On this page you will find some Tips that I have posted on Twitter. Due to the ever changing worlds of Cyber & Digital I have included the date of when I posted the Tip.
UK Vehicle OSINT
If you have an image of a UK vehicle and you can see the vehicle registration plate, look closely at the bottom, the postcode of the supplier maybe present, important for private plates as it may give you an indication of the general geolocation of the owner.
For new cars the registration plate will give you the local DVLA location of where the vehicle was registered.
Telegram Osint Investigations
Top Tip – Privacy Checkup
If you are just getting into Telegram Osint, I posted on Twitter recently, here are the links I have collected to usefiul, blogs, videos and tools. You will find within the blogs links to other resources.
Disable Apple’s U1 Tracking Chip
Top Tip, when researching Telegram don’t forget your OPSEC, If you are downloading channels or accounts, use a virtual machine and anti virus software. You just do not know what is in the content you download.
Telegram Research without an Account
Top Tip – If you are researching Telegram, anyone can open a t(.)me link to see profiles, posts or entire public channels without the need to download Telegram, use the preview button.
Telegram Phone Number Search
Top Tip – Telegram Phone Number Links. Post or share a t(.)me link to let others contact you, based on a your phone number.
The links will follow the phone number privacy settings – if a user isn’t allowing others to find them by their number the link will not work. If everyone can find the user the link appears to be public and can be searched in the same way as you would a t(.)me username in a browser, https://t(.)me/+7????
If you are searching for numbers you will see a link asking you to open a chat. if you have not got Telegram, there is a link do that allows you to download it.
Protect Your Local Account With Yubikey
If you do not want to set up a Microsoft Windows account but want to use a Yubikey on a local account, download the Yubikey client from the @Yubico website.
Probably the only argument I hear against using Signal is the fact that you have to use a phone number. Well there is a work around where you do not need to use your real number. If you are fortunate enough to live in a country where you can buy SIM cards with no issues, then use a different number to verify your Signal Account.
Download the Signal App or reinstall it. Place the new SIM in your phone or a donor phone (Preferred) to receive your verification code.Once you have verified your account, you then need to lock the donor phone number to your Signal account, as the network at some stage will reclaim the number if it is not used.
iPhone users: Click Settings > Account > Registration Lock > Enabled
Android users: Click Settings > Account > Registration Lock > Enabled
Enter a PIN. This PIN will prevent your number from being re-registered from a different device.
By doing this you keep your real mobile number secure from being searched on Signal’s server and also from your friends, who will no doubt save your number to their contacts, which they then sync across all their apps.
Android OSINT Recording
For those of you who use mobile phones for OSINT, you may want to try the built in screen recording function to capture your OSINT research. No need to cast your screen or download third party software to your desktop.
Record your phone screen
Swipe down twice from the top of your screen.
Tap Screen record.
(You might need to swipe right to find it. If it’s not there, tap Edit and drag Screen record to your Quick Settings.)
Choose what you want to record and tap Start. The recording begins after the countdown.
To stop recording, swipe down from the top of the screen and tap the Screen recorder notification.
Find screen recordings.
Open your phone’s Photos app Photos.
Tap Library and then Movies.
Android 12 Privacy
Have you updated to Android 12? Here is an article that talks you through some new privacy settings that you should consider.
Using a VPN may not protect you from apps or websites finding your real location, as they can read your system data. Try LocateJS to see if you are still leaking your location.
Google Locked Folder
How to enable and set up a locked folder in Google Photos
Launch the Google Photos app.
Tap on the Library tab at the bottom of the page.
Tap on the Utilities button at the top of the page.
With the Locked Folder set up, you can move photos from your account directly into the Locked Folder.
Mobile Phone Privacy
Be careful what details you disclose in your emergency contact or medical information. Remember it can be accessed by anyone form the locked screen of your mobile.
They simply have to press the emergency call icon to access the information you have put.
Don’t over expose yourself unnecessarily as the information could be used to smish or phish you, or identify your home address.
You can also protect your mobile number by restricting who it is displayed to when you call anyone. You can do this in the settings of your phone.
Android (Will vary) – Phone Icon – Settings – Calls – Additional Settings – Caller ID
Apple – Settings – Phone – Calls – Show My Caller ID
3 ways to check a number on WhatsApp without syncing your contacts.
