paragon Graphite, NSO Pegasus), and forced Meta AI integration. Cloud backups unencrypted by default. 89% of journalists in democratic countries use Signal instead. WhatsApp is a fallback, not a recommendation." }, { "name": "Whisper", "slug": "whisper", "url": "https://github.com/openai/whisper", "tagline": "Local speech-to-text transcription that never sends audio to the cloud.", "category": "visuals", "openSource": true, "threatLevel": "sensitive-reporting", "whoItsFor": "Journalists who need to transcribe sensitive interviews without uploading audio to cloud services. Technical comfort with command line required for the base tool, but GUI wrappers like MacWhisper eliminate that barrier.", "pricing": "Free (MIT license). MacWhisper Pro: $29.99/year or $79.99 lifetime (25% journalist discount available). OpenAI's cloud API is a separate paid product — $0.006/minute.", "freeOption": true, "editorialTake": "Whisper changed transcription permanently. Accuracy that rivals commercial services, running entirely on your hardware, with no per-minute fees and no data leaving your machine. The large-v3 model released in late 2023 remains the accuracy benchmark. The large-v3-turbo model (October 2024) cut decoder layers from 32 to 4, delivering 8x faster transcription with only marginal accuracy loss — 10.2% word error rate vs 9.0% for large-v3 on Common Voice 15. For English interviews in quiet rooms, both are excellent. But there is a critical problem journalists must understand: Whisper hallucinates. A June 2024 Cornell/ACM FAccT study ('Careless Whisper') found that roughly 1% of transcriptions contained entirely fabricated phrases or sentences — words that appear nowhere in the audio. 38% of those hallucinations included explicit harms: violent language, racial commentary, fabricated medical treatments. Silence triggers it. Pauses in speech trigger it. Speakers with disfluencies or accents trigger it more. For journalism, a tool that invents quotes is dangerous. Whisper is excellent for draft transcription, but every quote must be verified against the audio before publication. No exceptions. The ecosystem is strong: whisper.cpp runs natively on Apple Silicon with Core ML acceleration (3x faster than CPU). Faster-whisper uses CTranslate2 for 4x speedups with INT8 quantization cutting VRAM from 10GB to ~3GB. MacWhisper wraps it all in a native macOS GUI with batch processing, speaker labels, and ChatGPT/Claude integration. Good Tape ($17/month, GDPR-compliant, ISO 27001 certified, built by Danish journalists) is the cloud alternative when local setup is impractical — but your audio leaves your device.", "bestFor": "Transcribing sensitive interviews locally. Bulk transcription without per-minute API costs. Offline transcription in the field. Draft transcripts for verification against audio.", "notFor": "Real-time transcription (it's batch processing). Anyone who needs guaranteed accuracy without manual verification — the hallucination problem makes unverified Whisper transcripts unreliable for direct quotation. Very long recordings on machines without a GPU (CPU-only is 10x slower).", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Local only — audio files never leave your computer when using the open-source version. The OpenAI cloud API sends audio to OpenAI servers (US jurisdiction). MacWhisper processes locally by default.", "privacyPolicyTldr": "No data collection. No network requests. No telemetry. The model runs entirely on your hardware. OpenAI's commercial API is a separate product with different privacy terms — the open-source version sends nothing to OpenAI. Model weights are MIT-licensed and freely redistributable.", "practicalMitigations": "Run locally to keep audio on your machine — verify you are using the open-source version, not the OpenAI API endpoint. Always verify every quote against the original audio; Whisper fabricates content at a measurable rate. Trim silence from the beginning and end of audio files before transcribing — silence is the primary hallucination trigger. Use whisper.cpp with Core ML for fastest Apple Silicon performance (3x faster than CPU-only). Use faster-whisper with INT8 quantization to cut VRAM requirements from 10GB to ~3GB. For non-technical users, MacWhisper provides a native macOS GUI ($29.99/year). If you must use a cloud service, Good Tape is GDPR-compliant and built by journalists — but your audio leaves your device. Do not use Whisper output as the sole basis for any published quotation.", "owner": "OpenAI (released under MIT license). Community maintains major forks: whisper.cpp (ggml-org), faster-whisper (SYSTRAN), MacWhisper (Jordi Bruin).", "fundingModel": "Released by OpenAI as open source under MIT license. Community-maintained forks receive no OpenAI funding. MacWhisper is an independent commercial product.", "businessModel": "None (open source). OpenAI monetizes the separate cloud API. MacWhisper is a paid GUI wrapper. The model itself is free to use, modify, and redistribute.", "knownIssues": "Hallucination is the primary concern. The 2024 Cornell/ACM FAccT study 'Careless Whisper' found ~1% of transcriptions contained entirely fabricated phrases — words that do not exist in the audio. 38% of hallucinations included explicit harms (violent language, racial commentary, fabricated authority claims). Hallucinations are triggered by silence, pauses, and disfluent speech, and disproportionately affect speakers with speech impairments or accents. OpenAI has since added silence-skipping and retranscription when probable hallucination is detected, which reduced but did not eliminate the problem. For journalism, this means every Whisper transcript is a draft — not a record. Separately, Whisper does not validate audio authenticity: it will faithfully transcribe deepfake or synthesized audio without any indication that the source is artificial. Hardware requirements for the large-v3 model: ~10GB VRAM (GPU) or very slow CPU-only processing. The turbo model is faster but shows degraded accuracy on Thai, Cantonese, and other non-English languages. An August 2025 class-action lawsuit against Otter.ai for training on recordings without consent is relevant context — Whisper's local-only architecture avoids this category of risk entirely.