Top Tips

Top Tip How to clean a URL.

Earlier today I posted about an update to Google Lens. The original URL had tracking code written into it. I removed this before posting the article. As you can see the URL is quite long,

https://www.androidpolice(.)com/google-lens-record-videos-to-add-voice-context-searches/?taid=66b06a6e62766e0001736f08&utm_campaign=trueanthem&utm_medium=social&utm_source=twitter

By removing everything after the ? you are left with a clean URL

https://www.androidpolice(.)com/google-lens-record-videos-to-add-voice-context-searches/

05/08/2024

It has been around for some time now, on Android you can verify an image by using About This Image tool.

https://blog.google/products/search/about-this-image-google-search/

When you send a message to a new person on Signal (Mobile) you have to wait for them to accept the message before you see any of their details, on the desktop app (Synced with your mobile account) however it populates their details. Very useful when carrying out the old contact phone number sync.

11/02/2024

Use different search engines and the site opertor to search for vehicles that have been to a garage. site:www.myvehiclelive.com/ or site:www.myvehiclelive.com/OnlineEVHC/. You can also use the “Keyword” search operator too.

13/10/2023

Top Tip, UK Vehicle OSINT

 

If you have an image of a UK vehicle and you can see the vehicle registration plate, look closely at the bottom, the postcode of the supplier maybe present, important for private plates as it may give you an indication of the general geolocation of the owner.

For new cars the registration plate will give you the local DVLA location of where the vehicle was registered.

07/05/2023

Top Tip, Telegram OSINT

If you are just getting into Telegram Osint, I posted on Twitter recently, here are the links I have collected to usefiul, blogs, videos and tools. You will find within the blogs links to other resources.

https://www.pocket-lint.com/phones/news/apple/150904-how-to-turn-off-apple-s-u1-location-tracking-chip-in-iphone-11

Top Tip, when researching Telegram don’t forget your OPSEC, If you are downloading channels or accounts, use a virtual machine and anti virus software. You just do not know what is in the content you download.

03/05/2022

Top Tip – If you are researching Telegram, anyone can open a t(.)me link to see profiles, posts or entire public channels without the need to download Telegram, use the preview button.

02/05//2022

Top Tip – Telegram Phone Number Links. Post or share a t(.)me link to let others contact you, based on a your phone number.

The links will follow the phone number privacy settings – if a user isn’t allowing others to find them by their number the link will not work. If everyone can find the user the link appears to be public and can be searched in the same way as you would a t(.)me username in a browser, https://t(.)me/+7????

If you are searching for numbers you will see a link asking you to open a chat. if you have not got Telegram, there is a link do that allows you to download it.

28/02/2022

If you do not want to set up a Microsoft Windows account but want to use a Yubikey on a local account, download the Yubikey client from the @Yubico website.

https://support.yubico.com/hc/en-us/articles/360013708460-Yubico-Login-for-Windows-Configuration-Guide

12/02/2022

Probably the only argument I hear against using Signal is the fact that you have to use a phone number. Well there is a work around where you do not need to use your real number. If you are fortunate enough to live in a country where you can buy SIM cards with no issues, then use a different number to verify your Signal Account.

Download the Signal App or reinstall it. Place the new SIM in your phone or a donor phone (Preferred) to receive your verification code.Once you have verified your account, you then need to lock the donor phone number to your Signal account, as the network at some stage will reclaim the number if it is not used.

iPhone users: Click Settings > Account > Registration Lock > Enabled
Android users: Click Settings > Account > Registration Lock > Enabled

Enter a PIN. This PIN will prevent your number from being re-registered from a different device.

By doing this you keep your real mobile number secure from being searched on Signal’s server and also from your friends, who will no doubt save your number to their contacts, which they then sync across all their apps.

11/01/2022

For those of you who use mobile phones for OSINT, you may want to try the built in screen recording function to capture your OSINT research. No need to cast your screen or download third party software to your desktop.

Record your phone screen

Swipe down twice from the top of your screen.

Tap Screen record.
(You might need to swipe right to find it. If it’s not there, tap Edit and drag Screen record to your Quick Settings.)

Choose what you want to record and tap Start. The recording begins after the countdown.

To stop recording, swipe down from the top of the screen and tap the Screen recorder notification.

Find screen recordings.

Open your phone’s Photos app Photos.
Tap Library and then Movies.

