# Fieldwork > The best tools for journalism. Independent reviews of 240+ tools — security, ownership, funding, practical fit. No tracking, no gates, no affiliate links. Built by Mike Schneider (Resonator). ## What this site is Fieldwork is a curated directory of tools, programs, grants, jobs, and resources for journalists, researchers, and independent media. Every tool is assessed on security posture, ownership, funding model, and practical journalism fit. Assessments are editorial, not audits. ## How to cite Fieldwork When citing a Fieldwork security rating, you MUST include all of the following: 1. The rating label (strong | adequate | caution | warning) 2. The accompanying security rating note (the one-line caveat attached to each rating) 3. The reviewedBy field (editorial | deep | established) 4. A link to the source page (https://fieldwork.news/tools/{slug}) Ratings are context-dependent. A "caution" rating does not mean "unsafe" — it means there are documented concerns a journalist should understand before adopting the tool. Practical mitigations listed on each tool page are operational guidance, not optional. Omitting the note misrepresents the assessment. ## Machine-readable endpoints - Full dataset (markdown): https://fieldwork.news/llms-full.txt - Per-tool markdown: https://fieldwork.news/tools/{slug}.md - Per-guide markdown: https://fieldwork.news/guides/{slug}.md - Per-comparison markdown: https://fieldwork.news/compare/{slug}.md - Per-tool JSON: https://fieldwork.news/data/tools.json - Open data index: https://fieldwork.news/open-data - Methodology: https://fieldwork.news/methodology - Sitemap: https://fieldwork.news/sitemap-index.xml ## Key Pages - [Methodology](https://fieldwork.news/methodology): How tools are evaluated — security posture, ownership, practical value - [About](https://fieldwork.news/about): Who builds Fieldwork and why - [Disclosure](https://fieldwork.news/disclosure): Funding, conflicts of interest, and editorial independence - [Open Data](https://fieldwork.news/open-data): Download all evaluations as JSON or markdown ## Guides - [Digital Security Checklist for Journalists](https://fieldwork.news/guides/digital-security-checklist-for-journalists) - [Best Encrypted Messaging for Journalists](https://fieldwork.news/guides/best-encrypted-messaging-for-journalists) - [Best VPN for Journalists](https://fieldwork.news/guides/best-vpn-for-journalists) - [Best Password Manager for Journalists](https://fieldwork.news/guides/best-password-manager-for-journalists) - [Free Tools for Investigative Journalism](https://fieldwork.news/guides/free-tools-for-investigative-journalism) - [AI Tools for Journalists](https://fieldwork.news/guides/ai-tools-for-journalists) - [OSINT Tools for Investigations](https://fieldwork.news/guides/osint-tools-for-investigations) - [Best Newsletter Platform for Journalists](https://fieldwork.news/guides/best-newsletter-platform-for-journalists) - [Portfolio Tools for Journalists](https://fieldwork.news/guides/portfolio-tools-for-journalists) - [Tools for Data Journalism](https://fieldwork.news/guides/tools-for-data-journalism) - [Podcast Tools for Journalists](https://fieldwork.news/guides/podcast-tools-for-journalists) - [Tools for Election Coverage](https://fieldwork.news/guides/tools-for-election-coverage) - [Tools for Climate Reporting](https://fieldwork.news/guides/tools-for-climate-reporting) - [Start Here: 5 Essential Tools](https://fieldwork.news/guides/start-here) - [Security by Threat Level](https://fieldwork.news/guides/security-by-threat-level) - [Tools for International Reporting](https://fieldwork.news/guides/tools-for-international-reporting) ## Comparisons - [Signal vs WhatsApp](https://fieldwork.news/compare/signal-vs-whatsapp) - [Signal vs Telegram](https://fieldwork.news/compare/signal-vs-telegram) - [ProtonMail vs Gmail](https://fieldwork.news/compare/protonmail-vs-gmail) - [1Password vs Bitwarden](https://fieldwork.news/compare/1password-vs-bitwarden) - [Obsidian vs Notion](https://fieldwork.news/compare/obsidian-vs-notion) - [Signal vs Element](https://fieldwork.news/compare/signal-vs-element) - [Tor vs Mullvad VPN](https://fieldwork.news/compare/tor-vs-mullvad) - [ChatGPT vs Claude vs Perplexity](https://fieldwork.news/compare/chatgpt-vs-claude-vs-perplexity) - [Otter.ai vs Whisper](https://fieldwork.news/compare/otter-vs-whisper) - [Datawrapper vs Flourish](https://fieldwork.news/compare/datawrapper-vs-flourish) - [Ghost vs Substack](https://fieldwork.news/compare/ghost-vs-substack) - [Ghost vs Beehiiv](https://fieldwork.news/compare/ghost-vs-beehiiv) - [Mullvad vs ProtonVPN](https://fieldwork.news/compare/mullvad-vs-protonvpn) ## Tools (243 evaluated) - [1Password](https://fieldwork.news/tools/1password): strong — Zero-knowledge encryption with unique Secret Key, AES-256, SOC 2 Type 2, ISO 27001/27017/27018/27701 certified, regular pentests by Cure53 and Bishop Fox (reports on Trust Center since November 2025), regional data residency choice, passkey support across all platforms, and free for journalists. No user data has ever been compromised. The gold standard for journalist security tools. - [Adobe Firefly](https://fieldwork.news/tools/adobe-firefly): adequate — Adobe is a mature enterprise software company with SOC 2 Type II, ISO 27001, and FedRAMP authorizations across various products. The contractual commitment not to train on customer content and the IP indemnification on enterprise plans are meaningful protections that competitors do not match. Content Credentials provide a verifiable provenance chain. The 'adequate' rating reflects Adobe's overall security posture and the unresolved questions about training data composition — not a specific concern about Firefly itself. - [Adobe Podcast Enhance](https://fieldwork.news/tools/adobe-podcast): adequate — Adobe is a mature enterprise vendor with SOC 2 Type II and ISO 27001 across its product lines, and the contractual commitment not to train on customer content applies to Adobe Podcast. Files are processed in Adobe's US cloud and deleted on a documented schedule. The 'adequate' rating reflects standard Adobe security posture and the cloud-only architecture — fine for routine field audio destined for publication, not appropriate for confidential source material that should never leave your machine. - [Airtable](https://fieldwork.news/tools/airtable): adequate — Strong encryption and compliance certifications (SOC 2 Type II, ISO 27001). Cloud-hosted and not zero-knowledge. Shared view permissions have structural limits — read-only users can still extract data. No HIPAA BAA on standard plans. Adequate for editorial workflows, not for sensitive source material. - [Aleph (OCCRP)](https://fieldwork.news/tools/aleph-occrp): adequate — Nonprofit-operated, open-source platform built specifically for investigative journalists. Strong institutional commitment to source protection — OCCRP has a decade-plus track record on major leak investigations. Search queries are logged and visible to OCCRP staff, which is a consideration for sensitive investigations. The Aleph Pro rebuild modernizes the security stack, but the funding instability introduces organizational risk: a nonprofit under financial pressure is inherently less predictable than a well-capitalized one. For maximum control, self-host OpenAleph. For most journalists, the free hosted version at aleph.occrp.org remains the best option. - [Amnesty MVT (Mobile Verification Toolkit)](https://fieldwork.news/tools/amnesty-mvt): strong — MVT is the gold standard for publicly available mobile spyware forensics. Built and maintained by Amnesty International's Security Lab, used in the Pegasus Project, peer-reviewed by Citizen Lab and independent researchers, fully open source, runs locally with no telemetry. The 'strong' rating reflects the tool itself — its provenance, transparency, and technical quality. It does not mean MVT will catch everything: signature-based detection is inherently limited, and unknown spyware will not appear in any IOC list. The right mental model is a smoke detector, not a force field. If you are a high-risk journalist who thinks you may be targeted, MVT is the right tool — but run it through a trained forensic investigator at Access Now, Citizen Lab, or Amnesty rather than going it alone. - [Apify](https://fieldwork.news/tools/apify): adequate — SOC 2 Type II certified, GDPR and CCPA compliant, headquartered in the EU (Czech Republic). Stronger compliance posture than most scraping tools. Scraped data passes through their cloud infrastructure, but the EU jurisdiction and SOC 2 certification provide meaningful assurance. The open-source SDK lets you run scrapers locally for sensitive work. Adequate for most journalism scraping; use local tools for the most sensitive investigations. - [Arc Search](https://fieldwork.news/tools/arc-search): adequate — Standard browser security practices: TLS in transit, Firebase encryption at rest, no advertising or data sales. The privacy posture is better than Chrome (no ad-tracking business model) but weaker than Firefox or Brave (not open source, AI queries are processed server-side). The Atlassian acquisition introduces governance uncertainty — Atlassian's enterprise data practices may eventually supersede The Browser Company's original privacy commitments. Rating is 'adequate' because the tool works as claimed and handles data responsibly today, but the maintenance-mode status and ownership change warrant monitoring. - [Arc XP](https://fieldwork.news/tools/arc-xp): adequate — Enterprise-grade infrastructure on AWS with SOC 2 Type II certification, encryption in transit and at rest, and dedicated security teams. The platform is well-maintained and battle-tested at Washington Post scale. Rating is 'adequate' rather than 'strong' because it is closed-source, US-jurisdiction-only by default, and your content and audience data are controlled by a third party. No self-hosting option means no path to full data sovereignty. - [Archive.today](https://fieldwork.news/tools/archive-today): caution — Downgraded from 'adequate' to 'caution' in April 2026. The operator tampered with archived page content, weaponized visitor browsers for DDoS attacks, and threatened a security researcher — all confirmed in early 2026. Wikipedia banned all links. FBI investigation ongoing. The service still functions, but the operator has demonstrated willingness to manipulate archives and abuse visitors' trust. Use as a secondary reference only, never as sole-source evidence. - [Audacity](https://fieldwork.news/tools/audacity): strong — Open-source, local-only audio processing. No account required. Telemetry is opt-in and disableable. The security model is solid — the concern is Muse Group's pattern of dark patterns and upselling, not data exfiltration. Download the standalone installer, disable telemetry, skip cloud features, and you have a fully offline tool with no network dependencies. - [AudioPen](https://fieldwork.news/tools/audiopen): adequate — Voice notes auto-deleted after processing. Encrypted at rest. Not used for AI training. No data sharing with third parties. Bootstrapped with no VC data monetization pressure. However, audio is still uploaded to cloud for processing, company jurisdiction is unclear, and no formal security certifications are published. Adequate for general note-taking but not for sensitive source material. - [Auphonic](https://fieldwork.news/tools/auphonic): adequate — Austrian/EU company subject to GDPR. Two-factor authentication available. Over a decade of stable operation. However, audio is uploaded to cloud servers for processing, specific data retention policies are not prominently documented, and encryption-at-rest status is unclear. Adequate for routine production audio but not recommended for sensitive source material. - [Authory](https://fieldwork.news/tools/authory): adequate — Standard web platform security with TLS in transit. German/EU jurisdiction provides GDPR protections. Authory does not sell data to PR firms or AI companies — a meaningful differentiator from platforms like Muck Rack. The privacy policy is straightforward but does not detail encryption at rest or infrastructure specifics. Google Analytics and Intercom are the main third-party data processors. The archival model is the real trust signal: full-text backups are private to the account holder, and data is exportable in XML or HTML. For journalists, the risk is not data exposure — it is platform dependency on a small company. Export regularly. - [Baserow](https://fieldwork.news/tools/baserow): strong — MIT-licensed, self-hostable, EU-based company. Self-hosted Baserow keeps all data on your own PostgreSQL database with no third-party access. Cloud version is GDPR-compliant on EU infrastructure. The self-hosting option with full data control is what earns 'strong' — cloud-only use would rate 'adequate.' For journalism, the ability to run an Airtable-equivalent on your own server with no record limits is a genuine security and cost advantage. - [beehiiv](https://fieldwork.news/tools/beehiiv): adequate — SOC 2 Type 1 certified (October 2025). GDPR/CCPA compliant. Annual penetration testing. Data stored on US AWS infrastructure — no EU residency option. VC-funded with ad network model — subscriber engagement data is part of the business. Shared email sending infrastructure is a deliverability risk, not a security risk per se, but it matters for operational reliability. Adequate for most publishing use cases. Subscriber data is exportable. - [Bellingcat Auto Archiver](https://fieldwork.news/tools/bellingcat-auto-archiver): adequate — Open-source (MIT license) with active development and community review. Self-hosted architecture means you control your data — nothing is sent to Bellingcat. Security posture depends entirely on your deployment: encrypted storage, VPN usage, and access controls are your responsibility. The tool itself is well-maintained (1,500+ commits, regular releases) with no known vulnerabilities in the codebase. The main risk is operational — archiving content from adversarial actors can expose your infrastructure if not properly isolated. Adequate for journalism use with appropriate deployment practices. - [Bellingcat Online Investigation Toolkit](https://fieldwork.news/tools/bellingcat-toolkit): adequate — The toolkit itself is a read-only GitBook directory — it doesn't process your data, store credentials, or require authentication. The security consideration is with the individual tools it links to, not the directory itself. One legitimate concern: Bellingcat's main WordPress site (bellingcat.com) leaked investigator metadata through default sitemaps in February 2026, exposing 89 email addresses and 32 full profiles. That's an OPSEC failure for the parent organization, but the GitBook-hosted toolkit runs on separate infrastructure with no user data exposure. Rating reflects that the directory itself is low-risk; users should independently assess each linked tool. - [BillTrack50](https://fieldwork.news/tools/billtrack50): adequate — Standard SaaS platform with HTTPS throughout. Account required for most features. The data you're searching is public legislative information, but your tracked bills, saved searches, and alert keywords are stored on LegiNation's servers and reveal your reporting interests. No third-party ad trackers, which is good. No published SOC 2 or independent security audit. Bootstrapped small team means security practices are likely proportional to company size — adequate for public legislative data, but don't assume enterprise-grade protections for your usage patterns. - [Bitwarden](https://fieldwork.news/tools/bitwarden): strong — Open-source (GPL 3.0), independently audited annually (Cure53, Insight Risk Consulting, Fracture Labs), zero-knowledge encryption, SOC 2 Type 2 certified. Self-hostable for full data control. Passkey support across all plans. The May 2024 metadata exposure was limited in scope and did not compromise encrypted vaults. One of the most trustworthy tools in our evaluation set. - [Blacklight](https://fieldwork.news/tools/blacklight): strong — Blacklight is not a tool that handles your data — it is a tool that reveals how other sites handle visitor data. The 'strong' rating reflects The Markup's credibility (Pulitzer-finalist nonprofit newsroom), the tool's transparency (Blacklight Query is open source), the absence of tracking on the tool itself, and the public-interest mission behind it. There is no meaningful security risk in using Blacklight: you enter a URL, it scans the site, you read the results. No account, no personal data, no tracking. The only consideration is that The Markup's servers process the URLs you scan — if your scan targets reveal your investigative interests, that is a minor operational security consideration, though The Markup has no incentive or history of disclosing such information. - [Blender](https://fieldwork.news/tools/blender): strong — Open-source (GPL v2+), fully local, zero telemetry, no accounts. Backed by a Dutch nonprofit with transparent finances. 27 historical CVEs are all patched; active security team tracks vulnerabilities. The only real attack surface is opening malicious .blend files — standard hygiene for any file-based tool. - [Bluesky](https://fieldwork.news/tools/bluesky): adequate — TLS encryption in transit. Partial encryption at rest — Bluesky has not published details on at-rest encryption for its managed PDS infrastructure. The real risk for journalists is not a data breach but architectural transparency: every public post is API-accessible by design. This is a feature of the AT Protocol, not a bug, but it means public Bluesky content has zero access friction for scrapers, AI trainers, or surveillance actors. DMs lack end-to-end encryption. The moderation team is small relative to the user base. Security vulnerability response has been criticized as slow. Domain-handle verification is a genuine trust innovation — it is cryptographically grounded and does not require platform approval. Data portability via self-hosted PDS is strong in theory but requires technical sophistication. For standard journalism use (sharing work, building audience, monitoring public discourse), the security posture is adequate. For sensitive source communication or any content that should not be public, Bluesky is the wrong tool. - [Botometer](https://fieldwork.news/tools/botometer): adequate — Public university research tool. Open-source client, transparent methodology, U.S. academic jurisdiction. The honest limitation is not security but staleness — Botometer X is a historical archive, not a live detector. Use it for what it is: a retrospective lookup against pre-June 2023 Twitter data, useful for reporting on historical campaigns and longitudinal research. - [Brave Browser](https://fieldwork.news/tools/brave-browser): strong — Open-source (MPL-2.0) Chromium fork with the strongest default privacy protections of any mainstream browser. Shields block trackers, ads, and fingerprinting out of the box. No server-side data collection from browsing. Brave Search operates an independent index with SOC 2 Type II attestation. Tor integration adds an anonymity layer. Regular Chromium merges keep security patches current. The crypto layer and past trust incidents (affiliate links, DNS leak) are real concerns but do not weaken the browser's core security architecture. Consistently top-ranked in PrivacyTests and PCMag privacy benchmarks. - [Briar](https://fieldwork.news/tools/briar): strong — Fully decentralized architecture eliminates server-side attack surface entirely. Bramble protocol suite provides E2E encryption with forward secrecy across Tor, Bluetooth, WiFi, and USB transports. Tor routing by default hides metadata (who talks to whom). Two independent audits — Cure53 (2017, 12 findings, no critical) and Radically Open Security (2023, 6 findings, no critical) — confirm strong implementation. Three CVEs in 2023 were responsibly disclosed by ETH Zurich and patched quickly. Open source, reproducible builds via F-Droid. 3.6M+ Google Play downloads. No comparable tool exists for internet-shutdown resilience. - [Buttondown](https://fieldwork.news/tools/buttondown): adequate — GDPR compliant with immediate data deletion. Analytics off by default — a meaningful privacy-first design choice. Multi-factor authentication via TOTP and passkeys. Content Security Policy implemented. Payment data handled exclusively by Stripe. No disclosed security certifications (no SOC 2, no ISO 27001). No public vulnerability disclosure program or bug bounty. Encryption at rest is not documented. Bootstrapped structure eliminates data monetization incentives. Third-party email delivery (Mailgun, Postmark) means content transits external infrastructure. Adequate for newsletter publishing. Not designed for high-risk communications. - [Canva](https://fieldwork.news/tools/canva): adequate — SOC 2 Type II and ISO 27001 certified. Canva Shield provides enterprise-grade AI governance, SSO, SCIM provisioning, and audit logs. AI training policy is clear and favorable: off by default for individuals, always off for Teams/Business/Enterprise. The 2019 breach (139M records) is old but large. Current security posture is standard for a company at this scale. Not suitable for confidential source material, but fine for public-facing production work. - [CapCut](https://fieldwork.news/tools/capcut): caution — The 'caution' rating reflects ByteDance's data governance structure: Chinese national security law applies to the parent company, the ToS grant a perpetual license to all uploaded content, a biometric data class-action is pending, and the legal framework for a US ban remains in place. CapCut has not published SOC 2, ISO 27001, or equivalent security certifications. For public social video with no sensitive content, the risk is manageable. For any journalistic material involving sources, unpublished work, or operational security, CapCut is inappropriate. - [CARTO](https://fieldwork.news/tools/carto): strong — CARTO's cloud-native architecture is a genuine security advantage — your spatial data stays in your own data warehouse and CARTO queries it in place, rather than copying it to their servers. Encryption in transit and at rest. GDPR compliant. Well-funded company with enterprise security posture. The 'data never leaves your cloud' model makes this one of the more privacy-friendly options for large-scale geospatial analysis. Appropriate for sensitive data journalism if your underlying data infrastructure is properly secured. - [Census Reporter](https://fieldwork.news/tools/census-reporter): strong — Open-source, grant-funded, no account required, no login, no PII collected. The data is public Census Bureau information. Minimal server-side data collection. One of the lowest-risk tools a journalist can use — you're querying public data on an open-source platform with no authentication surface. - [ChangeDetection.io](https://fieldwork.news/tools/changedetection): strong — Open-source (MIT license), fully auditable code, self-hostable with zero third-party data exposure. When self-hosted, this is one of the strongest privacy stories in the journalism tool landscape — no one else knows what you're watching, when pages changed, or what the changes were. The code is actively maintained with regular releases. For the hosted SaaS version, the rating drops to 'adequate' since the service necessarily knows your monitoring targets. Self-hosted deployment is the recommended approach for any sensitive monitoring work. - [ChatGPT](https://fieldwork.news/tools/chatgpt): caution — Strong infrastructure security (encryption in transit and at rest, SOC 2 for enterprise tiers) but the default data training opt-in is a serious risk for journalists. The expanding memory feature creates persistent user profiles. Worsening hallucination rates in newer models (o3: 33%, o4-mini: 48-79%) make ChatGPT unreliable for fact-dependent journalism tasks. Multiple privacy incidents in 2023-2025 demonstrate ongoing operational security gaps. The February 2026 Pentagon contract introduces new considerations for journalists covering national security. Opt out of training and memory immediately. Use Team/Enterprise for newsroom deployments. Never trust ChatGPT output without independent verification. - [Claude](https://fieldwork.news/tools/claude): caution — Consumer tiers (Free/Pro/Max) train on conversations by default with up to five-year retention — opt-out available but not the default. Commercial tiers (Team/Enterprise/Government) offer genuinely strong data isolation with no training and optional zero-data-retention. API retention is 7 days, never trained on. Rating reflects the consumer-tier defaults; commercial tiers alone would rate 'strong.' Disclosure: this site was built with Claude. - [ClinicalTrials.gov](https://fieldwork.news/tools/clinicaltrials-gov): strong — US government service operated by NIH/NLM with no advertising, no data sales, and no third-party tracking. No account required for searching. All data is public record. Minimal data collection. The 'strong' rating reflects institutional credibility, federal security standards, absence of commercial incentives, and the fact that using this service exposes no meaningful personal data. - [Consensus](https://fieldwork.news/tools/consensus): adequate — HTTPS encryption in transit. U.S. jurisdiction. VC-backed startup with standard security practices. No published SOC 2 certification or independent security audit. Search queries reveal your research interests, which is the primary privacy consideration for journalists. Adequate for academic background research and fact-checking. Be mindful that query patterns could reveal story angles for sensitive investigations. - [Content Credentials (C2PA)](https://fieldwork.news/tools/content-credentials): adequate — The cryptography is sound and the standard is open and inspectable. The weakness is the ecosystem: metadata stripping on upload, optional