What We Know About You
How much does any given person know about us? Are we oversharing? These are very significant questions when considering our on and offline safety and privacy. Hopefully most, if not all, of you reading this have had some conversation or training about online safety and the dangers of oversharing on the internet. Unfortunately, even with an “appropriate” online presence consisting of seemingly innocuous information we may still put our privacy and security at risk. In this post I will attempt to give you a primer on the practices and techniques used in open-source intelligence (OSINT).
OSINT
Ritu Gill of the SANS institute defines OSINT as “intelligence produced by collecting, evaluating and analyzing publicly available information with the purpose of answering a specific intelligence question.” Keep in mind, intelligence isn’t just a collection of information. To turn raw information into Intelligence, the information needs to be processed using critical thinking skills and analysis to find meaningful information that applies to the investigation. For example, saving all of someone’s Instagram posts isn’t intelligence. Intelligence is using the numerous posts of their dog as a cue to start advertising dog food and accessories to them.
While OSINT sounds like a technique used exclusively by clandestine operatives or the military it is actually used by various organizations and individuals, including governments, non-governmental organizations, businesses, and private investigators. OSINT has proven useful in intelligence gathering for a wide range of applications such as security threat assessment, market research, and competitive intelligence. Below is a non-exhaustive list of organizations or individuals that could leverage OSINT.
- Investigative journalists
- Human rights investigators
- Law firms
- Information security (e.g. McAfee)
- Cyber threat intelligence (e.g. CrowdStrike)
- Social engineers (e.g. Scammers)
- Social networking (e.g. Meta)
- Potential employers
To be clear, when I refer to OSINT I’m referring to “Passive OSINT”. Passive OSINT is described as the investigator having no engagement with the target and only leveraging publicly available information. Passive OSINT usually carries a low risk of attribution. Inversely active OSINT may require engagement with the target and accessing information that requires special permission. Active OSINT naturally carries more risk of exposure.
For context, I use the term investigator to reference a diverse range of people or entities. For example an investigator could be anyone, like an advertising company, stalker, or a potential employer. The investigation takes various forms as well. For the advertising company, they might be interested in understanding what things you like or want. A future employer would be concerned whether or not you have an appropriate online presence. Stalkers typically seek to establish or reestablish contact.
Intelligence workflow
Here are the stages of the intelligence life cycle as outlined by the SANS institute. This workflow is typically implemented to help formalize the OSINT process. Having a formalized process is useful when working collaboratively.
- Preparation: Create requirements and objectives that fit the request, also determine the best sources to obtain useful information.
- Collection: Collect data and information from as many relevant sources as possible.
- Processing: Organize all the collected data and information.
- Analysis and Production: Interpret the processed information to make sense of what was collected, i.e. identifying patterns or a timeline of travel history. Produce a report to answer the intelligence question, draw conclusions, and recommend next steps.
- Dissemination: Share what you’ve learned, i.e. written reports, timelines, recommendations, etc. Answer the intel question for stakeholders.

Below is an example of how you could apply the intelligence life cycle to an OSINT investigation.
- Start with what you know (email, username, etc.)
- Define requirements (what you want to get)
- Gather the data
- Analyze collected data
- Pivot as-needed using new gathered data
- Validate assumptions
- Generate report
Public Sources
The information that fuels OSINT efforts can be acquired from various sources that usually lead to other information sources that you can use to pivot to even more data rich information sources. The flow diagram below illustrates some of the connections that can be leveraged to provide you with more information. This diagram also shows how very little information is needed to get you started. Starting with very little information is typical for OSINT investigations, usually only given a name or social media handle.