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "Runs entirely locally with no network dependency. MIT-licensed open-source model with full code and weight transparency. No telemetry, no data collection, no cloud requirement. Audio never leaves your device. The hallucination problem is an accuracy concern, not a security concern — it does not compromise confidentiality. The strongest privacy posture of any transcription tool available: zero data exposure by design." }, { "name": "Wire", "slug": "wire", "url": "https://wire.com", "tagline": "E2E encrypted messaging with MLS protocol, enterprise group features, and European data sovereignty. Now backed by Schwarz Group.", "category": "messaging", "openSource": true, "threatLevel": "sensitive-reporting", "whoItsFor": "Newsrooms needing encrypted team communication with real group and enterprise features — video calls, file sharing, guest access. Organizations that want European data jurisdiction and don't need Signal-level metadata minimization.", "pricing": "Free personal tier. Pro: $5.83/user/month (annual). Enterprise: $9.50/user/month (annual). On-premises deployment available.", "freeOption": true, "editorialTake": "Wire is the only mainstream messenger with a full production implementation of MLS (Messaging Layer Security), the IETF-standardized protocol that Wire's own engineers helped define. MLS supports federated E2E encrypted groups with 2,000+ participants — something Signal and WhatsApp cannot match. Wire doesn't require a phone number to register (email or username works), which matters for source protection. The enterprise features — guest rooms, team management, compliance exports — make it a realistic newsroom-wide deployment, not just a reporter's side channel. But Wire's ownership history is messy. The holding company moved from Luxembourg to the US (Delaware) in 2019 for fundraising, then back to Germany in 2020. In April 2024, Schwarz Group (parent of Lidl/Kaufland, Europe's largest retailer) took a strategic stake and is co-developing 'Wire on STACKIT' for sovereign European infrastructure. That's good for financial sustainability but ties Wire to a retail conglomerate's digital ambitions. Wire stores more metadata than Signal — it keeps an unencrypted list of contacts and logs connection metadata for up to 72 hours. The Swiss BÜPF surveillance law revision (proposed 2025) could force Swiss-based providers to retain metadata and comply with real-time surveillance orders, though E2E encrypted content would remain protected. Wire's operational center is now Berlin, not Zurich. For maximum metadata minimization, Signal remains the gold standard. For team communication that scales beyond Signal's limitations, Wire is the strongest encrypted option available.", "bestFor": "Newsroom-wide encrypted communication. Large encrypted group calls (up to 25 audio, 12 video). File sharing under E2E encryption. Organizations wanting European data sovereignty. Teams that need guest access for external collaborators.", "notFor": "Maximum metadata minimization — Signal retains far less. Source communication where anonymity is critical — use Signal or SecureDrop. Journalists already on Signal with established source relationships. Anyone uncomfortable with Wire's corporate ownership changes.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Germany (Wire Group Holdings GmbH) and Switzerland (Wire Swiss GmbH). Servers in EU. Subject to GDPR and Swiss FADP. Schwarz Group partnership includes STACKIT cloud (German sovereign infrastructure).", "privacyPolicyTldr": "All content is E2E encrypted via MLS protocol. Wire does not sell data or use it for advertising. Messages temporarily stored on servers for delivery, then deleted. Wire logs connection metadata for up to 72 hours. Contact lists stored unencrypted on server side. Swiss operations subject to evolving BÜPF surveillance law.", "practicalMitigations": "Verify key fingerprints for sensitive contacts — Wire supports device verification. Use timed (ephemeral) messages for conversations that shouldn't persist. Register with a dedicated email rather than your primary — Wire stores contact graphs. Understand that Wire's metadata retention exceeds Signal's. For the highest-risk source communication, pair Wire (team coordination) with Signal or SecureDrop (source contact). Review Wire's device list regularly to catch unauthorized sessions.", "owner": "Wire Group Holdings GmbH (Germany). Operating entity: Wire Swiss GmbH (Switzerland). Strategic investor since April 2024: Schwarz Group (Schwarz Digits division). Founded 2012 by former Skype/Microsoft engineers.", "fundingModel": "Venture-backed through 2022 ($24M Series C). Schwarz Group strategic investment in 2024. Earlier investors include Morpheus Ventures and Iconical. Holding company moved US (Delaware) 2019, returned to Germany 2020.", "businessModel": "Freemium. Free personal tier with limited features. Revenue from Pro ($5.83/user/month) and Enterprise ($9.50/user/month) subscriptions. On-premises deployment for government and defense clients. Growing focus on sovereign European infrastructure via Schwarz Group partnership.", "knownIssues": "Ownership instability — holding company moved Luxembourg to US (2019) to Germany (2020), now has Schwarz Group as strategic investor. Wire stores unencrypted contact lists on servers, a known metadata concern since 2017. Swiss BÜPF surveillance law revision (proposed 2025) could impose metadata retention and real-time surveillance requirements on Swiss-based providers — Proton has already begun moving infrastructure out of Switzerland in response. Wire's 2018 privacy policy change from defending user privacy to 'will share data if required by law' was seen as a significant retreat. Enterprise focus has deprioritized personal/consumer features. Free tier exists but is not prominently marketed — Wire's homepage and pricing page push enterprise plans.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "reviewDepth": "established", "lastReviewedDate": "2026-04-02", "securityRating": "strong", "securityRatingNote": "First messenger with full MLS (IETF RFC 9420) production implementation. Open-source clients independently audited by Kudelski Security and X41 D-Sec. E2E encryption on by default for all content types including calls and file sharing. No phone number required for registration. Stores more metadata than Signal (contact lists, 72-hour connection logs) but well above industry average. Ownership changes and Swiss surveillance law evolution warrant monitoring." }, { "name": "WireGuard", "slug": "wireguard", "url": "https://www.wireguard.com", "tagline": "Modern VPN protocol built into the Linux kernel. Fast, minimal, auditable. The cryptographic foundation under Mullvad, many commercial VPNs, and custom setups.", "category": "security", "openSource": true, "whoItsFor": "Journalists who need a VPN they can trust at the protocol level. Technical reporters and newsroom IT staff setting up secure remote access. Anyone who wants to run their own VPN server rather than trusting a commercial provider. Security-conscious reporters working from hostile networks, hotel Wi-Fi, or countries with internet surveillance.", "pricing": "Free. WireGuard is open-source software with no licensing fees. You pay only for the server you run it on — a basic VPS costs $5-10/month from providers like Hetzner, DigitalOcean, or Linode. Commercial VPNs