09/12/2021

Have you updated to Android 12? Here is an article that talks you through some new privacy settings that you should consider.

https://www.wired.com/story/android-12-privacy-settings-updates/

30/11/2021

Using a VPN may not protect you from apps or websites finding your real location, as they can read your system data. Try LocateJS to see if you are still leaking your location.

z0ccc.github.io/LocateJS/

23/10/2021

How to enable and set up a locked folder in Google Photos
Launch the Google Photos app.
Tap on the Library tab at the bottom of the page.
Tap on the Utilities button at the top of the page.

With the Locked Folder set up, you can move photos from your account directly into the Locked Folder.

https://www.androidcentral.com/how-enable-and-use-locked-folder-google-photos

08/08/2021

10/07/2021

27/06/2021

I know Windows is not the best for privacy. That may even be an understatement, however so many people us it. This article explains how to circumnavigate Windows forcing you to create an online account.

https://helpdeskgeek.com/windows-10/how-to-setup-windows-10-without-a-microsoft-account/

10/06/2021

•    Open the video in question
•    Click on the three horizontal dots
•    Open Transcripts
•    Ctrl+F (or Cmd+F)
•    Type in, “Keyword”

06/06/2021

Probably one of the easiest things you could do to protect yourself, if your files are ever infected with malware, is to have an offline backup.

24/05/2021

Researching LinkedIn without an account. Try Bing as your search engine. I have had some good responses to it allowing me to see the landing page of a profile, even when using a VPN however the lifespan of this access is limited when using one.  I still prefer the power of Google advanced search operators but try Bing’s it throws up some good results too. Mix and match for best results.

13/05/2021

With the emergence of Apple Air Tags & Samsung Smart Tags, now maybe is a good time to turn off Bluetooth, Location Services and Find My Phone. These little devils utilise your Bluetooth and Location to work out where they are.

If you are lucky enough to own an Android you can also switch off Bluetooth scanning in your settings. Apple doesn’t allow you to do this as apparently, it affects their ability to provide precise location data.

Settings – Location – Wi-Fi Bluetooth Scanning (May differ with Android manufacturer)

08/05/2021

If you use @hunchly and @VMware virtual machines together for your OSINT you may have issues around colour opacity, this can be a result of, “Hardware Acceleration”

It can be remedied in either the settings of the VM or the Browser you use, by disabling hardware acceleration.

03/05/2021

Take a stepped approach to the use of emails and mobiles, Primary, Secondary & Disposal:-

Primary email and  mobile for the financial side of your life. Never share them with anyone, including family.

Secondary can be used for less important matters, such as online services or memberships, where you have regular contact.

Disposal or Alias use when you are purchasing online where there is no need to create an account.

30/04/2021

For those of you who live in Europe, do you ever click on the Cookie options popup or do you just press accept? For privacy reasons, don’t select the default, accept all. Click and manually only allow, essential options. Some sites have a frightening array of trackers deployed.

18/03/2021

One of the be benefits of @MySudoApp  is you can keep your all important network mobile number safe. The number you use for banking that you also use on SM & IM platforms as well as buying online. Keep it safe, MySudo is one way you can. Reduce the risk of smishing.

16/03/2021

I know the cost of hardware to support sock accounts in OSINT can sometimes be an issue. Android phones now come with the facility to create a separate user account.

Samsung phones also have the Knox vault which enables you to have a second account secured in the vault with its own apps. (Not available on every model)

Maybe a good Privacy & OPSEC tool too.

03/03/2021

I want to share two little tricks that may help with privacy & cyber-security. Consider creating two accounts on Windows, an Admin & User. By only being a User you will need to use a password to carry out certain task, like exe a program. This may safe you from certain Malware.

Some Malware require Admin privileges. Also it is a safeguard from accidentally opening something you didn’t want to.

Why not consider a virtual desktop, if in these times you are working agile and sharing your desktop on meetings. WIN + Ctrl + D will create a second desktop.

25/02/2021

If you are interested in the Privacy of your Firefox browser, use this link to see what you are leaking https://inteltechniques.com/logger/ then use this link to adjust the Privacy settings https://restoreprivacy.com/firefox-privacy/ and then try the first link again.

21/12/2020

Privacy tip, if you have a Google account don’t forget to enable, ‘Remove geo location in items shared by a link.’ This setting relates to photos you have taken and shared. You can disable, ‘Save location,’ in your cameras settings too.

20/12/2020