To assist with investigations the OSINT community has developed a plethora of tools and resources. For example, the LockFALE organization created the OSINT Framework with the intent to help people find free OSINT resources. The creator of the website originally built the resource from an infosec point of view, but eventually broadened the site’s scope after receiving input from other fields and disciplines that leverage OSINT.
Implications of OSINT
OSINT can offer significant benefits across various disciplines. In cybersecurity, it helps identify threats and vulnerabilities, enabling proactive defenses. Law enforcement uses OSINT to track criminal activities and gather evidence efficiently. Businesses leverage it for competitive intelligence, market analysis, and understanding consumer sentiments. However, ethical and legal concerns arise regarding privacy and the accuracy of data. Bad actors are known to misuse OSINT in illegal ways, such as stalking, identity theft, and planning cyberattacks. While OSINT is a powerful tool, it requires careful application to maximize its benefits and mitigate its drawbacks.
Doxing
Often referred to as the dark side of OSINT, doxing is a form of online harassment that involves the sharing of personal information in a way that could spur harm. This practice has become very common on social media platforms. Doxing is so commonplace now that there is a X (Twitter) phrase that acts as a call to action for would be doxers.
“Twitter, do your thing.”
A phrase typically used by members of cancel culture, radical leftists, and terminally online Twitter users as a call-to-action to find an individual’s personal information and release it to the public (also known as doxing). Typically used against perceived racists, misogynists, etc.
— joeldba on urbandictionary.com, June 17, 2021
Anyone can fall prey to doxing campaigns. While many victims are targeted for racist, misogynistic, or homophobic behavior, others become targets simply to be bullied.
Jack Sweeney | @ElonJet
Jack Sweeney is a college student who gained widespread attention for creating the ElonJet X account, which tracks the private jet movements of Elon Musk. Using publicly available flight data, Sweeney’s account would post real-time updates on Musk’s jet, sparking discussions on privacy, security, and the ethics of sharing such information. His efforts have highlighted the accessibility of flight data and raised questions about the boundaries of public interest and personal privacy in the digital age.

Sweeney currently operates a number of accounts that track other rich and powerful people like Taylor Swift and former president Donald Trump. There has been many debates and legal discussion on whether Sweeney’s actions constitute doxing; however even with threats of legal action Sweeney believes the public should have access to this kind of information. Sweeney’s system relies on publicly available data collected by amateur enthusiasts. Planes in the sky regularly send out information about where they are located, and these signals can be picked up by people using inexpensive receivers on the ground.

Sweeney has since adjusted his approach by implementing a 24-hour delay on updates, prioritizing the safety of individuals on the planes he tracks. Below are two examples of the information Sweeney shares on his various X accounts.

In today’s digital world, we often share more than we realize, which can compromise our safety and privacy. This blog highlights how OSINT can be used to gather detailed personal information from publicly available sources. Even with seemingly harmless online profiles, our privacy could still be at risk. However, we can better protect our privacy by remembering the importance of staying cautious about what we share online and by making good use of privacy settings. Have you thought about how much you’re sharing online? Let’s discuss how you balance transparency and privacy in your digital life.
Further Reading/Resources
- Introduction to Doxing — a comprehensive overview of doxing, its methods, impacts, and preventative measures.
- OSINT: Open-Source Intelligence (Udemy Course) — covers the fundamentals and advanced techniques of OSINT.
- OSINT Framework — a structured collection of OSINT tools and resources.
References
BBC News. “Elon Musk’s Jet Tracker: Why a Student’s Hobby Has Sparked a Debate.” BBC, 8 July 2023, bbc.com. Accessed 24 July 2024.
Gibbs, W. W. (2023, May 1). How much information does OSINT actually yield? A case study. Medium. Retrieved July 1, 2024, from medium.com
Hades Security. (2022, August). Introduction to doxing. Hades Security. Retrieved July 1, 2024, from hadess.io
Mihira, A. (2018, October 8). Find someone’s personal info using OSINT. Medium. Retrieved July 1, 2024, from medium.com
OSINT Team. (2018, March 21). OSINT: How to find information on anyone. OSINT Team Blog. Retrieved July 1, 2024, from osintteam.blog
SANS Institute. (2020, November 6). What is open-source intelligence? SANS Institute. Retrieved July 1, 2024, from sans.org
Urban Dictionary. (n.d.). Do your thing. Urban Dictionary. Retrieved July 1, 2024, from urbandictionary.com

