In OSINT work, you can leave tracks even when you’re the one doing the tracking.
No matter how stealthy your efforts may seem - whether you’re profiling a target or collecting crucial data - your own OSINT digital footprint might be growing behind you. An OSINT investigator will often go to great lengths to follow another’s tracks and map their digital life; meanwhile, he or she may fail to hide the trail left behind in the process. The traces you leave behind make it easy for your quarry to turn your techniques back on you. And so, the hunter becomes the hunted.
That’s why it’s vital for all investigators to understand their own OSINT digital footprint. In this guide, we’ll show you all the tips and tricks you need to stay safe, gather all the intel you need, and get out without leaving a digital trace. Here’s how to stay untrackable.
What Is a Digital Footprint in OSINT?
In a casual context, a digital footprint might mean tagged Facebook photos or an old blog. But for OSINT investigators, this pool of data that makes up your footprint expands dramatically.
Your OSINT digital footprint is the trail of accessible data you leave behind while conducting open source intelligence research. This data is potentially dangerous, as it can give away key information to threat actors - such as your location, the status of your investigation, your goals and more.
Every search query, visited website, account login, and even passive network activity counts as a source for OSINT - data that can be tracked, logged, discovered… and potentially exploited. VPN logs, browser fingerprints, and even metadata in screenshots and scraped documents can all give away key information allowing threat actors to monitor, counter, and mislead or even target you.
If somebody knows you’re watching, you could be in big trouble. So the question is: how do you wipe your prints? How do you make your digital footprint disappear? How do you prevent your prey from sniffing you out? Well, here’s how.
Best Practices for Reducing Your OSINT Digital Footprint
If you’re looking at a guide written for OSINT investigators, you’re likely well aware of what information a digital footprint can provide. You’ve probably followed a trail in the past, dusting your prey’s digital prints for traces that might reveal truth. So it’s easy to see how somebody could do the same to you.
How do you avoid being traced? How do you prevent bad actors from seeing your steps and finding you out? The answer is to think of your investigation as a particularly delicate crime scene. But in this case, you’re both the forensics tech, the detective, and the suspect. You need to think of everything the tech could uncover, and how the detective (a.k.a. you) would use the information to convict yourself.
If this all sounds complicated - it isn’t. Here’s how the pros manage their investigations to stay clean and protect their OSINT digital footprint:
1. Use Disposable and Dedicated Infrastructure
First, the golden rule of keeping a clean OSINT digital footprint: nothing you do in your OSINT work should be traceable to your real identity or systems. So never conduct an investigation from your personal device or network.
That doesn’t mean you have to throw out your laptop and go buy a new one, though; use a virtual machine (VM) set up specifically for your OSINT work. By creating a “guest” machine on your “host” machine (like a more advanced version of a typical computer user profile) you can add an extra layer of remove - and an extra layer of security.
On top of this, you can layer your VM with Tor browser for yet another layer of security. Or, consider spinning up temporary cloud instances for risky tasks, then winding them down once your mission is complete.
2. Mask Your Browser Footprint
Did you know your browser could be leaving prints too? The average browser leaks far more information than you think: screen size, installed fonts, time zone, OS version, even battery levels. All this information could lead people to the type of machine you’re using, which they can then use as the basis for an investigation - or even to plan out counter-actions that could put your mission in jeopardy.
To protect your OSINT digital footprint, use hardened, privacy-focused browsers - like Mullvad Browser or Brave - with fingerprint randomisation extensions. Lastly, disable JavaScript unless absolutely necessary. Oh, and clear your cookies.
3. Segment your Identities
Spies have code names for a reason - splitting up your identity into different, specialised personas makes it much more difficult for adversaries to tie all your activity together under one name. OSINT investigators should do the same.
Create multiple personas for different investigation types; use fake-but-consistent backstories, email accounts, and browsing habits. Not consistent enough that somebody else could logically draw connections, but consistent enough for you to remember them. That way, even if you do leave an OSINT digital footprint, it won’t be traceable back to you.
4. Avoid Touching the Target
Where possible, avoid direct interaction with the subject of your investigation. Passive collection is by far the safest way to conduct an investigation. Web scraping, cached pages, archive tools, and domain intel via third parties can give you what you need - without leaving a print or alerting the other side.
The best protection is secrecy. Imagine you’re a hunter stalking in the forest; the moment the deer in your sights looks up and spots you, it’ll bolt - or worse, charge. It’s the same with an OSINT investigation. Nobody will notice your footprints - let alone follow them - if they never know you’re there.
5. Sanitise Your Tools and Metadata
Make sure you keep everything clean as you go, including when sharing pieces of evidence between investigators, or submitting them to a client. Before you share that PDF, image, or text doc with a client or analyst, be sure to strip its data with a specialised tool like ExifTool, MAT2, or BleachBit. This should scrub off any clingy creation details.
Remember, the GPS coordinates, dates and device details contained within image metadata are a goldmine for anyone seeking to find you. They could reveal almost every part of your OSINT digital footprint: the time your investigation took place, which machine you were working on, and more. It could even pinpoint you in geographical space with GPS - and it’s always better that your subjects don’t know where you live.
Final Steps: Why Your OSINT Digital Footprint Matters
Investigators need to protect our digital identities while conducting OSINT investigations. If we leave tracks in the digital dirt, we’re leaving ourselves open and vulnerable to a whole host of serious risks. If we know how to get the most out of data, we’d best believe our own techniques could be exploited by adversaries - if we give them the chance.
A well-managed OSINT digital footprint protects not only your anonymity, but also the integrity of your findings. If you're probing a malicious actor, state agency, or criminal group, then they could discover you and threaten the mission; either through putting out misinformation or craft counter-OSINT traps.
OSINT digital footprints matter from a legal and ethical standpoint, too. Collecting sensitive PII, or storing scraped data improperly can land you in regulatory hot water. Those who don’t know the ins-and-outs of GDPR, CCPA, and other Luckily, we’ve got some useful guides on OSINT in highly-regulated or risky environments - such as China, Africa, and the Dark Web - that cover key laws and common compliance missteps.
Want to learn more about protecting yourself while investigating? Check out our guide to OSINT and Cyber Hygiene.
What exactly does ‘cyber hygiene’ mean, and why is it so particularly important for investigators who rely on publicly available data? Let's break down scrubbing up.
Read more: Scrubbing Up On OSINT Cyber Hygiene (Best Practices)
