Evidence needs an archive, not just a feed

OpenArchive’s Save app shows why mobile evidence needs privacy, provenance, redundancy, and community control before platforms or devices fail.

2026-05-20 GIGATAP Team #opsec
#internet freedom#censorship#digital rights

Evidence only matters if it survives#

Mobile footage has become part of how communities document conflict, abuse, environmental harm, police violence, and other public events. But capture is only the first step. A photo or video can disappear before it becomes useful evidence.

The Tor Project’s spotlight on OpenArchive frames the problem plainly: a phone can be confiscated, a platform can remove content, metadata can be stripped, or a company can change policy and break access to records people assumed were safe. In that gap, media can become unverifiable, easier to manipulate, or dangerous to the person who recorded it.

That is the hard part of modern documentation. The same file can be public-interest evidence, personal risk, and a target for censorship at the same time.

OpenArchive works in that space. Its mission is to help human rights defenders, journalists, archivists, at-risk communities, and movements preserve mobile media in ways that keep privacy, integrity, and control in view. The premise is not complicated: people should be able to preserve their histories safely, and on their own terms.

What OpenArchive is building#

OpenArchive is best known for Save, its free and open source mobile app for archiving, verifying, and encrypting media. According to the Tor Project post, OpenArchive has maintained Save for more than a decade, building it with and for the people who use it under real constraints.

Those constraints matter. The post names risks such as phone confiscation, arrest, internet outages, tracking, surveillance, and inconsistent connectivity. These are not edge cases for documenters in high-risk environments. They are often the baseline.

Save supports several evidence-preservation functions:

  • authentication through SHA256 hashes and ProofMode
  • encrypted transit through TLS and Tor
  • long-term preservation to destinations including Nextcloud, the Internet Archive, and OpenArchive’s DWeb Storage backend, currently in beta
  • redundancy through multi-server backup

The important point is not that one app solves all evidence problems. It does not. The point is that the tool is designed around a realistic threat model: media may need to move off a device, retain integrity signals, avoid exposing the documenter, and survive platform or infrastructure failure.

OpenArchive’s development process also matters. The Tor Project says the team uses a human rights-centered design methodology, co-created by OpenArchive Executive Director Natalie Cadranel and human rights experts. In practice, that means the workflow starts with documenters, archivists, journalists, and advocates naming their risks and needs before the tool is shaped around them.

That is a useful corrective to a common failure in security tools. Many tools optimize for clean technical assumptions. Field documentation rarely works that way. People face bad networks, hostile checkpoints, unsafe devices, uncertain storage options, legal risk, and time pressure.

Why centralized platforms are a weak archive#

Social platforms are good at distribution. They are poor substitutes for archives.

They are optimized for attention, moderation at scale, monetization, and liability management. They are not built to preserve provenance, maintain long-term public records, or give communities durable control over sensitive material.

A centralized platform also creates a simple failure point. One account suspension, takedown, policy shift, acquisition, shutdown, or legal demand can cut access to material. Even when content stays online, metadata and context can be lost. Links rot. Uploads get recompressed. Captions and comments drift away from the original record.

For public debate, that is a problem. For accountability work, it is more serious.

Evidence needs a chain of trust. Who captured it? When and where was it captured, if that information can be safely retained? How was it handled? Was it modified? Who could access it? Did preservation expose the source to retaliation?

The Tor Project post describes OpenArchive’s role in the internet freedom ecosystem as protecting that chain of trust around media. That is the right frame. Accountability does not rest only on publication. It rests on whether a file can remain intact, attributable where safe, and usable later by journalists, lawyers, historians, investigators, or affected communities.

The decentralized storage angle#

OpenArchive is also building a peer-to-peer DWeb Storage backend for Save, now in beta. The goal is to give communities another option beyond centralized platforms and conventional servers.

According to the post, the backend uses two open source protocols:

  • Veilid, for encrypted peer-to-peer networking and anonymous connections
  • Iroh, for data storage, retrieval, replication, and verification

Save users can create groups, share files into repositories, and replicate media across peers. The intended model is simple: no single company, account, or server becomes the only place where the archive exists.

That does not make the problem disappear. Decentralized storage still has hard questions: who is trusted, who holds keys, how access is governed, how deletion requests are handled, what happens when peers disappear, and how communities avoid exposing sensitive evidence to the wrong people.

But decentralization changes the failure model. If one node is shut down or unavailable, the archive can survive elsewhere. If a platform removes a post, the underlying record is not necessarily gone. If a company changes its business model, the community is less dependent on that company’s permission to retain its own history.

That is the practical meaning of “media sovereignty” here. It is not a slogan about owning content in the abstract. It is about whether affected communities can decide where records live, who can access them, and how they are preserved.

What not to overclaim#

This is not a claim that OpenArchive can make all documentation safe.

No app can remove the physical risk of recording in a hostile environment. No archive can guarantee legal admissibility in every jurisdiction. No decentralized backend automatically solves consent, redaction, source protection, or operational security. And not every piece of footage should be widely replicated. Some records can endanger victims, witnesses, or documenters if handled badly.

The source also does not present the DWeb Storage backend as a finished universal replacement for other archive paths. It is described as beta. That matters. Beta infrastructure can be promising and still require careful deployment, training, and threat-modeling before use in high-risk work.

The stronger claim is narrower and more useful: OpenArchive is building tools and practices for a real preservation gap. That gap sits between the moment evidence is captured and the moment it can be safely verified, stored, and used.

What readers can check next#

For journalists, researchers, and civil society groups, the main takeaway is to treat media preservation as part of the documentation workflow, not as an afterthought.

Before collecting sensitive media, teams should ask:

  • What happens if the phone is seized?
  • Is the upload path encrypted?
  • Is metadata needed for verification, or dangerous to retain?
  • Who controls the archive destination?
  • Is there redundancy if an account, server, or platform disappears?
  • Who can access the media later, and under what rules?
  • Does the workflow still function during weak or intermittent connectivity?

For ordinary readers, the lesson is simpler. A viral video is not the same thing as preserved evidence. Platforms can amplify a record, but they can also erase, strip, bury, or distort it. The systems behind preservation decide whether documentation remains useful after the feed moves on.

OpenArchive’s work sits in that less visible layer. It is not about making media louder. It is about making it survive with integrity, and without forcing the people who captured it to surrender control to systems that may fail them.