that use WireGuard internally (Mullvad, IVPN, ProtonVPN) charge $5-10/month.", "freeOption": true, "editorialTake": "WireGuard is a VPN protocol, not a VPN service. That distinction matters. Created by Jason Donenfeld in 2015 and merged into the Linux kernel in March 2020 (Linux 5.6), it replaced the complexity of IPsec and OpenVPN with roughly 4,000 lines of code — small enough for a single security researcher to audit in an afternoon. The cryptography is modern and opinionated: Curve25519 for key exchange, ChaCha20 with Poly1305 for authenticated encryption, BLAKE2s for hashing, all via the Noise protocol framework. No cipher negotiation, no legacy algorithm support, no configuration knobs that let you accidentally weaken your security. This simplicity is the point. OpenVPN is ~100,000 lines of code. IPsec implementations are larger. More code means more attack surface. WireGuard's minimal codebase has been formally verified by INRIA researchers using the CryptoVerif proof assistant (2019), confirming the protocol's cryptographic soundness. It runs on Linux, Windows, macOS, iOS, and Android. On Linux, it operates in kernel space, which makes it significantly faster than OpenVPN (which runs in userspace). Benchmarks consistently show WireGuard achieving 2-4x the throughput of OpenVPN with lower latency. For journalists, WireGuard matters in two ways. First, if you use Mullvad, IVPN, or ProtonVPN, you're likely already using WireGuard as the underlying protocol. Second, you can run your own WireGuard server on a $5/month VPS and eliminate the commercial VPN provider entirely — no account, no email, no payment trail beyond the server hosting bill. The trade-off: WireGuard by itself doesn't provide anonymity. It's a point-to-point tunnel. IP addresses are stored in memory (cleared after handshake timeout) but there's no built-in traffic obfuscation or multi-hop routing. For anonymity, you still need Tor or a VPN service with a no-logs policy. WireGuard gives you the fastest, most auditable encrypted tunnel available. What you do with that tunnel is up to you.", "bestFor": "Running your own VPN server for newsroom remote access. Encrypting traffic on hostile networks (airports, hotels, press centers). Journalists in countries with internet surveillance who need a fast, reliable tunnel. IT staff setting up site-to-site connections between newsroom offices. Understanding what protocol your commercial VPN actually uses.", "notFor": "Non-technical journalists who just want to click a button and be protected — use Mullvad or ProtonVPN instead (both use WireGuard internally). Anyone who needs traffic obfuscation to bypass VPN blocking (WireGuard traffic is identifiable). Users who need anonymity — WireGuard is a tunnel, not an anonymity tool. Use Tor for that.", "encryptionInTransit": "yes", "encryptionAtRest": "partial", "dataJurisdiction": "Self-hosted: wherever you run your server. WireGuard is a protocol — it has no central infrastructure and sends no data to any company. Peer IP addresses are held in memory during active sessions. No persistent logging by default.", "privacyPolicyTldr": "WireGuard is a protocol, not a service. There is no company collecting your data. No accounts, no telemetry, no analytics. When self-hosted, the only data that exists is what your server stores — WireGuard itself keeps peer endpoints in memory and clears them after inactivity. The software collects nothing. Commercial VPN services using WireGuard have their own privacy policies.", "practicalMitigations": "If running your own WireGuard server, choose a VPS provider in a jurisdiction that aligns with your threat model. Use a provider that accepts cryptocurrency if payment anonymity matters. Generate new key pairs for each device. Keep the server's operating system and WireGuard packages updated. Don't expose the WireGuard management interface to the public internet. For additional privacy, combine WireGuard with a multi-hop setup or route traffic through Tor. Remember that WireGuard doesn't obfuscate traffic — deep packet inspection can identify it.", "owner": "Jason A. Donenfeld (ZX2C4 / Edge Security LLC)", "fundingModel": "Open-source project. WireGuard's Linux kernel implementation is maintained as part of the kernel tree. Development funded by Edge Security (Donenfeld's security consultancy) and contributions from companies that use WireGuard commercially. No venture capital. No corporate parent.", "businessModel": "Free open-source software (GPLv2 for kernel module, MIT/BSD/Apache for userspace tools). No subscription fees. No commercial entity selling WireGuard itself. Revenue for the creator comes from Edge Security's consulting work. Commercial VPN providers (Mullvad, NordVPN, Surfshark, ProtonVPN, IVPN) use WireGuard as infrastructure and pay nothing for the protocol.", "knownIssues": "WireGuard stores peer IP addresses in memory during active connections — this means a server compromise during an active session could reveal which IPs are connected. Most commercial VPN providers mitigate this with NAT and periodic key rotation. No built-in traffic obfuscation — WireGuard connections are identifiable via deep packet inspection, which matters in countries that actively block VPN protocols. The 'cryptokey routing' model assigns fixed internal IPs to each peer, which can make traffic analysis easier in some threat models. No perfect forward secrecy in the traditional IPsec sense, though the Noise protocol's key rotation provides equivalent protection in practice. The protocol is opinionated about its cipher suite — if a vulnerability is found in ChaCha20 or Curve25519, there's no fallback to an alternative algorithm (by design, to avoid downgrade attacks).", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-11", "relatedPrograms": [], "securityRating": "strong", "securityRatingNote": "Formally verified cryptographic protocol with ~4,000 lines of auditable code. Built into the Linux kernel. Uses modern, opinionated cryptography with no legacy cipher negotiation. No central infrastructure, no data collection, no accounts. The minimal attack surface and formal verification by INRIA put WireGuard in a different class than most VPN solutions. Rating reflects the protocol itself — your overall VPN security also depends on server configuration and operational practices." }, { "name": "Wispr Flow", "slug": "wispr-flow", "url": "https://www.wispr.ai/", "tagline": "AI voice dictation that formats text based on app context.", "category": "visuals", "openSource": false, "whoItsFor": "Writers, reporters, and professionals who want to dictate polished text directly into any app without editing. Useful for journalists who produce high volume copy — emails, drafts, notes — and want 3-5x faster output than typing.", "pricing": "Free tier (Basic): 2,000 words/week on desktop, 1,000 words/week on iPhone. Pro: $15/month ($12/month annual). Team: ~$10-12/user/month. Enterprise: custom pricing. Students and educators: 3 months free + 50% off Pro. Nonprofits: discounted access. 