OSINT: What a Complete Stranger Can Find Out About You in 30 Minutes

I want to make you uncomfortable for a few minutes. Not to scare you, but to show you something that most people don't realize until it's too late.

OSINT — Open Source Intelligence — is the practice of gathering information about a person or organization using publicly available sources. No hacking required. No special software. No illegal access. Just a web browser, free tools, and a bit of patience.

Intelligence agencies use OSINT. Journalists use it. Private investigators use it. Employers use it to screen candidates. Lawyers use it to research opposing parties. Stalkers use it to find targets. Scammers use it to personalize attacks.

And here's what's unsettling: with just your name and approximate location, a motivated stranger can usually discover the following about you in under thirty minutes.

What's Discoverable (And How)

Your Full Name, Age, and Address

People search sites — Spokeo, BeenVerified, TruePeopleSearch, FastPeopleSearch, WhitePages, and dozens of others — aggregate public records into searchable profiles. Enter a name, and you'll often get: current and previous addresses, phone numbers, email addresses, age, names of relatives and associates, and sometimes property ownership records.

We covered how to remove yourself from these sites in our data broker guide. But if you haven't actively opted out, your information is almost certainly sitting on multiple people search platforms right now.

These sites compile data from voter registration records, property records, court filings, commercial data purchases, and social media scraping. The information is legal to collect and legal to display. And it's available to anyone who visits the site.

Your Workplace and Job Title

LinkedIn is the primary source. Even if your profile is set to "private," your name and headline are often visible in search results. Your employer's website may list you on their team page. Conference programs, published papers, professional directory listings, and industry publications all create breadcrumbs.

For many professionals, a Google search of their name plus their city returns their LinkedIn profile, their employer, and their role within the first few results.

Your Photo and Physical Appearance

Social media profile pictures — even if the account is private — are often cached by search engines or visible in search results. A reverse image search (using Google Images or TinEye) can find everywhere that photo appears online, including sites you may have forgotten about.

Photos tagged by friends, group photos from events, race results with finisher photos, conference speaker pages — all of these create a visual trail.

Your Daily Routine and Habits

If you use social media publicly — posting about your morning coffee spot, checking in at your gym, sharing your running routes on Strava, posting from your favorite restaurant — you're broadcasting your physical patterns to anyone watching.

Strava's public activity maps have been documented revealing the locations of military bases, intelligence facilities, and individuals' home addresses based on where running routes start and end. The same principle applies to your personal activities.

Your Family and Relationships

Facebook friend lists (if public), tagged photos, mutual connections, and public posts about family events create a map of your social network. People search sites often list "known associates" and "relatives" alongside your profile.

An attacker building a social engineering campaign against you will study your family connections to craft convincing pretexts: "Hi, I'm a friend of your sister's — she mentioned you work at..."

Your Political Views and Affiliations

In many US states, voter registration is public record and includes your party affiliation, voting history (not how you voted, but whether you voted in each election), and your registered address. This information is available through state databases and is compiled by people search sites and political data vendors.

Social media activity — likes, shares, group memberships, public comments — reveals political orientation even if you never explicitly state it.

Your Financial Profile (Estimated)

Property records reveal home ownership and property values. Court records reveal lawsuits, bankruptcies, and liens. Business registrations reveal business ownership. Combined with employer and job title data from LinkedIn, a reasonable estimate of someone's income bracket is achievable without accessing any private financial information.

Your Email Addresses and Online Accounts

Have I Been Pwned reveals which data breaches include a given email address. Tools like Holehe (for security researchers) can check which online services are associated with an email address. Even just searching an email address in Google can reveal forum posts, mailing list archives, and account registrations.

The 30-Minute OSINT Self-Audit

Want to know what's exposed about you? Do exactly what a stranger would do.

Step 1 (5 minutes): Google yourself. Open an incognito window. Search your full name. Search your name plus your city. Search your name plus your employer. Search your email address. Search your phone number. Note everything that comes up on the first three pages.

Step 2 (5 minutes): Check people search sites. Visit TruePeopleSearch, Spokeo, and FastPeopleSearch. Search your name. See what they have.

Step 3 (5 minutes): Check your social media visibility. Log out of each platform and try to view your profiles. What can a stranger see? Profile photos? Posts? Friends list? Check-ins? Employment info?

Step 4 (5 minutes): Check your other digital traces. Search for your username if you use the same one across platforms. Check if your email appears in breaches at Have I Been Pwned. Search for your name on Reddit, forums, or community sites you've participated in.

Step 5 (10 minutes): Assess and act. Make a list of everything you found that you're uncomfortable with. Prioritize what to fix first. Start with the highest-impact items: people search opt-outs, social media privacy settings, and removing sensitive information from public profiles.

How to Reduce Your Exposure

Opt Out of People Search Sites

This is the highest-impact action. Follow the opt-out procedures for each major people search site. We detailed the process in our data broker removal article — either manually or through services like DeleteMe or Incogni.

Lock Down Social Media

Set all profiles to private if you don't need a public presence. Remove your phone number, email, and physical address from your profiles. Disable location tagging on posts. Review and prune your friends/followers list — especially on platforms where friends can see your activity.

Turn off "People You May Know" suggestions, which can reveal your connections to strangers.

Remove Your Information from Google

Google's result removal tool lets you request removal of personal information from search results — including phone numbers, email addresses, and physical addresses. This doesn't remove the information from the source website, but it prevents it from appearing in Google searches.

Use Separate Identities for Different Contexts

Don't use the same username, email address, or profile photo across every platform. Cross-platform consistency makes it trivial to link your accounts. Use email aliases for different services.

Be Deliberate About What You Share

Every photo you post, every check-in you make, every comment you leave, every group you join creates data that can be discovered. This doesn't mean you should never share anything. It means you should share intentionally, understanding that anything public is permanently discoverable.

Before posting, ask: would I be comfortable with a complete stranger seeing this? If the answer is no, don't post it — or restrict who can see it.

Why This Matters

OSINT isn't just an abstract privacy concern. It's the foundation for targeted attacks.

Every pig butchering scam begins with research about the target. Every spear phishing email is personalized using publicly available information. Every social engineering attack exploits details that the attacker found online. Every sextortion scheme against a teenager starts with studying their public profiles.

The less information about you that's publicly available, the harder it is for anyone — scammers, stalkers, data brokers, or malicious strangers — to target you effectively.

Your digital footprint is your attack surface. Shrink it.