RootedReality
AppsLawsMethodologySign in →

Public methodology

How Rooted Reality scores public posture signals

Rooted Reality uses a versioned rubric to turn public disclosures into consistent posture bands for the public reference library. The rubric is a reading aid for families: it shows which evidence signals were found, how those signals mapped to scores, and how much confidence Rooted Reality has in the evidence base.

Rubric versionrr-posture-v1

What the rubric measures

Four axes turn public evidence into a weighted composite.

Each axis looks for documented public signals, then maps those signals to a score band. Youth protection carries the largest weight because the reference library is designed for parent decision-making around kids and teens.

Moderation

20%

How clearly a product explains and enforces rules for user-generated content and community behavior.

Signals include

  • Codified content rules
  • Recent transparency report
  • Recent moderation audit

Privacy

20%

How clearly a product explains data practices, privacy settings, and protections for younger users.

Signals include

  • Detailed privacy policy
  • Recent privacy audit
  • Minor accounts default private

Security

15%

How clearly a product describes account security, reporting paths, and protections against misuse.

Signals include

  • Two-factor authentication
  • Encryption in transit
  • Bug bounty program

Youth protection

45%

How clearly a product accounts for age, teen experience, family controls, and youth-specific safeguards.

Signals include

  • Teen account defaults
  • Family supervision tools
  • Regulatory youth-harm finding

How a variant lands at a band

The composite is weighted, then checked against a youth-protection floor.

The rubric first scores each axis from public evidence. Those axis scores are combined with fixed weights, then mapped to a band using fixed thresholds.

Weighted composite

composite =
   moderation       × 0.20
 + privacy          × 0.20
 + security         × 0.15
 + youthProtection  × 0.45

Band thresholds

  • Early6+≥ 85
  • Emerging9+≥ 75
  • Capable12+≥ 60
  • Independent15+below capable

Youth-protection floor

If the youth-protection score is below 50, the final band is capped at independent. This keeps a strong score in other areas from hiding a thin youth-protection evidence base.

floor50

What evidence we score against

The rubric uses named evidence patterns so the logic can be inspected.

Evidence patterns are the bridge between a public source and an axis score. A source can fire one or more patterns, and the axis files define how combinations of patterns map to score bands.

Moderation patterns

  • Codified content rules

    The platform publishes written content rules in its terms of service or community guidelines.

    Required to land above the lowest moderation tier.

  • Recent transparency report

    A transparency report citing enforcement counts has been published in the last 12 months.

    Combined with codified rules, lifts the moderation ceiling above 75.

  • Stale transparency report

    A transparency report exists but is older than 12 months.

    Holds the moderation ceiling around 65.

  • Recent moderation audit

    A third-party or regulatory audit has confirmed moderation behavior in the last 24 months.

    Stacked with recent transparency reporting, lifts the moderation ceiling near 90.

  • Regulatory moderation finding

    A regulator has issued a formal finding that names a moderation gap on the platform.

    Lowers the moderation ceiling to the 40-59 band.

  • Documented moderation failure

    An independent source documents a case where the platform's moderation did not enforce its own rules.

    Lowers the moderation ceiling; stacks with regulatory findings.

Privacy patterns

  • Detailed privacy policy

    The platform publishes a privacy policy with specific data-handling details rather than a generic notice.

    Required to land above the lowest privacy tier.

  • COPPA-compliance action

    The platform has a documented compliance program for the US Children's Online Privacy Protection Act.

    Combined with audit and minor-default-private, lifts the privacy ceiling near 90.

  • COPPA violation finding

    A regulator has issued a formal finding that the platform violated COPPA.

    Drops the privacy ceiling near 30 regardless of other signals.

  • Recent privacy audit

    A third-party privacy audit has been completed in the last 24 months.

    Lifts the privacy ceiling when paired with a detailed policy.

  • Minor accounts default private

    Also applies to: Youth protection

    Accounts identified as minors default to private settings rather than public exposure.

    Required for the upper privacy bands; also reads as a youth-protection signal.

  • Minor accounts default public

    Also applies to: Youth protection

    Accounts identified as minors default to public exposure rather than private settings.

    Lowers the privacy ceiling toward the 40-59 band.

  • Recent data breach

    A data breach has been disclosed in the last 24 months.

    Drops the privacy ceiling near 30.

  • Historical data breach

    A data breach is on record from more than 24 months ago.

    Holds the privacy ceiling around 45 unless offset by audit.

Security patterns

  • Two-factor authentication

    Two-factor authentication is available to all users.

    Required to land above the lowest security tier.

  • Encryption at rest

    Stored user data is encrypted at rest on the platform's servers.

  • Encryption in transit

    Connections between users and the platform are encrypted in transit.

    Combined with two-factor, lifts the security ceiling above 60.

  • End-to-end encryption

    Messages or media are end-to-end encrypted (messaging-class products only).

    Adds a small bonus to the final security score.

  • Bug bounty program

    The platform runs a public program that rewards external security researchers for finding flaws.

  • Recent security audit

    A third-party security audit has been completed in the last 24 months.

  • Regulatory security finding

    A regulator has issued a formal finding tied to a security gap on the platform.