14-day free trial of Pro on all new accounts, no credit card required.", "freeOption": true, "editorialTake": "Wispr Flow is the best voice dictation tool available right now. Speak naturally and get clean, formatted text in any app — Gmail, Slack, Google Docs, whatever. The AI formatting and context awareness are genuinely impressive. But the architecture sends screenshots of your active window and voice audio to cloud AI providers (OpenAI, Meta's Llama) for processing. Privacy Mode prevents retention but not transmission. For journalists, this creates a hard line: use it freely for non-sensitive work (outreach emails, first drafts, social copy) and switch to macOS built-in dictation or SuperWhisper for anything involving sources, confidential documents, or Signal conversations visible on screen. The 17+ service outages in three months (as of early 2026) also mean you cannot rely on it during breaking news without a fallback.", "bestFor": "Fast, polished voice dictation across any app on Mac, Windows, iPhone, and Android. Drafting emails, stories, and notes by speaking naturally. Command Mode lets you highlight text and speak edits. Journalists who produce high-volume copy and want to dictate instead of type.", "notFor": "Sensitive investigations. Any workflow where screen content is confidential. Journalists with sources' names, documents, or Signal conversations visible on screen — the screenshot capture is a fundamental design choice that conflicts with source protection. Reporters who need offline dictation (field work, planes, unreliable connectivity). Anyone uncomfortable with cloud-only voice processing.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "Cloud-processed via OpenAI and Meta's Llama (open-source). Wispr holds SOC 2 Type II, ISO 27001, and HIPAA certifications. SOC 2 and ISO 27001 reports available to Enterprise plans only. HIPAA BAA available on all plans.", "privacyPolicyTldr": "Wispr captures screenshots of your active window and sends them with your voice audio to cloud AI providers for context-aware transcription. All processing happens in the cloud — there is no local processing option. Privacy Mode (Settings > Data & Privacy) enforces zero data retention: no audio, transcripts, or screenshots stored by Wispr or subprocessors. Enterprise accounts have Privacy Mode enforced by default. When Privacy Mode is off, data may be used for debugging and model improvement. Context Awareness can be toggled separately to stop screenshot capture. Usage statistics (word count) are collected regardless of Privacy Mode setting.", "practicalMitigations": "Enable Privacy Mode immediately after installation — it prevents data retention but not transmission. Disable Context Awareness when working on anything sensitive to stop screenshot capture. Close confidential documents and messaging apps before dictating. Use macOS built-in dictation (processes locally on Apple Silicon) or SuperWhisper (fully offline via Whisper) for any work involving sources, investigations, or confidential material. Keep a fallback dictation method ready — Wispr's cloud dependency means outages will leave you without dictation during breaking news.", "owner": "Wispr (San Francisco)", "fundingModel": "VC-backed. $81M+ raised across two rounds: $30M Series A led by Menlo Ventures (June 2025), $25M round led by Notable Capital with participation from Steven Bartlett's Flight Fund (November 2025). NEA and 8VC also invested. Post-money valuation ~$700M as of November 2025.", "businessModel": "SaaS subscriptions. Hit $10M revenue in 2025 with a ~50-person team. States it never sells user data.", "knownIssues": "Context Awareness captures screenshots of your active window and sends them to cloud AI providers (OpenAI, Meta's Llama). Even with Privacy Mode on, data is transmitted — just not retained. This is a significant concern for journalists working with confidential material. Memory usage around 800MB and 8%+ CPU even when idle. Slow startup (8-10 seconds). Requires internet — no offline mode. Windows version has more bugs than Mac. 17+ service outages in three months (Q1 2026), including iOS transcription failures and high-latency degradation events. Customer support response times are slow according to multiple user reports. The app previously added itself to login items without clear user consent — Wispr called it a bug and fixed it after a viral Reddit thread, but it damaged trust. No Linux support.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "relatedPrograms": [ "wispr-flow-nonprofit" ], "securityRating": "caution", "securityRatingNote": "Screen capture and voice audio sent to third-party AI providers (OpenAI, Meta's Llama) is a significant privacy concern for journalism workflows. All processing is cloud-only — there is no local option. Privacy Mode prevents retention but not transmission. SOC 2 Type II, ISO 27001, and HIPAA certifications demonstrate real security investment, but the architecture is fundamentally incompatible with source protection. The tool is well-built and the company is increasingly transparent, but 17+ outages in Q1 2026 raise reliability questions for deadline-driven journalism." }, { "name": "WordPress", "slug": "wordpress", "url": "https://wordpress.org", "tagline": "Powers 43% of the web. Self-hosted gives full control. Open source since 2003.", "category": "publishing", "openSource": true, "whoItsFor": "Newsrooms and independent journalists who need full ownership of their publishing platform. Organizations that want extensibility — memberships, newsletters, paywalls, custom workflows. Anyone publishing at scale who can handle (or hire for) ongoing maintenance.", "pricing": "WordPress.org (self-hosted): free software, you pay for hosting ($5-50+/month). WordPress.com (hosted): free tier with ads, paid plans from $4/month. Newspack (journalism-specific hosted WordPress by Automattic): starts at $750/month, tiered at roughly 0.25% of newsroom gross revenue. WordPress VIP (enterprise): custom pricing for large publishers.", "freeOption": true, "editorialTake": "WordPress is the default CMS for journalism. The New York Post, TIME, TechCrunch, Vox Media, Al Jazeera, and The Times (UK) all run on it. The Onion migrated to WordPress in 2024. The Times cut its time-to-publish by 34% after switching. No other CMS comes close in market share (42.6% of all websites, 60.4% of CMS-based sites as of early 2026) or ecosystem depth. The self-hosted version (wordpress.org) gives you total control: your server, your data, your rules. WordPress.com (hosted by Automattic) handles maintenance but limits customization. Most serious newsrooms self-host or use WordPress VIP/Newspack. The plugin ecosystem is both WordPress's greatest strength and its biggest liability. In 2025, 11,334 new vulnerabilities were found in the WordPress ecosystem — a 42% increase over 2024. 