OSINT: Tips for keeping ourselves safe online

In OSINT, operational security (OPSEC) involves developing and adopting a process to protect our online identity. This is not an unnecessary detail; on the contrary, it is a crucial step that must be taken before starting any open source investigation.

Concealing our tracks during an OSINT investigation is essential to ensure that, from the perspective of the people we are targeting, we remain anonymous. This not only prevents them from changing their behaviour in any way, but it also protects us from potential threats posed by the people and organisations targeted by our research.

Here are a few pointers for amateur OSINTers who want to start their first investigations and keep themselves safe online.

Always compartmentalise

Working in an exclusively OSINT environment is an excellent step to take before starting any open source investigation. Our personal devices and accounts contain a variety of information that can leak out during our online investigations, providing clues that targets can use to track us down. Separating our personal lives from our OSINT activities avoids any cross-contamination and eliminates the risk of targeted individuals or organisations identifying us.

If you don’t have a second computer specifically for your investigations, you should create and work from a separate non-administrator account on your computer to give you that extra layer of protection. You could also work from a virtual machine installed on your computer, particularly if your research takes place in more obscure, less moderated online environments, such as the dark web.

Create fake accounts (and keep them active)

When it comes to harvesting information from social media, it’s essential not to use your own personal accounts. Some social media sites (LinkedIn, for example) notify users when someone visits their profile. This can partially or fully reveal the researcher’s identity.

By using fake, or “sock puppet”, accounts, you reduce the risk of inadvertent mistakes, such as accidentally revealing your true identity when you react with a “Like” to an online post.

Several free tools exist to boost the credibility of your sock puppet accounts. For example, Fake Name Generator lets you quickly generate first and last names, while This Person Does Not Exist generates realistic photos of non-existent faces that we can use as profile pictures for our fake online accounts.

Use a virtual private network (VPN)

Website administrators can easily trace the IP address of a researcher who’s visited their platform. To remain anonymous while you’re browsing, it’s best to use a VPN (Virtual Private Network), which conceals your IP address and therefore your identity. There are plenty of VPN solutions available, so make sure you read the terms of use carefully and choose the most secure VPN possible.

Use the available tools

A wide range of tools – most of them free – are available to help us search different social networks simultaneously, identify users of obscure forums or access various databases. But how do we choose these tools wisely and avoid unpleasant surprises?

There are no shortcuts to making sure we’re equipped with tools that will really help us in our investigations: investing time in researching them is key. We recommend visiting forums and other sites set up specifically for OSINT researchers, such as Bellingcat’s Discord channel, where OSINT professionals and enthusiasts share tips and tricks for optimising the tools available to the community.

Never work without a threat model

Lastly, the level of protection we need varies with the type of investigation we’re carrying out. For example, GEOINT (geolocation) research will require fewer precautions than SOCMINT (social media intelligence) or dark web research. This is why it’s crucial to develop our own individual threat model, one that not only identifies and prioritises the actual and potential threats to which we’re exposed, but also defines practical steps to mitigate these risks.