LinkWitness

Methodology

Evidence first. Inference labeled.

LinkWitness separates what was observed, what a third-party source reported, and what an automated model inferred.

01

Normalize safely

We parse HTTP and HTTPS addresses, expose deceptive hostname patterns, mask likely secrets, and reject private-network or credential-bearing targets.

02

Collect bounded evidence

Technical, historical, reputation, and behavioral signals are timestamped. An unavailable source remains unavailable—it is never counted as a clean result.

03

Apply deterministic policy

Strong signals carry more weight than weak heuristics. AI can explain patterns, but it cannot independently determine a public risk status.

04

Preserve uncertainty

Reports state their coverage and limits. “No known risk found” never means “safe.”

05

Keep an audit trail

Every historical report is retained according to policy so material changes and corrections are reviewable.

06

Correct the record

Owners and users can provide counter-evidence. Changes are logged; payment never influences findings.