Personal OSINT: How to safeguard your public data
DOES THE FOLLOWING SOUND LIKE YOU OR SOMEONE YOU KNOW?
So, I have a profile online in { FACEBOOK, LINKEDIN, INSTAGRAM }. This data is already public. I also know that there have been past issues with data, but I’ve configured my accounts to only target the people I really want to see my stuff.
In any case, I’m already out there, have accepted the risk and have nothing to hide.
There are plenty of reasons you should care, and let me give you a hint – it’s not about what you actually post on these sites. It is much worse.
It’s about your email address.
This short talk will use open source tools to show how an investigator OR bad actor could use an email address to probe a target’s public information and use it for nefarious purposes.
From there, we will elaborate on ways said email address can be leveraged into higher levels of creepiness or invasion of privacy.
Attendees will come away with:
- Awareness of how contact info should be guarded
- Clues of how to fix past damage
- Concrete guidance about how to act moving forward
Presenters
Nadine Whitfield, ThoughtWorks
Polyglot developer with an eye towards security, automation and quality.