OSINT Protocol v2.0 March 2026 Methodology

🕵️‍♂️ "Trust Me Bro"
…Here's Why —

A plain-English breakdown of the standardized, reproducible verification protocol behind every report on this site — written for skeptics, critics, and anyone who wants to audit the work.

v2.0 — Last Refreshed: March 2026 — Initial public release

Section 01

Why This Protocol — The Trust Explanation

Let's acknowledge the obvious tension upfront. Every researcher who publishes analytical work on the internet could theoretically just say "trust me." The phrase is a joke here, but the underlying concern it points at is legitimate: how do you know this analysis isn't made up?

This is "trust me bro" — but here's why you should trust me: every claim in every report I publish follows a documented, step-by-step verification framework used by professional journalists, open-source investigators, and intelligence analysts worldwide. The methodology is not proprietary. It is not hidden. Every source is listed, every step is reproducible, and the entire process is open to challenge.

The Four Concrete Reasons

  • Standardized, documented methodology. I follow OSINT Research Protocol v2.0 — a formal framework with named phases (Planning, Investigation, Synthesis, Presentation, Maintenance), defined credibility rubrics (the CRAAP test), and explicit provenance-validation standards (C2PA). These aren't invented by me; they map to widely accepted verification norms in investigative journalism and academic library science. The full protocol document is available on request.
  • I did the work, and it shows. Each report cites primary sources — original repositories, published papers, video artifacts, institutional records — not second-hand summaries of summaries. Source freshness is tracked per citation. If a source isn't verifiable, I say so explicitly.
  • Every step is reproducible. You don't have to take my word for any conclusion. The sources list every primary artifact I used. You can retrieve them yourself, run the same CRAAP credibility rubric against them, and arrive at your own assessment. If I'm wrong, this is exactly how you'd catch it.
  • Industry-aligned best practices. The spiral maintenance cycle, archival baselining, and citation-network monitoring I use align with practices at organizations like Bellingcat, the Stanford Internet Observatory, and academic open-source intelligence research groups. This isn't a personal quirk; it's the established approach for producing defensible, living analytical documents.

Why "Acceptably Representative of the Truth"

I deliberately avoid saying my reports are the definitive truth. They can't be — this is a human-curated process, drawing from publicly available data, interpreted by one researcher. What I can honestly claim is that they are acceptably representative of the best available evidence at the time of writing, produced using a transparent, auditable methodology.

That's not false modesty. It's the honest ceiling for any open-source analytical work. What separates this from an opinion piece or an AI summary is the trail of primary sources, the explicit credibility scoring, the documented verification steps, and the commitment to updating conclusions when new evidence demands it.

Plain English Version

A report produced under this protocol is to a casual blog post what a structured police report is to a social media thread. Same human limitations apply — but the discipline, the documentation, and the openness to correction are categorically different.

Section 02

Core Principles

These are the non-negotiable steps applied to every report. They're standardized, meaning I don't skip them when inconvenient and I don't invent new ones mid-project.

Phase 0 — Proactive Planning

  • Volatility profiling. Before any research begins, I assess how fast the subject domain changes — high (AI models, viral events: 30–90 day refresh), medium (cultural phenomena, legislation: 90–180 days), or low (historical hardware, finalized standards: annual or archival). This determines the update cadence upfront, not retroactively.
  • Archival baselining. Every source is captured as an offline snapshot at the moment of collection using Zotero's web snapshot feature. This protects against link rot, stealth edits, and retracted content invalidating the record.

Phase 1 — Investigation & Synthesis

  • Primary fact-finding. Ground-zero primary sources only: original publications, repositories, conference records, or first-hand artifacts. Not summaries, paraphrases, or derivative journalism unless explicitly cross-referenced.
  • Technical forensics. Operational mechanics are deconstructed — the end-to-end pipeline, the specific parameters, the version numbers. Vague technical hand-waving is not acceptable as an analytical foundation.
  • CRAAP credibility scoring. Every primary source is evaluated on five criteria — Currency, Relevance, Authority, Accuracy, Purpose — each scored 1–5 with a verification timestamp. The full Source Freshness Matrix is available in the appendix of every report.
  • C2PA provenance validation for media. Any video artifact, image, or synthetic media used as evidence is checked against the Coalition for Content Provenance and Authenticity standard. Assets with broken or missing cryptographic signatures are explicitly challenged rather than silently accepted.
  • Core tension identification. The central dialectic of the topic — the genuine competing interests or interpretations — is explicitly named and not smoothed over with false neutrality.