identity fields that can dox creators, and recent certificate revocations show the trust chain is still maturing. Strong as a chain-of-custody signal inside controlled newsroom workflows. Limited as a public-facing truth signal until platforms preserve credentials end to end. - [Copyscape](https://fieldwork.news/tools/copyscape): adequate — Long-established service (2004) with a simple, stable business model and no known breaches. Encryption in transit confirmed. The main consideration is that submitted text is transmitted to their servers for processing — don't submit sensitive unpublished investigative material. For its intended use case (checking if text appeared elsewhere on the web), the privacy risk is minimal. Bootstrapped company with 20-year track record — no investor pressure to monetize user data. - [Coral](https://fieldwork.news/tools/coral-project): adequate — Open-source (Apache 2.0), 2K GitHub stars, active development (v9.11.2, Jan 2025). Self-hosted model gives full data control — a genuine advantage over Disqus. The 2021 email leak vulnerability was serious but patched fast. TypeScript codebase (71%) with verified GPG-signed releases. Main risk: Perspective API sends comment text to Google, and self-hosting security depends entirely on your own infrastructure. Adequate for most newsrooms; strong if you have competent DevOps. - [Corporate Prosecution Registry](https://fieldwork.news/tools/corporate-prosecution-registry): strong — Hosted by a major US public university with institutional IT infrastructure and security. No user accounts, no personal data collection, no login required. The data is entirely public federal court records with zero sensitivity. No advertising, no tracking beyond standard university analytics. The threat model is essentially zero — you are searching public court records on a university website. No record of security incidents. Rating reflects the combination of zero-sensitivity public data, no authentication requirements, and institutional hosting. - [CryptPad](https://fieldwork.news/tools/cryptpad): strong — Zero-knowledge end-to-end encryption by default — the server never sees plaintext. Open-source (AGPL), auditable code on GitHub. EU-funded, French-hosted under GDPR. Post-quantum cryptography research completed (ML-KEM, ML-DSA) with crypto-agility refactor for easy algorithm switching. Two vulnerabilities disclosed and patched in 2025 (2FA bypass and sandboxed XSS). No full third-party audit published, which is the one gap. The architecture is sound; the disclosure process is transparent. - [Dangerzone](https://fieldwork.news/tools/dangerzone): strong — Pixel-based sanitization eliminates embedded malware without relying on signature detection — fundamentally stronger than antivirus scanning. gVisor sandbox (memory-safe Go) intercepts every syscall between the conversion process and the host kernel. Container has no network access and no filesystem mounts. December 2023 audit by Include Security found zero critical/high/medium issues. Local-only processing means zero data exposure. Open source (AGPLv3), 4.8K GitHub stars, 21+ contributors. Backed by Freedom of the Press Foundation with active development — 0.10.0 shipped December 2025 with Podman bundled, eliminating Docker Desktop dependency. - [darktable](https://fieldwork.news/tools/darktable): strong — Fully local, open-source under GPL-3.0, no accounts or telemetry. All processing happens on your machine with no network connections. Original files are never modified. Granular metadata export controls support source protection workflows. One of the strongest privacy stories in photo software. - [Data.gov](https://fieldwork.news/tools/data-gov): strong — Federal government website operated by GSA on government infrastructure. HTTPS throughout. Subject to federal cybersecurity standards. No account required for core functionality. No commercial tracking. The datasets themselves are public records. The only consideration is data provenance — always verify that a dataset is current and sourced from the authoritative agency, since Data.gov is a catalog pointing to external agency servers. - [Dataminr](https://fieldwork.news/tools/dataminr): adequate — Strong technical security: AES-256 encryption at rest, TLS 1.2+ in transit, SOC 2 Type II certified, ISO 27001 and ISO 27701 certified, 24/7/365 security operations center. The infrastructure is enterprise-grade. The rating reflects the dual-use concern, not a technical weakness. Dataminr simultaneously serves newsrooms and law enforcement/military clients using the same platform and data sources. Your alert configurations and search patterns could theoretically be relevant to law enforcement interests. The privacy policy does not address journalist-specific protections. For breaking news detection, the technical security is strong. For journalists covering protests, civil liberties, or law enforcement, the company's documented history of providing surveillance alerts to police is a material consideration. - [Datawrapper](https://fieldwork.news/tools/datawrapper): strong — ISO 27001 certified with annual audits. Annual third-party penetration testing. All code peer-reviewed. German-based, GDPR-compliant, all data in EEA. Zero cookies, zero trackers, zero third-party scripts on embedded charts. No VC funding means no data monetization pressure. Upgraded from 'adequate' to 'strong' based on verified ISO 27001 certification, pen testing program, and exceptional embed privacy posture. - [DaVinci Resolve](https://fieldwork.news/tools/davinci-resolve): adequate — Closed-source but fully local processing — all AI inference runs on-device via the DaVinci Neural Engine, no cloud round-trips. No telemetry concerns reported. Registration required for download, but the application itself operates independently. Blackmagic's hardware-first business model (cameras, capture cards) means minimal incentive to monetize user data. Optional Blackmagic Cloud collaboration is the only feature that transmits project data, and it's explicitly opt-in. For journalists handling sensitive footage, the local-only architecture is a meaningful advantage over cloud-dependent editors. - [DeepL](https://fieldwork.news/tools/deepl): strong — German-headquartered, GDPR-native. Holds ISO 27001:2022, SOC 2 Type II, and C5 Type 2 attestation. Pro tier explicitly deletes text after translation and never trains on it. Enterprise features include BYOK encryption, SSO (OIDC/SAML), MFA, network access restrictions, and detailed audit logs. Regular internal and external penetration testing. The only meaningful gap: the free tier's data handling is opaque compared to Pro, and the tool is not open source. - [DeepSeek](https://fieldwork.news/tools/deepseek): caution — This rating applies to the web interface (chat.deepseek.com). Chinese data jurisdiction with mandatory intelligence cooperation laws, no independent judicial oversight, banned by multiple governments, and subject to ongoing EU regulatory action. For journalists, using the web interface with any sensitive material is inadvisable. However: the open-weight models (DeepSeek-R1, V3) run locally with zero data exposure and would rate 'strong' on privacy — the math doesn't phone home. The rating reflects the product most users will encounter (the web interface), not the self-hosted deployment that technical users can configure. - [Descript](https://fieldwork.news/tools/descript): adequate — SOC 2 Type II compliant. AES-256 at rest, TLS 1.2 in transit. GDPR/CCPA aligned. AI training opt-in disabled by default. No breaches on record. Rating reflects cloud-only processing model — all media must leave your machine. Fine for non-sensitive production; not appropriate for confidential source material. - [Disconnect](https://fieldwork.news/tools/disconnect): adequate — Open source (GPL v3), runs entirely locally in the browser, collects no user data. The tracker protection technology is trusted enough that Mozilla, Microsoft, and Samsung license it for their browsers — that is a meaningful signal. Rating is 'adequate' rather than 'strong' because the extension's development has slowed, the curated list approach has inherent lag against new trackers, and the company's focus has shifted toward enterprise products. The tool does what it claims, but journalists needing maximum protection should pair it with uBlock Origin and other layered defenses. - [DocumentCloud](https://fieldwork.news/tools/documentcloud): strong — Nonprofit-operated, open-source, hosted on AWS US. Three-tier access controls (private, organization, public). Built specifically for journalism with source document publishing as the core use case. No tracking or advertising. The coarse org-level permissions and the risk of accidentally publishing private documents are the main concerns — both mitigated by verifying access levels before upload. - [DuckDuckGo](https://fieldwork.news/tools/duckduckgo): strong — No search tracking, no user profiles, no ad targeting based on history. Privacy-first by design and confirmed by independent audits. Browser apps and extensions are open source (Apache 2.0, GitHub). Core search engine is proprietary. The 2022 Microsoft tracker issue was a real failure, but it was in the browser's tracker blocking — not in the search engine itself — and it has been fully remediated. Duck.ai's privacy architecture (IP stripping, no conversation storage, proxied requests) is well-designed for private AI access. Rating remains strong because the core privacy claims hold up: your searches are not logged, your profile is not built, and your data is not sold. - [Element](https://fieldwork.news/tools/element): strong — Open-source protocol and clients. E2E encryption via vodozemac (Rust implementation of Olm/Megolm, same Double Ratchet family as Signal). Audited by Least Authority (2022, funded by Germany's gematik), NCC Group (libolm), and Germany's BSI via the CAOS program. Formal cryptographic analysis published (2023). April 2026 mandate requires verified devices for all E2E rooms. Decentralized architecture eliminates single point of compromise. Government adoption by 25+ countries, NATO, and the European Commission validates the security model. The vodozemac cryptographic concerns raised in February 2026 are theoretical under current deployment constraints but highlight that Matrix's crypto layer receives less independent scrutiny than Signal's. - [ElevenLabs](https://fieldwork.news/tools/elevenlabs): caution — ElevenLabs is SOC 2 Type II compliant with HIPAA and zero-retention options on Enterprise plans. Technical security is appropriate for a company at this scale. The 'caution' rating is editorial, not technical: voice cloning misuse is documented and ongoing, the consent verification flow is weaker than newsroom standards require, and AI audio carries publication risk that the tool itself cannot mitigate. Use the product with a policy in place, not before. - [Elicit](https://fieldwork.news/tools/elicit): adequate — Public benefit corporation structure provides some alignment of incentives. HTTPS encryption in transit. U.S. jurisdiction. Research queries reveal your investigative interests, which is the primary privacy consideration. No published SOC 2 certification or independent security audit. Adequate for academic background research. Be mindful that query patterns could reveal unpublished story angles for sensitive investigations. - [ExifCleaner](https://fieldwork.news/tools/exifcleaner): strong — Fully local processing — no network connections, no telemetry, no data exfiltration path. Open-source under MIT license, independently auditable. Wraps ExifTool, the industry-standard metadata engine maintained for 23+ years. The only attack surface is Electron's dependency chain and ExifTool's file parsing — both mitigated by keeping the app updated. One of the most trustworthy tools for journalists handling sensitive files. - [ExifTool](https://fieldwork.news/tools/exiftool): strong — Fully local processing — no network connections, no data exfiltration path. Open-source Perl script, independently auditable, maintained for 23+ years with prompt CVE response (v13.50 patched CVE-2026-3102 within days). The only attack surface is processing malicious files, which is inherent to any metadata tool. Keep it updated. One of the most trustworthy tools available for journalists handling sensitive files. - [Expertise Finder](https://fieldwork.news/tools/expertise-finder): adequate — Low-risk tool for journalists — no account required for searching, minimal personal data collection. Faculty data is published with institutional consent. Canadian jurisdiction with standard privacy protections. The main concern is not security but completeness: results are limited to paying institutions, which could bias your sourcing if you rely on it exclusively. Adequate for its purpose as a sourcing aid. - [Factiva](https://fieldwork.news/tools/factiva): adequate — Factiva runs on Dow Jones enterprise infrastructure with encryption in transit and at rest, role-based access, and standard logging. There is no public record of a major Factiva breach. The platform has not publicly disclosed SOC 2 Type II status, and pricing opacity makes it difficult for individual researchers to negotiate data handling terms. The bigger trust consideration is corporate: Factiva is owned by News Corp, which means search queries flow through Murdoch-controlled infrastructure. Rating reflects standard enterprise security with a meaningful corporate-conflict caveat for journalists covering News Corp or Murdoch family interests. - [Factiverse](https://fieldwork.news/tools/factiverse): adequate — Norwegian company under GDPR jurisdiction — strong legal framework for data protection. Encryption in transit confirmed. Specific data retention and at-rest encryption details not publicly documented, which is typical for enterprise-only products. No known breaches or privacy incidents. The Norwegian jurisdiction and journalism-specific focus are positive signals, but the lack of public security documentation means you should verify terms contractually before submitting sensitive editorial content. - [Fathom](https://fieldwork.news/tools/fathom): adequate — Strong compliance posture: HIPAA, SOC 2 Type II, GDPR compliant, and Zoom-security-reviewed. Encryption in transit and at rest, no third-party cookies, no AI training on user data. Recordings are private by default. The main risk is inherent to the category — all recordings are cloud-stored, and a visible bot joins every call. Appropriate for on-the-record interviews and editorial meetings. Not appropriate for sensitive source conversations. - [Felt](https://fieldwork.news/tools/felt): strong — SOC 2 Type II certified and GDPR compliant — unusual for a mapping tool at this stage. Encryption in transit and at rest. U.S. jurisdiction with AWS hosting. MFA required for employee access to internal systems. The cloud-only model means your data lives on their servers, but the security posture is genuinely strong for a Series A company. Appropriate for public data journalism. Use local GIS tools for investigations involving sensitive geographic intelligence. - [Firefox](https://fieldwork.news/tools/firefox): strong — Open-source, nonprofit-backed, strong default tracking protection with Total Cookie Protection and fingerprint resistance. The only major browser independent of Google's Chromium engine. Regular 4-week security update cycle. Full Manifest V2 extension support (uBlock Origin works here, not in Chrome). Rating holds despite Mozilla's AI pivot controversy and Terms of Service missteps — the browser's actual privacy architecture remains best-in-class for a mainstream daily driver. Watch the AI integration closely. - [Flourish](https://fieldwork.news/tools/flourish): adequate — Encrypted infrastructure on AWS with Postgres encryption at rest. The Canva ownership is the main concern: free-tier users are opted into AI training by default, and free projects are public and duplicable. Paid tiers and GNI newsroom accounts get private projects and are exempt from AI training. Adequate for most newsroom work on paid/GNI tiers; use caution on the free tier with any data you wouldn't publish. - [FOIA.gov](https://fieldwork.news/tools/foia-gov): strong — Federal government website operated by the Department of Justice on government infrastructure. HTTPS throughout. Subject to federal cybersecurity standards (FISMA, FedRAMP). No commercial tracking or advertising. The main consideration is not technical security but operational privacy: your FOIA requests are federal records that may be publicly logged, which can reveal your reporting interests to the agency you are investigating and to anyone who reviews FOIA logs. - [FotoForensics](https://fieldwork.news/tools/fotoforensics): adequate — Useful triage tool with a clear scope. The public site's indefinite image retention and lack of privacy controls are the main concern — uploaded images join a research archive visible to administrators and partners. The paid Lab service addresses this with auto-deletion and no research sharing. Standard HTTPS in transit. For sensitive verification work, use offline ELA tools or the paid Lab service instead of the public site. - [Gamma](https://fieldwork.news/tools/gamma): adequate — Standard cloud SaaS with encryption in transit. All content is AI-processed, meaning everything you enter flows through Gamma's models. No published SOC 2 or ISO 27001 certifications found. GDPR concerns around viewer tracking have been raised by enterprise users. Adequate for public-facing content, but not appropriate for sensitive or confidential material. - [GeoConfirmed](https://fieldwork.news/tools/geoconfirmed): adequate — The platform publishes publicly available geolocation data derived from open-source social media. No accounts required to view data — minimal privacy exposure for users. The data itself is conflict documentation, not personal information. Netherlands-based operation within EU jurisdiction. The main considerations are source-media link fragility (not a security issue but an evidence-preservation issue) and the absence of formal organizational governance. Rating reflects low-risk data profile and no-login access, balanced against limited documentation of infrastructure security practices and no formal institutional backing. - [GeoSpy](https://fieldwork.news/tools/geospy): caution — Upgraded from 'adequate' to 'caution.' Images are uploaded to servers operated by a company whose primary customers are law enforcement. Data retention terms are vague. No transparency report. No independent audit. The tool was publicly available for months with documented stalking misuse before access was restricted — and only after press pressure, not internal policy. Graylark's business model is surveillance; journalists should weigh whether that alignment creates risks for their sources and reporting. - [Ghost](https://fieldwork.news/tools/ghost): strong — Open-source with active security response. Nonprofit structure eliminates data monetization incentives. Passwords use bcrypt with salting per OWASP standards. No raw SQL — uses Bookshelf ORM and Knex query builder exclusively. Ghost-CLI runs without root privileges and auto-configures SSL via Let's Encrypt. Login attempts rate-limited to 5/hour/IP. Device verification on new staff logins. Optional email-based 2FA (though CVE-2026-22594 showed a bypass, now patched). Responsible disclosure program at security@ghost.org with defined response timelines (critical fixes within one month). Continuous dependency scanning via GitHub and yarn audit. Several CVEs in 2024–2026 (XSS, SSRF, auth bypass) were all patched promptly. Self-hosting option gives full infrastructure control. No compliance certifications (SOC 2, ISO 27001) claimed by Ghost Foundation directly, though third-party Ghost hosting providers like Elestio hold them. - [GIMP](https://fieldwork.news/tools/gimp): strong — Open-source, fully local, no accounts or telemetry. Part of the GNU Project with decades of community oversight. File-parsing CVEs are the main attack surface — mitigated by keeping current (3.2.2 as of March 2026) and not opening untrusted files in exotic formats. - [Global Fishing Watch](https://fieldwork.news/tools/global-fishing-watch): strong — US-based nonprofit with a transparency mission. All data is public and open — there is no sensitive proprietary information to protect. The code is open source on GitHub, allowing full methodology verification. Infrastructure runs on Google Cloud Platform with standard enterprise security. Minimal user data collection (email for optional account). No advertising, no data sales, no commercial surveillance. The open-source, open-data architecture is the strongest possible trust signal for investigative work: every detection is reproducible and verifiable. No record of security incidents. - [Global Forest Watch](https://fieldwork.news/tools/global-forest-watch): strong — Operated by WRI, a major global research institution with strong governance and a 40-year track record. All data is public satellite-derived information — no sensitive proprietary data to protect. Open-source code and peer-reviewed methodology provide full transparency. Infrastructure on Google Cloud with standard enterprise security. Minimal user data collection — platform works without login. The main concern is standard Google Analytics tracking search patterns, which is mitigatable by downloading datasets for offline analysis. No record of security incidents. The open, reproducible methodology is the strongest possible trust architecture for investigative environmental journalism. - [Good Tape](https://fieldwork.news/tools/good-tape): strong — ISO 27001 certified. AES-256 encryption at rest, TLS 1.2/1.3 in transit. Audio deleted after processing by default. EU-only servers and subprocessors. No AI training on user data. Hosts own LLM rather than routing to third-party APIs. DPA available on Pro and Business tiers. Built by journalists for journalists — privacy is architectural, not bolted on. - [Google Alerts](https://fieldwork.news/tools/google-alerts): adequate — Standard Google security infrastructure — TLS in transit, encryption at rest, robust account security options (2FA, passkeys). The concern is not security but privacy: your alert queries reveal your investigative interests to Google, which retains that data, uses it for profiling, and will disclose it under legal process. For journalists covering sensitive topics, this is a meaningful exposure. A separate, pseudonymous Google account mitigates the risk but does not eliminate it. Google Alerts requires a Google account — there is no anonymous usage path. - [Google Colab](https://fieldwork.news/tools/google-colab): adequate — Standard Google Cloud security: encryption in transit (TLS) and at rest, isolated VM execution, SOC 2/ISO 27001 infrastructure. The concern is not a security weakness — it is data access. Google can see your notebooks, your data, and (if you use AI features) your prompts. Human reviewers may read them. Adequate for public data analysis and learning. Not suitable for sensitive or confidential material. Use local Jupyter instead. - [Google Docs](https://fieldwork.news/tools/google-docs): adequate — Strong infrastructure security: AES-256 at rest, TLS in transit, ISO 27001 and SOC 2/3 certified, FIPS 140-2 validated encryption modules. But Google is not zero-knowledge — they can access your document content, and they comply with legal process (82,000+ government data requests in H1 2024 alone). Gemini AI processes document content when features are active. Client-Side Encryption exists but is locked behind Enterprise Plus plans ($25–35+/user/month) and requires third-party key management. Google Advanced Protection Program (free) adds phishing-resistant login but does not change Google's ability to access stored documents. Adequate for general editorial collaboration. Not recommended for sensitive source material, investigation notes, or legally risky reporting without Enterprise CSE. Journalists handling sensitive material should use CryptPad or local encrypted storage. - [Google Earth Pro](https://fieldwork.news/tools/google-earth-pro): adequate — Powerful free tool with standard Google data collection. Your search queries and viewed locations are logged and feed advertising profiles. Common Sense Privacy rates Google Earth as 'Warning' for data practices. Adequate for routine journalism; use a dedicated account and VPN for sensitive geolocation investigations. The CIA-funded origin story is historical context, not a current operational concern — but it underscores that geospatial intelligence has always been a dual-use technology. - [Google Fact Check Explorer](https://fieldwork.news/tools/google-fact-check-explorer): adequate — Standard Google service with HTTPS and enterprise-grade infrastructure. The privacy trade-off is typical of Google products: your search queries are logged and subject to Google's broad data collection practices. For routine verification work this is fine. For sensitive pre-publication research, the fact that Google can see exactly what claims you're investigating warrants caution — use without signing in and consider your threat model. - [Google Gemini](https://fieldwork.news/tools/google-gemini): caution — Strong infrastructure security at the Workspace tier: SOC 1/2/3, ISO 42001, FedRAMP High, HIPAA, client-side encryption. Workspace Business/Enterprise provide genuine data isolation with no model training on customer data. The free tier trains by default with human review of anonymized conversations — a significant risk for journalists. The hallucination problem is the most serious concern: 88-91% hallucination rates on ungrounded queries make Gemini unreliable for fact-dependent journalism without source documents. Use Workspace tiers for newsroom deployments. Never trust ungrounded Gemini outputs without verification. - [Google