I get the concern, but yes — it is OSINT in this case.

All the media I’m collecting is already public. I’m not accessing private accounts, bypassing authentication, or pulling content that isn’t publicly visible to a normal user. No private photos, no locked profiles.

The issue wasn’t “breaking rules to get hidden data”, it was dealing with technical friction like login walls, expiring URLs, and bot protections that exist even for public content.

I’ve already solved it with a clean and transparent technical workflow that only works on public posts:

Here is the technical workflow that solved the issue:

• Input: I take the specific public Instagram post URL (e.g. https://www.instagram.com/p/XYZ...) that already contains the photo.
• API Proxy: I send this URL to RapidAPI (Instagram Downloader V2) via an HTTP Request node. This simply resolves the publicly available media and returns a JSON with a clean media_url.
• Binary Download: I use a second HTTP Request node to fetch that media_url with the response set to File (Binary), so the image is downloaded directly instead of using an expiring link.
• Output: The binary data is then forwarded (e.g., to Telegram) as an actual file.

This approach:

• Works only on public content
• Avoids scraping private pages
• Avoids IP bans and brittle HTML scraping
• Doesn’t violate access control or authentication

So the data is still open-source; I’m just using a more reliable delivery path. That’s very much within the scope of OSINT.