Phase 2 — Structured Report Architecture

  • Seven mandatory sections. Every report follows the same structural blueprint: Executive Summary, Chronology, Technical Architecture, Critical Analysis (including a Key Assumptions Check Table and a Competing-Hypotheses Matrix), Editorial Conclusion (where applicable), Appendix, and Sources.
  • Bias disclosure. When subjective or editorial conclusions are included, a bias-disclosure statement is prepended. Meta-commentary on methodology is confined to footers; the analytical narrative is not contaminated with it.

Phase 4 — Spiral Maintenance

  • Trigger-based updates only. Reports aren't randomly refreshed on a schedule — updates are triggered by specific events: a new SDK release, a significant judicial ruling, a Retraction Watch alert on a cited paper. This targets labor precisely where it's needed.
  • Full version logging. Every update increments the version number, records what changed and why, and is logged in the report's changelog. No stealth edits.
  • Under-four-hour update target. Each incremental refresh cycle is designed to be completable in under four hours of focused work, using the automated monitoring tools (Zotero RSS, Litmaps citation alerts) built into the workflow.

The CRAAP Credibility Rubric — How Sources Are Scored

Every primary source used in a report receives a CRAAP score before it can be cited. Here's what each criterion means in practice:

Criterion What I'm Asking Why It Matters
Currency Is the source recent enough to be valid? Has the code or paper been updated? Outdated documentation completely invalidates technical forensics in high-volatility domains.
Relevance Does this source directly inform the core question, or is it peripheral noise? Padding a report with tangentially related citations inflates apparent rigor without adding evidentiary weight.
Authority Who published this? Are they credentialed, verifiable, and institutionally grounded? Unverifiable authors or anonymous sources require additional corroboration from independent primary material.
Accuracy Is the content cross-referenced? Are there logical errors, grammatical tells of automation, or uncited claims? AI-generated content can fail this criterion by hallucinating references — this is explicitly flagged when detected.
Purpose Why was this published? To inform, persuade, or sell something? Is there a detectable ideological or commercial bias? Motive shapes framing. A vendor white paper on their own product is not the same evidence class as a peer-reviewed audit.

Section 03

How I Apply It in Practice

Protocols on paper are worthless if the actual workflow is sloppy. Here's what the process concretely looks like, without referencing specific reports by name.

Starting a New Report

Before I write a single word of analysis, I define the volatility profile. Is this subject going to change significantly in 30 days, 90 days, or not for years? That answer determines whether I'm building a living document that needs a quarterly refresh schedule or a near-archival snapshot.

I then configure a reference database entry for the topic in Zotero, subscribe to the relevant RSS feeds and journal alerts, and begin collecting primary sources — capturing offline snapshots of every web page at the moment of collection. By the time I write anything, the archival baseline exists as a fixed, immutable record of what the sources said on a specific date.

During Research

I apply the CRAAP rubric to each source as I collect it, not retroactively at the end. This catches weak sources early and prevents them from becoming load-bearing parts of the argument. Sources scoring poorly on Authority or Accuracy are either dropped or held to a higher corroboration standard.

For any report involving media artifacts — viral videos, AI-generated images, clips used as evidence of events — I run C2PA provenance checks where the format supports it. Where cryptographic provenance data is absent or broken, I note this explicitly in the Technical Architecture section rather than treating the artifact as ground truth.

The Core Tension section gets written before the Critical Analysis section. Identifying the genuine competing interests upfront disciplines the analysis against premature closure — locking onto one narrative before the evidence is fully assessed.

Writing the Report

I follow the seven-section structural blueprint consistently. The Key Assumptions Check Table forces me to list the premises my conclusions rest on, then stress-test each one against the evidence. The Competing-Hypotheses Matrix requires at least two alternative explanations for the observed phenomena before I can publish.