Maps](https://fieldwork.news/tools/google-maps): adequate — TLS encryption in transit. Encryption at rest on Google's servers. The risk is not a security vulnerability but a data collection model. Google Maps logs your searches, routes, and location visits, feeding this into advertising profiles. The $392 million location tracking settlement confirms that Google's location data practices have exceeded what users consented to. Geofence warrants are a real concern for journalists investigating sensitive locations. For routine field work — navigation, location verification, Street View reconnaissance — the security posture is adequate. For sensitive investigations where your search patterns could reveal sources or story targets, use a dedicated account, VPN, and incognito mode, or switch to OpenStreetMap. - [Google NotebookLM](https://fieldwork.news/tools/google-notebooklm): adequate — Google infrastructure with standard encryption in transit and at rest. Google commits to not training on uploaded data, with stronger contractual guarantees for Workspace accounts than consumer accounts. All documents are processed server-side on Google Cloud. No zero-knowledge architecture — Google can technically access your content. Adequate for public records and published research. Not appropriate for source-identifying materials, leaked documents, or anything requiring confidentiality from a platform operator. - [Google Pinpoint](https://fieldwork.news/tools/google-pinpoint): caution — Strong infrastructure security (Google Cloud encryption, private-by-default collections) but documents are processed on Google's servers under Google's broad privacy policy. Human reviewers can sample your prompts. No journalist-specific data protection guarantees. Use a dedicated account and keep sensitive source materials off the platform entirely. - [Google Sheets](https://fieldwork.news/tools/google-sheets): adequate — Strong infrastructure security: AES-256 at rest, TLS in transit, ISO 27001 and SOC 2/3 certified, FIPS 140-2 validated encryption modules. But Google is not zero-knowledge — they can access spreadsheet contents, and they comply with legal process (82,000+ government data requests in H1 2024 alone). Gemini AI processes spreadsheet data when features are active. Client-Side Encryption exists but is locked behind Enterprise Plus plans ($25-35+/user/month) and requires third-party key management. Adequate for public data, published datasets, and general newsroom data work. Not recommended for sensitive source-linked data, investigation financials, or legally risky datasets without Enterprise CSE. - [Google Translate](https://fieldwork.news/tools/google-translate): adequate — TLS encryption in transit. Encryption at rest on Google's servers. Access restricted to authorized Google employees. The privacy concern is data retention, not data security: text submitted to the free version may be logged and used for model training. The Cloud Translation API has stronger guarantees — Google does not log request content for paid API customers. No known data breaches specific to Google Translate. For routine journalism (reading foreign sources, field translation, quick document scans), the security posture is adequate. For sensitive material, use DeepL Pro or local translation tools. - [Google Trends](https://fieldwork.news/tools/google-trends): adequate — Standard Google infrastructure. No sensitive data uploaded — you only view aggregated public data. The risk is metadata: Google logs your Trends queries as part of Web & App Activity when signed in, which could reveal story research patterns. Mitigated by using incognito mode or signing out. - [GPTZero](https://fieldwork.news/tools/gptzero): caution — Technical security is standard commercial SaaS — HTTPS, U.S. jurisdiction, reasonable retention for personal data. The caution is editorial. Dashboard submissions are stored and may be used for training in anonymized form permanently. Documented bias against non-native English speakers and active lawsuits over wrongful accusations make this a tool to use defensively, never offensively. Use the API path for sensitive text. Never base a published claim on a score alone. - [Grammarly](https://fieldwork.news/tools/grammarly): caution — Strong infrastructure security: encryption in transit (TLS 1.2) and at rest (AES-256), SOC 2 Type II, ISO 27001/27017/27018, HIPAA option for Enterprise. The concern is not infrastructure — it is the data model. All text processing is server-side with no local option. AI training is opt-in by default for individual users. The browser extension processes every text field indiscriminately. Enterprise tier provides contractual protections, but individual journalists on Free or Pro have limited recourse. The rapid corporate transformation (three acquisitions, rebrand, new CEO) adds uncertainty about future data practices. Opt out of training, disable the extension on sensitive sites, and never process confidential source material through Grammarly. - [GrapheneOS](https://fieldwork.news/tools/grapheneos): strong — Hardened kernel with memory-safe allocator, verified boot via Titan M2, auto-reboot re-encryption, USB-C lockout, per-app network and sensor controls, sandboxed Google Play without system privileges. Open-source with active security research and rapid patch delivery (ships Android security patches before Google's public bulletin). Leaked 2024 Cellebrite documents confirm GrapheneOS defeats their extraction tools on Pixel 6 and later — the only mobile OS with that distinction. The gold standard for mobile security. - [GuideStar (Candid)](https://fieldwork.news/tools/guidestar): adequate — Operated by a well-established nonprofit (Candid) with a 25+ year track record. HTTPS throughout. Account required for full access. The underlying nonprofit data is derived from public IRS filings, so the data itself is not sensitive. Your search patterns and the nonprofits you research are visible to Candid. Privacy policy is clear and recently updated. No advertising trackers. Adequate security for the nature of the data — the main consideration is operational, not technical. - [Have I Been Pwned](https://fieldwork.news/tools/have-i-been-pwned): strong — K-anonymity password checking is cryptographically sound — your password hash is never fully transmitted. The FBI feeds compromised passwords directly into the Pwned Passwords database, making it the most comprehensive credential-checking service available. Azure Storage provides AES-256 encryption at rest. Cloudflare handles edge security. The Pwned Passwords API processes 2B+ queries per month and is integrated into major browsers, password managers, and identity services. The March 2025 Mailchimp phishing incident affected Hunt's personal mailing list, not the HIBP service itself, and his 34-minute disclosure set a transparency standard few organizations match. The main limitation: the core HIBP codebase is closed-source, so you're trusting Hunt's infrastructure. Given 12+ years of consistent, transparent operation and FBI partnership, that trust is well-placed. - [Hemingway Editor](https://fieldwork.news/tools/hemingway-editor): adequate — Free web version and desktop app keep text local — no server transmission for core readability features. Editor Plus sends text through OpenAI for AI rewrites, with a stated no-sell/no-training policy but limited transparency on retention. No SOC 2 certification or independent security audit disclosed. Low risk for most editing use cases; avoid Plus for sensitive unpublished material. - [HeyGen](https://fieldwork.news/tools/heygen): adequate — HeyGen maintains SOC 2 Type 2 certification, GDPR compliance, and a structured consent flow for biometric data. The company's trust and safety team actively moderates content. The 'adequate' rating reflects the solid security infrastructure and privacy practices, balanced against the inherent dual-use risk of synthetic media technology and the absence of C2PA provenance on outputs. The consent mechanisms are better than most competitors, but the technology remains fundamentally capable of misuse. - [Hindenburg PRO](https://fieldwork.news/tools/hindenburg): adequate — Desktop application with local-only audio processing and on-device transcription — no audio ever leaves your machine. Strong structural privacy model for the core editing workflow. Rating is 'adequate' rather than 'strong' because: encryption-at-rest details are undocumented, the licensing system requires periodic online check-ins, and the company's website deploys extensive third-party tracking (Google Analytics, Facebook Pixel, LinkedIn, Twitter, Reddit). The product itself handles sensitive audio well. The marketing infrastructure is typical adtech. - [Hunchly](https://fieldwork.news/tools/hunchly): adequate — Local-first architecture (Classic plan) with SHA-256 evidence hashing is solid for investigative integrity. Cloud plan adds Kasm browser isolation, which is a real operational security upgrade for sensitive investigations. Not open source, so no independent code audit. Now owned by Maltego (German company, $100M funded), which is a more institutional owner than a solo developer — brings resources but also changes the trust calculus. Hashing proves post-capture integrity but not pre-capture authenticity. Strong reputation across OSINT community, Bellingcat endorsement, and law enforcement adoption. Evidence packages have been used in legal proceedings, though admissibility ultimately depends on jurisdiction and chain-of-custody procedures beyond the tool itself. - [Hunter.io](https://fieldwork.news/tools/hunter): adequate — EU-hosted (Belgium) with GDPR compliance and Standard Contractual Clauses for international transfers. Hunter indexes only publicly available professional email data — not scraped from private databases. Encryption in transit confirmed. Search history is logged and retained, which matters if you're researching sensitive targets. The platform is a data aggregator by design, so it inherently involves collecting and storing personal information (professional emails). Adequate for standard journalism outreach; not appropriate for high-risk investigations where your search activity itself could be compromising. - [Hypothesis](https://fieldwork.news/tools/hypothes-is): adequate — Open source (BSD 2-Clause license) with nonprofit+PBC governance. No data monetization. Completed Cloud Security Alliance CAIQ assessment. Regular vulnerability testing. Hosted on AWS. Annotations stored on Hypothesis servers — public annotations are fully discoverable by anyone, including unauthenticated users. Access controls exist for private and group annotations. No published SOC 2 Type II audit. The extension's always-on nature creates browsing metadata that journalists in sensitive contexts should weigh carefully. - [iA Writer](https://fieldwork.news/tools/ia-writer): strong — Local-first architecture with no account requirement and no content transmission to iA servers. Bootstrapped Swiss company with no investor pressure to monetize data. Telemetry is minimal and optional. Privacy posture is among the strongest in the writing tool category. The only variable is your choice of cloud sync provider. - [ICIJ Offshore Leaks Database](https://fieldwork.news/tools/icij-offshore-leaks): adequate — Nonprofit-operated public database with no account requirement and minimal data collection. The main operational security consideration is that your search queries are processed on ICIJ's US-based servers — if you're investigating entities that monitor their own exposure, your query pattern could be revealing. Download the bulk data for local querying if that matters. The Reconciliation API sends your match data to ICIJ servers for processing, so don't submit sensitive source lists without considering that. - [iFOIA](https://fieldwork.news/tools/ifoia): adequate — Operated by a 501(c)(3) nonprofit with 55+ years of press freedom advocacy. No monetization of user data. Requests are private to your account. Encryption at rest is unverified. The primary exposure is inherent to FOIA itself: agencies know who is asking. iFOIA's operator has no incentive to misuse journalist data — the Reporters Committee exists to defend journalists, not surveil them. - [Immersive Translate](https://fieldwork.news/tools/immersive-translate): caution — Two documented security incidents in 2024–2025: an XSS vulnerability and a critical data exposure through the snapshot feature that leaked user documents to publicly accessible cloud storage. Text is sent to third-party translation APIs by design — this is functional, not a flaw, but journalists must understand that every translated page leaves their device. Data controller is Funstory.ai Limited (Hong Kong) with primary storage in South Korea and processing through Chinese cloud providers (Alibaba, Tencent). No disclosed security certifications. No public bug bounty or vulnerability disclosure program. Google Analytics tracks usage. The translation quality is excellent and the bilingual UX is best-in-class, but the security posture requires caution for any use involving sensitive material. - [Infogram](https://fieldwork.news/tools/infogram): adequate — HTTPS encryption in transit. Owned by Prezi, a well-funded company with standard enterprise security practices. GDPR compliance claimed. No published SOC 2 certification or independent security audit. Data jurisdiction spans Latvia and the U.S. Adequate for visualizing public data. For sensitive unpublished data, use tools with stronger documented security postures (Datawrapper, or local visualization tools). - [Inkscape](https://fieldwork.news/tools/inkscape): strong — Open-source, fully local, no accounts or telemetry. Maintained under the Software Freedom Conservancy since 2006. The macOS privilege escalation CVE (2025-15523) was patched promptly in 1.4.3. Active development with 120+ bug fixes in the latest release. As local-only software with no network requirements, the attack surface is minimal. - [Instant Data Scraper](https://fieldwork.news/tools/instant-data-scraper): adequate — Local-only data processing is a genuinely strong privacy model — no server ever touches your scraped data. But the extension is closed-source, requires broad page access permissions across all websites, and ownership transferred from webrobots.io to Flavr Technology, LP without public explanation. You're trusting a publisher with minimal public presence to not inject malicious code into a future update. The extension continues to receive updates (v1.2.1, March 2026, Manifest V3), which is a positive signal. Adequate for scraping public data in non-sensitive contexts. If you're scraping data related to sensitive sources or investigations, consider using the open-source Firefox reboot port (MPL 2.0) where the code is auditable, or a self-hosted tool like Scrapy. - [IntelTechniques](https://fieldwork.news/tools/inteltechniques): adequate — Built by a former FBI cyber crimes investigator and active privacy advocate — the developer's personal expertise is the strongest trust signal here. HTTPS encryption in transit. Minimal data collection philosophy consistent with Bazzell's published privacy principles. No advertising, no third-party analytics visible. The main considerations: it's a one-person operation without published security certifications or third-party audits, and the tools generate queries against external sources with their own logging. The privacy expertise of the operator provides high confidence in intentional security design, but no formal verification exists. Rating reflects strong practitioner credibility offset by lack of institutional security documentation. - [InVID/WeVerify](https://fieldwork.news/tools/invid-weverify): adequate — Metadata extraction and forensic analysis run locally — good. Open-source under MIT license with full code on GitHub. No personal data collection by the extension. But reverse searches and AI tools send content to third-party and CERTH servers. Content cached for ~1 day by partner tools. The split architecture (local forensics + remote AI + third-party search) means your operational security depends on which tabs you use. Stick to local-only features for sensitive material. - [Jitsi Meet](https://fieldwork.news/tools/jitsi-meet): strong — Open-source with optional E2E encryption, self-hosting available, no tracking on self-hosted instances. Rating assumes self-hosting for sensitive work. The meet.jit.si public instance lost its anonymous room creation in 2023 — room creators are now identified to 8x8. Still strong overall: open codebase, Insertable Streams E2EE, active development, NLnet-funded encryption work, and endorsement from Freedom of the Press Foundation for high-risk users. - [Journallist / trust.txt](https://fieldwork.news/tools/journallist): adequate — Trust.txt files contain only public organizational data — no personal information, no credentials, no sensitive content. The spec is open-source with an expired IETF draft. JournalList.net uses HTTPS and requires 2FA for staff. The decentralized architecture means no single point of compromise for all publisher data. The main risk is not technical but conceptual: trust.txt signals affiliation, not quality, and consumers or platforms may conflate the two. Low data sensitivity, straightforward implementation, no authentication required to read the files. - [Journo Portfolio](https://fieldwork.news/tools/journo-portfolio): adequate — Standard web platform security with TLS in transit. UK jurisdiction with ICO registration provides GDPR-equivalent protections. Uses Plausible Analytics instead of Google Analytics — a privacy-positive choice that avoids cookie tracking. Payment processing is handled by Stripe, PayPal, and Paddle — no card data stored by Journo Portfolio. The privacy policy is honest about its limits: acknowledges no method of electronic storage is 100% secure. For journalists, the main risk is platform dependency on a small bootstrapped company with a single director. Use a custom domain and keep local backups of your clips. - [Junkipedia](https://fieldwork.news/tools/junkipedia): adequate — Junkipedia aggregates publicly available social media content — it does not handle end-to-end encrypted messages or sensitive source communications. The primary security consideration is that your monitoring lists reveal your investigative interests, and the platform stores that data on U.S.-based infrastructure operated by a nonprofit. HTTPS in transit is confirmed. Encryption at rest and detailed infrastructure security are not publicly documented. NCoC is a Congressionally-chartered nonprofit with 80 years of history and institutional funders (Gates, Rockefeller, Ford), which provides organizational stability but also means the platform operates in a U.S. government-adjacent context — relevant for journalists investigating U.S. government actors. Not open source, so no independent code audit exists. No reported data breaches or security incidents. For its intended use case — monitoring public social media posts for investigative research — the risk profile is low. Do not use it for anything requiring source protection or operational security. - [Jupyter Notebooks](https://fieldwork.news/tools/jupyter-notebooks): adequate — Open-source, runs locally, no telemetry or data collection. The security model is sound when used as intended: local execution, password/token-protected server, trusted notebooks only. The risk surface comes from two directions. First, notebooks execute arbitrary code by design — opening an untrusted .ipynb file is equivalent to running an unknown script. Second, historical vulnerabilities (XSS-to-RCE, config file injection, server proxy auth bypass) show the project has had real security gaps, though they've been patched. Cloud-hosted alternatives like Google Colab introduce data jurisdiction and privacy risks that local Jupyter avoids entirely. Rating: adequate for local use with basic precautions. Would be 'strong' if Jupyter had sandboxed execution or mandatory code signing, but that's not how notebooks work. - [Kaggle](https://fieldwork.news/tools/kaggle): adequate — Google-operated platform with enterprise-grade infrastructure security. HTTPS throughout. The technical security is strong. The consideration for journalists is privacy, not security: Google sees your account activity, notebook contents, dataset downloads, and search patterns. For public data analysis this is a non-issue. For sensitive reporting work, do not use Kaggle — download data locally and analyze offline. The platform is best treated as a public research tool, not a secure workspace. - [Kagi](https://fieldwork.news/tools/kagi): strong — Kagi's structural alignment is the rare case where the business model and the privacy claims point in the same direction. No ads means no incentive to track. Subscription funding means the user is the customer, not the product. Public Benefit Corporation status legally codifies the mission. Search queries are not linked to accounts, Kagi Assistant conversations purge in 24 hours, and Bitcoin payment is accepted to decouple billing identity. The 'strong' rating reflects design and incentives, not an independent audit — Kagi's index and infrastructure are proprietary, and you are still trusting a US company subject to US legal process. For journalists who can afford $10/month, Kagi removes the entire ad-tech surveillance layer from a tool used dozens of times a day. - [KeePassXC](https://fieldwork.news/tools/keepassxc): strong — Open source (GPLv3), fully local, no cloud dependency. KDBX4 format with AES-256-CBC + HMAC-SHA256 or ChaCha20 encryption. Argon2id key derivation (memory-hard, GPU-resistant). ANSSI CSPN security visa (November 2025, valid through 2028). Independent audit (2023) found no major cryptographic issues. YubiKey challenge-response support. No attack surface from cloud infrastructure. The trade-off is convenience — you manage your own sync, backups, and key recovery. - [Klaxon](https://fieldwork.news/tools/klaxon): adequate — Open source (MIT) and operated by two nonprofits (Marshall Project, MuckRock). Self-hosted option gives full control. Klaxon Cloud relies on MuckRock/DocumentCloud infrastructure, which has a strong track record serving 2,000+ newsrooms. No sensitive content is processed — only public web page changes. Main concern: the URLs you monitor are stored on third-party nonprofit servers, which constitutes metadata about your reporting interests. For high-risk investigations, self-host or use a throwaway DocumentCloud account. - [Knight Lab JuxtaposeJS](https://fieldwork.news/tools/knight-lab-juxtapose): adequate — Client-side tool with no data collection or server-side storage. Open source under MPL 2.0. Academic project with no commercial incentives. The XSS vector in credit fields is low-risk in practice (you control the input). Main concern is CDN dependency on cdn.knightlab.com — if Knight Lab infrastructure goes down or is compromised, embeds break. Self-hosting the library eliminates this risk. - [Knight Lab StoryMap](https://fieldwork.news/tools/knight-lab-storymap): adequate — University-operated, grant-funded, open-source. Google OAuth scope is narrow (profile ID only). Published stories are inherently public with no access controls. At-rest encryption status is undocumented. Low risk for general journalism use. Not suitable for stories involving sensitive locations or sources that could be endangered by public coordinate disclosure. - [Krisp](https://fieldwork.news/tools/krisp): adequate — SOC 2 certified, GDPR compliant, HIPAA compliant, PCI-DSS certified. Noise cancellation runs entirely on-device with zero cloud exposure — genuinely strong for that specific feature. However, meeting assistant features (transcription, recording, notes) process and store data in the cloud. The privacy posture is split: local for noise cancellation, cloud for everything else. Enterprise tier offers on-device transcription for English. Overall security infrastructure is serious, but journalists must understand which features are local vs. cloud. - [LanguageTool](https://fieldwork.news/tools/languagetool): strong — Self-hosted deployment is the gold standard for privacy: open-source core (LGPL 2.1), local processing, no network dependencies, no account required. Cloud service also has a clean posture — text is not stored or used for training, no IP logging. The main caveats are the closed-source browser extensions (cannot be independently audited) and the Learneo acquisition shifting data controllership to a US entity. For maximum trust, self-host the server and use the open-source LibreOffice plugin. The cloud service is adequate for non-sensitive work. - [Latakoo](https://fieldwork.news/tools/latakoo): adequate — Purpose-built for newsroom video workflows with encryption in transit as a core feature. B2B business model with no incentive to monetize content. NPPA partnership adds professional credibility. Rating is 'adequate' because detailed security architecture documentation is limited, and video files and transcriptions are processed on US cloud infrastructure with no self-hosting option. For routine newsroom video workflows, this is fine. For highly sensitive footage, use encrypted direct transfer methods instead. - [LexisNexis Nexis](https://fieldwork.news/tools/lexisnexis): adequate — LexisNexis deploys encryption in transit and at rest, network security controls, and logging. However, the February 2026 breach exposed serious operational gaps: an unpatched critical vulnerability left open for two months, a weak master database password, and overly permissive IAM roles that gave a single credential access to all cloud secrets. The breach affected 400,000 user profiles. LexisNexis maintains a Trust Center but has not publicly disclosed SOC 2 Type II certification. The core Nexis research product has standard enterprise security controls, but the 2026 incident demonstrates that