    Drops the security ceiling near 35.

Youth-protection patterns

  • Peer-reviewed harm finding

    Peer-reviewed research documents platform-specific patterns of harm to minors.

    Combined with other harm signals, holds the youth-protection ceiling under 60.

  • Regulatory youth-harm finding

    A regulator has issued a formal finding tied to harm to minors on the platform.

    When combined with internal-leak evidence, drops the youth-protection ceiling near 25.

  • Internal-document leak (youth harm)

    Leaked internal company documents indicate the platform was aware of youth-harm patterns.

    Largest single-pattern impact on the youth-protection axis; drives the floor gate.

  • Surgeon General advisory

    A US Surgeon General advisory or comparable health-authority statement names the platform.

  • Teen account defaults

    Teen accounts default to stricter content and contact protections.

    Required for the upper youth-protection bands.

  • Family supervision tools

    The platform offers parent or guardian supervision and family-link tools for teen accounts.

  • Age-gate enforcement documented

    Age-gate enforcement, through verification or estimation, is documented.

  • Age-gate bypass documented

    Independent sources document that the platform's age gates are routinely bypassed.

    Subtracts from the youth-protection score when no enforcement is documented.

  • Organized around illegal or law-evasive activity

    Published sources document that this surface is organized around illegal or law-evasive activity.

    Lowers the youth-protection score by 22 (rr-posture-v1.2+); content-class contribution capped at -45 per surface.

  • Organized around gambling or speculative-finance

    Published sources document that this surface is organized around gambling or highly speculative risk-taking.

    Lowers the youth-protection score by 14 (rr-posture-v1.2+); content-class contribution capped at -45 per surface.

  • Organized around explicit sexual content

    Published sources document that this surface is organized around explicit sexual content or adult sexual services.

    Lowers the youth-protection score by 20 (rr-posture-v1.2+); content-class contribution capped at -45 per surface.

  • Organized around substance-use content

    Published sources document that this surface is organized around substance-use content.

    Lowers the youth-protection score by 16 (rr-posture-v1.2+); content-class contribution capped at -45 per surface.

  • Organized around self-injury or disordered-eating reinforcement

    Published sources document that this surface is organized around self-injury, suicide ideation, or disordered-eating reinforcement.

    Lowers the youth-protection score by 25 (rr-posture-v1.2+); largest content-class delta. Combined contribution capped at -45 per surface.

Confidence is about our evidence base

LOW, MEDIUM, and HIGH describe Rooted Reality's source quality and coverage.

Confidence does not describe whether a product is good or bad. It describes how complete, current, and directly usable the public evidence was when the rubric ran.

LevelWhat it means
HIGHMultiple relevant public sources are available, the evidence is current enough for review, and the patterns behind the score are clear.
MEDIUMEnough public evidence exists to apply the rubric, but one or more areas have thinner coverage, older sources, or less direct evidence.
LOWThe evidence base is limited, unresolved, or still being reviewed. DRAFT entries remain held at LOW confidence until reviewed for publication.

What DRAFT means

DRAFT means the entry is held for review and should not be read as a negative product signal. In this rubric, DRAFT posture is kept at LOW confidence until public evidence has been checked.

A worked example

One public variant trace, from sources to final band.

This example shows how a published variant moved through the rubric. The trace starts with cited sources, then shows patterns fired, axis scores, the weighted composite, the youth-protection floor check, and the final band rationale.

Worked example

Instagram

meta/instagram

  1. Sources cited

    • Instagram Terms of Use

      Instagram publishes terms of use and community guidelines that spell out what content is allowed.

      OFFICIAL_TOSoriginal source

    • Meta Community Standards Enforcement Report

      Meta publishes a quarterly transparency report covering enforcement actions on Instagram.

      OFFICIAL_TRANSPARENCY_REPORT· dated 2025-12-01original source

    • Instagram Privacy Policy

      Instagram publishes a privacy policy describing what personal information it collects and how it is used.

      OFFICIAL_PRIVACYoriginal source

    • Instagram two-factor authentication setup

      Instagram offers two-factor authentication for all accounts and encrypts data in transit.

      OFFICIAL_HELP_CENTERoriginal source

    • Meta Bug Bounty Program

      Meta runs a bug bounty program that pays outside security researchers to find vulnerabilities affecting Instagram.

      OFFICIAL_SECURITYoriginal source

    • Introducing Instagram Teen Accounts (2024)

      Instagram's Teen Accounts default to private, with stricter content filtering and limits on who can contact the account.

      OFFICIAL_HELP_CENTER· dated 2024-09-17original source

    • Meta Family Center — supervision tools

      Meta Family Center gives parents supervision tools for their teen's Instagram account.

      OFFICIAL_HELP_CENTERoriginal source

    • WSJ — The Facebook Files (2021 series)

      Internal Meta documents published by the Wall Street Journal in 2021 showed the company was aware of teen mental-health harm patterns on Instagram before publicly addressing them.

      INTERNAL_LEAK· dated 2021-09-14original source

    • US Surgeon General Advisory — Social Media and Youth Mental Health

      The U.S. Surgeon General issued an advisory in 2023 citing peer-reviewed research linking Instagram to youth mental-health concerns.