Privacy Health Check
https://clickclickclick.click – fun example of how websites interpret your behaviour.
https://themarkup.org/blacklight – tells you what trackers and cookies a website is using.
https://tosdr.org/ – rates the term of services of a website.
https://www.securemessagingapps.com/ – rates messenger apps.
https://justgetmydata.com/ – tells you how to obtain your data.
https://browserleaks.com/ – browser fingerprinting tools.
Use Windows Offline
I know Windows is not the best for privacy. That may even be an understatement, however so many people us it. This article explains how to circumnavigate Windows forcing you to create an online account.
Find Keywords in a YouTube Video
• Open the video in question
• Click on the three horizontal dots
• Open Transcripts
• Ctrl+F (or Cmd+F)
• Type in, “Keyword”
Probably one of the easiest things you could do to protect yourself, if your files are ever infected with malware, is to have an offline backup.
Researching LinkedIn without an account. Try Bing as your search engine. I have had some good responses to it allowing me to see the landing page of a profile, even when using a VPN however the lifespan of this access is limited when using one. I still prefer the power of Google advanced search operators but try Bing’s it throws up some good results too. Mix and match for best results.
Apple Air Tags & Samsung Smart Tags
With the emergence of Apple Air Tags & Samsung Smart Tags, now maybe is a good time to turn off Bluetooth, Location Services and Find My Phone. These little devils utilise your Bluetooth and Location to work out where they are.
If you are lucky enough to own an Android you can also switch off Bluetooth scanning in your settings. Apple doesn’t allow you to do this as apparently, it affects their ability to provide precise location data.
Settings – Location – Wi-Fi Bluetooth Scanning (May differ with Android manufacturer)
OSINT & Hardware Acceleration.
If you use @hunchly and @VMware virtual machines together for your OSINT you may have issues around colour opacity, this can be a result of, “Hardware Acceleration”
It can be remedied in either the settings of the VM or the Browser you use, by disabling hardware acceleration.
Email & Mobile Hygiene
Take a stepped approach to the use of emails and mobiles, Primary, Secondary & Disposal:-
Primary email and mobile for the financial side of your life. Never share them with anyone, including family.
Secondary can be used for less important matters, such as online services or memberships, where you have regular contact.
Disposal or Alias use when you are purchasing online where there is no need to create an account.
For those of you who live in Europe, do you ever click on the Cookie options popup or do you just press accept? For privacy reasons, don’t select the default, accept all. Click and manually only allow, essential options. Some sites have a frightening array of trackers deployed.
One of the be benefits of @MySudoApp is you can keep your all important network mobile number safe. The number you use for banking that you also use on SM & IM platforms as well as buying online. Keep it safe, MySudo is one way you can. Reduce the risk of smishing.
I know the cost of hardware to support sock accounts in OSINT can sometimes be an issue. Android phones now come with the facility to create a separate user account.
Samsung phones also have the Knox vault which enables you to have a second account secured in the vault with its own apps. (Not available on every model)
Maybe a good Privacy & OPSEC tool too.
I want to share two little tricks that may help with privacy & cyber-security. Consider creating two accounts on Windows, an Admin & User. By only being a User you will need to use a password to carry out certain task, like exe a program. This may safe you from certain Malware.
Some Malware require Admin privileges. Also it is a safeguard from accidentally opening something you didn’t want to.
Why not consider a virtual desktop, if in these times you are working agile and sharing your desktop on meetings. WIN + Ctrl + D will create a second desktop.
If you are interested in the Privacy of your Firefox browser, use this link to see what you are leaking https://inteltechniques.com/logger/ then use this link to adjust the Privacy settings https://restoreprivacy.com/firefox-privacy/ and then try the first link again.
Photo Privacy & OPSEC
Privacy tip, if you have a Google account don’t forget to enable, ‘Remove geo location in items shared by a link.’ This setting relates to photos you have taken and shared. You can disable, ‘Save location,’ in your cameras settings too.
OSINT & Privacy tip, I’m not a massive user of Chrome mobile browsers but in the settings – privacy you can set secure DNS to one of your choice, Cloudflare is also a default option.
If you want permanent Chrome incognito browser on your mobile. Menu -> Long press on Chrome Icon.
Long press on the Incognito tab or drag and place the Incognito shortcut to home by holding the dual horizontal lines. You can now directly open Incognito mode.