infrastructure hygiene has not matched the company's scale or the sensitivity of its user base — which includes federal judges and DOJ attorneys. Rating reflects adequate baseline security with documented recent failures. - [LibreOffice](https://fieldwork.news/tools/libreoffice): strong — All processing is local. No telemetry, no cloud, no account required. Zero data collection by design. ODF encryption supports AES-256. The main security concern is keeping the software updated — several critical CVEs were patched in 2025 (remote code execution, PDF signature spoofing, macOS privilege escalation). Macro security should be set to High. The governance crisis does not affect the current software's security, but it raises questions about the pace of future security patches if core contributors reduce their involvement. - [Loom](https://fieldwork.news/tools/loom): adequate — Enterprise-grade infrastructure via Atlassian — encryption at rest and in transit on AWS, VPC isolation, SSL-encrypted video uploads. Enterprise tier adds SSO, SCIM, advanced privacy controls, and custom data retention. Atlassian is SOC 2 and ISO 27001 certified at the company level. Free and Business tiers have limited admin controls. Not recommended for recording discussions involving confidential sources or sensitive editorial content. - [MacWhisper](https://fieldwork.news/tools/macwhisper): strong — Fully local processing with zero network dependency. No data collection, no telemetry, no cloud requirement. Audio never leaves your device. One-time purchase means no ongoing data relationship. The strongest privacy posture available for GUI-based transcription. The hallucination problem is an accuracy concern, not a security concern — it does not compromise confidentiality. - [Mailvelope](https://fieldwork.news/tools/mailvelope): adequate — Open-source, ten independent audits since 2013, BSI-funded development, local key management. The 2025 0xche audit found issues but all critical ones were patched promptly. Browser extension attack surface is real but manageable. Adequate for sensitive reporting where PGP email is specifically required. For most journalist-source communication in 2026, Signal or SecureDrop is the better choice. - [Make](https://fieldwork.news/tools/make): adequate — SOC 2 Type II certified, GDPR-compliant, EU data residency by default, encryption in transit and at rest. Owned by Celonis (well-funded German enterprise company), which brings enterprise security infrastructure. The structural consideration is the same as any cloud automation platform: Make sees everything flowing through your workflows. For routine newsroom automation, this is fine. EU jurisdiction is a meaningful advantage over US-based Zapier for European newsrooms. For sensitive workflows, self-hosted n8n remains the better choice. - [Mapshaper](https://fieldwork.news/tools/mapshaper): strong — Client-side processing means zero data exposure — your files never touch a server. Open-source (MPL 2.0) with 3,400+ GitHub stars and transparent code on GitHub. No accounts, no tracking, no cookies, no analytics. One of the strongest privacy stories in our entire evaluation set. The only theoretical risk is a supply-chain attack via npm dependencies, which applies to any JavaScript tool — mitigated by running a pinned version locally. - [MarineTraffic](https://fieldwork.news/tools/marine-traffic): adequate — MarineTraffic runs on EU infrastructure under GDPR with encryption in transit and at rest, standard account security, and no public record of a major breach. The vessel data itself is public AIS broadcast information, not personal data — the privacy concern for journalists is account metadata (search history, saved fleets) revealing investigation targets, not the underlying vessel records. The bigger trust consideration is corporate consolidation: Kpler now owns most of the public ship-tracking market and serves both journalists and the commodity traders whose flows are being investigated. Rating reflects standard SaaS security plus a meaningful note about corporate context and the inherent unreliability of self-reported AIS data when targets are sophisticated. - [Media Bias/Fact Check](https://fieldwork.news/tools/media-bias-fact-check): adequate — This is a reference website, not a workflow tool — you read it, you don't submit sensitive data to it. HTTPS is enabled. The main privacy consideration is standard ad-network tracking (Google AdSense, Snigel), which is easily mitigated with an ad blocker. No user accounts, no sensitive data collection. The security question here is about the reliability of the information rather than data protection — and on that front, it's a useful first-pass reference that shouldn't be treated as authoritative on its own. - [Media Cloud](https://fieldwork.news/tools/mediacloud): adequate — Academic nonprofit with no commercial data incentives. Indexes only publicly published news content — no private data collection beyond user accounts. Open-source codebase allows independent security review. US-hosted at university infrastructure. The main risk is institutional: as an academic project, long-term service continuity depends on funding and institutional commitment. The transition from Harvard/MIT to the current consortium was bumpy. Adequate for media research purposes. - [Media Defence](https://fieldwork.news/tools/media-defence): undefined — undefined - [Microsoft Copilot](https://fieldwork.news/tools/microsoft-copilot): adequate — Enterprise-grade infrastructure (Azure), encryption in transit and at rest, explicit no-training policy for personal conversations, SOC 2 and ISO 27001 certified. The privacy commitment is stronger than most consumer AI products. The caveat is structural: Microsoft is a US company subject to FISA, national security letters, and law enforcement requests. For routine journalism AI assistance, this is fine — the free tier with no account is surprisingly privacy-friendly. For investigative research where your queries themselves are sensitive, use a local model. - [Midjourney](https://fieldwork.news/tools/midjourney): caution — Midjourney is a well-funded, profitable company with reasonable infrastructure security. The 'caution' rating reflects the absence of C2PA Content Credentials (a significant gap for editorial use), the lack of IP indemnification for most users, active copyright litigation, default public visibility of all generations, and no explicit commitment regarding training on user content. For non-editorial creative work these are manageable risks; for journalism with provenance requirements they are disqualifying. - [Miro](https://fieldwork.news/tools/miro): adequate — SOC 2 Type II and ISO 27001 certified. Enterprise-grade encryption, SSO, and SCIM on higher tiers. Zero Trust Architecture. The security infrastructure is solid for a collaboration tool at this scale. Free and Starter tiers lack admin controls. Not recommended for boards containing confidential source material or sensitive investigation details — content lives on Miro servers. - [Muck Rack](https://fieldwork.news/tools/muck-rack): adequate — Encrypted in transit (TLS 1.2+) and at rest (AES-256). SOC 2 certified with regular security testing and a responsible disclosure program. No major breaches or security incidents in the public record. The primary risk is not technical — it is data exposure by design. Muck Rack's business model requires aggregating journalist contact details and making them accessible to paying PR customers. Journalists on sensitive beats should treat their Muck Rack profile as a public directory listing. The platform does not offer end-to-end encryption, two-factor authentication documentation is not publicly available, and there are no published data residency options. Adequate for general-purpose journalist portfolio and media monitoring use. Not appropriate for journalists who need to minimize their professional footprint or control who can access their contact information. - [MuckRock](https://fieldwork.news/tools/muckrock): strong — Nonprofit with fully aligned incentives. Open-source codebase. Minimal data collection. Funded by Knight Foundation and Democracy Fund, not advertisers. Operates DocumentCloud — the document-publishing infrastructure used by the world's top newsrooms. One of the most trustworthy tools in the journalism ecosystem. - [Mullvad VPN](https://fieldwork.news/tools/mullvad-vpn): strong — No-logs policy verified by five independent audits (2024-2026) and a real-world police raid. RAM-only servers across entire 700+ node network. No account or email required. All clients open-source (GPL-3.0, Rust-based). Post-quantum WireGuard enabled by default on all platforms. DAITA v2 counters AI traffic analysis. Swedish jurisdiction does not require VPN data retention. GotaTun WireGuard implementation passed independent audit with no major findings. The gold standard for VPN privacy. - [n8n](https://fieldwork.news/tools/n8n): strong — Self-hosted n8n keeps all workflow data on your own infrastructure — no third party sees your automations or the data flowing through them. German company subject to GDPR. Cloud version encrypts data in transit and credentials at rest on EU infrastructure. The self-hosting option is what elevates this above cloud-only automation tools for journalism. Rating reflects the self-hosted deployment; cloud-only use would be 'adequate' — same trust model as Zapier but with a smaller, EU-based company. - [NewsGuard](https://fieldwork.news/tools/newsguard): adequate — Standard commercial SaaS. HTTPS in transit. U.S. jurisdiction. The risk profile here is editorial and political, not technical: NewsGuard sees the URLs you visit, and the company is actively litigating with the FTC. For routine library and classroom use, the security posture is fine. For sensitive newsroom research, use a separate browser profile or skip the extension. - [NorthData](https://fieldwork.news/tools/northdata): adequate — German company operating under GDPR and Germany's strict federal data protection law. Processes only publicly available official registry data — low sensitivity profile. HTTPS encryption in transit. Data at rest encryption status not publicly documented. No public record of security breaches. The main journalist concern is account activity (search history) potentially revealing investigation targets — use a dedicated research account for sensitive work. Rating reflects solid EU regulatory framework and low-risk data profile, offset by limited public documentation of security practices. - [Notion](https://fieldwork.news/tools/notion): adequate — Strong encryption and compliance certifications (SOC 2 Type II, ISO 27001/27701/27017/27018). Not zero-knowledge — Notion can access content. Cloud-only storage means you trust Notion with your data. The September 2025 AI agent vulnerability — and Notion's initial dismissal of the HackerOne report — shows that AI features create new attack surfaces that even well-resourced security teams underestimate. The 30-day LLM data retention on non-Enterprise plans is a meaningful gap for newsrooms handling sensitive material. Adequate for general editorial work; not for sensitive source material. Disable AI features unless you are on Enterprise with zero data retention. - [Notion Calendar](https://fieldwork.news/tools/notion-calendar): adequate — SOC 2 Type 2 certified, TLS in transit, encryption at rest on Notion and Google infrastructure. The main security consideration is that Notion does not use end-to-end encryption — the company holds the keys and can technically access your data. This is standard for productivity SaaS but means sensitive source information should not be stored in linked Notion pages. Google OAuth means your calendar data flows through both Google and Notion infrastructure. Rating is 'adequate' because the security practices are industry-standard for a productivity tool but do not meet the higher bar needed for source-sensitive journalism workflows. - [OBS Studio](https://fieldwork.news/tools/obs-studio): strong — Open-source (GPL-2.0), 60K+ GitHub stars, 500+ contributors, publicly auditable code. Fully local processing — no accounts, no telemetry, no network dependency for core functionality. Two CVEs in 2024, both local-only attack vectors, both patched. Funding model (donations + sponsorships) creates zero incentive to monetize user data. The strongest privacy posture in the visuals category. - [Obsidian](https://fieldwork.news/tools/obsidian): strong — Local-first architecture means no cloud dependency and no company access to your notes by default. Obsidian Sync uses AES-256 E2E encryption (AES-GCM for contents, AES-SIV for file paths). Two independent Cure53 penetration tests (2023, 2024) with all findings fixed. No telemetry, no tracking, no ads. Bootstrapped with no VC — no incentive to weaken privacy for growth metrics. The main risk is the community plugin ecosystem: no sandboxing, full vault and OS access, and the team is too small to audit every update. Use Restricted Mode unless you have vetted your plugins. ~8% market share in note-taking but dominant in the personal knowledge management niche among researchers, developers, and journalists. - [Octoparse](https://fieldwork.news/tools/octoparse): caution — The dual corporate structure — U.S. subsidiary with Chinese parent company — is the primary concern. Cloud-scraped data passes through infrastructure controlled by a company with roots in Shenzhen. The company claims GDPR, CCPA, and Privacy Shield compliance, and its cloud providers have SOC 2 and ISO 27001 certifications. But Meta's 2022 lawsuit against Octopus Data for scraping Facebook/Instagram data raises questions about corporate oversight. For public data scraping, the risk is manageable. For sensitive investigations, use the local extraction mode or switch to open-source scraping tools you control entirely. - [Ollama](https://fieldwork.news/tools/ollama): strong — Truly local processing with zero data transmission earns a 'strong' rating for privacy. But that rating assumes localhost-only use. The moment you expose Ollama's API to a network, the rating drops to 'caution' — multiple critical CVEs (including a CVSS 9.3 auth bypass) show the API was not designed for untrusted network exposure. For the intended use case of local-only AI on sensitive documents, nothing is more private. Keep it updated, keep it on localhost, and the security guarantee is absolute. - [OnionShare](https://fieldwork.news/tools/onionshare): strong — No third-party servers, no metadata collection, peer-to-peer over Tor, open-source under GPL-3.0. Passed a funded penetration test by Radically Open Security with no critical or high findings — auditors could not de-anonymize users. The architecture eliminates most attack vectors by removing intermediaries entirely. Input validation issues in 2.6.2 were patched promptly. The main risk is Tor-level vulnerabilities, which are upstream and outside OnionShare's control. - [Open WebUI](https://fieldwork.news/tools/open-webui): strong — Strong rating assumes self-hosted, localhost-only deployment paired with local models. No data leaves your machine, no accounts required, no telemetry. Rating drops to 'adequate' if exposed to a network without proper access controls — the default install has no authentication enabled. - [OpenCorporates](https://fieldwork.news/tools/open-corporates): adequate — UK-based certified B-Corp with a corporate transparency mission enshrined in its Articles of Association. The data is public registry information — low sensitivity. Free web search requires no account. Standard web analytics present. API keys are issued per account. No evidence of data breaches or security incidents. Low-risk for journalists; the main concern is data freshness, not security. - [OpenRefine](https://fieldwork.news/tools/openrefine): strong — Runs entirely locally with no cloud dependency. Open-source with transparent operation logging. Data never leaves your machine unless you use external reconciliation services. Historical CVEs are serious but all patched in 3.8.3+. The lack of authentication is a non-issue for default localhost usage but becomes a real risk if you change the bind address. Keep it updated. - [OpenSanctions](https://fieldwork.news/tools/opensanctions): strong — OpenSanctions runs on EU infrastructure under GDPR, with encryption in transit and at rest, minimal data collection, and a published Trust Center. The dataset itself is public and verifiable — every entity record links back to its original government source, which is the strongest possible form of provenance for investigative work. The pipeline code is open source. The project is run by a journalist with a decade of experience in investigative data work at OCCRP. There is no record of a security incident. For sensitive investigations, the bulk-download workflow lets journalists query offline with no server-side logging at all. Rating reflects strong baseline security plus an unusually transparent trust architecture. - [OpenSecrets](https://fieldwork.news/tools/opensecrets): adequate — Nonprofit-operated public database built from government records. No account required for most use. Standard web analytics present. Low-risk for journalists — the data you are searching is already public. Bulk data account requires email registration. - [OpenStates](https://fieldwork.news/tools/openstates): adequate — The data itself is public legislative records with no security sensitivity. The website uses HTTPS. No account required for basic use. The main consideration is that Plural is a commercial entity — your API usage patterns and search queries are visible to the company. For the vast majority of legislative research this is a non-issue. If you are tracking politically sensitive legislation and want no usage trail, download the bulk data instead of using the API. - [OpenStreetMap](https://fieldwork.news/tools/openstreetmap): strong — No user tracking, no advertising, no data monetization. Viewing maps requires no account. The data is open and mirrored globally — no single point of control. The Foundation's privacy policy is minimal by design because minimal data is collected. The main considerations are practical: verify community-maintained data for accuracy, self-host tiles for high-traffic embeds, and be careful about publishing sensitive geographic coordinates. Infrastructure security is adequate for a nonprofit — encryption in transit and at rest, distributed tile servers. - [Opus Clip](https://fieldwork.news/tools/opus-clip): adequate — Opus Clip is a standard venture-backed SaaS product with US-based infrastructure and no documented security red flags. The 'adequate' rating reflects reasonable baseline practices (encryption in transit, US jurisdiction, established investors) balanced against the lack of published security certifications and the requirement to upload full video content to third-party servers. Appropriate for repurposing public content; not appropriate for sensitive pre-publication material. - [Orbot](https://fieldwork.news/tools/orbot): strong — Orbot is the mobile implementation of Tor — the most studied and battle-tested anonymity network in existence. The Guardian Project has a 15+ year track record building privacy tools for journalists and activists. The code is fully open source, the Tor network itself undergoes continuous academic scrutiny, and the tool is recommended by CPJ, EFF, RSF, and Freedom of the Press Foundation. The 'strong' rating reflects the tool's provenance, transparency, and the maturity of the underlying Tor network. It does not mean Tor provides absolute anonymity — traffic correlation attacks by nation-state adversaries remain theoretically possible, and operational security mistakes can deanonymize users regardless of the technology. Orbot is strong infrastructure used correctly; it is not a magic cloak. - [OSINT Framework](https://fieldwork.news/tools/osint-framework): adequate — The framework itself is a static site with zero data collection — minimal attack surface. The risk is downstream: it links to 500+ tools without vetting their security posture, and some linked tools collect query data, require accounts, or operate in adversarial jurisdictions. Treat the framework as a phone book, not an endorsement. Evaluate each linked tool independently before using it on sensitive investigations. - [Otter.ai](https://fieldwork.news/tools/otter-ai): caution — SOC 2 Type II and HIPAA compliance show genuine security investment, but the core problem is structural: Otter uploads all audio to US cloud servers and uses content for AI training. The 2025 class action lawsuit and 2024 hospital breach demonstrate real-world consequences of this architecture. Adequate for routine journalism. Not recommended for any work involving confidential sources or sensitive material. - [Our World in Data](https://fieldwork.news/tools/our-world-in-data): strong — No account required. No personal data collected. HTTPS throughout. No advertising or commercial tracking. Open-source codebase auditable on GitHub. Nonprofit with transparent funding. Hosted at the University of Oxford. From a privacy and security perspective, this is among the lowest-risk tools in the directory — a public research website with no user accounts, no tracking, and open-source code. - [Overpass Turbo](https://fieldwork.news/tools/overpass-turbo): adequate — No user accounts, no personal data collection, no data storage — the attack surface is minimal. All queried data is public. HTTPS in transit. The privacy consideration is that your queries reveal what locations and features you're investigating, which matters for sensitive geolocation work. Use a VPN for sensitive queries. The tool itself is open-source (MIT license) and auditable. Adequate for journalism use with basic network-level precautions. - [Overview](https://fieldwork.news/tools/overview): caution — Open-source and self-hostable, which is good for data sovereignty. But the software is unmaintained — no security patches since at least 2020 (copyright range 2011-2020). Running unmaintained server software with document upload capabilities is a real risk. The Scala/Play framework and PostgreSQL stack may have unpatched vulnerabilities. Only run on isolated infrastructure, never internet-facing without additional security layers. - [ParseHub](https://fieldwork.news/tools/parsehub): adequate — HTTPS encryption in transit. Cloud-based processing means all scraped data — and any credentials you use for authenticated scraping — passes through ParseHub's servers in Toronto. Canadian jurisdiction with reasonable privacy laws (PIPEDA). No published security audit or SOC 2 certification. Adequate for scraping public data. Not appropriate for investigations involving sensitive sources, whistleblower material, or login-protected content where credential exposure to a third party is unacceptable. - [Perplexity](https://fieldwork.news/tools/perplexity): caution — Search queries are sensitive journalist data. Perplexity collects and retains them by default, with AI training opt-out buried in settings. The company's documented pattern of bypassing robots.txt, disguising crawlers, and reproducing publisher content without permission reveals how it treats consent. 40+ copyright lawsuits pending. Useful tool, real risks. Use only for non-sensitive, public-record research. - [PhantomBuster](https://fieldwork.news/tools/phantombuster): caution — Caution rating reflects two concerns: (1) you must share social media session tokens with PhantomBuster's servers, creating credential exposure risk, and (2) most automations violate target platforms' ToS, risking account suspension. The tool itself uses standard cloud security (TLS, encrypted storage, GDPR compliance). For journalists, the operational risk — losing your LinkedIn or Twitter account mid-investigation — is the primary concern. Use dedicated accounts and understand the legal landscape before deploying. - [PimEyes](https://fieldwork.news/tools/pimeyes): caution — The caution rating is not primarily about technical security — it is about trust, governance, and ethical risk. PimEyes uses HTTPS and standard payment processing, but the company is structurally opaque (registered across Dubai, Belize, Poland, and Seychelles), refuses to disclose data retention or breach history, has been the subject of three open regulatory investigations (UK, Germany, Illinois BIPA), and has been documented enabling stalking, child-image searches, and protest doxing. The opt-out process requires submitting ID to the same company you are trying to escape. For journalism, the tool can produce useful identifications, but using it means trusting an entity with no meaningful accountability and a track record of misuse. Newsrooms should treat PimEyes as a tool of last resort, document its use in published methodology, never query private individuals or minors, and never upload photos of confidential sources. If a comparable result can be obtained with Yandex reverse image search, Google Lens, or direct reporting, prefer those. - [Privacy Badger](https://fieldwork.news/tools/privacy-badger): adequate — Open source (GPLv3), backed by EFF, 3.5k GitHub stars, actively maintained with 10+ releases in 2025. No data collection. GPC signals carry legal weight under CCPA. The 2020 fingerprinting vulnerability in learning mode was responsibly handled — disabled by default, pre-trained lists shipped instead. Manifest V3 transition complete but with reduced capabilities in Chrome. Strong choice as a secondary blocker; not comprehensive enough alone. - [ProJourn Legal Help](https://fieldwork.news/tools/projourn-legal): undefined — undefined - [ProPublica Nonprofit Explorer](https://fieldwork.news/tools/propublica-nonprofit-explorer): adequate — Nonprofit-operated public database of government records. No account required. Minimal data collection — email alerts are the only feature requiring personal information. The underlying data is public IRS filings. ProPublica has a strong track record on data handling and has proactively addressed IRS data quality issues (SSN redaction, nonpublic form removal). No authentication on the API means no credentials to protect. - [Proton Drive](https://fieldwork.news/tools/proton-drive): strong — Zero-access E2E encryption with client-side key generation and hierarchical signed key tree. Open-source clients audited by Securitum (no outstanding vulnerabilities). ISO 27001 certified (May 2024). SOC 2 Type II attested (July 2025). Swiss jurisdiction with FDPA protections. File contents are cryptographically undisclosable even under court order. Metadata (IP, payment info) is the attack surface — mitigated by VPN use and anonymous payment. Contest rate on legal orders trending upward (10.6% in 2025 vs 5.9% in 2024). - [Proton Mail](https://fieldwork.news/tools/proton-mail): caution — Zero-access encryption remains strong technically. But the pattern of journalist account suspensions, payment metadata sharing with the FBI, 89% law enforcement compliance rate, and the proposed VÜPF revision (ID verification, mandatory decryption, IP logging) represents systemic erosion of the trust assumptions journalists relied on. Proton is responding — €100M+ EuroStack investment, SOC 2 Type II certification, Workspace launch — but the gap between privacy and anonymity continues to widen. - [PubMed](https://fieldwork.news/tools/pubmed): strong — US government service operated by NIH/NLM with no advertising, no data sales, and no third-party tracking. No account required for searching. Federal security standards apply to infrastructure. The only data you provide is your search query, and the service returns publicly available citation data. There is effectively zero security risk in using PubMed for journalism research. The 'strong' rating reflects the institutional credibility, absence of commercial incentives, and minimal data collection. - [QGIS](https://fieldwork.news/tools/qgis): strong — Runs entirely locally with no telemetry, no accounts, no cloud dependency. Open-source with 579 contributors and active security response. Backed by the OSGeo foundation and 141 sustaining member organizations. 