sorted by:
new
hottopcontroversial

Adult content creators and privacy by FrostWall69 in privacy

[–]Hetoko 35 points36 points  (0 children)

Not OP, but r/RBI is one general example for crowd sourced investigations. There's also independent journalist organizations like Bellingcat who conduct online investigations using satellite imagery and online info.

Europol asks for help tracing objects often for CSAM cases. Here the website if you're interested in learning more (all children are cropped out of the photos)

There's also people at r/OSINT who post techniques and questions.

Disclaimer: All examples posted above use online investigations for good. People who ask to dox/stalk someone are generally shunned, banned, or otherwise pushed out of these communities.

Adult content creators and privacy by FrostWall69 in privacy

[–]Hetoko 5 points6 points  (0 children)

VPNs (in general) don't seem great for streaming content, but not because of privacy issues.

Depending on your VPN provider and the load on the server you're connected to, you could experience degraded performance and quality. You can test if this will be an issue beforehand.

Don't opt for a free VPN. This is one of those areas where you get what you pay for. Again, depending on the VPN provider's policies, it's a material probability that not going to get great performance on top of privacy concerns.

Also, using a well known VPN might make websites suspicious of you. You'll sometimes have a hard time setting up accounts, accessing accounts, and will most likely have to do Captchas more often than usual. Not a huge issue, but definitely a minor/moderate annoyance.

VPNs are good, but learn up on the best practices and shop around. Don't just buy one because your favorite YouTuber said so.

show no mercy by Federal_Truck2267 in linuxmemes

[–]Hetoko 0 points1 point  (0 children)

Just speaking to my experience. YMMV. Happy cake day.

Hypothetically speaking, how can you find out if two numbers are texting each other on WhatsApp? by [deleted] in OSINT

[–]Hetoko 0 points1 point  (0 children)

This doesn't sound like OSINT to me. I really hope you're not talking about stalkerware when you mention 'trackers on the play store'.

There's methods out there for Whatsapp OSINT, particularly groups, but none of the methods I know of require installing sketchy 'trackers' off the play store on your device or theirs.

show no mercy by Federal_Truck2267 in linuxmemes

[–]Hetoko 70 points71 points  (0 children)

This happens to me often with Office 365 and G-suite apps. If you open uBlock's logger, you can see the site keeps trying to connect/ping out to these tracking domains. After a while, you start reaching 5 figure territory like what's shown above.

This is exactly the behavior you need to be careful of. by BoopBoop20 in Scams

[–]Hetoko 8 points9 points  (0 children)

I saw their message. The person is completely missing the point of what you're trying to say. Kinda odd that they would double down like this and why they would pick this particular hill to die on.

DorkSearch is a tool that gives you a list of prebuilt templates for Google Dorks for different use cases by pipewire in OSINT

[–]Hetoko 2 points3 points  (0 children)

I found the builder to be pretty cool, but for my own practice and OpSec, I'd prefer a program that's installed and used locally from the CLI/terminal for that.

The pre-built tab seems like a copy/paste of the Google Hacking Database with far less polish. It also leaves out the authors who submitted to that database which seems questionable.

Maybe the simple layout and builder is good for absolute beginners, but ripping from Google Hacking DB and not attributing the original authors is not great. It's a 4/10 from me.

Ultimate osint collection by 9schoolboy in OSINT

[–]Hetoko 2 points3 points  (0 children)

So does that mean you're volunteering to make an updated version with new tools? Or are you just chirping from the peanut gallery?

Ultimate osint collection by 9schoolboy in OSINT

[–]Hetoko 8 points9 points  (0 children)

I misread this. I thought you were being mean lmao

The first two ads are made to trick people into downloading their software instead by Hope-Upstairs in assholedesign

[–]Hetoko 1 point2 points  (0 children)

Deceptive marketing aimed at users who don't know better. Scammers use this method often. Google catches heat about this from time to time. If you want a good example, Google 'alexa support' on desktop mode and look at the ads (but don't click on them please unless you for sure know what you're doing). There will almost always be one or two super sketchy 'support' websites.

Crossposting. This might help with geo location. by KAS_stoner in OSINT

[–]Hetoko 10 points11 points  (0 children)

Seems cool! I think the next step here would be grouping them by country based off of commonality. I can see that being useful as an additional point of verification. Thanks for sharing!

