osint

Open source intelligence on yourself

The minimum you should do is to set up Google Alerts listing all your name variants and get notifications regularly, or "as-it-happens". Any mentions will be visible to you.

Andras Kora

Andras Kora

3 min read
Open source intelligence on yourself

OSINT in short, is the practice of collecting and analysing data gathered from open sources (publicly available information) to produce actionable intelligence about a certain fact or person.

How deep is this rabbit hole?

Well, after you set up Google Alerts listing all your

  • names, all name variants (hint: use "" to capture "FirstName LastName" properly)
  • all email addresses (including past ones)
  • all phone numbers

as a super basic next step you can just simply do an "ego search": typing your full name into Google or any other search engine and see what comes up.

Beyond this, you can take it WWWAAAAYYYYY further.

Here is a pretty comprehensive set of lists:

Level ONE: personal information, the basics

When conducting an OSINT (Open Source Intelligence) investigation on yourself, you should start by searching for the following basic personal information items:

  1. Full Name: Check for variations and common misspellings.
  2. Email Addresses: Look for all email addresses you have used.
  3. Phone Numbers: Include both current and past numbers.
  4. Social Media Profiles: Search for all accounts on platforms like Facebook, Twitter/X, LinkedIn, Instagram, TikTok, etc.
  5. Home Address: Include current and previous addresses.
  6. Date of Birth: Verify if this information is publicly available.
  7. Employment History: Check for any information related to your past and current jobs.
  8. Education History: Look for details about schools, colleges, and universities attended.
  9. Online Usernames: Search for any usernames you have used on forums, websites, or gaming platforms.
  10. Photos and Videos: Check for any media that might be publicly accessible.
  11. Public Records: Look for any publicly available legal documents, such as court records or property records.
  12. News Articles: Search for any news articles or mentions in the media.
  13. Blog Posts or Articles: If you have written any content online, check its availability and context.

By gathering this information, you can assess what personal data is publicly accessible and take steps to manage your online presence accordingly.

Level of control

Remember, there is a certain level of control on what you can and can't do with the found sources:

  • Personal Website: Full control over content
  • Code Repositories (e.g. Github): High control over content
  • Social Media Profiles: Moderate control over content
  • Content Platforms: Moderate control over content
  • Professional and Networking Sites: Limited control over content

Level TWO: your online assets

When considering your online assets, it's important to have a comprehensive view of everything you own or manage. Here are some online assets you might want to consider:

  1. Domain Names: Ensure you have a list of all domain names you own, including any variations or extensions.
  2. Websites: Check for all websites you manage, including subdomains.
  3. Email Accounts: Include any professional or personal email accounts associated with your domains.
  4. Hosting Accounts: Identify all web hosting services you use.
  5. Online Storefronts: If applicable, list any e-commerce platforms you use, such as Shopify, Etsy, or Amazon.
  6. Cloud Storage: Include services like Google Drive, Dropbox, or OneDrive.
  7. Online Subscriptions: Consider any subscriptions to services or tools that are part of your online presence.
  8. Digital Products: If you sell or distribute digital products, list these as well.
  9. Advertising Accounts: Include accounts on platforms like Google Ads or Facebook Ads.
  10. Analytics Accounts: Ensure you have access to analytics tools like Google Analytics.
  11. SSL Certificates: Keep track of any SSL certificates for your domains.
  12. Content Management Systems: Note any CMS platforms you use, such as WordPress or Joomla.
  13. Online Communities: Include any forums or online communities where you have a presence.

By keeping track of these assets, you can better manage your online presence and ensure everything is up to date and secure.

Level THREE: public keys, everything encrypted

Public keys, such as those used in GPG (GNU Privacy Guard), are important online assets to track and manage. Here are some considerations regarding your public keys:

  1. Key Management: Keep a list of all public keys you have generated, including their associated email addresses and key IDs.
  2. Key Servers: Ensure your public keys are uploaded to key servers if you want others to find and use them for secure communication.
  3. Expiration Dates: Monitor the expiration dates of your keys and renew them as necessary to maintain secure communications.
  4. Revocation Certificates: Have revocation certificates ready in case you need to revoke a key due to compromise or other reasons.
  5. Backup: Securely back up your private keys and any associated passphrases in a safe location.
  6. Usage: Document where and how each key is used, such as for email encryption, signing software, or other purposes.
  7. Access Control: Ensure that only authorized individuals have access to your private keys.

By managing your public keys effectively, you can maintain secure communications and ensure that your digital identity is protected.

What else can you think of?

Read more