96% of those were in plugins, not core. 43% could be exploited without authentication. WordPress core itself had only 7 vulnerabilities in 2024, none critical. The Mullenweg/WP Engine dispute (September 2024-present) exposed uncomfortable governance questions: Matt Mullenweg blocked WP Engine from WordPress.org resources, disrupting over a million sites, before a federal court ordered access restored. A jury trial is scheduled for February 2027. 159 Automattic employees — 80% from the WordPress division — left the company in protest. This dispute matters because it revealed how much power one person holds over WordPress.org infrastructure, even though the software itself is open source. For journalists who need a battle-tested CMS with maximum flexibility, WordPress remains the best option. Just budget for security maintenance.", "bestFor": "Independent journalism websites. Newsroom publishing at any scale. Membership and newsletter-driven publications. Sites requiring custom workflows, multilingual publishing, or complex content structures. Any publication where owning your data and platform is non-negotiable.", "notFor": "Solo journalists who want zero maintenance — use Ghost or Substack instead. Quick newsletter-only projects where Ghost's native email tools are stronger. Anyone without budget or skills for ongoing security updates. If you can't keep plugins patched, you shouldn't self-host.", "encryptionInTransit": "yes", "encryptionAtRest": "partial", "dataJurisdiction": "Self-hosted: wherever you host it — you choose the jurisdiction. WordPress.com: United States (Automattic, San Francisco). WordPress VIP: US and EU hosting options available.", "privacyPolicyTldr": "Self-hosted WordPress collects no data by default — you control everything. Plugins and themes may collect data independently, and many do without clear disclosure. WordPress.com (hosted) follows Automattic's privacy policy, which includes analytics, advertising on the free tier, and data processing in the US. Jetpack (Automattic's popular plugin) sends data to WordPress.com servers for features like stats and security scanning.", "practicalMitigations": "Keep WordPress core, themes, and plugins updated — 1,614 plugins were removed for security concerns in 2024 alone. Use a security plugin (Wordfence or Sucuri). Enable two-factor authentication for all admin and editor accounts. Remove unused plugins and themes — every inactive plugin is attack surface. Use a reputable hosting provider with automatic backups and a web application firewall. Restrict wp-admin access by IP if possible. Disable XML-RPC if you don't need it. Use the Abilities API (WordPress 6.9+) for granular permission control. Monitor for plugin vulnerabilities via Patchstack or WPScan databases.", "owner": "WordPress Foundation (nonprofit, holds the trademark) / Automattic Inc. (operates WordPress.com, WordPress VIP, and effectively controls WordPress.org infrastructure)", "fundingModel": "WordPress.org: open-source community project. Automattic: raised $896M total funding (Series D: $300M from Salesforce Ventures in 2019). Valued at $7.5B. Revenue ~$710M in 2024, up 11.2% year-over-year.", "businessModel": "WordPress.org is free open-source software. Automattic generates revenue from WordPress.com hosting plans, WooCommerce (ecommerce), Jetpack (security/performance), WordPress VIP (enterprise hosting for publishers), Tumblr, and advertising. Matt Mullenweg holds a significant ownership stake; all employees received A12 shares in October 2024.", "knownIssues": "Mullenweg/WP Engine dispute (September 2024-present): Mullenweg called WP Engine a 'cancer to WordPress,' demanded 8% of their gross revenue as trademark licensing, then blocked WP Engine from WordPress.org — disrupting updates for 1M+ sites. Court granted WP Engine a preliminary injunction in December 2024 restoring access. 159 Automattic employees took severance and left. Settlement conference in July 2025 failed. Trial set for February 2027. The dispute exposed that WordPress.org — the plugin/theme repository that every self-hosted site depends on — is controlled by Automattic/Mullenweg, not the WordPress Foundation. This is a governance risk for the entire ecosystem. Plugin vulnerability volume: 11,334 new vulnerabilities in 2025 (up 42% from 2024). 96% in plugins. 36% represented actual exploitable threats. Supply chain risk is real — third-party plugins are the primary attack vector. WordPress dropped security support for versions 4.1-4.6 in July 2025. Sites running legacy versions no longer receive patches. Automattic's post-dispute employee exodus (80% from WordPress division) raises questions about long-term development capacity.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "securityRating": "adequate", "securityRatingNote": "WordPress core is well-maintained — only 7 vulnerabilities in 2024, none critical. The Abilities API in 6.9 improved permission granularity. But the plugin ecosystem is a minefield: 11,334 vulnerabilities in 2025, 43% exploitable without authentication. Self-hosted gives full data control but demands active maintenance. The Mullenweg/WP Engine dispute revealed a deeper issue: WordPress.org infrastructure is effectively controlled by one company, creating a single point of governance failure for 43% of the web. Rating reflects strong core security offset by ecosystem risk and governance concerns." }, { "name": "Zapier", "slug": "zapier", "url": "https://zapier.com", "tagline": "Workflow automation platform connecting 8,000+ apps. Move data between tools, trigger alerts, auto-publish, and stitch together newsroom workflows without code.", "category": "data", "additionalCategories": [ "ai" ], "openSource": false, "threatLevel": "baseline", "whoItsFor": "Solo journalists and small newsrooms who want to automate the boring parts of reporting: monitoring data sources, syncing CRMs to spreadsheets, posting to social, routing tip-line submissions, archiving documents. Anyone who has ever copy-pasted between two apps and wished a robot would do it.", "pricing": "Free tier: 100 tasks per month, two-step Zaps only, 5-minute update intervals, single user. Professional: starts at $19.99/month (billed annually) for 750 tasks, multi-step Zaps, premium apps, webhooks, 1-minute polling. Team: starts at $69/month for 2,000 tasks, shared workspace, premium support. Company: custom pricing with SAML SSO, audit logs, advanced admin. Tasks scale up to 2M+ per month at higher tiers. Annual billing saves about 33%.", "freeOption": true, "editorialTake": "Zapier is the duct tape of the modern newsroom. It connects 8,000+ apps — Google Sheets