SWIM's recommendation for anyone wanting to learn is to sign up for Breachforum and read up on all of the contents in their OSINT subforum [1] where you can ask questions too. If you're willing to boogey on into the grey area, you can even download leaked datasets from BreachForum, Leakbase.io, etc. to make your job a lot easier if it involves identifying people online - for example a few databases like AT&T customers and the NationalPublicData database were leaked recently which is kind of like having a private LexisNexis Accurint at your fingertips.
This is definitely a topic area where people overly familiar might omit standard safety precautions within their instructions: Do use a burner VM, don't do any of your normal computing on that VM, etc.
I never liked this term. Why is the term "Open Source" used to refer to publicly available information? Something like "PAT" would have been a better acronym: Public Available Information.
PAI would sound like anyone had the right to the information, whereas OS sounds like it happens to be public (unfortunately), but of course only we the agencies should access it.
OS is a bureaucratic power term, which is of course quite old:
...this takes me down a rabbit hole to 2010. We once tried to establish "Public Intelligence" [PubInt] as it was a term we used since 2003 in 2010 but it only caught on with some businesses. The then definition was - to differenciate it from OSINT - bound to the use of the information in a "civic" context - here you got them for fun and giggles:
2003: Public intelligence refers to sources of information freely available to the individual to be the basis for it's role as a responsible and critical citizen as part of a group or state.
Public Intelligence is associated with the application of Open source intelligence (OSInt) to empower the public in its dealings with all forms of organization, and most especially government. It is an applied variant of Collective intelligence.
It was inspired by the 1978 Colby book:
"Intelligence must accept the end of its special status in the American government, and take on the task of informing the public of its nature and its activities as any other department or agency. . . . By far the most effective manner of accomplishing the task . . . is by letting the public benefit directly from the products of intelligence, its information and assessments. " --former DCI William Colby, Honorable Men: My Life in the CIA, Simon & Schuster, 1978, pp. 459-60.
The problem with this is that OSINT has been established as a term at a government level (likely before Open Source Software came about?), so any push to change it will be a greater feat than the inverse.
> I never liked this term. Why is the term "Open Source" used to refer to publicly available information?
I assume your line of thinking is that you associate "Open Source" with software freedom (warm fuzzy feelings) & dislike that being tainted by stalkers & military espionage. Leaving aside that OSINT pre-dates the software term, I think it's quite fitting given the context of the very capitalist-/corporate-friendly "Open Source" licensing trend subsuming the original corporate-unfriendly/copyleft "Free Software" movement. The former enables the military-industrial complex by taking advantage of publicly available data, the latter enables the corporate world by taking advantage of publicly available code.
Yes, unfortunately I've also observed that while "OSINT" is theoretically a legitimate, white-hat thing, in practice it's very often used as whitewashed branding for malicious (often "righteous") doxxing. Similar to black hats for hire forums that claim to just be about "security research"
> Why is the term "Open Source" used to refer to publicly available information?
Well, why not?
"Source" has long referred to available information. In fact, you probably won't have to read HN long before you encounter a "source plz"-type meme, intended to mean something akin to: "Please point me to the available information that supports your claim."
"Open" has long referred to available information that is accessible to users. "Open source[code]" uses "open" in the same way.
PAT works too but I'm not sure it communicates anything meaningfully different. As far as I can tell, they are trying to communicate the very same thing. Is your reaction, perhaps, because you are accustomed to "open source" being used in the software sense?
> Do we refer to street dogs as open source dogs?
Dogs haven't typically been seen as information, so, for all practical purposes, probably not. But if we want to change that, sure, why not? Language doesn't have feelings. It doesn't care.
The term "open source" as referring to sofware was suggested in 1997 but I could find references to OSINT from at least 1991-1995[0], so I'd say "Open Source Intelligence" should get precedence.
The thing is, there's a whole world outside software development and as unpleasant as it might sound, they don't care that much what words we use among us.
Some funny anecdote, my fullname is relatively unique, two or three people have it AFAIK. On my upwork profile, they put the military veteran status because a completely unrelated military guy with the same name shows up in the google/linkedin search. I can't remove the status, I don't even look like the other guy.
In some countries, falsely claiming military status is a crime. I'd be very careful about accepting any jobs using that profile as you may be committing fraud. (Not a lawyer)
When it’s impossible to prevent bad actors from gaining access to weapons, the best thing to do is to level the field by giving the same weapons to everyone.
If you are not some journalist, you won't need serious OSINT. (Investigating someone for fun?)
You can play geoguesser for fun. That's "technically" OSINT and you will know geography. Here is a Geoguesser (Rainbolt) player finding places from images: https://www.youtube.com/@georainbolt/videos
A skill I recommend much more than OSINT is being good at normal searching and collecting some basic metadata, and getting the gist of new topics quickly.
- You want to buy something, how do you figure out the price, quality, and whether it is a good deal. How to quickly figure out what matters and what doesn't? Which features are common, which false advertised, which are aesthetic bloat.
- You are traveling or moving to a new city, how do you quickly figure out all the tricks locals know and not fall for tourist cash grabs.
- You find a shady website, app, or chrome extension. Pocke around with the source code and domain names to round up the entire operation and report it.
- Some new person you got to know works/likes something you know little about. How do you quickly figure out some deeper questions to ask.
- Find what an error in your computer.
It boils down to knowing the underlying structure of whatever you are digging. Insiders tend to know ecosystem so well it seems obvious, despite it being hard to integrate into for an outsider.
There was a command line tool available where you could enter a few attributes (such as a username) and the tool would plow through just about every online service to find and report data. Anyone remember what it was?
and even if there’s no information on the first and last name. There will likely be at least somebody in your web of relationships that leaked something.
"Gather the Data: Use various tools and methods to collect information."
"By following a structured approach and leveraging specialized tools, you can effectively gather, analyze, and verify information from publicly available sources."
Am I paranoid or was this partly written by an LLM? Or is it just naturally so vague and generic. I mean most of the tips are kinda legit, but after the title I expected a little more than this.
[1] https://breachforums.st/Forum-OSINT