Sure, you could Google yourself to see what information about you is floating around out there. Or you can go levels deeper and “OSINT” yourself, arming yourself with more data that could help you take measures to protect your privacy and lessen the risk of identity theft.

Open-source intelligence (OSINT) is the collection and analysis of publicly available information specifically to generate profiles on individuals or groups. Information is scraped from a variety of sources including traditional and online media, public government data, and trade and academic publications. 

The more information about a person there is online, the more accurate a profile will be—not great for an individual’s privacy or susceptibility to identity theft or other forms of fraud.

OSINT techniques fall into several categories:

  1. Passive: This involves the passive collection of information from a variety of sources using search engines. In this scenario, no direct contact is made with a target, nor is there a high risk of detection.
  2. Semi-passive: This involves the collection of information using scraping or aggregation tools. In this scenario, there is also no direct contact made with a target, nor is there a high risk of detection.
  3. Active: This involves actively collecting available information sitting on a target’s servers. This is done via searching for access points into a target’s networks, entering said network, and retrieving information. In this scenario, direct contact is made with a target and there is a higher risk of detection. 

Who uses OSINT?

Cybersecurity professionals use OSINT to find company data leaks to patch up, such as open ports and unsecured documents. OSINT research is also conducted by members of law enforcement, private investigators, national security, business/competitor intelligence, and recruitment and HR professionals.  

Individuals can use OSINT tools to research themselves in order to tighten up their personal privacy and security.

What can people find out about me online?

Given how broad the sources of OSINT are, the types of information discoverable on individuals can include:

  • Usernames and passwords
  • Email addresses
  • Social media accounts
  • Physical addresses and residential history
  • Dates of birth
  • Business registrations
  • Medical history
  • Employment history
  • Academic history
  • Financial history
  • Service subscriptions
  • Sexual health and history 
  • Schedules and routines
  • Political opinions

Read more: How reputation management can help you stay private

Free open-source intelligence tools

There are a variety of free and paid OSINT tools that are readily available online which can give you an indication of what kinds of personal information you have out there.

OSINT Techniques and OSINT Framework have massive lists of some great OSINT tools to help search for and protect your information.

Some great OSINT tools that are also free include:

IntelTechniques Search Tools

After being taken down in 2019, the IntelTechniques Search Tools are back online. Created as a supplementary tool for the educational materials written by Michael Bazzell, a former U.S. government computer crime investigator, the IntelTechniques Search Tools help you search for everything from social media accounts to home addresses and information gathered from data breaches.

Wayback Machine

We’ve written about the Internet Archive before. Its Wayback Machine digital archive is a treasure trove of around 700 billion—you read that correctly—web pages which can make hunting information that is no longer readily available on the internet an easier task.

Phoneinfoga

Phoneinfoga, or the phone information gathering tool, is an advanced search tool to scan any instance of a phone number on the internet. Simply plug in the phone number you want to search (in international/E164 format) and let the tool do its thing!

Have I Been Pwned?

Have I Been Pwned? is a great resource for finding out if your phone number or email have been compromised in any international data breaches. The tool currently has information on over 600 compromised sites and 11 billion accounts.  

TinEye

Like Google Image Search, TinEye is a reverse image search tool. Unlike its Google counterpart however, TinEye is more accurate and returns fewer false positives. This is useful for finding out what unwanted images of you may be in use.

BuiltWith

The BuiltWith tool is a website profiler that provides information on what technology and content management systems are used on a website. This is useful for finding out useful data for competitive analysis on your competitors. 

Google and DuckDuckGo

This one’s a no-brainer. These two are great free OSINT tools, especially if you know how to use filters for finding exactly what you want. A list of Google search filters can be found here and here; and a useful guide on DuckDuckGo search syntaxes can be found here

What are the downsides of open-source intelligence?

In terms of practicality, sorting through the sheer volume of data that’s available on a person or a company can be cumbersome. Further, you’d also need to verify that the information you’ve discovered is actually accurate.

That said, the biggest downside of OSINT lies in the ability of the information discovered to be exploited by malicious actors. There are also laws in place that dictate what you can look into and what you can do with the information you’ve retrieved—these laws will vary according to region. In other words: Just because something can be found doesn’t mean it should be.

Read more: So your information is on the dark web. What now?

FAQ: About open-source intelligence