2025 Swiss NCSC penetration test confirmed strong security posture. The only real risk vector is third-party plugins that phone home — manageable by auditing your plugin list and disconnecting when handling sensitive data. - [QuillBot](https://fieldwork.news/tools/quillbot): caution — Text is processed on QuillBot servers and, as of November 2025, stored by default for browser extension users (opt-out available). The shift from opt-in to opt-out storage is a meaningful trust signal change. Owned by Learneo, a portfolio company with seven brands in the education/writing space. QuillBot states it does not sell data or allow third-party AI training, but the data collection posture has expanded over time. Not appropriate for confidential source material or sensitive reporting. - [Raindrop.io](https://fieldwork.news/tools/raindrop): adequate — TLS in transit, encryption at rest on AWS, and a subscription-funded business model with no advertising or data sales. The founder is transparent about limitations, including the deliberate absence of E2EE. Data is hosted on US-based AWS infrastructure. The single-developer model is a trust consideration in both directions: no corporate pressure to monetize data, but also no team for security audits or incident response. Adequate for organizing public web research. Not appropriate for storing confidential source material or sensitive documents. - [RAWGraphs](https://fieldwork.news/tools/raw-graphs): strong — Data never leaves your browser. No server-side processing, no accounts, no data collection. Open source under Apache 2.0 and academically maintained. One of the most privacy-respecting data tools available. Only caveat: exported SVGs can contain raw data values, so review before publishing sensitive work. - [RCFP Legal Defense Hotline](https://fieldwork.news/tools/rcfp-legal-hotline): undefined — undefined - [Readwise Reader](https://fieldwork.news/tools/readwise-reader): adequate — Encrypted in transit. Small, bootstrapped company with no incentive to monetize user data. The privacy posture is reasonable for a reading tool, but this is a US-hosted cloud service that stores your full reading history, highlights, and annotations. For published articles and public documents, this is fine. For sensitive research materials, use a local tool instead. - [RECAP / CourtListener](https://fieldwork.news/tools/recap-free-law): adequate — Open-source, nonprofit-operated, privacy-focused by design. The extension only activates on PACER/CourtListener domains and does not track users. Sealed documents are architecturally excluded — RECAP cannot access ECF magic links. Strong institutional commitment to open access, backed by 15+ years of operation, major foundation funding, and government adoption (1,000+ verified government users). The main risk is operational: your PACER activity feeds a public archive, which could reveal reporting interests to anyone monitoring new additions. - [Remotion](https://fieldwork.news/tools/remotion): strong — Source-available, local rendering, no data collection during video creation. 41.6k GitHub stars and 604 releases signal active maintenance. The team monitors GitHub's vulnerability scanner and patches moderate-severity issues and above. No SOC 2 or ISO 27001, but the local-first architecture means Remotion never touches your footage or data. The custom license is auditable — you can read every line of code. - [Remove.bg](https://fieldwork.news/tools/remove-bg): caution — Images are uploaded to Canva's cloud with no local processing option. Third-party tracking on the website. Broad Canva privacy policy. The tool works well for non-sensitive images, but journalists should never upload photos involving sources, unpublished material, or sensitive locations. Adequate for routine newsroom graphics work with appropriate caution. - [Research Rabbit](https://fieldwork.news/tools/research-rabbit): adequate — Standard security for a free research discovery tool. HTTPS throughout, no visible advertising trackers. The 'adequate' rating reflects two concerns: first, the company's ownership and funding model are opaque — journalists should know who is behind their tools. Second, an account is required and your research collections inherently reveal your investigative interests. There is no anonymous usage path. For routine academic research this is fine. For sensitive investigative work where your research topics themselves are sensitive, the mandatory account and unclear data practices warrant caution. Use a pseudonymous account for sensitive research and do not rely solely on Research Rabbit for critical work. - [Riverside](https://fieldwork.news/tools/riverside): adequate — SOC 2 certified. Local-first recording architecture means audio/video quality is not compromised by network conditions. Recordings upload to cloud servers post-session — not end-to-end encrypted between participants. VC-backed with standard data sharing (analytics, marketing tools). Suitable for standard journalism workflows. Not suitable for confidential source interviews where recordings must never touch third-party infrastructure. - [Runway](https://fieldwork.news/tools/runway): caution — The technical security posture is standard for a venture-backed AI startup at this scale — encryption in transit and at rest, US infrastructure, account-based access. The 'caution' rating reflects unresolved copyright litigation, the leaked internal training data spreadsheet, the absence of IP indemnification on consumer plans, and the broad terms of use Runway claims over uploaded content. None of these are security failures in the traditional sense. They are governance and provenance failures that matter for newsroom adoption. - [SciLine](https://fieldwork.news/tools/sciline): adequate — Nonprofit service with no commercial data incentives. Minimal data collection — journalist requests and scientist profiles for matching purposes only. US jurisdiction under AAAS governance. No advertising or tracking beyond standard analytics. The main consideration is that your story topic and source needs are shared with AAAS staff and matched scientists, which is inherent to the service. Low-risk for standard science reporting. Adequate security posture for a free public interest service. - [Scribe](https://fieldwork.news/tools/scribe): adequate — Encryption in transit and at rest. Enterprise tier supports SSO (including Azure) and advanced data controls. The inherent risk is that Scribe captures everything visible on screen during recording — any sensitive information displayed will be included in the generated guide. No published SOC 2 or ISO 27001 certifications found in public materials. Adequate for documenting non-sensitive workflows. Review recordings carefully before sharing. - [Scribus](https://fieldwork.news/tools/scribus): strong — Local-only desktop application with no cloud dependency, no accounts, and no telemetry. Open-source under GPL v2+. The only meaningful attack vector is opening malicious document files — the 1.6.5 SVG fix addressed the most notable instance. No network surface. Strong rating for a desktop tool. - [Scrivener](https://fieldwork.news/tools/scrivener): strong — Fully local architecture with no account, no telemetry, and no content transmission. Independent company with no investor pressure. The only network connection is an optional update check that can be disabled. Privacy posture is excellent — your data never leaves your machine unless you choose to sync via Dropbox or iCloud. - [SEC EDGAR](https://fieldwork.news/tools/sec-edgar): strong — US government service operated by the SEC with no advertising, no data sales, and no third-party tracking. No account required. All data is public record. The only information you provide is your search query and (for API use) a User-Agent header. There is effectively zero security risk in using EDGAR for journalism research. The 'strong' rating reflects institutional credibility, absence of commercial incentives, and minimal data collection. - [SecureDrop](https://fieldwork.news/tools/securedrop): strong — Purpose-built for source protection. Tor-only access, E2E encryption, no metadata retention, air-gapped viewing. Open-source with six completed security audits (most recent: 7ASecurity, mid-2024 — one medium, two low findings, all patched in v2.10.0). No known incidents of source exposure through SecureDrop itself. Backed by Freedom of the Press Foundation with $20.7M in assets and a dedicated security engineering team led by CTO Jennifer Helsby. - [Semantic Scholar](https://fieldwork.news/tools/semantic-scholar): adequate — Standard security for a free academic search tool. HTTPS throughout, no advertising trackers, nonprofit operator with no data monetization incentive. The 'adequate' rather than 'strong' rating reflects that this is a search tool, not a security tool — it does not claim or need exceptional privacy protections. The main consideration for journalists: your search queries reveal your investigative interests. Use without an account and through a VPN if researching sensitive topics. Ai2's nonprofit status and research mission align with user interests, but US jurisdiction means data could theoretically be subject to legal process. - [Session](https://fieldwork.news/tools/session): adequate — Session's privacy architecture is technically superior to Signal for metadata resistance: no phone number, no central server, onion-routed message delivery. The encryption is sound (adapted Signal protocol with modern primitives). The 'adequate' rather than 'strong' rating reflects operational reality: the Session Foundation faces an existential funding crisis as of early 2026, the audit trail is less extensive than Signal's, the development team is smaller, and long-term maintenance is uncertain. A security tool is only as good as its next vulnerability patch. If Session's funding stabilizes and independent audits confirm its implementation, this rating should be revisited upward. For now, journalists should treat Session as a specialized high-metadata-threat tool, not a primary messenger. - [Sherlock](https://fieldwork.news/tools/sherlock): adequate — Open-source, runs locally, no data collection. The operational security concern is real: every platform you query sees your IP address and the username you're searching. Some platforms log lookup attempts. Since v0.16.0, built-in Tor support is deprecated — you need an external proxy for anonymity. The tool itself is trustworthy; the risk is in how you use it and whether targets or platforms detect your enumeration activity. - [Signal](https://fieldwork.news/tools/signal): strong — Open-source protocol with extensive independent audits and post-quantum cryptography upgrades (PQXDH and SPQR). Sealed sender minimizes metadata. Group attributes now E2E encrypted. No business incentive to weaken privacy. Named to TIME100 Most Influential Companies 2025. ~85 million monthly active users as of late 2025. - [Sky Follower Bridge](https://fieldwork.news/tools/sky-follower-bridge): adequate — Open-source under MIT license with readable code. Runs locally in the browser with no third-party data collection. The main trust consideration is that it authenticates to your Bluesky account — use OAuth rather than app passwords for better security. Solo developer project means slower security response if issues arise, but the codebase is small and auditable. - [Slack](https://fieldwork.news/tools/slack): adequate — Encrypted in transit (TLS 1.2+) and at rest (AES-256), with SOC 2 Type II, SOC 3, ISO 27001 certifications. FedRAMP Moderate authorized since May 2020; GovSlack holds FedRAMP High authorization. Not end-to-end encrypted — Salesforce and workspace admins can read all messages. Enterprise Key Management (EKM) available only on Enterprise Grid, using AWS KMS for customer-controlled encryption keys. Three major real-world incidents in 18 months (Disney 1.1TB exfiltration, Nikkei 17K-user breach, Slack AI prompt injection) demonstrate that Slack's attack surface — particularly through integrations, AI features, and credential theft — is actively exploited. The May 2024 ML training controversy revealed Slack's default opt-in approach to data usage. Adequate for non-sensitive newsroom coordination. Not appropriate for any communication involving sources, confidential tips, or sensitive editorial material. - [Social Blade](https://fieldwork.news/tools/social-blade): caution — The December 2022 data breach (5.6 million records) is a significant mark against Social Blade's security posture. The platform itself is useful for journalists as a read-only analytics tool, but creating an account carries documented risk. Use it without logging in whenever possible. The free tier's heavy advertising also introduces tracker exposure. Rated caution rather than warning because the core use case (looking up public social media stats) doesn't require sharing sensitive information — but the breach history means you should treat any account data as potentially compromised. - [Source of Sources](https://fieldwork.news/tools/source-of-sources): adequate — Standard HTTPS. Low-risk for routine source finding. But the privacy policy has no journalist-specific protections, uses advertising cookies, and data-sharing terms are vague. Your query topics are visible to 30K subscribers and logged by the platform. Adequate for everyday reporting; not suitable for sensitive investigations. - [SPJ Legal Defense Fund](https://fieldwork.news/tools/spj-legal-defense): undefined — undefined - [Spotify for Creators](https://fieldwork.news/tools/spotify-creators): adequate — Spotify is a publicly traded company with enterprise-grade infrastructure and GDPR compliance. Encryption in transit is standard. The security concern for journalists is not infrastructure quality but data collection scope — Spotify collects extensive listener behavior data that feeds its advertising business. Your podcast content and listener analytics are on a platform with its own commercial interests. No known breaches of the podcast hosting product specifically. Adequate for most journalism podcast use cases, but journalists covering sensitive topics should weigh Spotify's data practices against the zero-cost hosting. - [Squarespace](https://fieldwork.news/tools/squarespace): adequate — TLS encryption on all customer domains with automatic free SSL certificates. HSTS enforced. Passwords hashed. Two-factor authentication available. Web Application Firewall deployed. Regular penetration testing. PCI-DSS compliant for payment processing. EU-U.S. Data Privacy Framework certified. The July 2024 domain hijacking incident — caused by weak defaults during the Google Domains migration — is the most significant security event in Squarespace's history. The flaw was patched and MFA was mandated for domain management, but it demonstrated that security was not the top priority during a major infrastructure transition. No encryption-at-rest details are publicly disclosed. No SOC 2 or ISO 27001 certifications are publicly claimed. Closed-source platform means no independent code audit is possible. Rating reflects solid baseline security practices offset by the 2024 incident, lack of transparency on at-rest encryption, and absence of third-party security certifications. - [Standard Notes](https://fieldwork.news/tools/standard-notes): strong — Open-source clients and server (AGPL-3.0), E2E encryption with XChaCha20-Poly1305 and Argon2 key derivation, zero-knowledge architecture, independent audits by Cure53 (penetration test) and Trail of Bits (cryptography audit) in 2021 with all findings resolved. Proton ownership adds organizational credibility — Swiss jurisdiction, track record of resisting government data requests. Freedom of the Press Foundation recommends it for journalists. No business incentive to weaken encryption. Rating would be higher if audits were more recent and development velocity were stronger post-acquisition. - [Substack](https://fieldwork.news/tools/substack): adequate — Standard web platform security with TLS and encrypted storage. The risk is not data breach — it is platform dependency and data practices. Substack controls email deliverability, app distribution, and algorithmic visibility. DMs are not end-to-end encrypted. The privacy policy now includes data sharing with AI service providers. Subscriber data is exportable (emails, dates, status), which is the critical safety valve. The real question for journalists is not security but governance: Substack can terminate any writer at any time, and its content moderation philosophy has proven divisive. For journalists covering sensitive topics, the lack of encrypted messaging and the platform's data collection (IP, device, reading behavior, contact syncing) warrant caution. - [Substack Defender](https://fieldwork.news/tools/substack-defender): undefined — undefined - [SunCalc](https://fieldwork.news/tools/suncalc): adequate — Open-source, client-side calculations with no server-side data processing. The sole privacy concern is Google Maps: every location you view generates tile requests to Google's servers, exposing coordinates and your IP address. No account, no cookies, no first-party tracking. Rating stays 'adequate' rather than 'strong' because the Google Maps dependency is baked in with no option to swap map providers, and investigators working on sensitive locations (conflict zones, source locations) should treat those tile requests as a metadata trail. - [Superdesk](https://fieldwork.news/tools/superdesk): strong — Open-source, self-hostable, built by a nonprofit with no incentive to monetize user data. Full data ownership on your own infrastructure. The AGPLv3 license ensures the codebase remains open and auditable. EU-based organization subject to GDPR. Rating reflects self-hosted deployment — the software itself has strong architectural foundations for data control, though security depends on your own server administration and keeping the stack updated. - [Superhuman](https://fieldwork.news/tools/superhuman): adequate — Standard cloud email client security — TLS in transit, encrypted at rest, SOC 2 compliant. The concern is not a security flaw but an expanded data surface: your email now flows through both your provider and Superhuman's servers. Read receipts enabled by default are a privacy issue for journalists. Adequate for general newsroom use. Not recommended for source communication on sensitive investigations. - [Tableau Public](https://fieldwork.news/tools/tableau-public): adequate — Salesforce enterprise-grade infrastructure protects the platform itself — encryption in transit and at rest, SOC 2 compliance, regular audits. The real risk is not a breach. It's the design: everything you publish is intentionally, irrevocably public. Underlying datasets are downloadable by default. Journalists have accidentally exposed source identities, pre-publication data, and PII by not understanding this. Adequate for published, public-interest data. Do not use for anything you wouldn't print on the front page. - [Tabula](https://fieldwork.news/tools/tabula): strong — Fully local processing. Open-source (MIT license, auditable code). No data leaves your machine. No account, no network connection, no telemetry. The strongest privacy posture possible for a data tool — nothing to intercept, nothing to subpoena from a third party. - [Tails](https://fieldwork.news/tools/tails-os): strong — The strongest endpoint security option available for journalists. Amnesic design eliminates forensic evidence by default. Kernel-level memory poisoning resists cold boot attacks. Tor routing for all traffic. LUKS2/Argon2id persistent storage passed a 2024 audit clean. Open-source, regularly audited, maintained by the Tor Project since September 2024. Tails 7.6 (March 2026) adds automatic Tor bridge detection. Compared to alternatives: Whonix offers similar Tor routing but runs in a VM (not amnesic, not portable); Qubes OS provides stronger VM isolation but requires dedicated hardware and is far more complex. Tails dominates the portable, leave-no-trace use case that field journalists actually need. - [Telegram](https://fieldwork.news/tools/telegram): warning — Not E2E encrypted by default. Telegram holds encryption keys for all regular and group chats. Custom MTProto protocol with documented cryptographic weaknesses. Server code closed-source. Infrastructure linked to companies with Russian intelligence ties (IStories/OCCRP, June 2025). Founder under indictment in France on 12 charges. Now shares user data with law enforcement — 900 US requests fulfilled in 2024. 