Where I write an editorial or subjective conclusion — which I do when the topic has a genuine cultural or human dimension — I prepend a bias-disclosure statement. If I have a stake in the conclusion, that's disclosed. If I find the subject amusing, that's disclosed. The analytical sections do not carry that tone.

After Publication

Zotero's Retraction Watch integration continuously monitors cited DOIs. If a paper I cited is retracted or corrected, I receive an alert and the report gets an update cycle triggered. The Litmaps citation-network monitor flags newly published work that heavily cites the same foundational sources my report relied on — that's the signal that the domain has new primary evidence worth integrating.

When an update occurs, I increment the version number, document what changed in the changelog, and update the Source Freshness Matrix. The Version Status Banner at the top of the report reflects the new date and the number of references incorporated. Nothing is quietly altered.

You're welcome to verify every step yourself

The sources section of every report includes "Last Verified" dates and archive links. Pull any citation, run the CRAAP rubric against it yourself, and check whether my scoring holds up. That's the entire point of publishing the methodology alongside the reports.

Critics Often Ask…

Q: "You're just one person. How is this peer-reviewed?"

It isn't peer-reviewed in the academic sense, and I don't claim it is. What it is: single-researcher work conducted under a documented, standardized protocol that produces auditable outputs. The sources are public. The methodology is published. The conclusions can be challenged. That's the accessible equivalent of peer-reviewability for solo open-source analytical work.

Q: "You used AI tools in this research. Doesn't that invalidate it?"

AI tools are used for structured synthesis assistance, not as primary sources. Any AI-generated content that becomes part of the analysis is subject to the same CRAAP credibility scoring as any other source — and AI outputs fail the Accuracy criterion by default when they cannot provide traceable citations. The primary sources remain human-authored, institutionally grounded, and individually verified.

Q: "What if your sources were wrong or were retroactively changed?"

The archival baseline specifically addresses this. Every source was snapshotted at the time of collection. If the live version of a source is later edited or retracted, the snapshot preserves what the source said when I cited it, and the Retraction Watch integration triggers a review cycle. Stealth edits to my research record are not possible under this protocol.

Section 04

Version History & Updates

This page always reflects the latest version of the protocol I'm actively using. Structural changes to the framework — new rubrics, updated tooling, revised update cadences — are logged here as they occur. Nothing is backdated silently.

What changed from v1.1: v2.0 restructures the workflow from a traditional linear research lifecycle into a recursive spiral maintenance cycle. The primary deliverable is now a living document rather than a static snapshot.

New in v2.0:

  • Phase 0 — Volatility Profiling and Archival Baselining added as mandatory pre-research gate.
  • CRAAP credibility rubric (5-criterion, 1–5 scale, timestamped) applied to every primary source.
  • C2PA digital provenance validation integrated for media artifacts.
  • Key Assumptions Check Table and Competing-Hypotheses Matrix added to the Critical Analysis section.
  • Appendix expanded with mandatory Source Freshness Matrix and Civilian Toolkit Index.
  • Zotero Retraction Watch integration and Litmaps citation-network monitoring formalized into Phase 4.
  • UI: Refresh History accordion and side-by-side diff summaries mandated for interactive HTML reports.
  • Version Status Banner required on all report headers.

v1.1 established the foundational seven-section structural blueprint: Executive Summary, Chronology, Technical Architecture, Critical Analysis, Editorial Conclusion, Appendix, and Sources. It introduced the linear research lifecycle (Planning → Investigation → Synthesis → Presentation) and the lexical discipline rule restricting OSINT meta-references to footer sections only.

Credibility evaluation in v1.1 was informal — no standardized rubric was applied systematically. Archival practices depended on the analyst's discretion. These gaps were identified and resolved in v2.0.

Nothing is hidden

If the protocol changes in a way that affects how any published report should be interpreted, the affected reports will be updated and their version numbers incremented. Retired versions of the protocol remain archived and documented here. The current version always supersedes previous versions; this page reflects what I'm actively doing, not historical aspirations.

