I've been practicing OSINT for a few years now. In that time, I've discovered things that made my jaw drop - and I didn't break a single law doing it.
Here are the creepiest (and completely legal) discoveries that keep me up at night.
1. Real-Time Location from Public Fitness Data
People share their running routes on Strava. Those routes show exactly where they start and end their runs - usually their home.
I once found a military base's internal layout because soldiers were logging their jogs. The Pentagon had to issue guidance about this.
Your morning jog is broadcasting your address.
2. Baby Photos with GPS Coordinates
Proud parents post photos of their newborns. Those photos often contain EXIF metadata with exact GPS coordinates.
I've seen birth announcements that accidentally revealed:
- The hospital room number
- The parents' home address
- The grandparents' house
- The daycare location
All from metadata in cute baby photos.
3. Corporate Secrets from LinkedIn
People list projects on LinkedIn before they're public. I've found:
- Unannounced product launches
- Acquisition targets
- Upcoming layoffs (when recruiters suddenly connect with everyone)
- Security vulnerabilities ("Implemented fix for...")
Your resume is intelligence gold.
4. Home Security Systems... and Their Weaknesses
People post photos of their new Ring doorbells and security cameras. Those posts reveal:
- Camera blind spots
- Brand and model (with known vulnerabilities)
- WiFi network names
- When the house is empty (posting from vacation)
You're showing burglars your security setup.
5. Medical Information from Wearables
Public health data from fitness trackers can reveal:
- Sleep disorders (from sleep tracking)
- Heart conditions (from heart rate data)
- Pregnancy (from period tracking apps that suddenly go quiet)
- Depression indicators (from activity levels)
Your watch is a medical record.
6. Financial Situations from Venmo
Venmo transactions are public by default. I've seen:
- Rent amounts and landlord names
- Drug transactions (people are not subtle)
- Divorce proceedings in real-time
- Affairs ("hotel 💕")
- Gambling habits
Your payment history tells your life story.
7. Password Hints from Social Media
People answer "fun quizzes" that ask:
- Your first pet's name
- The street you grew up on
- Your mother's maiden name
- Your high school mascot
These are literally security questions. You're giving away your passwords.
What This Means for You
Every piece of data you share becomes part of a larger puzzle. Individually, these things seem harmless. Combined, they're a complete profile of your life.
Quick Protection Steps:
- Strip metadata from photos before posting
- Audit privacy settings on all accounts
- Vary your security questions (lie creatively)
- Review public fitness data and set it to private
- Make Venmo transactions private
- Google yourself regularly - CloudSINT can help automate this
The Uncomfortable Reality
Nothing I described is hacking. It's not illegal. It's not even particularly difficult.
It's just paying attention to what people freely share.
The scariest part? Most people have no idea how much they're revealing.
Now you do.
Want to learn more OSINT techniques? Join the CloudSINT Discord - we discuss privacy, security, and digital investigation.
Top comments (0)