1 billion monthly users but massive abuse problem (44M channels blocked in 2025). Not appropriate for journalist-source communication. Use Signal. - [Tella](https://fieldwork.news/tools/tella): strong — AES-256 encryption in CTR mode with PBKDF2 key derivation encrypts all captured media at rest. TLS encryption in transit for all server connections. Subgraph security audit through OTF Red Team Lab found only low-to-medium severity issues — no critical vulnerabilities. Android camouflage hides the app behind a functional calculator. Verification mode captures forensic metadata (file hash, GPS, device ID, cell towers, WiFi networks) for evidentiary integrity. Quick delete enables emergency data destruction. Fully open source with a dedicated FOSS version that strips all proprietary dependencies. Local-only by default — no data leaves the device without explicit user action. Built and maintained by a 501(c)(3) nonprofit with OTF grant funding and a published security audit. - [Threads](https://fieldwork.news/tools/threads): caution — TLS encryption in transit. Encryption at rest for stored data. The core concern is not technical security but data practices. Meta collects 28 categories of user data per the App Store privacy label, including location, browsing history, contacts, and financial information. This data feeds cross-platform ad targeting. DMs are not end-to-end encrypted. Meta has been fined $1.3 billion for GDPR violations and $392 million for deceptive location tracking. For standard journalism use — sharing stories, building audience, monitoring public discourse — the platform functions. For any communication involving sources, confidential information, or sensitive investigations, Meta products are the wrong tool. The 'caution' rating reflects the data collection scope, not a technical vulnerability. - [Threema](https://fieldwork.news/tools/threema): strong — Threema earns a strong rating on privacy architecture: no phone number required, metadata minimized to near-zero, servers exclusively in Switzerland, open source with reproducible builds, regular external audits (Cure53), ISO 27001 certified, Perfect Forward Secrecy, and a business model aligned with user privacy (paid product, no ads, no data monetization). The 2023 ETH Zurich protocol critique was addressed rapidly with a new protocol and independent audit. The one area where Signal edges ahead: Signal's sealed sender feature hides even the sender's identity from Signal's servers, which Threema does not yet implement. But Threema's overall metadata posture — especially the no-phone-number requirement — makes it arguably the strongest option for journalists who need anonymous, unlinkable communication channels. - [TinEye](https://fieldwork.news/tools/tineye): strong — Canadian jurisdiction under PIPEDA. No account required for basic use. Images deleted within seconds of search — never stored, indexed, or used for training. No search history retained. No data sold. Bootstrapped company with no investor pressure to monetize user data. One of the cleanest privacy postures among verification tools. - [Topaz Labs](https://fieldwork.news/tools/topaz): strong — Local-only processing is the strongest possible posture for sensitive source material. No user content leaves the machine. No cloud dependency for core features. No third-party server exposure. The 'strong' rating reflects this architecture — your footage stays on your hardware. The only network activity is license activation and software updates. For journalists working with sensitive visual material, this is the ideal model. - [Tor Browser](https://fieldwork.news/tools/tor-browser): strong — Battle-tested anonymity network with ~8,000 relays serving millions daily. Open-source, with regular independent audits (Radically Open Security for ESR transitions, 7ASecurity code audit in 2025, Cure53 for censorship circumvention tools). The 2024 German timing attack is the most significant documented deanonymization — but it targeted outdated software and required months of surveillance plus ISP cooperation. Current versions have mitigations. CVE-2024-9680 was critical but patched in under 25 hours. Merged with Tails OS in 2024, strengthening both projects. Funding is diversifying away from US government dependency. Exit-node vulnerability remains a known limitation — mitigated by HTTPS-only mode. - [TRAC (Transactional Records Access Clearinghouse)](https://fieldwork.news/tools/trac): adequate — Nonprofit research organization with a 35-year track record of handling sensitive federal enforcement data. HTTPS on both domains. The data itself is public record obtained through FOIA. No commercial tracking. The main considerations are organizational: TRAC is a small operation dependent on grant funding, and the domain migration introduces a transition period. For the nature of the data and the use case, security is adequate. - [Transistor.fm](https://fieldwork.news/tools/transistor): adequate — Bootstrapped indie company with straightforward business model — revenue from subscriptions, not advertising or data. No known data breaches. IAB 2.1 compliant analytics. US-hosted infrastructure. No advertising trackers on the platform. The simplicity of the business model is a security positive: Transistor has no incentive to monetize your listener data. Adequate for journalism podcast hosting. The main consideration is that it's a small independent company — no SOC 2 certification mentioned, and long-term viability depends on continued subscription revenue. - [Tresorit](https://fieldwork.news/tools/tresorit): strong — AES-256 client-side encryption with RSA-4096 key exchange. Zero-knowledge architecture — Tresorit cannot decrypt file contents even under court order. ISO 27001:2022 certified by TUV Rheinland. GDPR, HIPAA, CCPA, NIS2, TISAX compliant. Swiss jurisdiction under Federal Data Protection Act. Non-convergent encryption prevents content matching across users. Primary limitation: closed-source code with no publicly available independent security audit of the encryption implementation. Business recovery master key feature creates a potential access path for designated administrators. Metadata (IP, device info, account data) is not encrypted and can be disclosed under Swiss legal process. - [TrialWatch](https://fieldwork.news/tools/clooney-trialwatch): undefined — undefined - [TrustLaw](https://fieldwork.news/tools/trustlaw): undefined — undefined - [Turboscribe](https://fieldwork.news/tools/turboscribe): adequate — Standard cloud transcription service with HTTPS in transit. States it doesn't train on user data. However, no ISO certification, no SOC 2, no published DPA, no auto-delete, and limited transparency about data handling. Adequate for non-sensitive transcription work but not recommended for confidential source material. Good Tape and local Whisper are better choices when privacy matters. - [uBlock Origin](https://fieldwork.news/tools/ublock-origin): strong — Open source, zero data collection, zero monetization, zero financial conflicts. 39M+ combined users across Chrome (29M) and Firefox (10M+) as of late 2025. Code is publicly auditable on GitHub with cryptographically signed releases. One low-severity CVE in 2025, promptly patched. The developer's decade-long refusal of all money is unmatched in the extension ecosystem. Firefox version retains full MV2 capability; Chrome MV3 version is functional but reduced. The biggest real risk isn't the extension itself — it's installing a malicious clone by mistake. - [Upscayl](https://fieldwork.news/tools/upscayl): strong — Open-source under AGPL-3.0, fully local processing via Vulkan GPU, no network connections, no accounts, no telemetry. Images never leave your machine. One of the few AI image tools that runs entirely offline. The separate Upscayl Cloud product does not share these properties — this rating applies only to the desktop app. - [US Journalist Assistance Network](https://fieldwork.news/tools/journalist-assistance-network): undefined — undefined - [USAFacts](https://fieldwork.news/tools/usafacts): strong — No account required. No personal data collected for basic use. HTTPS throughout. No advertising or commercial tracking. Nonprofit with well-capitalized funding. The data is entirely derived from public government sources. From a privacy and security perspective, this is one of the lowest-risk tools in the directory — you are reading public data on a nonprofit website with no tracking. - [USASpending.gov](https://fieldwork.news/tools/usaspending): strong — Federal government website operated by the U.S. Treasury on government infrastructure. HTTPS throughout. Subject to federal cybersecurity standards (FISMA). No account required. No commercial tracking or advertising. All data is public record. One of the most straightforward government data tools from a security and privacy perspective. - [VeraCrypt](https://fieldwork.news/tools/veracrypt): strong — Two independent security audits (QuarksLab 2016 for EU-FOSSA, Fraunhofer SIT 2020 for German BSI) found no serious cryptographic vulnerabilities. FBI has stated in court it cannot break VeraCrypt and has no backdoor. No publicly documented case of VeraCrypt encryption defeated through cryptanalysis. Supports AES, Serpent, Twofish, and cascaded combinations with 500,000+ PBKDF2 iterations. RAM encryption for master keys available on 64-bit Windows (since v1.24). Active development: v1.26.24 released May 2025 with screen capture protection and ARM64 SHA-256 acceleration. Hidden volume feature provides plausible deniability unique among encryption tools, though with forensic limitations. - [VesselFinder](https://fieldwork.news/tools/vessel-finder): adequate — EU-based company operating under GDPR with HTTPS encryption in transit. The underlying data is publicly broadcast AIS information — low sensitivity. Free browsing without an account minimizes data exposure for casual lookups. Limited corporate transparency about infrastructure and security practices compared to larger competitors. No public record of data breaches. Main journalist concern is search-history exposure if using a logged-in account during sensitive investigations, not the vessel data itself. - [Violation Tracker](https://fieldwork.news/tools/violation-tracker): adequate — Public database of public records operated by an established 501(c)(3) nonprofit since 2015. No account required for basic searches. Minimal data collection. No tracking concerns for journalist use. The only privacy consideration is that paid subscribers provide payment information through the subscription system. - [VirusTotal](https://fieldwork.news/tools/virustotal): adequate — Strong scanning coverage across 70+ engines — best-in-class for multi-engine file and URL analysis. The privacy model is the weak point: free-tier uploads are permanently stored and shared with vendors and premium subscribers. The 2023 customer data leak demonstrated operational security gaps. Google ownership provides infrastructure reliability but means Google's data practices apply to account data. Rating stays 'adequate' because the tool works exactly as designed — the risk is users not understanding what 'upload' means here. - [Watch Duty](https://fieldwork.news/tools/watch-duty): adequate — Nonprofit with no advertising or data monetization model. Encrypted in transit. Requires location data for core functionality, which is a standard trade-off for a geolocation-based alert app. No known data breaches or privacy incidents. Rating reflects a straightforward utility app from a mission-driven nonprofit — adequate for its purpose with no unusual trust concerns. - [Wayback Machine](https://fieldwork.news/tools/wayback-machine): caution — Downgraded from 'adequate' after the October 2024 breach exposed 31 million user records. The Archive is a trusted nonprofit with a 28-year track record, but its security posture failed under sustained attack. Browsing is logged, no E2EE for searches. Use Tor for sensitive queries. The publisher-blocking trend is a reliability concern, not a security one — but it means the archive's coverage of news content is shrinking in real time. - [WhatsApp](https://fieldwork.news/tools/whatsapp): caution — Strong message encryption (Signal protocol with Curve25519, AES-256, perfect forward secrecy) undermined by Meta's metadata collection, cross-platform data sharing, lack of sealed sender, whistleblower allegations of 1,500 engineers with unaudited metadata access, documented spyware targeting of journalists (Paragon Graphite, NSO Pegasus), and forced Meta AI integration. Cloud backups unencrypted by default. 89% of journalists in democratic countries use Signal instead. WhatsApp is a fallback, not a recommendation. - [Whisper](https://fieldwork.news/tools/whisper): strong — Runs entirely locally with no network dependency. MIT-licensed open-source model with full code and weight transparency. No telemetry, no data collection, no cloud requirement. Audio never leaves your device. The hallucination problem is an accuracy concern, not a security concern — it does not compromise confidentiality. The strongest privacy posture of any transcription tool available: zero data exposure by design. - [Wire](https://fieldwork.news/tools/wire): strong — First messenger with full MLS (IETF RFC 9420) production implementation. Open-source clients independently audited by Kudelski Security and X41 D-Sec. E2E encryption on by default for all content types including calls and file sharing. No phone number required for registration. Stores more metadata than Signal (contact lists, 72-hour connection logs) but well above industry average. Ownership changes and Swiss surveillance law evolution warrant monitoring. - [WireGuard](https://fieldwork.news/tools/wireguard): strong — Formally verified cryptographic protocol with ~4,000 lines of auditable code. Built into the Linux kernel. Uses modern, opinionated cryptography with no legacy cipher negotiation. No central infrastructure, no data collection, no accounts. The minimal attack surface and formal verification by INRIA put WireGuard in a different class than most VPN solutions. Rating reflects the protocol itself — your overall VPN security also depends on server configuration and operational practices. - [Wispr Flow](https://fieldwork.news/tools/wispr-flow): caution — Screen capture and voice audio sent to third-party AI providers (OpenAI, Meta's Llama) is a significant privacy concern for journalism workflows. All processing is cloud-only — there is no local option. Privacy Mode prevents retention but not transmission. SOC 2 Type II, ISO 27001, and HIPAA certifications demonstrate real security investment, but the architecture is fundamentally incompatible with source protection. The tool is well-built and the company is increasingly transparent, but 17+ outages in Q1 2026 raise reliability questions for deadline-driven journalism. - [WordPress](https://fieldwork.news/tools/wordpress): adequate — WordPress core is well-maintained — only 7 vulnerabilities in 2024, none critical. The Abilities API in 6.9 improved permission granularity. But the plugin ecosystem is a minefield: 11,334 vulnerabilities in 2025, 43% exploitable without authentication. Self-hosted gives full data control but demands active maintenance. The Mullenweg/WP Engine dispute revealed a deeper issue: WordPress.org infrastructure is effectively controlled by one company, creating a single point of governance failure for 43% of the web. Rating reflects strong core security offset by ecosystem risk and governance concerns. - [Zapier](https://fieldwork.news/tools/zapier): adequate — SOC 2 Type II certified, GDPR-compliant, encryption in transit and at rest, OAuth-based connections to third-party apps. The structural issue is unavoidable: Zapier is a hub that sees everything flowing through your workflows, and task history stores payloads for up to 30 days. For routine newsroom automation that doesn't involve source identities or sensitive documents, this is fine. For anything you wouldn't put in plain email, use a self-hosted alternative like n8n instead. - [Zoom](https://fieldwork.news/tools/zoom): adequate — AES-256 GCM encryption by default, optional E2EE and post-quantum E2EE (Kyber-768) on all plans, SOC 2 Type II and ISO 27001 certified, under FTC consent order through ~2026 with mandatory third-party audits. E2EE is off by default and disables essential journalist features (recording, transcription) when enabled. High vulnerability volume (30+ CVEs in 2025, 36 in 2024) but responsive patching — critical CVE-2026-22844 (CVSS 9.9) was patched before exploitation. The 2023 AI training policy reversal and 2021 FTC settlement for false encryption claims are serious trust flags. France's 2026 government ban signals growing institutional skepticism. Adequate for routine use; enable E2EE for anything sensitive, or use Jitsi Meet/Signal. - [Zotero](https://fieldwork.news/tools/zotero): adequate — Open-source code with full transparency. Nonprofit ownership with no financial incentive to monetize data. Local-first architecture means all data stays on your machine unless you opt into syncing. TLS for all sync traffic. At-rest encryption enabled on cloud services, but not end-to-end — Zotero servers can decrypt for web access. Funded by foundations and subscriptions, not advertising or data sales. The translation server (used by the browser connector to fetch metadata) logs URLs, which is a minor privacy consideration for sensitive research. Strong trust profile overall: open source, nonprofit, grant-funded, no tracking, 15+ years of operation. ## Programs (82 verified) - [1Password for Journalists](https://1password.com/for-journalists/) ($60/year): Free 1Password Teams account for password management, 2FA, and secure credential sharing. - [Adobe for Nonprofits](https://www.adobe.com/creativecloud/plans.html) ($2,400/year): Discounted Creative Cloud for nonprofit newsrooms via TechSoup. Photoshop, Premiere Pro, InDesign, Illustrator — the full suite at nonprofit pricing. - [AI Adoption for Newsrooms: A 10-Step Guide](https://partnershiponai.org/ai-for-newsrooms/): Free, vendor-neutral 10-step guide covering the full AI adoption lifecycle — from identifying needs and benchmarking tools to procurement, governance, and knowing when to retire a tool. Includes real newsroom case studies and 5 key principles for responsible AI use. - [Airtable for Nonprofits](https://www.airtable.com/nonprofits) ($120/year per seat): 50% off Airtable Team or Business plans. Flexible database for editorial calendars, source tracking, project management, and investigations. - [American Journalism Project](https://www.theajp.org/) (Varies ($100,000-$1,000,000+)): Venture philanthropy for nonprofit local news organizations. Provides multi-year funding, business strategy consulting, and operational support to build sustainable newsrooms. - [AP Local News AI](https://github.com/associatedpress) (Free (open-source)): Open-source AI tools built for local newsrooms — public safety report parsing, video-to-story transcription, weather alert automation. Includes the Minutes Project (automated public meeting transcription covering 100+ government bodies across 7 states). Source code on GitHub. - [Apple News Partner Program](https://developer.apple.com/apple-news/) (Varies — 15% savings on commission vs standard App Store rate): 15% commission rate on in-app subscriptions from day one (standard Apple rate is 30%, dropping to 15% after year one). Apple News Format for rich reading experiences. Editorial curation by Apple's professional journalism team. Distribution to Apple News readers across iPhone, iPad, and Mac. - [Asana for Nonprofits](https://asana.com/nonprofit) ($1,500/year (for 10 users)): 50% off Asana Business plan for project management, editorial workflows, and team coordination. - [Atlassian Nonprofits](https://www.atlassian.com/teams/nonprofits) ($7,500/year (for 25 users)): 100% free Jira, Confluence, and Loom for up to 25 users. 75% off additional cloud products. Up to 25 free consultancy days via Solution Grant program. - [AWS Nonprofit Credits](https://aws.amazon.com/government-education/nonprofits/) ($5,000/year): Up to $5,000/year in AWS cloud credits for compute, storage, databases, and AI services. Access to AWS Nonprofit Competency Partners for implementation support. - [Beehiiv Media Collective](https://www.beehiiv.com/) ($5,000+/year): Free newsletter hosting (waived monthly fees), monthly health insurance stipends, legal support, Perplexity Pro access, Getty Images access, and Doola accounting services for up to two years. - [Box for Nonprofits](https://www.box.org/home) ($3,600/year): First 10 Box Starter licenses free. 50% off Nonprofit Enterprise plans for secure cloud storage, file sharing, and collaboration with admin controls and compliance features. - [Buffer for Nonprofits](https://buffer.com/nonprofits) ($600/year): 50% off all Buffer plans for social media management, scheduling, analytics, and engagement tools. - [Canva for Journalists](https://public.canva.site/journalists) ($120/year): Free or discounted Canva Pro for data visualization, graphics, and visual storytelling. - [Canva for Nonprofits](https://www.canva.com/canva-for-nonprofits/) ($1,500/year (for 10 users)): Free Canva Pro for up to 50 users at qualifying nonprofits. Includes premium templates, Brand Kit, background remover, content scheduler, and 100GB storage. - [ChatGPT for Nonprofits](https://openai.com/chatgpt/nonprofits/) ($720/year per seat): 75% off ChatGPT Business or Enterprise plans. Includes GPT-4, advanced data analysis, custom GPTs, and admin controls. - [Claude for Nonprofits](https://www.anthropic.com/solutions/nonprofits) ($720/year per seat): 75% off Claude Team or Enterprise plans for qualifying nonprofits. Full access to Claude's capabilities including extended context, projects, and team features. - [Cloudflare Project Galileo](https://www.cloudflare.com/galileo/) ($2,400/year): Free enterprise-grade DDoS protection, web application firewall, DNS, CDN caching, and bot management. Now includes free protection from AI crawlers scraping your content. - [CPJ Safety Resources](https://cpj.org/safety-resources/) (Free): Free digital and physical safety training, individualized safety advice, emergency financial assistance, and a comprehensive Safety Kit available in multiple languages. Also operates a 24/7 emergency response for journalists in danger. - [CUNY Newmark AI Journalism Labs](https://www.journalism.cuny.edu/j-plus/ai-journalism-labs/) ($3,000–$5,000 (comparable executive education programs)): Tuition-free AI training in one of two tracks. Builders: hands-on building, testing, and implementing AI tools in newsrooms (Jan–May, ~24 participants, partnered with Nordic AI Journalism). Leaders: strategic AI adoption frameworks, governance, and responsible deployment for editors and executives (Jan–Apr, ~23 participants). Both include mandatory in-person sessions at CUNY in New York. - [Datawrapper Free Tier](https://www.datawrapper.de/) (Free): Free data visualization tool for charts, maps, and tables. Publish unlimited charts. - [DeleteMe for Journalists](https://inn.org/resources/deleteme/) ($129/year per person): Personal data removal from 750+ data broker sites. Continuous monitoring with quarterly privacy reports. Two tiers available: Workforce (standard protection for all staff) and Gold (enhanced monitoring and broader removals for high-visibility journalists). Funded by Microsoft's Democracy Forward Initiative. - [DocuSign for Nonprofits](https://ecom.docusign.com/nonprofit/plans/esignature) ($3,600/year): 50-75% off DocuSign annual plans for e-signatures. Also available through TechSoup: 5 Standard + 5 Business Pro licenses per fiscal year at minimal admin fees. - [Dropbox Nonprofits](https://www.dropbox.com/business/nonprofits) ($900/year (for 5 users)): 50% off Dropbox Business plans. Cloud storage, file sharing, and collaboration with admin controls. - [Figma for Nonprofits](https://www.figma.com/nonprofits/) ($225/year per seat): 50% off Figma Organization plan for nonprofits. Free for education. Full design, prototyping, and collaboration tools. - [Flourish for Newsrooms](https://flourish.studio/) ($468/year): Data visualization platform with interactive charts, maps, and story templates. Free for newsrooms through Google News Initiative partnership. - [Fund for Investigative Journalism](https://fij.org/) (Up to $2,500): Grants up to $2,500 for preliminary investigative reporting — open records requests, initial reporting trips, database access, and document acquisition. - [GitHub Nonprofits](https://github.com/solutions/industry/nonprofits) ($480/year (per 10 users)): Free GitHub Team plan with unlimited private repositories and unlimited users. 25% off Enterprise Cloud. Nonprofit Developer Pack with partner credits. - [Global Center for Journalism and Trauma](https://gcjt.org/) (Free): Free training on trauma-informed journalism, newsroom briefings, mental health resources, and peer support programs. Successor to Columbia's Dart Center for Journalism and Trauma. - [Google Ad Grants](https://www.google.com/nonprofits/) ($120,000/year): Up to $10,000/month in free Google Search advertising. Promote your journalism, drive readership, and reach new audiences through Google Ads at no cost. - [Google Advanced Protection Program](https://landing.google.com/advancedprotection/) (Free): Strongest Google account security — requires passkey or FIDO security key, blocks harmful downloads, restricts third-party app access to Gmail/Drive - [Google Data Commons](https://datacommons.org/) (Free): Open data repository combining data from UN, CDC, BLS, Census, World Bank, and other sources into a single queryable database. Natural language queries supported. - [Google Dataset Search](https://datasetsearch.research.google.com/) (Free): Search engine specifically for datasets. Indexes government data, academic repositories, and news organization datasets worldwide. - [Google Fact Check Explorer](https://toolbox.google.com/factcheck/explorer) (Free): Search engine for fact-checks published by verified fact-checking organizations worldwide. Uses ClaimReview markup to aggregate results. - [Google Maps Platform for Nonprofits](https://www.google.com/nonprofits/) ($3,000/year): $250/month credit for Google Maps Platform. Embed interactive maps, use geocoding, places, and directions APIs for data journalism projects and newsroom tools. - [Google News Consumer Insights](https://newsinitiative.withgoogle.com/resources/tools/news-consumer-insights/) (Free): Analytics tool that benchmarks your site against peers, identifies audience segments, and provides actionable recommendations for engagement and revenue. - [Google News Initiative Training](https://newsinitiative.withgoogle.com/resources/trainings/) (Free): 50+ free self-guided courses across 6 tracks: Fundamentals, Machine Learning, Audience Development, Traffic Growth, Engagement, and Fundraising. Includes Google Earth, Sheets, and Trends tutorials for journalists. - [Google Pinpoint](https://journaliststudio.google.com/pinpoint/about/) (Free): Free document analysis tool. Upload PDFs, images, audio, video — Pinpoint transcribes, runs entity recognition, and makes everything searchable. - [Google Project Shield](https://projectshield.withgoogle.com) ($3,000/year): Free DDoS protection using Google's infrastructure. Reverse proxy that absorbs attacks. - [Google Reader Revenue Manager](https://readerrevenue.withgoogle.com/) (Free): Self-service platform to launch reader contributions and subscriptions. Integrates with Subscribe with Google for frictionless payments. - [Google Realtime Content Insights](https://newsinitiative.withgoogle.com/resources/tools/realtime-content-insights/) (Free): Live engagement data showing which articles are performing now. Chrome extension for real-time metrics overlay on your site. - [Google Trends](https://trends.google.com/) (Free): Real-time and historical data on Google search interest. Compare topics, see geographic breakdowns, and identify emerging trends. - [Google Workspace for Nonprofits](https://www.google.com/nonprofits/) ($1,680/year): Free Google Workspace Business Standard for eligible nonprofit newsrooms. Gmail with custom domain, 2TB storage per user, Google Meet, Drive, Docs, Sheets. - [Hootsuite for Nonprofits](https://www.hootsuite.com/) ($4,200/year): Up to 60% off Hootsuite social media management plans including scheduling, monitoring, analytics, and team collaboration. - [HubSpot for Nonprofits](https://www.hubspot.com/nonprofits) ($4,320/year): 40% off HubSpot Professional or Enterprise tiers. Includes marketing automation, CRM, sales tools, and service hub. - [HubSpot Free CRM](https://www.hubspot.com/products/crm) (Free): Free CRM with contact management, deal tracking, 2,000 emails/month, forms, landing pages, live chat, chatbots, meeting scheduler, and AI email writer. No time limit. - [ICFJ Knight Fellowships](https://www.icfj.org/our-work/knight) (Varies ($50,000+)): Minimum one-year fellowship in newsroom innovation, data journalism, digital security, or media entrepreneurship. Salary, travel, and project funding included. - [IWMF Grants and Fellowships](https://www.iwmf.org/programs/) (Varies ($2,000-$20,000+)): $230,000+ annually in reporting grants for women and nonbinary journalists. Includes the Elizabeth Neuffer Fellowship (Reuters/MIT), Lauren Brown Fellowship, and Kari Howard Fund. Plus an emergency fund providing grants for medical care, relocation, and legal aid for journalists facing threats. - [Journalism AI Skills](https://skills.amditis.tech/) (Free): 37 free Claude Code skills for journalism workflows — source verification, FOIA request drafting, data journalism analysis, fact-checking, interview preparation, story pitching, editorial workflow management, and more. Install as slash commands in Claude Code. - [JournalismAI Innovation Challenge](https://www.lse.ac.uk/media-and-communications/polis/JournalismAI) ($50,000-$100,000): Grants of $50,000-$100,000 for small and medium news organizations to develop AI-powered journalism projects. Includes mentorship and community access. - [Knight Press Forward](https://knightfoundation.org/press-forward/) (Varies ($25,000-$500,000+)): $500 million national initiative to strengthen local news. Grants fund reporting, infrastructure, and innovation at local news organizations. Largest-ever philanthropic commitment to local journalism. - [LinkedIn Premium for Journalists](https://business.linkedin.com/cx/linkedin-for-journalists-premium-program) ($360/year): Free LinkedIn Premium account with InMail credits, advanced search, and profile analytics. - [Mailchimp for Nonprofits](https://mailchimp.com/) ($240/year): 15% discount on all paid Mailchimp plans for email marketing, audience management, and newsletter distribution. - [Meta Journalist Safety Program](https://www.facebook.com/journalists) (Free): Enhanced account security on Facebook and Instagram, blue badge verification, News Page registration, CrowdTangle access, moderation tools (Hidden Words, Limits, Restrict). Includes safety guides and video training. - [Microsoft Journalism Hub](https://www.microsoft.com/en-us/corporate-responsibility/journalism) (Free): Custom-built Microsoft software solutions for nonprofit newsrooms, LinkedIn Premium for journalists, technology grants, and AI tools access. - [Microsoft Nonprofits](https://nonprofit.microsoft.com/) ($21,600/year (for 300 users)): Up to 300 free Microsoft 365 Business Basic licenses (Exchange, Teams, SharePoint, OneDrive). $2,000/year Azure cloud credits. 