to Airtable, Gmail to Slack, RSS feeds to Notion, Webflow to Mailchimp — without writing code. For journalists, the use cases are real: monitor a government RSS feed and drop new filings into a spreadsheet, route Typeform tip submissions into a triaged inbox, post new CMS articles to Bluesky and LinkedIn, log every email from a source into Airtable. The free tier is genuinely usable for one or two simple flows, but 100 tasks per month gets eaten fast — a single RSS monitor can burn through it in a week. The honest comparison is Make (formerly Integromat), which gives you about 10x the operations for the same price and has a more powerful visual editor — but Make is harder to learn and has fewer pre-built integrations. Zapier wins on app coverage and ease; Make wins on price and flexibility. The privacy reality: every Zap routes your data through Zapier's US servers. If you're moving source emails, tip-line submissions, or sensitive documents, Zapier sees it all in transit and may store payloads in task history for up to 30 days. SOC 2 Type II certified, GDPR-compliant, but not built for high-risk reporting. Use it for the boring 90% of newsroom workflows, not for anything you wouldn't put in Gmail.", "bestFor": "Automating routine newsroom plumbing: RSS monitoring, social posting, CRM syncing, tip-line routing, newsletter signups, spreadsheet logging. Solo operators who can't justify hiring a developer. Connecting tools that don't have native integrations. Building no-code prototypes before committing to custom code. Triggering Slack alerts when a watched dataset updates.", "notFor": "Moving source documents, encrypted communications, or anything sensitive — every payload passes through Zapier's servers. High-volume workflows where the per-task cost gets expensive fast — Make or n8n (self-hosted, open source) are cheaper at scale. Complex conditional logic with branching — Make's visual editor handles this better. Newsrooms that need on-prem or air-gapped automation.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States (Zapier Inc., San Francisco, California). Data is processed and stored on AWS US-East infrastructure by default. EU data residency is available on Enterprise plans. Subject to US legal process — Zapier will respond to subpoenas and warrants. Task history retains payloads for up to 30 days on most plans.", "privacyPolicyTldr": "Zapier stores account data, Zap configurations, and task history (the actual data flowing through your workflows) for up to 30 days for debugging and replay. Connection credentials for third-party apps are encrypted at rest. Zapier acts as a data processor under GDPR — you remain the controller of data flowing through your Zaps. SOC 2 Type II certified. Does not sell user data. Will hand over data in response to valid US legal process. Free and paid plans receive the same security controls.", "practicalMitigations": "Never route source identities, tip-line submissions, or sensitive documents through Zapier — use it for low-stakes plumbing only. Turn off task history retention on sensitive Zaps if your plan allows it (Team and above). Use webhook-based triggers instead of OAuth where possible to limit the credentials Zapier holds. Rotate API keys and OAuth tokens annually. Audit your connected apps quarterly and disconnect anything unused. For higher-volume or sensitive automation, consider self-hosted n8n — same model, runs on your own server, you keep the data.", "owner": "Zapier Inc.", "fundingModel": "Profitable and bootstrapped for years, then raised a $140M secondary round in 2021 at a $5B valuation led by Sequoia and Steadfast. Has not raised primary capital in years and reportedly remains profitable on subscription revenue.", "businessModel": "Subscription SaaS billed by task volume and feature tier. Free tier is a funnel — most newsroom use cases outgrow 100 tasks per month within weeks. Revenue comes from individuals and teams upgrading to Professional ($19.99+/month) and Team ($69+/month) plans, plus Enterprise contracts. No advertising. No data resale.", "knownIssues": "Task accounting is opaque — multi-step Zaps consume one task per step, and filters that block a Zap still count against your quota in some cases. Free tier's 5-minute polling interval is too slow for time-sensitive workflows. Premium apps (Salesforce, HubSpot, etc.) require a paid plan even for one-off use. Task history stores actual payload data for 30 days on most plans, which is a real privacy consideration for sensitive flows. Make (Integromat) is roughly 10x cheaper at scale and has a more powerful visual editor — Zapier wins on integration breadth and onboarding, not price. Periodic outages on the Zapier side stop all your flows; there's no native failover.", "reviewedBy": "Editorial assessment by Mike Schneider — not an independent security audit", "lastReviewedDate": "2026-04-07", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "SOC 2 Type II certified, GDPR-compliant, encryption in transit and at rest, OAuth-based connections to third-party apps. The structural issue is unavoidable: Zapier is a hub that sees everything flowing through your workflows, and task history stores payloads for up to 30 days. For routine newsroom automation that doesn't involve source identities or sensitive documents, this is fine. For anything you wouldn't put in plain email, use a self-hosted alternative like n8n instead." }, { "name": "Zoom", "slug": "zoom", "url": "https://zoom.us", "tagline": "Video conferencing with optional E2E encryption. Free tier: 40-minute group meetings.", "category": "messaging", "openSource": false, "whoItsFor": "Journalists conducting interviews, newsroom meetings, remote collaboration, and webinars. Also used by researchers, activists, and freelancers who need reliable video calls with broad participant compatibility.", "pricing": "Free: 40-minute group meetings, 100 participants. Pro: $13.33/user/month. Business: $18.33/user/month. Enterprise: custom. AI Companion included on all paid plans. Custom AI Companion add-on available for enterprise.", "freeOption": true, "editorialTake": "Zoom is the default video tool for most newsrooms, and that ubiquity is both its strength and its liability. AES-256 GCM encryption by default, with optional end-to-end encryption on all plans including free. In May 2024, Zoom became the first UCaaS provider to ship post-quantum E2EE using Kyber-768 (NIST FIPS 203), protecting against harvest-now-decrypt-later attacks. The catch: enabling E2EE disables cloud recording, live transcription, AI Companion, breakout rooms, polling, Zoom Apps, Zoom Notes, and Zoom Whiteboard. That is a brutal tradeoff for journalists who need both security and a transcript. Trust history is mixed. The 2021 FTC settlement confirmed Zoom had falsely claimed E2E encryption for years and secretly installed