Most of us are spending more and more time online: using new platforms, sharing media, and otherwise following the latest distraction.
It’s easy to forget or ignore, but at this point, we know what we do online is being tracked, recorded, bought and sold.
We know intelligence agencies are collecting massive amounts of data on us. Thanks to Edward Snowden’s 2013 leaks, we’re aware there’s a global surveillance network conducted between partner nations to circumvent privacy laws.
We also know the tech companies themselves are keeping vast databases of our information and activities online — both on and off their platforms. Collecting this information is to help them deliver “targeted ads” to improve our “online experience,” they say.
But what some might not be aware of is how much of our data is out in the open for anyone else to capture and use.
Enter Open Source Intelligence, or OSINT if you want to sound slick. This umbrella term refers to a wide range of tools and techniques to gather information publicly available on the internet — either posted willfully or leaked.
These approaches are harnessed by companies, private investigators, nosey journalists — and potentially, creepy or dangerous people.
Many are familiar with the term “Facebook stalking” — the use of the platform to gather information on people.
The heyday of this practice was from 2013 to 2019, when Facebook offered a tool called “graph search.” This allowed users to perform keyword-based queries across the platform. For example, you could search “people who live in Campbell River” and get a list of profiles. Third-party OSINT tools were then built around this feature, making capturing and using information from these searches easier.
Now, credit to The Zuck, the platform has locked down a bit in recent years in response to privacy concerns. Graph search is no longer available. But you still can, for example, search for photos of someone, depending on their privacy settings.
There are still many social media OSINT tool available, however. Some seem innocuous enough, while the potential applications of others are downright disturbing.
Let me name a few.
First, there’s the-proof-is-in-the-name “Creepy.” This program helps gather and display geolocation information provided on social networking platforms.
With this program, anyone can target a particular user and analyze the time and location of their posts. This could be used to determine someone’s key locations, such as where they live or work, or their movement patterns, like when they are at home versus the office, for example.
Another is “Sleeping Time,” which estimates the sleeping schedule of a target based on when they are active on Twitter. Maybe a favorite of the paparazzi, who knows?
If you’re concerned about your digital footprint and how it might be used, what should you do?
Some might say just avoid using these platforms altogether. Go read a book. Meet friends in person. Cherish that entrée photo yourself.
But for those who instead want to balance their online presence with some privacy there are some steps one can take; you don’t have to go shack-in-the-woods a la Ted-Kaczynski to reduce your online presence.
First, one can lock down your Facebook profile. Facebook offers a “privacy checkup” feature through which you can quickly review how your information is shared on the platform. It’s worth going through to see if you’re comfortable with what you’re sharing.
Also, there are ways to reduce the amount of information contained in the footsteps you leave behind.
Much of the information used by social media OSINT tools is harvested from media metadata. Basically, when you take a photo with your phone, it records a list of parameters, including time and position, and that info is included in the file.
There are many apps and online tools that can remove this information (called EXIF data, for photos). So consider running your pasta picture through one of these before sharing it to the world.
If you’re concerned about being tracked online, there are many browser plugins or extensions that block trackers and scripts monitoring your activities. All it takes to install them are a few clicks.
Many are now looking to not only lock down their software, but also their hardware as well. More and more secure phones are being released on the market that use encryption-focused versions of Linux or Android, and offer other features, such as removable batteries or kill switches for GPS, microphones, or cameras.
Sometimes it’s hard to be brave in this Brave New World. But maybe these tips might help.