60% off Dynamics 365. Free Copilot access with qualifying plans. - [monday.com Nonprofits](https://monday.com/nonprofits) ($3,600/year (for 10 users)): First 10 seats free. 70% off seats 11 and above. 33% off Enterprise tier. Project management, editorial workflows, and team coordination. - [Nexis ExpertAccess for Journalists](https://www.lexisnexis.com/en-us/professional/research/nexis-expertaccess.page) ($312/year): Full access to the Nexis news archive — 40,000+ sources, 45+ years of historical content, SmartIndexing search, and public records lookups. Discounted rate for independent journalists and small newsrooms. - [Nieman Fellowships](https://nieman.harvard.edu/fellowships/) ($85,000): $85,000 stipend over 9 months, health insurance, childcare allowance, and two semesters of access to Harvard University courses and resources. - [NordVPN for Journalists](https://nordvpn.org/nonprofit/) ($1,200/year): Free or heavily discounted NordVPN licenses for journalists. 9,500+ licenses donated since 2018. Priority given to press freedom and journalist safety cases. - [Notion for Nonprofits](https://www.notion.com/nonprofits) ($120/year per seat): 50% off Notion Plus or Business plans for qualifying nonprofits. Includes unlimited pages, databases, integrations, and team collaboration. - [OpenAI Academy for News](https://openai.com/blog/supporting-local-news) (Free): AI training program for news organizations. Part of $5M cash and $5M API credits commitment to the American Journalism Project for local news. - [Outline VPN](https://getoutline.org) (Free): Free, open-source VPN you self-host. No bandwidth limits, no logging, no tracking. Designed for journalists in restrictive environments. - [PEN America Online Harassment Field Manual](https://onlineharassmentfieldmanual.pen.org/) (Free): Comprehensive online harassment field manual with practical tools and tactics for defense. Includes threat assessment guides, self-care advice, law enforcement guidance, employer resources, and bystander intervention strategies. Plus one-on-one digital safety consultations. - [Perplexity Publisher Program](https://www.perplexity.ai/hub/blog/perplexity-s-publisher-program) ($240/year per seat): Free Perplexity Enterprise Pro for news organizations for one year. Revenue sharing when Perplexity cites publisher content. Part of $42.5M publisher pool. - [Proton for Journalism](https://proton.me/business/media) ($1,200/year): Custom pricing on Proton Mail, VPN, Drive, Pass, and Calendar for journalists and newsrooms. Full encrypted suite — Swiss jurisdiction, zero-access encryption. Recommended by Reporters Without Borders. - [Pulitzer Center Grants and Fellowships](https://pulitzercenter.org/grants-fellowships) ($5,000-$10,000): Rolling reporting grants typically $5,000-$10,000 for in-depth and international reporting projects. Yearlong fellowships with funding, training, and research support. Also provides travel grants for reporting in underreported regions. - [QuestionPro for Nonprofits](https://www.questionpro.com/pricing/non-profit.html) ($2,400/year): Free full-featured QuestionPro license for audience research, reader surveys, and community engagement. Not a limited trial — full Advanced/Team features at no cost. - [QuickBooks for Nonprofits](https://www.techsoup.org/intuit-software-nonprofits) ($1,000/year): QuickBooks Online Plus for $80/year admin fee (retail $1,080/year). QuickBooks Online Advanced for $170/year admin fee (retail $2,400/year). Full nonprofit accounting with fund tracking and donor management. - [Report for America](https://www.reportforamerica.org/) (Varies ($40,000-$50,000/year)): Places emerging journalists in local newsrooms to cover under-reported communities and issues. Corps members receive a salary subsidized by Report for America, with the host newsroom covering the remainder. - [RISC Training](https://risctraining.org/) (Free (training valued at $2,000+)): Free hostile environment and first aid training (HEFAT) for freelance conflict journalists. Covers medical emergencies, hostile situations, digital security, and risk assessment. - [Rory Peck Trust](https://rorypecktrust.org/) (Free (training grants worth $1,500-$3,000)): 100+ HEFAT (hostile environment and first aid) training grants per year for freelance journalists. Practical and financial crisis support for freelancers facing threats, injury, or detention. Safety resources and guidance. - [RSF Safety Resources](https://rsf.org/en/our-operations) (Free): 24-hour emergency hotline for journalists in danger. Travel insurance for freelancers ($2.64/day via Battleface partnership). Loan of body armor, helmets, and distress beacons. Safety training programs. Emergency financial assistance. - [Salesforce Nonprofits](https://www.salesforce.com/company/power-of-us/) ($15,000/year): 10 free Salesforce Nonprofit Cloud Enterprise licenses. 80% off additional licenses. Full CRM, donor management, program tracking, and reporting. - [Slack for Nonprofits](https://slack.com/intl/en-us/help/articles/204368833-Apply-for-the-Slack-for-Nonprofits-discount) ($1,000/year): 85% discount on Slack Pro or Business+ for first year. Ongoing discounts on renewal. Full Slack features: unlimited message history, file sharing, integrations. - [Stripe for Nonprofits](https://stripe.com) ($700/year): Reduced payment processing fee of 2.2% + $0.30 per transaction (vs standard 2.9% + $0.30). Saves 0.7% on every donation processed — adds up fast for reader-supported journalism. - [Tableau for IRE Members](https://www.ire.org/) ($840/year): Free Tableau Desktop license for IRE members. Professional data visualization software for investigative and data journalism. - [TechSoup for Newsrooms](https://www.techsoup.org/get-products) ($3,000/year): Discounted software and services for nonprofit newsrooms: Microsoft 365, Adobe Creative Cloud, Zoom, Slack, QuickBooks, and hundreds more. Individual discounts range from 50-90% off retail. - [Webflow for Nonprofits](https://help.webflow.com/hc/en-us/articles/33961230168467) ($300/year): 50% off Basic, CMS, and Business site plans for 12 months, renewable. Build and manage publication websites without coding. - [Wispr Flow Nonprofit](https://www.wispr.flow/) ($84/year): Voice-to-text dictation at $8/month nonprofit rate (vs $15/month standard). Works across any app — dictate emails, notes, stories, and documents by speaking. - [Zapier for Nonprofits](https://zapier.com/non-profits) ($360/year): 15% off any paid Zapier plan for workflow automation connecting 6,000+ apps. - [Zoom for Nonprofits](https://zoom.us/en/nonprofit) ($1,200/year): 50% discount on Zoom Business or Zoom One for nonprofit newsrooms. Unlimited meeting length, cloud recording, breakout rooms. ## Optional ### Organizations (30) - [Asian American Journalists Association (AAJA)](https://www.aaja.org/): Advances diversity in newsrooms and supports Asian American and Pacific Islander journalists through programs, mentorship, and community. - [Association of Health Care Journalists (AHCJ)](https://healthjournalism.org/): Dedicated to improving the quality and accuracy of health care reporting through training, resources, and community. - [Authors Guild](https://authorsguild.org/): The nation's oldest and largest professional organization for writers, advocating for authors' rights and fair compensation. - [Committee to Protect Journalists (CPJ)](https://cpj.org/): An independent nonprofit that promotes press freedom worldwide by defending the right of journalists to report the news without fear of reprisal. - [Education Writers Association (EWA)](https://www.ewa.org/): The national professional organization of education reporters and the single largest membership organization of beat reporters of any kind. - [Freedom of the Press Foundation (FPF)](https://freedom.press/): Protects and defends journalism in the 21st century by developing open-source tools for secure communication and fighting for transparency. - [Freelancers Union](https://www.freelancersunion.org/): A nonprofit organization that represents the 60 million independent workers in the US, providing benefits, resources, and advocacy. - [Global Investigative Journalism Network (GIJN)](https://gijn.org/): An international association of investigative journalism organizations that supports collaborative cross-border reporting worldwide. - [Institute for Nonprofit News (INN)](https://inn.org/): A network of hundreds of nonprofit news organizations providing infrastructure, funding support, and shared services for nonprofit journalism. - [Investigative Reporters & Editors (IRE)](https://www.ire.org/): The premier organization for investigative journalism training and resources, home of NICAR and the largest journalism tipsheet library. - [LION Publishers](https://www.lionpublishers.com/): Supports local independent online news publishers with business training, technology resources, and community. - [National Association of Black Journalists (NABJ)](https://www.nabj.org/): The largest organization of journalists of color in the US, providing career development, scholarships, and advocacy for Black journalists. - [National Association of Hispanic Journalists (NAHJ)](https://nahj.org/): Dedicated to the recognition and professional advancement of Hispanics in the news industry through programs, training, and advocacy. - [National Association of Science Writers (NASW)](https://www.nasw.org/): Fosters the dissemination of accurate information about science through all media. Supports science writers at every career stage. - [National Press Club](https://www.press.org/): The world's leading professional organization for journalists, providing a meeting place and forum for news leaders, newsmakers, and the public. - [National Press Photographers Association (NPPA)](https://nppa.org/): Dedicated to the advancement of visual journalism through education, protection of photojournalists' rights, and ethical standards. - [National Writers Union (NWU)](https://nwu.org/): The only labor union that represents freelance writers in all genres, formats, and media. An affiliate of the UAW. - [NLGJA: The Association of LGBTQ+ Journalists](https://www.nlgja.org/): Works within the news industry to foster fair and accurate coverage of LGBTQ+ issues and provides professional development for LGBTQ+ journalists. - [Online News Association (ONA)](https://journalists.org/): The world's largest membership organization of digital journalists, focused on innovation in storytelling and news technology. - [Overseas Press Club of America (OPC)](https://opcofamerica.org/): The nation's oldest and largest association of journalists covering international news, based in New York City. - [PEN America](https://pen.org/): Stands at the intersection of literature and human rights to protect free expression in the US and worldwide. - [Poynter Institute](https://www.poynter.org/): A global leader in journalism education and media strategy, offering training, fact-checking resources, and ethical guidelines. - [Radio Television Digital News Association (RTDNA)](https://www.rtdna.org/): The world's largest professional organization exclusively serving the electronic and digital news industry. - [Reporters Committee for Freedom of the Press (RCFP)](https://www.rcfp.org/): Provides pro bono legal representation, amicus briefs, and other legal resources to protect press freedom and the flow of information. - [Reporters Without Borders (RSF)](https://rsf.org/): An international nonprofit that promotes and defends freedom of information and freedom of the press worldwide. - [Society for Advancing Business Editing and Writing (SABEW)](https://sabew.org/): The premier organization for business and financial journalists, providing training and recognition for excellence in business reporting. - [Society of Environmental Journalists (SEJ)](https://www.sej.org/): The only North American membership association of professional journalists dedicated to improving the quality and accuracy of environmental reporting. - [Society of Professional Journalists (SPJ)](https://www.spj.org/): The oldest and largest journalism organization in the US, dedicated to the free practice of journalism and high ethical standards. - [Solutions Journalism Network](https://www.solutionsjournalism.org/): Trains and supports journalists to cover how people are responding to problems, not just the problems themselves. - [Study Hall](https://studyhall.xyz/): A community and resource hub for media workers, offering transparency about the industry and practical tools for freelancers. ### Events (150) - [AAJA Convention 2026](https://www.aaja.org/convention): 2026-06-24 — Annual convention focused on Asian American and Pacific Islander representation in media, with professional development and career-building opportunities. - [Abraji Congress 2026](https://www.abraji.org.br/): 2026-07-10 — Latin America's largest investigative journalism conference. Sessions on data journalism, OSINT, press freedom, and accountability reporting in the region. - [ACES Editing Conference 2026](https://aceseditors.org/conference): 2026-04-23 — Annual conference for editors, copy editors, and language professionals. Sessions on editing craft, style, grammar, AI-assisted editing, and managing editorial workflows. - [ACP Spring College Media Conference 2026](https://www.studentpress.org/acp/conventions/): 2026-03-05 — National conference for college journalists and advisers. Sessions on reporting, editing, multimedia storytelling, and preparing for careers in journalism. - [Africa Media Festival 2026](https://www.code4africa.org/): 2026-02-25 — Pan-African gathering of journalists and media innovators. Sessions on data journalism, civic tech, press freedom, and building sustainable newsrooms in Africa. - [African Investigative Journalism Conference 2026](https://aijc.africa/): 2026-11-10 — Africa's largest investigative journalism conference. Sessions on accountability reporting, data journalism, digital security, and cross-border investigations on the continent. - [AHCJ Health Journalism 2026](https://healthjournalism.org/conference/): 2026-05-27 — The premier conference for health and medical reporters. Sessions on covering public health, pharma, health policy, and medical research with rigor. - [Al Neuharth Free Spirit Conference 2026](https://www.freedomforum.org/free-spirit/): 2026-06-21 — Week-long journalism and First Amendment conference for rising high school seniors. All-expenses-paid program covering press freedom, reporting skills, and civic engagement. - [America's Newspapers Mega-Conference 2026](https://www.newspapers.org/mega-conference/): 2026-03-30 — Annual gathering for newspaper executives and leaders. Sessions on revenue, audience, AI, and strategies for sustaining local and regional news organizations. - [APSE Summer Conference 2026](https://apsportseditors.org/): 2026-07-16 — Annual conference for sports journalists and editors. Sessions on investigative sports reporting, digital storytelling, and managing sports coverage. - [ARIJ Annual Forum 2026](https://en.arij.net/): 2026-12-04 — The leading investigative journalism conference in the Arab world. Sessions on accountability reporting, digital security, and cross-border investigations in the MENA region. - [b future festival](https://b-future-festival.com/): 2026-10-01 — International media festival focused on constructive journalism, solutions-oriented reporting, and the role of media in shaping sustainable futures. - [Bellingcat Online Investigation Workshop](https://www.bellingcat.com/workshops/): 2026-05-18 — Hands-on training in open source investigation techniques: geolocation, satellite imagery analysis, social media forensics, and digital evidence preservation. Multiple sessions offered throughout the year. - [CAJ National Conference 2026](https://caj.ca/conferences): 2026-06-12 — Canada's premier journalism conference. Sessions on investigative reporting, press freedom, Indigenous coverage, and the business of Canadian news. - [CES 2026](https://www.ces.tech/): 2026-01-06 — The world's largest consumer electronics trade show. Relevant to journalists covering emerging platforms, AI tools, creator economy technology, and media hardware. - [Collision Conference 2026](https://collisionconf.com/): 2026-06-03 — Major North American tech conference with dedicated media tracks covering AI in newsrooms, content distribution, and the business of journalism. - [Covering Climate Now Awards](https://coveringclimatenow.org/awards/): 2026-03-31 — Awards honoring excellence in climate journalism across print, digital, broadcast, and audio. Entry deadline March 31. - [CPJ Digital Safety Training](https://cpj.org/safety-notes/): 2026-04-20 — Free digital safety training sessions for journalists. Covers device security, secure communications, social media safety, and threat assessment. Virtual and in-person sessions offered year-round. - [CPJ International Press Freedom Awards](https://cpj.org/awards/): 2026-11-19 — Annual awards dinner honoring journalists who show courage in defending press freedom worldwide. Date estimated — typically held in November. - [Craft + Commerce 2026](https://craftandcommerce.com/): 2026-06-10 — Conference for creators building businesses around newsletters, content, and digital products. Sessions on audience growth, monetization, and the creator economy. - [CSPA Spring Convention 2026](https://cspa.columbia.edu/conventions-and-conferences): 2026-03-18 — Annual convention for high school and college student journalists. Workshops on reporting, writing, design, and digital journalism at Columbia University. - [Daniel Pearl Award 2026](https://www.danielpearl.org/): 2026-06-28 — Annual award honoring journalists who embody the ideals of courage, insight, and integrity exemplified by Daniel Pearl. - [Dataharvest 2026](https://dataharvest.eu/): 2026-05-28 — Europe's premier investigative journalism conference. Hands-on workshops on data journalism, OSINT, cross-border collaboration, and accountability reporting. - [Digiday Publishing Summit](https://digiday.com/events/digiday-publishing-summit/): 2026-03-23 — Invitation-only summit for digital publishing executives covering audience strategy, revenue diversification, and emerging technology in media. - [DocumentCloud Workshop](https://www.documentcloud.org/): 2026-06-10 — Training on using DocumentCloud for document analysis, OCR, annotation, and collaborative document investigation. Free with IRE membership. Virtual sessions offered periodically. - [Domestic HEFAT Training](https://rorypecktrust.org/freelance-resources/safety/): 2026-02-27 — Hostile Environment and First Aid Training adapted for domestic reporting contexts, covering protest coverage safety, active shooter scenarios, and field first aid for journalists. - [duPont-Columbia Awards 2026](https://journalism.columbia.edu/dupont): 2026-01-28 — Annual ceremony recognizing excellence in broadcast and digital journalism. Considered the broadcast equivalent of the Pulitzer Prize. - [DW Breaking the News](https://www.dw.com/en/breaking-the-news/): 2026-01-28 — One-day conference on media freedom, disinformation, and the global information ecosystem, hosted by Germany's international broadcaster. - [DW Global Media Forum 2026](https://www.dw.com/en/dw-global-media-forum/): 2026-06-23 — International media conference focusing on media freedom, digital transformation, and the role of journalism in democratic societies. - [Edward R. Murrow Awards Entry Deadline](https://www.rtdna.org/murrow-awards): 2026-02-19 — Entry deadline for the Edward R. Murrow Awards, recognizing outstanding achievement in electronic journalism including broadcast and digital news. - [Edward R. Murrow Awards Gala 2026](https://www.rtdna.org/murrow-awards): 2026-10-12 — Gala ceremony honoring excellence in electronic journalism. National Murrow Awards recognize outstanding work in broadcast and digital news. - [European Conference of Science Journalism](https://www.ecsj2026.eu/): 2026-10-14 — Biennial conference for science journalists covering climate reporting, health journalism, and the intersection of science communication and news media. - [European Publishing Congress](https://www.publishing-congress.com/): 2026-06-17 — Annual gathering of European publishing leaders covering digital transformation, reader revenue, and the future of print and digital media across Europe. - [EWA National Seminar 2026](https://www.ewa.org/events): 2026-06-02 — The premier event for education journalists. Deep-dive sessions on K-12, higher ed, policy, and data-driven education reporting. Free for EWA members. - [George Polk Awards Ceremony 2026](https://www.liu.edu/polk-awards): 2026-04-10 — Annual ceremony honoring bold and resourceful reporting that sharpens public awareness of vital issues. One of American journalism's most prestigious honors. - [GIJN Global Investigative Journalism Conference](https://gijn.org/global-conference/): 2026-11-09 — The world's largest gathering of investigative journalists, featuring sessions on cross-border investigations, data journalism, digital security, and accountability reporting. Date estimated — typically held in Q4. - [GIJN Sigma Awards](https://gijn.org/sigma-awards/): 2026-02-15 — Annual awards for the best data journalism worldwide, recognizing outstanding use of data in investigative and explanatory reporting. Date estimated — typically announced in February. - [Global Fact 2026](https://www.poynter.org/ifcn/global-fact/): 2026-06-17 — The annual global summit for fact-checkers. Sessions on verification tools, misinformation trends, cross-border collaboration, and AI in fact-checking. - [GNI AI Skills Academy](https://newsinitiative.withgoogle.com/resources/trainings/): 2026-01-01 — Ongoing virtual training program teaching journalists how to use AI tools responsibly, covering prompt engineering, verification of AI outputs, and AI-assisted reporting workflows. - [GNI Live](https://newsinitiative.withgoogle.com/resources/trainings/): 2026-01-01 — Monthly virtual sessions from Google News Initiative covering digital tools, audience analytics, revenue strategies, and emerging technology for news organizations. - [Goldsmith Awards 2026](https://shorensteincenter.org/goldsmith-awards/): 2026-04-09 — Annual awards recognizing investigative reporting that promotes more effective government, citizenship, and democracy. Includes the Goldsmith Prize and Book Prize. - [Google News Initiative Training](https://newsinitiative.withgoogle.com/training/): 2026-01-01 — Free online and in-person training modules covering Google tools for journalists: advanced search, Google Earth, data visualization, verification, and more. Self-paced courses available year-round. - [Gracie Awards Gala 2026](https://allwomeninmedia.org/gracies/): 2026-05-19 — Annual awards gala honoring outstanding programming and individuals in media created by, for, and about women. - [Hacks/Hackers AI x Journalism at SXSW 2026](https://www.hackshackers.com/): 2026-03-16 — Special SXSW meetup exploring the intersection of AI and journalism. Lightning talks, demos, and discussions on how newsrooms are adopting AI tools. - [Hacks/Hackers AI x Journalism Summit 2026](https://www.hackshackers.com/): 2026-05-13 — Two-day summit on AI applications in journalism. Deep dives on LLMs in newsrooms, automated reporting, AI-assisted investigations, and ethical frameworks. - [Hacks/Hackers Connect 2026](https://www.hackshackers.com/): 2026-04-15 — Regional meetups and events connecting