Methodology
How the Surveillance Tools Open Database is sourced, scored, and maintained.
What this database is
The Surveillance Tools Open Database catalogues commercial surveillance tools, their vendors, documented capabilities, sourced victims, customer states, sanctions status, and technical countermeasures. Every entry is built from publicly available primary sources and peer-reviewed research.
It is not a threat intelligence service. It is not a legal advisory. It is a structured reference for journalists, researchers, lawyers, civil society, and at-risk individuals who need traceable documentation rather than speculation.
What gets included
An entry qualifies if all of the following are true:
- The tool is a commercial product (not a state-built capability) sold to government or law enforcement clients.
- The vendor is publicly identified through court filings, sanctions documentation, leaked corporate registrations, or peer-reviewed forensic research.
- At least one technical capability or victim attribution is documented by an independent reference source.
Tools described only in marketing brochures, vendor self-claims, or single-source allegations are not included until corroborating evidence emerges.
Confidence Score
Every entry carries a 1 to 5 score reflecting the strength of its underlying documentation. The score is a measure of evidence, not severity.
| Score | Minimum requirement |
|---|---|
| 5 | Government or judicial source (Treasury sanctions, court ruling, indictment) plus Citizen Lab or Amnesty Security Lab forensic confirmation plus two or more independent investigative press reports. |
| 4 | Citizen Lab or Amnesty Security Lab forensic confirmation plus two or more independent press sources. |
| 3 | One peer-reviewed reference source (Citizen Lab, Amnesty, Microsoft Threat Intelligence, Google TAG, court document) supplemented by press reporting. |
| 2 | Multi-source press reporting without forensic-grade confirmation. |
| 1 | Single press source, unverified leak, or contested attribution. |
Source hierarchy
Sources are weighted in this order, from highest to lowest:
- Government documentation: US Treasury OFAC sanctions, US Commerce Entity List, EU sanctions, court rulings, indictments, parliamentary committee findings.
- Forensic research: Citizen Lab (University of Toronto), Amnesty Security Lab, Microsoft Threat Intelligence, Google Threat Analysis Group, Recorded Future Insikt Group, Lookout Threat Lab.
- Investigative reporting: Reuters, The New York Times, The Washington Post, Wired, 404 Media, The Record, TechCrunch, Forbidden Stories, Haaretz, Mediapart.
- Vendor disclosures: official statements made under court order or in regulatory filings only.
Update cadence
Each entry has an update log at the bottom of its page recording the date of creation and every subsequent revision. Major events (new sanctions, new forensic research, new corporate ownership) trigger an update within seven days. Minor revisions are recorded but not announced.
Corrections and contributions
Predaxia Research welcomes corrections, new sources, and proposed additions. To submit a correction or propose a new tool, see the contribution page. All submissions are reviewed against this methodology before being incorporated.
Citation
The database is free to cite with attribution. The recommended citation format is:
If a confidence score, source hierarchy decision, or sanctions classification looks wrong, send us the evidence. Every methodology challenge is reviewed against the same source bar applied to entries.
There’s no perfect setup. Anyone selling you perfect is selling fear. The goal is simple: make yourself a harder target than the person next to you.
