I always recommend people to be very careful about what they publish about themselves on the internet. It is a door you can open, but not close. Google’s effective content indexing and caching function further means that your content may remain searchable and viewable online for some time even after you removed it. In brief terms: publishing something on the web is like letting the genie out of the bottle. A picture you put on the internet is out of your control. When you remove it from your blog, it may already be on my harddrive, or on the harddrive of a lonely guy in the next town who still hates you for something you said to him back in junior high and blames you for his social misery. Or the picture of your kids on the beach that you uploaded for grandma to see: you will have to accept the risk that it will show up as part of a photo mash-up promoting a child pornography website.
While most Facebook users keep their information hidden from people that are not on their friends-list, blogs are typically completely unrestricted: it is open for anyone to see and read, and the blog owner does not know who reads it, or why, or when. On Youtube, you have the option of restricting access to your videos, but that is an active and explicit choice you have to make.
Think of it this way: would you ever place copies of your home videos, family photos and stories from your private life in brown boxes around town for the purpose of letting friends and family enjoy them? No you wouldn’t. But that is exactly what many people do each day on Facebook, Youtube, blogs, Flickr, Picasaweb, Twitter, Bambuser, MySpace and dozens of other social community websites. Oh, there is a difference of course: these services not only make your content available down-town – they make it available from anywhere in the world. And anyone can steal a copy and bring home, whithout you knowing.
The anonymity illusion
Many community users live under the illusion that they are anonymous and have their identity protected by not revealing their true name. However, over time, they will often publish little details, one by one, which before long allows a dedicated malevolent to deduce the true identity of the person. Online-friends in the contacts list or people who post comments on the persons blog entry may in turn have blogs or be community users, and what they publish about themselves is also useful as clues to the identity of the primary person. Such clues can be seemingly non-significant things such as sex, age, birthday, pet, hobby, type of home, proximity to some town, proximity to the ocean, name of school, pictures showing the neighborhood and so on. With the help of services like StayFriends.de, Pipl.com, and public tax records, you can cross reference pieces of information and through deduction find out who the online alias is in reality – or IRL (in real life), as the jargon term is.
A very large mistake to make is to have one online identity where you reveal your real life identity and publish content about your real life, while at the same time having a second “anonymous” identity which you might use for the purpose of expressing controversial, politically incorrect, socially embarrasing, or illegal content. The day somebody succeeds in revealing the real life identity hiding behind that second, “anonymous” identity, the damage is multiplied thanks to your publication of information about yourself under your true identity. On this particular subject, stay tuned for the true case story of the Unethical Policeman, coming soon.
In addition to all this, there are sites that aggregate information from social media and facilitates for any intelligence collector: For example, PleaseRobMe.com lists Twitter users who post twits using a geographic positioning service, which reveals that they are not at home – and therefore offers an opportunity for burglars.
iOSINT - information on Open Source Intelligence 