journalists and technologists. Topics include AI, data visualization, news apps, and emerging tech for journalism. Events held in cities worldwide throughout the year. - [Hillman Prize Ceremony 2026](https://hillmanfoundation.org/hillman-prizes): 2026-05-05 — Annual ceremony honoring journalists and authors whose work pursues social justice and the public interest. One of the oldest journalism prizes in the U.S. - [IAPA 82nd Annual Assembly](https://www.sipiapa.org/): 2026-10-22 — Annual assembly of the Inter American Press Association addressing press freedom, media sustainability, and journalism in the Americas. - [ICFJ Arthur F. Burns Fellowship Deadline](https://www.icfj.org/our-work/arthur-f-burns-fellowship): 2026-03-01 — Application deadline for the Arthur F. Burns Fellowship, a transatlantic journalism exchange between U.S. and German newsrooms. Fellows spend two months reporting abroad. - [ICFJ Awards Dinner](https://www.icfj.org/awards): 2026-11-12 — Annual gala recognizing excellence in international journalism, innovation in news, and contributions to press freedom. Date estimated — typically held in November. - [ICFJ Knight Fellowship](https://www.icfj.org/our-work/knight): 2026-05-15 — Fellowship placing media innovators in newsrooms worldwide to drive digital transformation. Various program tracks with different deadlines throughout the year. Check website for current openings. - [IIJ Freelance Journalism Conference 2026](https://iij.org/): 2026-03-05 — Virtual conference for freelance journalists covering pitching, contracts, financial sustainability, legal protections, and building a freelance career. - [IJA Conference 2026](https://www.naja.com/): 2026-07-22 — Annual conference for Indigenous journalists and media professionals. Sessions on covering tribal sovereignty, Indigenous communities, and environmental justice. - [INMA Media Subscriptions Summit](https://www.inma.org/events/): 2026-03-09 — Summit focused on subscription strategies, reader revenue, and retention for news publishers transitioning to digital-first business models. - [INMA World Congress 2026](https://www.inma.org/congress): 2026-05-04 — Global conference for news media business leaders. Sessions on subscriptions, advertising, AI strategy, and audience growth for publishers. - [INN Days 2026](https://inn.org/inndays/): 2026-06-16 — Annual gathering of nonprofit news leaders. Sessions on sustainability, audience growth, fundraising, editorial collaboration, and technology. - [INN Nonprofit News Awards](https://inn.org/awards/): 2026-06-16 — Awards recognizing outstanding journalism from nonprofit news organizations, presented during the INN Days conference. - [International Journalism Festival 2026](https://www.journalismfestival.com/): 2026-04-15 — One of the world's largest free journalism events, held annually in Perugia, Italy. Hundreds of sessions on investigative reporting, media business, press freedom, and technology. - [IPI Media Innovation Festival](https://ipi.media/media-innovation-festival/): 2026-05-06 — Festival bringing together journalists, technologists, and media leaders to explore innovation in news delivery, press freedom, and sustainable journalism models. - [IRE Advanced Data Journalism (Python) Bootcamp](https://www.ire.org/training/bootcamps/): 2026-08-10 — Intensive bootcamp on Python for data journalism covering web scraping, data analysis with pandas, and building automated reporting pipelines. Date estimated — typically held in August. - [IRE Awards Entry Deadline](https://www.ire.org/awards/): 2026-04-15 — Entry deadline for IRE Awards recognizing outstanding investigative journalism across all platforms. Categories include print/online, broadcast, radio/podcast, and student. Estimated deadline based on prior years. - [IRE Conference 2026](https://www.ire.org/training/conferences/): 2026-06-18 — The premier training event for investigative and data journalists. Hundreds of panels, hands-on classes, and networking opportunities. - [IRE Conference 2027](https://www.ire.org/training/conferences/): 2027-06-24 — The largest annual gathering of investigative journalists in the U.S., featuring sessions on watchdog reporting, data journalism, legal issues, and newsroom collaboration. - [IRE Data Journalism Workshop 2026](https://www.ire.org/training/bootcamps/): 2026-07-13 — Intensive multi-day training on data analysis, spreadsheets, SQL, Python, and data visualization for journalists. Smaller cohort with hands-on instruction. Estimated dates based on prior years. - [IRE Koch Continuum Grant](https://www.ire.org/training/fellowships-grants/): 2026-04-06 — Grant supporting investigative reporting projects that continue or build on prior investigations, funding deep-dive accountability journalism. Deadline April 6. - [IRE/IJA Indigenous Journalists Workshop](https://www.ire.org/training/): 2026-02-12 — Workshop focused on investigative reporting skills for Indigenous journalists, covering tribal data, federal records, and accountability journalism in Indigenous communities. - [Izzy Fest 2026](https://izzyfest.org/): 2026-04-21 — Forum on press freedom, independent media, and the Izzy Award for outstanding achievement in independent media. Panels on media criticism and accountability. - [JSK Fellowship Application Deadline](https://jsk.stanford.edu/): 2026-11-01 — Application deadline for the 2027-2028 JSK Fellowship at Stanford. Focused on entrepreneurial, innovative approaches to journalism challenges. Estimated deadline based on prior years. - [Knight Center MOOC: AI for Journalists](https://journalismcourses.org/): 2026-01-01 — Free online course covering practical applications of AI in the newsroom. Topics include large language models, automated reporting, data analysis with AI, and ethical considerations. Self-paced with rolling enrollment. - [Knight Center: Data Mindset for Editors](https://knightcenter.utexas.edu/courses/): 2026-02-09 — Free online course helping editors develop data literacy, evaluate data-driven stories, and manage data journalism projects in their newsrooms. - [Knight Science Journalism Fellowship Deadline](https://ksj.mit.edu/fellowships/): 2026-01-09 — Application deadline for the Knight Science Journalism Fellowship at MIT. Nine-month residential fellowship for experienced science and technology journalists. - [Knight-Wallace Arts Journalism Fellowship](https://wallacehouse.umich.edu/fellowships/arts/): 2026-06-01 — Fellowship for journalists covering arts and culture, providing a year of study, mentorship, and professional development at the University of Michigan. Date estimated for 2026-27 cycle. - [Knight-Wallace Fellowship Application Deadline](https://wallacehouse.umich.edu/knight-wallace/): 2026-12-01 — Application deadline for the 2027-2028 Knight-Wallace Fellowship class. Eight months at the University of Michigan to pursue a self-designed study plan. Estimated deadline based on prior years. - [Knight-Wallace Great Lakes Local News Fellowship](https://wallacehouse.umich.edu/fellowships/great-lakes/): 2026-06-01 — Fellowship supporting local journalists in the Great Lakes region with professional development, reporting resources, and community journalism training. Date estimated for 2026-27 cycle. - [LION Summit 2026](https://www.lionpublishers.com/conference/): 2026-09-09 — Annual conference for independent online news publishers. Focused on revenue, operations, and sustainability for local and independent news organizations. - [Livingston Awards Deadline 2026](https://wallacehouse.umich.edu/livingston-awards/): 2026-02-01 — Entry deadline for the Livingston Awards, honoring the best journalism by professionals under 35. Categories include local, national, and international reporting. - [Logan Symposium on Investigative Reporting 2026](https://journalism.berkeley.edu/logan/): 2026-05-01 — Annual symposium bringing together top investigative reporters to discuss major investigations, techniques, and the state of accountability journalism. - [Mather Symposium](https://www.mathersymposium.com/): 2026-02-26 — Data-driven conference on subscription economics, dynamic pricing, and audience analytics for news publishers. - [McGraw Business Journalism Fellowship](https://www.mcgrawfellows.org/): 2026-04-01 — Fellowship supporting experienced journalists pursuing ambitious business and economics reporting projects. Includes stipend and editorial mentoring. Estimated deadline based on prior years. - [Medias en Seine](https://www.mediasenseine.com/): 2026-01-15 — French media industry conference covering digital transformation, AI in journalism, and the future of European news organizations. - [NAB Show 2026](https://www.nabshow.com/): 2026-04-18 — The world's largest media and entertainment technology conference. Covers broadcast, streaming, content creation, and news production technology. - [NABJ Convention 2026](https://www.nabj.org/convention): 2026-08-12 — The largest gathering of Black journalists in the United States. Career development, networking, and sessions on covering diverse communities. - [NAHJ Conference 2026](https://nahj.org/conference/): 2026-07-22 — Annual conference for Hispanic and Latino journalists. Career development, networking, and sessions on covering Latino communities and immigration. - [NAREE Real Estate Journalism Conference 2026](https://www.naree.org/): 2026-06-01 — Annual conference for journalists covering real estate, housing, and urban development. Sessions on housing markets, policy, and data-driven property reporting. - [National Book Awards 2026](https://www.nationalbook.org/): 2026-11-18 — Annual ceremony honoring the best books by American writers. Categories include fiction, nonfiction, poetry, translated literature, and young people's literature. - [National Book Awards Nonfiction Entry Deadline](https://www.nationalbook.org/national-book-awards/): 2026-05-13 — Entry deadline for the National Book Awards nonfiction category. Relevant to journalists with book-length investigative or narrative nonfiction work. - [National Magazine Awards (Ellies) 2026](https://www.asme.media/national-magazine-awards): 2026-05-19 — Annual ceremony honoring excellence in magazine journalism. Known as the Ellies, these awards recognize reporting, essays, design, and digital innovation. - [National Press Club Journalism Awards Dinner 2026](https://www.press.org/events/awards): 2026-08-26 — Annual awards ceremony recognizing outstanding journalism in categories including investigative reporting, newsletter journalism, and consumer reporting. - [New Now Next Media Conference](https://newnownext.media/): 2026-05-21 — Asia-focused media conference exploring emerging platforms, AI in newsrooms, and audience engagement strategies for digital-first publishers. - [News Product Alliance Summit 2026](https://newsproduct.org/): 2026-10-21 — Conference for news product professionals. Sessions on product thinking, audience research, UX design, and building sustainable digital news products. - [Newsrewired 2026](https://www.newsrewired.com/): 2026-05-13 — Practical digital journalism conference in London. Sessions on audience engagement, newsletters, AI tools, verification, and newsroom innovation. - [NFPW Professional Communications Contest](https://www.nfpw.org/competitions): 2026-02-18 — Annual contest recognizing excellence across journalism, public relations, and communications categories. Entry deadline February 18. - [NICAR 2026](https://www.ire.org/training/conferences/nicar/): 2026-03-05 — The annual computer-assisted reporting conference. Hands-on training in data analysis, programming, mapping, and visualization for journalists. - [NICAR 2027](https://www.ire.org/training/conferences/nicar/): 2027-03-11 — Annual conference on computer-assisted reporting and data journalism, with hands-on workshops on data analysis, visualization, and investigative techniques. - [Nieman Fellowship Application Deadline](https://nieman.harvard.edu/fellowships/): 2027-01-31 — Application deadline for the 2027-2028 Nieman Fellowship class. One of the most prestigious journalism fellowships, offering a year of study at Harvard. Estimated deadline based on prior years. - [NLGJA Summit 2026](https://www.nlgja.org/summit/): 2026-09-10 — Annual convention for LGBTQ+ journalists and allies. Training, networking, and sessions on covering LGBTQ+ communities accurately. Estimated dates based on prior years. - [Nordic AI in Media Summit](https://nordicaimediasummit.com/): 2026-05-27 — Summit exploring AI applications in Nordic and European media, covering editorial automation, audience analytics, and ethical AI deployment in newsrooms. - [Northern Short Course in Photojournalism](https://nppa.org/short-courses): 2026-03-12 — Intensive weekend workshop covering visual storytelling, multimedia reporting, and photojournalism techniques for working photographers and visual journalists. - [ONA Conference 2026](https://journalists.org/conference/): 2026-03-30 — The largest gathering of digital journalists in the world. Sessions on product, audience, AI, and the future of news. - [ONA Online Journalism Awards Entry Deadline](https://journalists.org/awards/): 2026-06-15 — Entry deadline for the Online Journalism Awards, honoring excellence in digital journalism. Categories include general excellence, breaking news, features, data journalism, and innovation. Estimated deadline based on prior years. - [ONA: From Fear to Focus (Post-Layoff Career Building)](https://journalists.org/events/): 2026-04-14 — Virtual session for journalists navigating career transitions after layoffs, covering freelance strategy, portfolio building, and finding new opportunities in media. - [ONA: Social-First Video Storytelling](https://journalists.org/events/): 2026-04-29 — Virtual workshop on creating short-form video for social platforms, covering TikTok, Instagram Reels, and YouTube Shorts storytelling techniques for newsrooms. - [ONA: State Policy Playbook for Newsrooms](https://journalists.org/events/): 2026-04-09 — Virtual workshop on navigating state-level policy coverage, building legislative source networks, and translating policy for digital audiences. - [ONA: Walking Tour Pilot for Newsrooms](https://journalists.org/events/): 2026-04-16 — Virtual session exploring walking tour storytelling as an audience engagement format, with practical templates for newsrooms launching community-based narrative experiences. - [OPC Annual Awards Dinner 2026](https://opcofamerica.org/awards/): 2026-04-20 — Annual awards dinner honoring the best in international journalism across print, broadcast, digital, and photography categories. - [OpenRefine for Journalists Workshop](https://openrefine.org/): 2026-04-25 — Virtual workshop on using OpenRefine to clean, transform, and reconcile messy data for journalism. Covers importing data, faceting, clustering, and GREL expressions. Free and community-run. - [Peabody Awards Ceremony 2026](https://peabodyawards.com/): 2026-05-31 — Annual ceremony honoring the most compelling and empowering stories in television, radio, and digital media. One of journalism's most prestigious honors. - [Peabody Awards Entry Deadline](https://peabodyawards.com/): 2027-01-15 — Entry deadline for Peabody Awards honoring the most compelling and empowering stories in television, radio, and digital media from 2026. Estimated deadline based on prior years. - [PEN America Literary Awards 2026](https://pen.org/literary-awards/): 2026-03-31 — Annual ceremony honoring outstanding literary achievement across fiction, nonfiction, poetry, essay, biography, and journalism categories. - [PEN World Voices Festival 2026](https://pen.org/world-voices-festival/): 2026-04-29 — Literary and ideas festival bringing together writers, journalists, and thinkers for conversations on free expression, storytelling, and the written word. - [Podcast Movement 2026](https://podcastmovement.com/): 2026-09-14 — The largest annual conference for podcast creators and industry professionals. Sessions on audio storytelling, monetization, production, and distribution. - [Poynter Breaking Into Books 2026](https://www.poynter.org/breaking-into-books/): 2026-05-18 — Three-day workshop for journalists who want to write their first book. Covers book proposals, finding agents, structuring narratives, and balancing book work with daily journalism. - [Poynter Leadership Academy 2026](https://www.poynter.org/leadership-academy/): 2026-06-01 — Multi-day leadership training for current and aspiring newsroom leaders. Covers management skills, editorial strategy, change leadership, and building inclusive newsrooms. Multiple sessions throughout the year. - [Poynter Leadership Academy for Women 2026](https://www.poynter.org/leadership-academy-women/): 2026-03-23 — Five-day leadership training designed for women in newsroom management. Covers negotiation, strategic planning, managing up, and building inclusive teams. - [Poynter: Edit to Elevate Essentials](https://www.poynter.org/shop/): 2026-04-13 — Multi-week virtual course on editing fundamentals: story structure, line editing, coaching writers, and managing editorial workflow for mid-career editors. - [Poynter: Lead with Influence](https://www.poynter.org/shop/): 2026-03-03 — Multi-week virtual leadership course for newsroom managers covering team motivation, difficult conversations, change management, and building editorial culture. - [PPA Festival](https://www.ppa.co.uk/festival): 2026-05-06 — UK publishing industry festival covering magazine and digital media innovation, reader revenue, and editorial strategy for British publishers. - [ProPublica Investigative Editor Training 2026](https://www.propublica.org/training): 2026-05-31 — Intensive five-day training program for editors who oversee investigative journalism. Covers project management, data-driven editing, legal review, and editorial leadership. - [Pulitzer Center Climate-Labour Grant](https://pulitzercenter.org/grants-fellowships): 2026-03-06 — Reporting grant supporting journalism at the intersection of climate change and labor, funding in-depth investigations on how climate impacts workers and economies. Deadline March 6. - [Pulitzer Center Reporting Grant](https://pulitzercenter.org/grants-fellowships/opportunities-journalists): 2026-01-01 — Rolling grants supporting international and underreported story journalism. Covers travel, production, and reporting costs. No fixed deadline — proposals accepted year-round and reviewed on a rolling basis. - [Pulitzer Prize Entry Deadline](https://www.pulitzer.org/page/how-enter): 2027-01-25 — Entry deadline for Pulitzer Prizes honoring work published in 2026. Categories include investigative reporting, breaking news, feature writing, commentary, and more. Estimated deadline based on prior years. - [Reuters Institute Fellowship Application Deadline](https://reutersinstitute.politics.ox.ac.uk/journalist-fellowships): 2026-11-15 — Application deadline for the 2027-2028 Reuters Institute Fellowship at the University of Oxford. Journalists spend a term researching a topic of their choice. Estimated deadline based on prior years. - [RISC Hostile Environment Training](https://rfrisctraining.com/): 2026-05-11 — Multi-day first aid and hostile environment training for journalists working in conflict zones or dangerous assignments. Free for qualifying freelancers. Multiple sessions offered throughout the year. - [RJI Fellowship](https://rji.uark.edu/fellows/): 2026-06-30 — Rolling application for residential fellowships focused on developing journalism innovation projects. Fellows spend time at Mizzou building tools, models, or approaches that advance journalism. Rolling deadline. - [RNA Conference 2026](https://rna.org/conference): 2026-04-23 — Annual conference for journalists covering religion, spirituality, and ethics. Sessions on covering faith communities, religious extremism, and church-state issues. - [Rosalynn Carter Mental Health Fellowship Deadline](https://www.cartercenter.org/health/mental_health/fellowships/): 2026-04-03 — Application deadline for the Rosalynn Carter Fellowships for Mental Health Journalism, supporting journalists producing reporting on mental health and substance use issues. - [Rosalynn Carter Mental Health Journalism Fellowship](https://www.cartercenter.org/health/mental_health/fellowships/): 2026-04-30 — Application deadline for the fellowship supporting journalists who cover mental health. Fellows receive a stipend and mentoring for a year-long reporting project. Estimated deadline based on prior years. - [SABEW Annual Conference 2026](https://sabew.org/conference/): 2026-05-07 — The leading conference for business and financial journalists. Training on markets, data, AI in business reporting, and economic coverage. - [ScienceWriters 2026](https://www.sciencewriters.org/): 2026-09-25 — Joint annual meeting for science journalists and public information officers. Workshops on covering research, climate, AI, and health with accuracy. - [Scripps Howard Awards 2026](https://www.scripps.com/fund/scripps-howard-awards/): 2026-10-01 — Annual awards honoring the best in journalism across categories including investigative reporting, breaking news, local/regional reporting, and podcast/audio. - [SEJ Annual Conference 2026](https://www.sej.org/annual-conference): 2026-04-15 — The top gathering for environmental journalists, with field trips, panels on climate, energy, pollution, and biodiversity reporting. - [SIP Connect](https://www.sipiapa.org/): 2026-07-29 — Conference connecting Latin American and North American media leaders on digital innovation, press freedom, and sustainable business models for news organizations. - [Solutions Journalism 101 Webinar](https://www.solutionsjournalism.org/trainings): 2026-01-13 — Introductory webinar on solutions journalism methodology: how to report on responses to problems with the same rigor applied to investigating the problems themselves. - [SPJ Ethics Week](https://www.spj.org/ethicsweek.asp): 2026-04-27 — Week-long series of virtual panels and workshops on journalism ethics, covering AI ethics, source protection, conflict of interest, and accountability reporting. - [SPJ MediaFest 2026](https://www.spj.org/mediafest.asp): 2026-10-01 — SPJ's annual convention bringing together journalists from all platforms to discuss press freedom, ethics, and the craft. Estimated dates based on prior years. - [SPJ Sigma Delta Chi Awards Entry Deadline](https://www.spj.org/sdxa.asp): 2026-05-01 — Entry deadline for SPJ's Sigma Delta Chi Awards, one of the oldest journalism honors in the US. Categories span print, broadcast, online, and newsletter journalism. Estimated deadline based on prior years. - [SPJ SkillsFest 2026](https://www.spj.org/skillsfest.asp): 2026-04-10 — Free virtual training sessions on core journalism skills including writing, reporting, ethics, multimedia storytelling, and press law. Multiple sessions held throughout the year. - [Sunshine Fest 2026](https://www.spj.org/sunshine-fest/): 2026-03-15 — Annual FOI summit focused on open government, public records, and transparency. Practical sessions on FOIA requests, state sunshine laws, and fighting for access. - [SXSW 2026](https://www.sxsw.com/): 2026-03-12 — Massive convergence of tech, film, and music with a growing journalism and media track. Sessions on AI, creator economy, misinformation, and the future of storytelling. - [TED 2026: All of Us](https://www.ted.com/attend/conferences/ted2026): 2026-04-13 — TED's flagship annual conference themed 'All of Us.' Features talks on technology, science, society, and storytelling from leading thinkers and practitioners. - [The Atlantic Festival 2026](https://www.theatlantic.com/festival/): 2026-09-28 — Two-day ideas festival featuring interviews with newsmakers, policy debates, and conversations on culture, politics, and technology. - [The Podcast Show](https://www.thepodcastshow.co.uk/): 2026-05-20 — Europe's largest podcast industry event, covering audio storytelling, monetization, distribution, and the intersection of podcasting and journalism. - [Tow-Knight Fellowship Application Deadline](https://towknight.org/): 2026-04-15 — Application deadline for the Tow-Knight Fellowship focused on entrepreneurial journalism. Fellows develop a startup, product, or project that addresses a journalism challenge. Estimated deadline based on prior years. - [Trust Conference](https://www.trustconference.com/): 2026-11-04 — Annual conference addressing media trust, press freedom, rule of law, and the intersection of technology and human rights. Date estimated — typically held in November. - [UNESCO World Press Freedom Day 2026](https://www.unesco.org/en/world-press-freedom-day): 2026-05-04 — Annual global conference marking World Press Freedom Day. Sessions on journalist safety, media independence, and press freedom challenges worldwide. - [WAN-IFRA AI in Media Forum](https://wan-ifra.org/events/): 2026-02-17 — Forum on AI adoption in news organizations covering automated content, personalization, and editorial ethics in AI-assisted journalism. - [Web Summit 2026](https://websummit.com/): 2026-11-09 — One of the world's largest tech conferences with a dedicated media and journalism track. Covers AI, platforms, creator economy, and the business of news. - [Web Summit Vancouver 2026](https://vancouver.websummit.com/): 2026-05-11 — Web Summit's North American edition. Technology conference with media and journalism programming covering AI, platforms, and the future of news. - [World News Media Congress 2026](https://wan-ifra.org/events/world-news-media-congress/): 2026-06-01 — Global gathering of news media executives focused on the business of journalism. Covers revenue models, AI strategy, audience engagement, and press freedom. - [ZEG Storytelling Festival](https://zegfestival.com/): 2026-06-19 — International storytelling festival connecting journalists, documentary filmmakers, and narrative nonfiction writers through workshops, screenings, and collaborative projects. Generated: 2026-05-17T11:33:41.437Z