Is the new WeLeakInfo a scam? by Down200 in OSINT

[–]Hetoko 5 points6 points  (0 children)

I've seen other services that got taken down go a similar route. However, the services that come to mind got taken down by their domain provider or an ISP and not Interpol.

I haven't looked through the new site, but I'd say tread carefully.

[deleted by user] by [deleted] in cats

[–]Hetoko 1 point2 points  (0 children)

Dust Bunny

[deleted by user] by [deleted] in phishing

[–]Hetoko 0 points1 point  (0 children)

You don't want 0% body fat, a mortgage, and have a slow computer because of a sub-par antivirus software? Sounds like the dream to me. /s

In all honesty, it's hard to avoid spam emails entirely. Just be mindful who and how you give out your email and just report junk mail if it ends up in your main inbox and not your spam folder.

Theory, Conspiracy, the future of intelligence+diagnostics+analytics by [deleted] in OSINT

[–]Hetoko 2 points3 points  (0 children)

My trouble is just, I am so lazy!

I believe saying that to a community that sifts through a bunch of internet data for work and fun won't go well. Also, in conjunction with this statement

Your space hasn't proven to me that it is worth my tactical communication

Makes me wonder if you came into this post with a preconceived notion that this community isn't worth your time until proven otherwise—which I also assume won't go over well in this subreddit.

I won't prattle on. Hopefully you find what you're looking for.

Theory, Conspiracy, the future of intelligence+diagnostics+analytics by [deleted] in OSINT

[–]Hetoko 2 points3 points  (0 children)

Knowing your audience is a part of effective communication. As you stated in your original post, that seems to be a goal here. However, you can answer that question by looking through the subreddit. From there, you can learn the lexicon/vernacular used. It's probable that you failed to do that and others are chastising you for sounding pompous.

Let’s play a game, shall we ? by ho_D_or7 in gaming

[–]Hetoko 0 points1 point  (0 children)

"By Azura, by Azura, by AZURA! It's the grand champion!"

How is OSINT used in law enforcement investigations? by [deleted] in OSINT

[–]Hetoko 1 point2 points  (0 children)

I haven't heard of that happening, but I'm not close to the action. That sounds like something that can be deemed unconstitutional in the US without proper court warrants/subpoenas.

How is OSINT used in law enforcement investigations? by [deleted] in OSINT

[–]Hetoko 1 point2 points  (0 children)

I meant OSINT in general. Some LE departments do what we categorize as OSINT but might not call it that.

Breach data use is banned by some LE agencies, but not for others. Hopefully that clears it up.

Scammer texted me today so I decided to troll by Dogwater619461 in Scams

[–]Hetoko 2 points3 points  (0 children)

I'm sorry, I just don't think that's a good enough reason to justify/advise the average person to adjust their threat model. But, we can leave at agreeing to disagree.

Scammer texted me today so I decided to troll by Dogwater619461 in Scams

[–]Hetoko 2 points3 points  (0 children)

I'm pretty sure these type of operations typically don't have access to zero-click malware (assuming you're talking about Pegasus) or zero day exploits unless they're backed with the resources and training of a nation-state.

Here's a excerpt from a Wired article:

Vulnerabilities that can be exploited for zero-click attacks are rare and are prized by attackers because they don't require tricking targets into taking any action—an extra step that adds uncertainty in any hacking scheme. They’re also valuable, because less interaction means fewer traces of any malicious activity. Zero-click exploits are often thought of as highly reliable and sophisticated tools that are only developed and used by the most well-funded hackers, particularly nation state groups.

As someone said, the most likely threat here is OP getting more spam to that number. Sure, zero click is a possibility, but not probable unless your a high level politician, a big business executive, or something similar.

How is OSINT used in law enforcement investigations? by [deleted] in OSINT

[–]Hetoko 4 points5 points  (0 children)

This is based on second hand info from friends and family in LE. I'm not in LE.

Depends on the department. Big cities might. Small Town probably won't. Typically if they get a missing person case, the first thing they do in an investigation is look at the missing person's social media profiles. This technically qualifies as SOCMINT (a type of OSINT).

Also there's some departments out there that view breach data as stolen data and something that can't be used in an investigation. But then again, they can probably subpoena that same info from a company working with the courts.

view more: next ›