I recently watched a video about OSINT and learnt it can be quite a powerful agent. I've been on the internet for years, and at this point I'm not sure what I've posted and where.
Given this is now a form of recon in cybersecurity, do you have tips on how one can protect themselves against it?
Open source intelligence has been around for sometime even though it's received attention only in the recent past. Here's what I do to keep a check on myself.
Have you ever googled yourself? Try to gather information on yourself using OSINT techniques. Start somewhere, perhaps your most common username you use to access this website and move on from there. There are various tools available to search for usernames on the internet. You'll be able to find where you've signed up with that alias. Many times, it will be in places you don't even remember signing up at. Read through the posts and see how much information about you is given out. In the meanwhile, start making a profile of yourself based on the information you've found. You'll be surpirsed what you end up with for each post you might've made or replied to will have something unique to tell about you. You might sometimes even find older usernames you used to use somehow having a connection. Branch out from there, search around for that now, all while noting your findings down. By now, you have a fair idea on the person's likes, dislikes, interests, views, etc. Now, in my opinion, things get dangerous when you can connect a person's online identity to their real identity. In some cases, you do it intentionally, in other cases, it happens unintentionally. You find a post that leads you to a username, that leads you to a blog post, that leads you to the user's LinkedIn profile. And now you have rich information on that person.
There are many great tools for reconning people. Google search filters being the first best example to really help you narrow down results. Your info is out there, it's just a matter of finding it. Here are some other tools that can help. http://pipl.com http://192.com http://searchpeopledirectory.com
Once you've gathered a good amount of information on yourself, you need to start evaluating what do you want everyone to know, what should be seen with limited access (friends on facebook, connections on LinkedIn, etc), and what is up there but really shouldn't have been. Once you have this, you can backtrack, find these sources and tidy them up. You can also get a close friend to do the same recon on you to get a different perespective, maybe she finds something different about you.
I make it seem like the internet is bad, it really isn't. Some people like sharing and interacting with the community, posting things, tweeting their opinions, sharing experiences. And this is fine, as long as you know what you're doing and are okay with it. The internet is absolute, once it's up there, if you forget about it, it's going to be up there forever. So know that if you post something, don't be surprised if someone you've never met knows a lot about you. Even if it is a private forum, share assuming everyone is watching.
This entire thing is not a one time effort. I like doing it every now and then for I do a lot of things without realizing the impacts of it. As time goes by and your awareness increases, you'll automatically have a filter in your head that raise red flags if you're sharing something you shouldn't be. Some call it paranoia, I call it necessary (in limits).
Bottom line, get used to the fact that what you share on the interent is probably going to be seen by a lot more people than you'd expect and might tell a lot more about yourself than you'd have thought. Once you have this implicit filter in your head, you can control how much someone can gain on you with an OSINT based attack. Apologies if this answer is largely unstructued. There's no right or wrong answer here. Read other answers, get some ideas and make your own model. Goodluck!
