How these tools are organized — and why

Tools are grouped by the kind of question they answer, using the same vocabulary professional intelligence analysts use:

• OSINT (Open-Source Intelligence) — questions answerable from records that are deliberately public. WHOIS, DNS, certificate transparency, web archives, HTTP headers, breach databases.
• TECHINT (Technical Intelligence)— questions answerable from data that's embedded inside a file: EXIF in images, content-credential manifests (C2PA), authoring metadata in PDFs.
• SOCMINT (Social Media Intelligence) — account-level signals on social platforms: registration date, karma, presence across services, archived threads.
• HUMINT (Human Intelligence — public-records-only) — verifiable lookups against public-records directories (voter rolls, property assessors, obituaries) plus methodology tools (interview frameworks, source-reliability checklist, FOIA template generator). See “The HUMINT line we don't cross” below.
• GEOINT (Geospatial Intelligence) — translation between identifiers and physical locations: IP → city, lat/lng → address.
• Media / AI— questions about media artifacts: has this image been seen elsewhere? Was this text machine-generated? What's this outlet's editorial slant?
• Fact Check— automated checks against the global ClaimReview corpus and Google's threat lists.
• FININT (Financial Intelligence — public)— sanctions and watchlist checks. This is the only public slice of FININT; commercial transaction data isn't in scope.

The taxonomy isn't mystical — it just gives you a vocabulary for “what kind of question am I asking?”. Picking the right discipline is half of getting a useful answer.

Every tool card shows one of three runtime badges:

• Live API— TruthMark's server makes the call on your behalf. Your input goes through our infrastructure (cached for at most an hour). Use these when the upstream requires special headers, when the response is JSON-clean, or when we want to normalize the result.
• In-browser— the work happens entirely in your browser tab. EXIF and PDF metadata viewers process the file client-side; nothing is uploaded to TruthMark's servers. Twitter Snowflake decoding is pure JS arithmetic. This matters for privacy on sensitive files and for files larger than we'd want to proxy.
• Deep-link — we send you straight to the authoritative source with the input pre-filled. Use these when the upstream is the canonical UI for the check (e.g. contentcredentials.org for C2PA, sanctionssearch.ofac.treas.gov for OFAC) or when the upstream actively prevents machine-readable proxying.

When a tool needs an API key (Google Safe Browsing, Google Fact Check), and the key isn't configured on this deployment, the tool degrades to a deep-link automatically rather than failing loudly.

Every result page includes a “View source” link to the authoritative upstream. TruthMark's job here is to make the check easy to run, not to be the authority. If our cached answer differs from the upstream, the upstream wins.

This mirrors the Berkeley Protocol on Digital Open Source Investigations — Principle 4 (Provenance) and Principle 6 (Ethical Evidence Use). The fastest way to lose credibility in OSINT work is to quote a number without being able to point at where it came from.

HUMINT — Human Intelligence — is the section most prone to harm if built carelessly. The same tools that help a journalist verify a source can be repurposed for stalking, harassment, or doxxing. So we hold this section to a stricter rule than the others.

What HUMINT tools on TruthMark do: deep-link to authoritative public-records directories the user could already reach (voter-registration verifiers, county property assessors, newspaper obituaries), and provide methodology aids the user runs locally (interview-question frameworks, source-reliability checklist, FOIA template generator).

What HUMINT tools on TruthMark don't do:

• Aggregate or re-host personal-records data
• Look up phone numbers, home addresses, family members, or relatives from any source
• Combine data sources into a per-person dossier
• Bypass any platform's sign-in (LinkedIn, Facebook, etc.) — the search runs in your own browser session, not on our servers

This follows Berkeley Protocol Principle 1 (Do No Harm): an investigator's tools should not increase risk to the individuals they touch — including subjects of investigation, their families, and innocent namesakes. The cost of a bad aggregator that gets misused is much higher than the convenience of having one.

• They don't prove anything by themselves. A WHOIS record showing a domain registered last week doesn't prove the site is fraudulent — only that the domain is recent. Use multiple tools in combination.
• They don't cover the deep web or paywalled data. Everything here is public, free, and unauthenticated. Subscription tools (Maltego, Pipl, etc.) are outside scope.
• They don't bypass anyone's terms of service. If an upstream blocks bulk scraping, we deep-link rather than work around the rate limit.
• They don't store your inputs.Server-side tools cache responses by the input string for up to an hour (so a re-check is fast); they don't log anything else. In-browser tools never see the input at all.