Sign in Subscribe

Editorial Standards

Last updated: 6 June 2026

This page documents how editorial decisions are made on this blog. It exists because trust matters more than traffic, especially when writing about cybersecurity, OSINT, and investigations that name real people and organizations.

Mission and scope

This blog publishes practitioner-driven content on OSINT, digital forensics, cybersecurity tooling, and original investigations into infrastructure used for fraud and abuse. It is operated by a single author, with no editorial board and no outside funding. Sponsorship has never been accepted and is not under consideration.

What you'll read here

  • Tutorials and walkthroughs of tools used in real investigative work
  • Methodological pieces on how OSINT, incident response, and threat intelligence actually get done
  • Investigations into specific subjects (companies, infrastructure, operators) where there is news value and source material to support the claims
  • Occasional opinion pieces, clearly labeled as such

What you will not read here

  • Sponsored content of any kind
  • Affiliate links
  • AI-generated articles
  • Press releases reformatted as posts
  • Investigations into private individuals who have committed no public wrongdoing
  • Doxxing in any form
  • Live operational details that would compromise ongoing investigations, mine or others'

Sourcing standards

Claims of fact require sources. Every factual claim that is not common knowledge must be supported by at least one primary or named secondary source. Where the claim is novel or contested, at least two independent sources are required, or a documented forensic artifact.

Primary sources are preferred over secondary reporting. Where I'm reproducing a finding from another investigation, that source is credited and linked, not paraphrased without attribution.

Anonymous sourcing is permitted only when the source faces credible risk for going on record. The decision to grant anonymity rests with me. I do not promise anonymity to sources whose risk amounts to embarrassment.

Right of reply. Where a piece names a subject in a way that could reasonably be understood as accusatory, the subject is given an opportunity to respond before publication. The standard window is 48 hours; longer for complex cases. Their response, if any, is published either inline or as a clearly marked update.

Corrections

Errors get corrected. Material corrections (anything that changes the meaning, attribution, or factual substance of a piece) are noted at the top of the article with the date of the correction and a description of what was changed. Minor corrections (typos, broken links, formatting) are silent.

If you believe something on this blog is wrong, the contact path is on the Responsible Disclosure page. Corrections are typically published within 72 hours of a verified report.

Conflicts of interest

I run a consulting practice, OSINT PH. It would be dishonest to claim this never overlaps with what I publish. The rules I apply:

  • Tools, vendors, or platforms reviewed or recommended on this blog are not paid sponsors, ever
  • If a subject of an investigation has ever been a client, the piece is killed. I do not publish about former clients, regardless of how the relationship ended
  • If I have any financial or personal relationship with a person or organization mentioned in a piece, it is disclosed inline within the piece
  • I do not publish about direct competitors of OSINT PH except where the same standard applies as for any other subject

Naming individuals

Public figures (executives, government officials, anyone holding a position of public trust) are named when their conduct in that role is at issue.

Private individuals are not named unless all of the following are true:

  • They are alleged participants in a matter of public significance
  • The allegations are supported by documentary evidence I have reviewed
  • Their identification serves the public interest beyond curiosity
  • They have been given a right of reply

When these criteria are not met, identifiers are pseudonymized or omitted entirely. Victims, witnesses, and minors are never named without their explicit consent.

Doxxing

I do not publish identifying information about private individuals that would expose them to harassment, regardless of how interesting or technically available that information is in OSINT terms.

The OSINT skillset includes restraint. Knowing a thing and publishing a thing are different decisions.

This is a hard rule, not a guideline. Requests to add personal identifiers to existing posts are declined as a matter of policy.

Indicators of Compromise

Where investigations involve malicious infrastructure (domains, IP addresses, file hashes, cryptocurrency addresses, etc.):

  • Live malicious URLs are defanged (e.g., evil[.]com, hxxps://) to prevent accidental clicks
  • IOCs are published in a clearly labeled section, typically near the end of the piece
  • Where IOCs are sensitive (e.g., active investigations, victim infrastructure still being remediated), they may be withheld and disclosed only to affected parties through controlled channels
  • Hashes and cryptocurrency addresses, being immutable identifiers of the artifacts themselves, are published as-is

AI use disclosure

I do not use AI to generate or substantially draft articles. AI tools are used as research assistants (outlining, summarizing source material, formatting cleanups), but every published word is human-written and human-reviewed.

If this changes, this section will be updated and AI-assisted pieces will carry an explicit label.

Operational security

I do not publish details that would compromise ongoing investigations, my own or those of partners I work alongside. Where readers might expect technical detail and find none, this is the reason. Applies to:

  • Active law enforcement cases I'm assisting on
  • Live threat actor monitoring
  • Specific defensive deployments at client organizations
  • Methods that would reveal a source if published

Funding and independence

This blog has no advertisers, no sponsors, no donations open, and no paid subscribers. It is free to read. Revenue, if any, flows through OSINT PH consulting work, which is editorially walled from publication decisions.

If a paid tier is ever introduced, this section will be updated to reflect what subscribers receive and how their payments are handled.

Contact for editorial concerns

For tips, sources, corrections, or right-of-reply requests, see https://www.osintph.net/#contact