      REGULATORY_ADVISORY· dated 2023-05-23original source

    • 41-state AG bipartisan lawsuit against Meta — youth mental-health harm allegations

      A group of 41 state attorneys general filed suit against Meta in 2023, naming Instagram in youth-harm allegations.

      REGULATORY_ACTION· dated 2023-10-24original source

    • Meta Oversight Board — 2024 Annual Report (Aug 2025)

      The Meta Oversight Board's 2024 annual report says Instagram accounted for 22% of the user appeals tracked across Meta's surfaces that year.

      THIRD_PARTY_AUDIT· dated 2025-08-27original source

    • European Commission — preliminary DSA findings against Meta (Oct 2025)

      The same October 2025 European Commission DSA finding cited for Facebook applies to Instagram: users do not have an effective path to challenge content-moderation decisions.

      REGULATORY_ACTION· dated 2025-10-24original source

    • Reuters — Instagram failed to curtail hate speech against women politicians (Aug 2024)

      An August 2024 Reuters report on a Center for Countering Digital Hate study said Instagram left 93% of abusive comments aimed at women politicians up after they were flagged.

      INVESTIGATIVE_JOURNALISM· dated 2024-08-14original source

  2. Patterns fired

    16

    Moderation

    • Codified content rules +25

      Platform publishes codified content rules in ToS or community guidelines.

      via Instagram Terms of Use

    • Recent transparency report +20

      Recent transparency report cites enforcement counts within 12 months.

      via Meta Community Standards Enforcement Report

    • Recent moderation audit +15

      Third-party or regulatory audit confirms moderation behavior in last 24 months.

      via Meta Oversight Board — 2024 Annual Report (Aug 2025)

    • Regulatory moderation finding -20

      Regulator has issued a formal finding tied to moderation gaps.

      via European Commission — preliminary DSA findings against Meta (Oct 2025)

    • Documented moderation failure -15

      Documented case of enforcement failing against codified rules.

      via Reuters — Instagram failed to curtail hate speech against women politicians (Aug 2024)

    Privacy

    • Detailed privacy policy +25

      Platform publishes a detailed privacy policy with data-handling specifics.

      via Instagram Privacy Policy

    • Minor accounts default private +15

      Minor accounts default to private settings.

      via Introducing Instagram Teen Accounts (2024)

    Security

    • Two-factor authentication +15

      Two-factor authentication available to all users.

      via Instagram two-factor authentication setup

    • Encryption in transit +10

      Encryption in transit documented across user-facing endpoints.

      via Instagram two-factor authentication setup

    • Bug bounty program +10

      Active bug bounty program engages external security researchers.

      via Meta Bug Bounty Program

    Youth protection

    • Teen account defaults +15

      Teen accounts default to stricter content and contact protections.

      via Introducing Instagram Teen Accounts (2024)

    • Family supervision tools +10

      Parental supervision and family-link tools documented.

      via Meta Family Center — supervision tools

    • Internal-document leak (youth harm) -25

      Internal company documents indicate awareness of youth-harm patterns.

      via WSJ — The Facebook Files (2021 series)

    • Surgeon General advisory -10

      Surgeon General advisory or comparable health authority cites this platform.

      via US Surgeon General Advisory — Social Media and Youth Mental Health

    • Peer-reviewed harm finding -15

      Peer-reviewed research documents platform-specific harm to minors.

      via US Surgeon General Advisory — Social Media and Youth Mental Health

    • Regulatory youth-harm finding -20

      Regulator has issued a formal finding tied to youth harm.

      via 41-state AG bipartisan lawsuit against Meta — youth mental-health harm allegations

  3. Axis scores

    • Moderation30 × 0.20 = 6.0Documented moderation failure or regulatory finding lowered ceiling.
    • Privacy80 × 0.20 = 16.0Detailed policy plus audit or minor-default-private; no breach history.
    • Security65 × 0.15 = 9.82FA + in-transit encryption documented; at-rest or audit missing.
    • Youth protection25 × 0.45 = 11.3Internal documentation of awareness combined with active regulatory finding.

  4. Weighted composite

    43.0

  5. Floor check

    Floor gate fired

  6. Derived band

    Independent

    Youth-protection score 25 is below the floor of 50, ceiling band at "independent" regardless of composite 43.0.

  7. Confidence

    MEDIUM

Evidence durability

Public sources can move, change, or disappear.

Rooted Reality stores source metadata and uses archival capture so a future reviewer can understand what evidence supported a score at the time it was reviewed. This matters because the reference library can cover many products, variants, and public sources at once; manual link checking alone does not scale.

Archival capture

When supported, evidence pages are sent to Wayback Save Page Now so the review trail has a durable reference point.

What this page is not

The rubric explains a method; it does not make family decisions.

  • It does not tell a family what to choose.
  • It does not order products from best to worst.
  • It does not promise future behavior.
  • Posture can change when public disclosures change.
  • Confidence describes Rooted Reality's evidence base, not product quality.

Get methodology updates

Notified when our scoring rubric or evidence rules change. One email per change.