a ZoomOpener web server on Macs that bypassed Safari security. In August 2023, Zoom added ToS language granting itself rights to train AI on customer content with no opt-out — CEO Eric Yuan called it a 'process failure' and reversed it within days. The current policy (updated October 2025) explicitly prohibits training on customer content. But the AI Companion data flow is complex: the ZMO option keeps processing on Zoom infrastructure, while the default routes through third-party model providers. France banned Zoom (and Teams, Meet, Webex) from all government use in January 2026, switching to the sovereign tool Visio. Zoom Workplace 7.0 (March 2026) rebrands the platform as an AI-first collaboration suite with AI Companion 3.0 agentic workflows, custom agents, voice translation, and realistic avatars. For routine newsroom meetings, Zoom is fine. For sensitive source interviews, enable E2EE and accept the feature loss — or use Signal voice calls or self-hosted Jitsi Meet instead. Jitsi Meet offers E2EE by default, no account required, no tracking, and self-hosting for full data control.", "bestFor": "Newsroom meetings, routine interviews, webinars, large-group calls, remote collaboration. Ubiquitous client means sources already have it installed.", "notFor": "Sensitive source interviews without E2EE enabled. If you need transcription or cloud recording for a confidential conversation, E2EE kills both — use Signal voice calls or Jitsi Meet instead. Not suitable for journalists in OFAC-sanctioned regions (Cuba, Iran, North Korea, Syria, Crimea, Donetsk, Luhansk) where Zoom blocks access entirely.", "encryptionInTransit": "yes", "encryptionAtRest": "yes", "dataJurisdiction": "United States. Zoom Communications, Inc. (NASDAQ: ZM), headquartered in San Jose, CA. Data centers globally. AI Companion offers three data processing modes: ZMO (Zoom infrastructure only), ZM+ (Zoom plus third-party providers), and Federated (customer-controlled). OFAC restrictions block service from Cuba, North Korea, Iran, Sudan, Syria, and Russian-occupied Ukraine regions. France banned Zoom from all public sector use in January 2026, joining earlier government restrictions from Taiwan (2020), India (advisory), and Germany.", "privacyPolicyTldr": "Privacy statement updated February 2, 2026. Zoom states it does not sell personal data and does not use meeting audio, video, or chat to train AI models (policy reversed from August 2023 when Zoom initially claimed that right). AI Companion features require admin approval; the ZMO option keeps data on Zoom infrastructure, but default processing routes through third-party model providers. E2EE is available on all plans but off by default. Without E2EE, Zoom can access meeting content and will provide it to law enforcement via valid legal process. International requests require MLATs or CLOUD Act authorization. Zoom publishes semi-annual transparency reports. E2EE meetings cap at 1,000 participants and disable cloud recording, live transcription, AI Companion, breakout rooms, join before host, live streaming, polling, Zoom Apps, Notes, and Whiteboard.", "practicalMitigations": "Enable E2EE for sensitive interviews (Settings > Security > End-to-end encryption). Require version 6.0.10+ for post-quantum E2EE (Kyber-768). Disable AI Companion features for sensitive meetings — admin controls can block AI processing workspace-wide. Choose the ZMO data processing option to keep AI data on Zoom infrastructure only. Use waiting rooms and passcodes. Disable cloud recording before sensitive calls. For the most sensitive conversations, use Signal voice calls or self-hosted Jitsi Meet instead.", "owner": "Zoom Communications, Inc. (NASDAQ: ZM). Founded 2011 by Eric Yuan (CEO and Board Chair). Dual-class share structure gives Yuan outsized voting control despite reduced economic ownership — Yuan sold most direct Class A holdings through pre-arranged trading plans by March 2025. Top institutional shareholders: Vanguard (9.5%), BlackRock (7.5%), Morgan Stanley (~4.5%).", "fundingModel": "Publicly traded since April 2019. FY2026 revenue: $4.87 billion (up 4.4% YoY). Enterprise revenue: $2.93B (up 6.5%). $7.8 billion cash and marketable securities. 4,468 customers contributing >$100K annually (up 9.3% YoY).", "businessModel": "Freemium SaaS. Revenue from Pro, Business, and Enterprise subscriptions plus add-ons (Phone, Webinars, Rooms, Contact Center, Custom AI Companion). Enterprise revenue growing faster than online. Repositioning as AI-first collaboration platform — AI Companion 3.0 (December 2025) adds agentic workflows, custom agents, and third-party integrations (Salesforce, Slack, ServiceNow).", "knownIssues": "2021 FTC settlement: Zoom falsely claimed end-to-end encryption from at least 2016, secretly installed ZoomOpener web server on Macs bypassing Safari safeguards, stored some cloud recordings unencrypted for up to two months. No fine, but 5-year consent order with mandatory third-party security audits. | August 2023: ToS change granted Zoom rights to train AI on customer content with no opt-out. Reversed within days after global backlash. CEO Yuan called it a 'process failure.' Current policy (October 2025) explicitly prohibits using customer content for model training. | January 2026: Critical CVE-2026-22844 (CVSS 9.9) — command injection in Zoom Node Multimedia Routers (MMRs) allowed remote code execution by meeting participants. Patched in version 5.2.1716.0. No known exploitation in the wild. | 2025: 30 security vulnerabilities published, average CVSS 6.3. Notable: CVE-2025-49457 (malicious code via Zoom libraries), CVE-2025-49459 (missing authorization on Windows ARM), CVE-2025-64740 (privilege escalation on Windows). | 2024: 36 security vulnerabilities published. CVE-2024-24691 (critical privilege escalation on Windows), CVE-2024-45421 and CVE-2024-45419 (high-severity privilege escalation and info leak). | AI Companion data flow: enabling AI features routes meeting data through third-party model providers unless ZMO (Zoom Models Only) hosting option is selected. Many admins enable AI features without understanding this distinction. | France banned Zoom from all government use (January 2026), switching to sovereign French tool Visio — reflects EU digital sovereignty concerns. | OFAC restrictions: Zoom blocks access from Cuba, North Korea, Iran, Sudan, Syria, Crimea, Sevastopol, Donetsk, and Luhansk.