Reflections: OSINT tool, Privacy danger
Hey everyone! It has been long since I wrote here (again) and I am really sorry for that. Good thing OSINT Dojo helps me stay on track with its ranking system.
So, let’s jump in today’s topic: Reflections in OSINT and privacy. As previously noted, when conducting Open Source Investigations, you always need to have an out-of-the-box approach in each case. Each and every bit of breadcrumb can help you further investigate and reveal new ways to proceed. We people tend to pay attention to the things that interest ourselves in photographs and forget little details that might betray more than what we would want. If you see a reflection where it shouldn’t be in a photo, take advantage of it. Or I should rather say: search for reflections in photos! They are one of the most overlooked details in them.
So, let’s jump in today’s topic: Reflections in OSINT and privacy. As previously noted, when conducting Open Source Investigations, you always need to have an out-of-the-box approach in each case. Each and every bit of breadcrumb can help you further investigate and reveal new ways to proceed. We people tend to pay attention to the things that interest ourselves in photographs and forget little details that might betray more than what we would want. If you see a reflection where it shouldn’t be in a photo, take advantage of it. Or I should rather say: search for reflections in photos! They are one of the most overlooked details in them.
The lines following below are not only valuable to us as OSINT investigators, but also help us realize things that could leak personal information about us in general as potential targets of an investigation. Some details such as car plates and faces have been hidden to protect personal data.
Examples: Investigator’s point of view.
#1 Google Maps fail
You thought Google Maps always blurs out car plates? You thought well (for most of the times). But let’s see what happens with reflections. Although google tries hard to blur car plates in reflections too, under a specific angle, the algorithm is confused and leaves some of them exposed!
Take a look at this google street view in a random street in Athens, Greece. See that reflection in the store’s mirror? This photo was taken from the perfect angle leaving the plate number exposed!
Examples: Investigator’s point of view.
#1 Google Maps fail
You thought Google Maps always blurs out car plates? You thought well (for most of the times). But let’s see what happens with reflections. Although google tries hard to blur car plates in reflections too, under a specific angle, the algorithm is confused and leaves some of them exposed!
Take a look at this google street view in a random street in Athens, Greece. See that reflection in the store’s mirror? This photo was taken from the perfect angle leaving the plate number exposed!
Search around in your target’s area. You might get lucky with a car plate number.
#2 Google car fail
Wanted to know how that google car looked? Just meters away from the example above, some glass reveals it here!
Same goes for any car of interest!
#3 Revealing blurred building (and other) details
Google Maps tries hard to blur stuff on its own (not!) but some people also like to protect their buildings’ details from strangers (spoiler: they can’t). Let’s take a look at this blur building in Berlin.
Although it’s external details are already exposed by some random guy taking a photo (thanks random doe for ruining their flawlessly protected exterior) here, if we just switch our point of view here, we would have already found many details ourselves.
Using the reflections in the cars, details of the building are found easily. Let’s match them with the photo of our loving random Doe photographer.
#2 Google car fail
Wanted to know how that google car looked? Just meters away from the example above, some glass reveals it here!
Same goes for any car of interest!
#3 Revealing blurred building (and other) details
Google Maps tries hard to blur stuff on its own (not!) but some people also like to protect their buildings’ details from strangers (spoiler: they can’t). Let’s take a look at this blur building in Berlin.
Although it’s external details are already exposed by some random guy taking a photo (thanks random doe for ruining their flawlessly protected exterior) here, if we just switch our point of view here, we would have already found many details ourselves.
Using the reflections in the cars, details of the building are found easily. Let’s match them with the photo of our loving random Doe photographer.
I hope I am not the only one looking the same building details in these reflections!
P.S.1 The same principles followed for google maps photos, could be applied to any photo taken by any user. Reflections in store fronts or in car windows might help you geolocate where the photos were taken!
P.S.2 Google blurring algorithm is not perfect and has flaws anyway every now and then. Click around the area you are investigating and maybe you will get lucky without needing any reflections, to reveal car plates, faces or building exterior details.
Examples: Target’s point of view.
#1 Selling a mirror on Facebook
Your Facebook account might be private, but your marketplace photos are not. Since someone finds you within a specified range of proximity to himself, he not only has a (clear) photo of your face, but also a good understanding of your whereabouts. Pay Attention.
P.S.1 The same principles followed for google maps photos, could be applied to any photo taken by any user. Reflections in store fronts or in car windows might help you geolocate where the photos were taken!
P.S.2 Google blurring algorithm is not perfect and has flaws anyway every now and then. Click around the area you are investigating and maybe you will get lucky without needing any reflections, to reveal car plates, faces or building exterior details.
Examples: Target’s point of view.
#1 Selling a mirror on Facebook
Your Facebook account might be private, but your marketplace photos are not. Since someone finds you within a specified range of proximity to himself, he not only has a (clear) photo of your face, but also a good understanding of your whereabouts. Pay Attention.
#2 Selling Ray-Ban glasses on EBay
You wanted to sell your sunglasses on EBay as “used” with pick-up feature. Cool. But both your face and your location has now been compromised. You ‘d think that black coat in the sunglasses could protect you somehow? Guess again. Advanced techniques (well, not so much) can reveal more than you know. From the outline or brand of the cellphone you used to take that picture, to your painted nails and gender. All of that linked to your EBay username (I bet you use the same somewhere else, don’t you?).
You wanted to sell your sunglasses on EBay as “used” with pick-up feature. Cool. But both your face and your location has now been compromised. You ‘d think that black coat in the sunglasses could protect you somehow? Guess again. Advanced techniques (well, not so much) can reveal more than you know. From the outline or brand of the cellphone you used to take that picture, to your painted nails and gender. All of that linked to your EBay username (I bet you use the same somewhere else, don’t you?).
#3 Mirrors are not the only things that mirror
Trying to sell that TV but you never thought you were in danger since you are away from your mirror’s reflections. Not only you, but also your house’s outline and items may be of great value in an investigation about you. I once linked two different advertisements with the same person, because in the first one his face was shown and in the second one, the same background of his house interior was shown (although face was hidden this time). Small things that seem irrelevant may be linked together to form a bigger picture about you. Keep that in mind.
Trying to sell that TV but you never thought you were in danger since you are away from your mirror’s reflections. Not only you, but also your house’s outline and items may be of great value in an investigation about you. I once linked two different advertisements with the same person, because in the first one his face was shown and in the second one, the same background of his house interior was shown (although face was hidden this time). Small things that seem irrelevant may be linked together to form a bigger picture about you. Keep that in mind.
#4 Relatives caught in a photo
Ok that’s just a funny picture I got from the internet. But anyway, you get the point. You might not care for yourself but I can see your grandma in the photo you took. You would be surprised how many times this may happen
Ok that’s just a funny picture I got from the internet. But anyway, you get the point. You might not care for yourself but I can see your grandma in the photo you took. You would be surprised how many times this may happen
Remember to always search for the right angles if given the choice.
Want more? Take a look at this article written by @nitr0usmx.
Thanks for reading. Hope you have enjoyed it. Till next time, stay healthy!
Thanks for reading. Hope you have enjoyed it. Till next time, stay healthy!
This comment has been removed by the author.
ReplyDelete