Source verification methodology

Systematic approaches for verifying sources, claims, and digital content in journalism and research.

Verification framework

The SIFT method

S - Stop: Don't immediately share or use unverified information I - Investigate the source: Who is behind the information? F - Find better coverage: What do other reliable sources say? T - Trace claims: Find the original source of the claim

Source credibility checklist

## Source evaluation template

### Basic identification
- [ ] Full name/organization identified
- [ ] Contact information verifiable
- [ ] Professional credentials checkable
- [ ] Online presence consistent across platforms

### Expertise assessment
- [ ] Relevant expertise for the claim being made
- [ ] Track record in this subject area
- [ ] Recognized by peers in the field
- [ ] No history of spreading misinformation

### Motivation analysis
- [ ] Potential conflicts of interest identified
- [ ] Financial stake in the outcome?
- [ ] Political or ideological motivation?
- [ ] Personal grievance involved?

### Corroboration
- [ ] Can claims be independently verified?
- [ ] Do other credible sources confirm?
- [ ] Is documentary evidence available?
- [ ] Are there contradicting sources?

Digital verification techniques

Social media account analysis

For deeper open-source intelligence and platform-specific account-analysis techniques, use the social-media-intelligence skill. The notes here cover the verification-context subset — specifically what triggers a "verify before quoting" decision.

## Account verification checklist

### Account age and history
- Creation date (older accounts more credible)
- Posting frequency and patterns
- Gaps in activity (dormant then suddenly active?)
- Language consistency over time

### Network analysis
- Follower/following ratio
- Quality of followers (real accounts vs. bots)
- Interaction patterns (who engages with them?)
- Mutual connections with verified accounts

### Content patterns
- Original content vs. reshares only
- Topics discussed consistently
- Geographic indicators in posts
- Time zone of posting activity

### Red flags
- Recently created account making bold claims
- Sudden pivot in topics or tone
- Coordinated behavior with other accounts
- Stock photo profile picture
- Generic bio with no specifics

Reverse image search workflow

## Image verification process

### Step 1: Reverse image search
Tools to use:
- Google Images (images.google.com)
- TinEye (tineye.com)
- Yandex Images (yandex.com/images) - best for faces
- Bing Visual Search

### Step 2: Check metadata (EXIF)
- Original capture date/time
- Camera/device information
- GPS coordinates (if available)
- Software used to edit

Tools:
- Jeffrey's EXIF Viewer (exif.regex.info)
- FotoForensics (fotoforensics.com)
- InVID verification plugin

### Step 3: Analyze image content
- Weather conditions (match reported date?)
- Shadows (consistent with time of day?)
- Signage/text (correct language for location?)
- Architecture (matches claimed location?)
- Clothing (seasonal appropriateness?)

### Step 4: Find original source
- Earliest appearance online
- Original photographer/source
- Context of first publication
- Has it been used in other contexts?

Video verification

## Video verification checklist

### Technical analysis
- [ ] Resolution consistent throughout
- [ ] Audio sync matches video
- [ ] No visible editing artifacts
- [ ] Lighting consistent across frames
- [ ] Shadows behave naturally

### Content analysis
- [ ] Location identifiable and verifiable
- [ ] Time indicators (sun position, shadows)
- [ ] Weather matches historical records
- [ ] Background details consistent
- [ ] People's clothing appropriate for context

### Metadata check
- [ ] Upload date vs. claimed event date
- [ ] Original source identified
- [ ] Chain of custody traceable
- [ ] Multiple angles available?

### Tools
- InVID/WeVerify browser extension
- YouTube DataViewer (citizenevidence.amnestyusa.org)
- Frame-by-frame analysis tools

Detecting AI-generated and synthetic media

By 2026, naked-eye detection of high-end synthetic media is no longer reliable. The Columbia Journalism Review's 2025 guide is blunt: detection tools "have largely not kept up with diffusion models." Treat any single tool's verdict as one input, not a ruling.

The verification stack now has two layers — provenance (was this content cryptographically signed when created?) and detection (does it look or sound generated?). Provenance is the stronger signal when present, but its absence doesn't mean fake.

Layer 1 — Content Credentials (C2PA) provenance check

The Coalition for Content Provenance and Authenticity (C2PA) standard ships cryptographic manifests inside image, audio, and video files describing their origin and edit history. Specification 2.2 was released in April–May 2025; the C2PA Conformance Program and Trust List launched mid-2025 and the legacy ingredient trust list was frozen January 1, 2026.

Production adoption (verified May 2026):

• Image generators. OpenAI DALL-E 3 (since 2023) and Sora 2 video write Credentials by default; Sora 2 also includes a visible moving watermark. Adobe Photoshop, Lightroom, and Firefly write Credentials across Creative Cloud. Microsoft Bing Image Creator, Designer, Copilot, and Azure OpenAI write Credentials. Google Gemini and Nano Banana Pro images carry C2PA plus SynthID.
• Cameras (capture-side signing). Leica M11-P (October 2023, first to ship), SL3-S; Sony Alpha 1 II, Alpha 9 III, PXW-Z300; Canon EOS R1 and R5 Mark II via firmware (July 2025); Google Pixel 10 (in-camera, integrated with Google Photos).
• Cameras with known issues. Nikon Z6 III's C2PA service was suspended in 2025 after a signing-key vulnerability and revoked certificates; not restored as of early 2026. Treat Nikon Z6 III credential claims with caution.
• Newsrooms. BBC, NYT, AP, and Reuters are CAI/C2PA members; production-pipeline integration is uneven across the industry.

Verification tool: drop any file at contentcredentials.org/verify to read its manifest, capture device, edit history, and any AI-tool involvement. Adobe's Content Authenticity Inspector and the Digimarc C2PA browser extension provide the same in plugin form.

Hard binding vs soft binding. Hard binding embeds a SHA-256 hash of the content in the signed manifest — any pixel change invalidates it (strong integrity, brittle to re-encoding). Soft binding stores a perceptual fingerprint or invisible watermark in a manifest repository — survives screenshots and transcoding but offers weaker integrity guarantees. Soft binding lets you recover a manifest after metadata stripping.

Known limitations.

• Screenshots strip hard-binding manifests entirely.
• Most social platforms strip metadata on upload. TikTok and Meta have started preserving Credentials on some surfaces; coverage is partial.
• Absence of Credentials does not mean fake. Most camera and phone images in circulation today are unsigned.
• Signing-key compromise is a real attack vector (Nikon 2025). A "valid signature" can be undermined by upstream breaches.

Layer 2 — Automated detection tools