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-02", "lastAgentVerifiedDate": "2026-04-02", "relatedPrograms": [ "zoom-nonprofits" ], "securityRating": "adequate", "securityRatingNote": "AES-256 GCM encryption by default, optional E2EE and post-quantum E2EE (Kyber-768) on all plans, SOC 2 Type II and ISO 27001 certified, under FTC consent order through ~2026 with mandatory third-party audits. E2EE is off by default and disables essential journalist features (recording, transcription) when enabled. High vulnerability volume (30+ CVEs in 2025, 36 in 2024) but responsive patching — critical CVE-2026-22844 (CVSS 9.9) was patched before exploitation. The 2023 AI training policy reversal and 2021 FTC settlement for false encryption claims are serious trust flags. France's 2026 government ban signals growing institutional skepticism. Adequate for routine use; enable E2EE for anything sensitive, or use Jitsi Meet/Signal." }, { "name": "Zotero", "slug": "zotero", "url": "https://www.zotero.org", "tagline": "Citation and research manager. Collect, organize, annotate, and cite sources across any publication style.", "category": "newsgathering", "additionalCategories": [], "openSource": true, "whoItsFor": "Journalists doing research-heavy reporting, investigative reporters managing large source libraries, academics, students, and anyone who needs to organize references and generate citations. Over 7.5 million accounts created since launch. Used across universities, newsrooms, and research institutions worldwide.", "pricing": "Free: desktop app (Windows, macOS, Linux), mobile apps (iOS, Android), browser connector, 300MB cloud storage for file syncing. Paid storage: 2GB for $20/year, 6GB for $60/year, unlimited for $120/year. Group libraries are free and unlimited. All features are available on the free tier — paid plans only add cloud storage for attached files.", "freeOption": true, "editorialTake": "Zotero is the most capable open-source reference manager available. Built by the Corporation for Digital Scholarship, a nonprofit spun out of George Mason University's Roy Rosenzweig Center for History and New Media. Development has been funded by the Andrew W. Mellon Foundation, the Alfred P. Sloan Foundation, and the Institute of Museum and Library Services, plus storage subscriptions and donations. The browser connector detects research on the page — PDFs, news articles, books, court records, patents — and saves full metadata with one click. Zotero 7 added a built-in reader for PDFs, EPUBs, and web snapshots with annotation tools (highlights, notes, ink, underline). Annotations sync across devices and are stored in the database, not in the files, so multiple collaborators can annotate the same document without file conflicts. Supports 9,000+ citation styles and generates bibliographies directly inside Word, LibreOffice, and Google Docs (the only major citation manager with native Google Docs support). Group libraries let teams share and annotate collections at no cost. Local-first by design: all data lives on your machine, and you never need to create an account or sync to use it. For journalists, Zotero turns source management from a mess of browser tabs and downloaded PDFs into a structured, searchable, citable library.", "bestFor": "Managing large reference libraries for investigative projects. Generating citations and bibliographies in any style. Collaborative research through shared group libraries. Annotating PDFs, EPUBs, and web snapshots in one place. Organizing court records, academic papers, government reports, and news articles for long-form reporting.", "notFor": "Quick web bookmarking or read-it-later workflows (use Raindrop.io). Real-time collaborative editing (annotations sync but not in real time). Lightweight link saving without metadata (Zotero is built for structured references). Audio or video file management.", "encryptionInTransit": "yes", "encryptionAtRest": "partial", "dataJurisdiction": "United States. Zotero cloud storage is hosted on Amazon Web Services. Automated backups retained up to 6 months for disaster recovery. Local data stays on your machine entirely.", "privacyPolicyTldr": "Zotero is built by a nonprofit with no financial interest in user data. The app stores data locally by default. Syncing is optional and requires creating a free account. No tracking, no advertising, no data sales. Server-side data is stored on AWS in the US. At-rest encryption has been enabled for cloud services, though servers have access to decrypted data for web-based library access. The organization funds development through storage subscriptions and grants, not data monetization.", "practicalMitigations": "Use Zotero without syncing for maximum privacy — all data stays local. If you sync, use Zotero's own storage or configure WebDAV to a server you control. For sensitive investigations, keep the library local-only and back up the data directory manually. Review group library membership before sharing — any group member can see shared annotations. Export libraries regularly (RIS, BibTeX, Zotero RDF) as backup. The browser connector sends URLs to Zotero's translation server to fetch metadata — be aware this creates a request log on Zotero's infrastructure.", "owner": "Corporation for Digital Scholarship (nonprofit, Vienna, Virginia, USA)", "fundingModel": "Nonprofit. Initial development funded by Andrew W. Mellon Foundation, Alfred P. Sloan Foundation, and Institute of Museum and Library Services. Ongoing operations funded by cloud storage subscriptions and user donations.", "businessModel": "Open-source software with optional paid cloud storage. All features are free. Revenue comes from storage plans ($20-$120/year) and institutional subscriptions. No advertising, no data sales, no premium feature gates.", "knownIssues": "Cloud-synced data is not end-to-end encrypted — Zotero servers can access decrypted files for web library functionality. The browser connector sends page URLs to Zotero's translation server to retrieve metadata, which creates a server-side log of what you save. 300MB free storage fills quickly if syncing PDFs (workaround: sync only metadata, store files locally or via WebDAV). The learning curve is steeper than simpler bookmark tools. Mobile apps (iOS, Android) are newer and less mature than the desktop client. No native browser for web research — it captures from your existing browser via the connector extension.", "reviewedBy": "Editorial assessment by Mike Schneider — independent security review pending", "lastReviewedDate": "2026-04-03", "relatedPrograms": [], "securityRating": "adequate", "securityRatingNote": "Open-source code with full transparency. Nonprofit ownership with no financial incentive to monetize data. Local-first architecture means all data stays on your machine unless you opt into syncing. TLS for all sync traffic. At-rest encryption enabled on cloud services, but not end-to-end — Zotero servers can decrypt for web access. Funded by foundations and subscriptions, not advertising or data sales. The translation server (used by the browser connector to fetch metadata) logs URLs, which is a minor privacy consideration for sensitive research. Strong trust profile overall: open source, nonprofit, grant-funded, no tracking, 15+ years of operation." } ] }