OSINT

OSINT (Open-Source Intelligence) is the gathering and analysis of publicly available information to produce actionable intelligence. "Open source" here doesn't mean Linux — it means data that's accessible without compromising any system. The discipline existed long before the Internet (newspapers, public records, librarian queries) but the Internet supercharged what's possible.

The main OSINT data sources

• Social media. LinkedIn (professional history), Twitter/X (opinions, networks, locations), Instagram (locations, relationships, daily patterns), Facebook (family, friends, birthdays, history), TikTok (recent activity).
• Public records. Voter rolls (US, in some states), court records, property records, business registrations, professional licenses, marriage and divorce records.
• Search engines. Google and Bing for surface content; advanced operators (site:, intext:, filetype:) for targeted queries; specialized engines (Censys, Shodan for Internet infrastructure).
• Web archives. The Wayback Machine preserves pages users have since deleted. Old profiles, deleted blog posts, abandoned websites — all often still recoverable.
• Leaked databases. HaveIBeenPwned and various dark-web sources contain billions of records of breached account data, often containing emails, names, addresses, hashed passwords.
• Image OSINT. Reverse image search, EXIF data extraction, geographic landmark identification, sun-angle analysis for timestamping.
• Satellite imagery. Google Earth, Maxar, Sentinel — building changes, vehicle counts, agricultural patterns visible at meter resolution or better.
• WHOIS and DNS. Domain ownership (where not GDPR-redacted), nameserver hosting, certificate transparency logs.
• Government databases. SEC filings, FCC license records, FAA aircraft registrations, OFAC sanctions lists, regulatory enforcement actions.

What you can learn about an arbitrary person

For an average adult with normal social media use, OSINT typically yields:

• Full legal name, date of birth, hometown
• Current city, neighborhood, often the exact apartment building or street
• Employer, role, professional network
• Family members and their identities
• Phone numbers, email addresses (often multiple), past addresses
• Vehicles owned, sometimes license plates
• Recent travel destinations, schedule patterns
• Political and religious views, ideological affiliations
• Health conditions disclosed online

The aggregation is the issue. Each individual fact is innocuous; together they constitute a profile that enables stalking, doxxing, social engineering, identity theft, and targeted phishing.

OSINT for legitimate purposes

• Journalism. Bellingcat's investigations into nation-state operations are essentially all OSINT-based.
• Fraud investigation. Insurance, finance, and HR teams verify claims and resumes against public data.
• Threat intelligence. Tracking adversary infrastructure, finding compromised credentials before they're abused.
• Background checks. Pre-employment and pre-adoption screening combines public records with OSINT.
• Missing persons. Police and family-of-missing-persons groups use OSINT to trace recent activity.
• Bug-bounty reconnaissance. Identifying corporate infrastructure before authorized testing.

OSINT for harm

• Doxxing. Publishing someone's real identity, address, family info to enable harassment.
• Stalking. Pattern-of-life analysis from social media yields routines and vulnerabilities.
• Social engineering preparation. Personalized phishing draws from OSINT profiles to add credibility.
• Account takeover. Security question answers (mother's maiden name, first car, pet name) are often in someone's public posts.
• Targeted physical attacks. Schedule patterns, residence identification, vehicle identification all aid surveillance and physical harm.

Defending against OSINT collection

Complete elimination is essentially impossible — your name will appear in some public record somewhere. Reducing exposure:

• Audit your own footprint. Google yourself, search images of yourself, look at your social profiles from a logged-out state. See what an attacker sees.
• Tighten social media privacy. Most platforms allow tighter audience controls than the defaults.
• Strip EXIF data from photos before posting. Don't post photos of children with school logos visible.
• Limit OPSEC leaks. Don't post about vacations in real time; don't reveal patterns; don't tag locations.
• Use data-broker opt-outs. Services like Optery, DeleteMe, EasyOptOuts remove your info from people-search sites at modest cost.
• Separate identities. Use different emails, phone numbers, names for different contexts. Hard but effective.
• Public records. Some jurisdictions allow address suppression for specific reasons (judges, law enforcement, victims of abuse).

The OSINT ethics question

The information is public. Gathering it is legal. The combination is dramatically more invasive than the sum of its parts. The OSINT community has internal ethics debates about acceptable use — most professional practitioners follow rules around minimizing collateral exposure, not publishing identifying details of non-targets, and not aiding stalking or harassment. The tools are dual-use; the discipline depends on user ethics rather than technical barriers.