What is OSINT, and why should you care?

You may have seen the term OSINT in the news, especially in connection with conflicts and criminal investigations. But what is it really, and why is it relevant for ordinary people?

OSINT in brief

OSINT stands for Open Source Intelligence, meaning intelligence based on open sources. It means collecting, analyzing and cross-referencing information from publicly available sources to build a picture of a person, company or situation.

"Open sources" doesn't mean "hacked data" or "secret information". It means:

• Public registries (company registers, land registry, tax records)
• Social media (Facebook, Instagram, LinkedIn)
• News archives and newspapers
• Court decisions and legal records
• Phone directories and address registries
• Freely available databases and websites

Who uses OSINT?

• Police and intelligence: Mapping networks, finding missing persons, investigating crime
• Journalists: Uncovering corruption, verifying sources, investigative reporting
• Businesses: Due diligence before mergers, background checks on partners, compliance
• Recruiters: Checking candidates beyond the CV
• Private individuals: Checking landlords, dating partners, or their own footprint

Bellingcat, the world-famous OSINT group, used open sources to prove who shot down MH17 over Ukraine. Same method, just on a much larger scale.

How does it work in practice?

1. Collection: Search dozens of registries and sources in parallel. Name, address, companies, legal history, media, social media.
2. Cross-referencing: Verify each piece of information against at least two independent sources. An Instagram profile with the right name isn't enough. It must also match location, age, or employer.
3. Analysis: Build a coherent picture. Who is the person? What's the network? Are there red flags?
4. Reporting: Present findings with source references and confidence ratings.

Is it legal?

Yes. OSINT is based exclusively on legal, publicly available information. No hacking, no illegal surveillance, no system intrusion.

For professional services, GDPR Article 6(1)(f) applies: legitimate interest. This means the client must have a valid reason, such as risk assessment before hiring, renting, or business partnerships.

What does it mean for you?

• You can use it: Check who you're dealing with before entering an agreement, renting out your home, or meeting someone from an app.
• Others use it on you: Employers, landlords and business partners are probably already checking you. Do you know what they find?

Curious about what exists about you? Order a digital footprint analysis and find out exactly what others can see. Or need to check someone else? A background check gives you the answers.