Quiz Entry - updated: 2026.03.05
When does OSINT cross the line from legal research to problematic or illegal activity?
OSINT becomes problematic when it involves bypassing access controls, creating fake profiles for access, systematic surveillance of individuals, or when the purpose shifts from legitimate research to stalking, harassment, or unauthorized profiling.
Legal OSINT:
- Searching publicly available information
- Using standard search engines
- Viewing public social media profiles
- Analyzing publicly accessible records
Problematic/Illegal OSINT:
- Bypassing access controls — Using technical tricks to access non-public data
- Fake profiles — Creating deceptive accounts to gain access to restricted information
- Systematic surveillance — Continuously monitoring an individual over time without legitimate purpose
- Social engineering — Manipulating people into revealing information
- Scraping against Terms of Service — Mass-collecting data in violation of platform rules
Ethical boundaries to consider:
- Is the data truly public, or did the person expect a limited audience?
- Is the purpose legitimate and proportional?
- Could the research cause harm to the subject?
- Are you documenting your methods for accountability?
Tip: A good rule of thumb — if you wouldn't be comfortable explaining your OSINT methods to a judge or ethics board, you've probably crossed a line.