Section 05

Invitation to Scrutiny

I wrote this page specifically for people who are skeptical. If you've read this far and you still have doubts, that's the correct posture — and I mean that without irony. Healthy skepticism is precisely what the protocol is designed to withstand.

Here's what you can actually do if you want to audit a report:

  • Check any source in the bibliography. Every citation includes a "Last Verified" date and an archive link. If the archive is missing or broken, that's a legitimate finding to raise.
  • Run the CRAAP rubric yourself. Apply the five criteria to any source I cited. If you score it significantly lower than I did, I want to know why — that's a real discrepancy worth resolving.
  • Challenge a Key Assumption. Each report's Critical Analysis section lists the premises the conclusions rest on. If you have evidence that undermines a stated assumption, that's exactly where an audit should begin.
  • Propose an alternative hypothesis. The Competing-Hypotheses Matrix in each report lists at least two alternative explanations for the phenomena described. If you think a third explanation is more defensible, make the case.
  • Flag a retracted or updated source. If a paper I cited has since been retracted, corrected, or substantially revised, tell me. That triggers an immediate update cycle.

🔎 Open for Questions and Audits

Every source, every methodology step, every scoring decision — all of it is available for examination. This isn't a closed system. The point of publishing the protocol is that the work can be interrogated by anyone who's willing to do the reading.

← Read the Reports About & Contact ↗

Appendix

Glossary of Key Terms

Definitions for the specialized terminology used throughout this explainer and across all reports on this site.

Term Definition
OSINT Open-Source Intelligence — the disciplined extraction of insights exclusively from non-classified, publicly accessible data streams.
Spiral Maintenance Cycle A recursive post-publication workflow replacing the traditional linear research endpoint. The cycle runs: plan → collect → synthesize → publish → monitor → trigger → update → repeat.
Volatility Profile An assessment of how quickly a subject domain's primary sources change, used to determine the appropriate update cadence (30–90 days for high, 90–180 for medium, annual for low).
Archival Baseline An immutable offline snapshot of all sources at the moment of initial collection, against which all subsequent analytical shifts are measured.
CRAAP Test Five-criterion source credibility rubric: Currency, Relevance, Authority, Accuracy, Purpose. Each criterion is scored 1–5 with a verification timestamp.
C2PA Coalition for Content Provenance and Authenticity — an open technical standard providing tamper-evident cryptographic provenance records for digital media files.
C2PA Manifest A structured JSON object embedded in a media file containing assertions, ingredient hashes, hard bindings (byte-range cryptographic locks), and digital signatures attesting to the asset's origin and edit history.
Link Rot The degradation of hyperlinks over time as external resources are moved, edited, or deleted. Mitigated by archival baselining.
Stealth Edits Undisclosed modifications to published online content that alter the evidentiary record without notification. The archival baseline preserves the original version against this risk.
Retraction Watch A database tracking retracted or corrected scientific papers. Integrated natively into Zotero for automated monitoring of cited materials.
Litmaps A visual citation-mapping tool that generates network graphs of interconnected research papers and monitors for newly published work citing the same foundational sources.
Source Freshness Matrix A table cataloging every citation in a report with its CRAAP score (1–5), last-verified date, and permanent archive link.
Key Assumptions Check Table A two-column matrix listing the implicit premises underlying a report's conclusions, alongside fresh evidence that stress-tests each premise.
Competing-Hypotheses Matrix A structured comparison of alternative explanations for observed phenomena, limited to three rows to prevent false complexity while guarding against single-narrative lock-in.

Civilian Toolkit Index

The full toolchain is zero-cost and locally operated — no proprietary enterprise subscriptions required. Full disclosure of every tool used to produce and maintain reports:

Reference Management

Zotero

Web snapshot archiving, RSS feed monitoring, Retraction Watch integration, bibliography export.

Citation Mapping

Litmaps

Visual citation-network graphs, automated alerts for new papers citing seed articles.

Provenance Validation

c2patool CLI

C2PA manifest extraction and cryptographic signature verification for media artifacts.

Web Archiving

Wayback Machine

Supplemental permanent archive links for sources where local snapshots are insufficient.