Why photo geolocating is one of the most important OSINT skills
If you regularly read OSINT communities on social networks, you’ve probably seen a huge number of posts with photos, in the comments to which people try to determine the exact geographical coordinates of the place where the photo was taken.
What’s surprising is that a lot of people see photo geolocation simply as a fun game or hobby.
Moreover, I’ve read many times opinions that #geoint quizzes are something useless and completely detached from reality (I’m not kidding, sometimes I get messages like this even in DMs). And that they are a waste of time.
I’ll be honest, I’m not a fan of photo geolocation quizzes and have only published such posts myself a couple of times in three years.
But… I sure that photo geolocation skill is one of the most useful skills for investigations. I’ll try to show this with a simple example.
Typical situation
There is a profile of a person in a car forum.
On the forum he doesn’t respond to messages and you want to find his profiles on other social networks to chat.
There is no avatar, only car model (may be false) in profile description. Several dozens of posts on English. And we can’t assume what country/city this person is from.
But we know the username and that’s a very good thing!
We could try searching for profiles with the same username.
Let’s start with the simplest one and run https://whatsmyname.app/.
(for more information about username search, see the note below)
Only a few profiles were found and they don’t have any information. Only in Pinterest there are some photos of a car (model matches the one in the profile description) in the courtyard of an apartment complex.
Luck smiled on us today and immediately managed to find the exact address of the luxury apartment complex on Google using a fragment of a photo of the facade.
Is it possible to find a person somehow, knowing only:
- the approximate address of his house (assumed or out of date)
- his username
Here are a few possible ways you can try to do this.
1. Google Maps users reviews
Most people use first and last names when writing reviews on Google maps, but there are also many who use nicknames.
But unfortunately username enumeration tools (WhatsMyNameApp, Sherlock, Maigret etc) can’t find Google Maps profiles (and Google won’t help either).
Sometimes search <nickname>@gmail.com in Ghunt/Epieos can help. But often the nickname doesn’t match the email.
So, the only thing left is to look at reviews for different locations near the person’s home address: supermarkets, cafes, gyms, hairdressers, etc.
This may seem like a lot of work, in practice it only takes a few minutes. Since little-visited locations may have very few reviews.
Google Maps profiles can contain a lot of useful information for investigation:
- profile picture (allows you to find person’s profiles on different sites using reverse image search -> find out other nicknames of a person).
- photos taken by the person, which can also be uploaded to their other social media profiles (and found using reverse image search).
- other places he frequents (from which his place of work or the address of friends/relatives can be identified).
Remember that in some countries Google Maps is unpopular and reviews should be searched on local mapping services (Yandex Maps, etc.).
2. Local forums
Another disadvantage of nickname enumeration tools is that they cannot find user profiles on small local forums with only a few hundred users (sometimes Google can help, but not always).
The following types of local forums can be manually scanned for the target person’s nickname:
- city forums
- school/university forums
- neighbourhood forums
- local hobbyist forums
In this way, you can find a profile avatar or various details of a person’s biography that can be used as hypothetical entry points into an investigation.
The most important rules when looking at reviews on the map and local forums!
Don’t forget about nicknames that are similar in spelling to the user’s nickname (John, J0hn, $ohn, Joh# etc).
3. Social media photos maps
You can also try searching the numerous services for location-related content on social networks (Photo Map (VK), BirdHunt, InstaHunt, YouTube Geofind etc).
In the case study described above, they can only help you find profiles with a similarly spelled nickname or photos of a car of a matching model.
But if by this point in the investigation you have learned some more data about the person (presumed name, presumed age), then the chances of finding their profiles on other social networks increase.
More servies with social media post on the map you can find in Mini-Geoint cheatsheet (https://github.com/cipher387/cheatsheets?tab=readme-ov-file#mini-geoint).
4. Improving the efficiency of Google queries
If you add the name of a city or neighborhood to the query when searching for a nickname (and similar nicknames), you can find something that you couldn’t with a other search (like the local forums mentioned above).
5. Using local sites lists for username enumeration tools
If you know the person’s country, you can run WhatsMyName or another nickname numbering tool using a list of sites whose registrations are typical for residents of a particular country.
Example for Poland or WhatsMyName:
https://github.com/dudek-marcin/WhatsMyName-Polish-List
You can find such lists on Github or compile them yourself.
Here are just five simple examples of what you can do if you know a person’s nickname and location.
And if you had a first name, a last name (albeit a common one), a face photo, a profile avatar… For each type of search, knowing the location would be very useful.
Appendix: Username OSINT tips
Very little was said at the beginning of this article about nickname search, but more effort should have been put into this step.
Use other tools besides WhatsMyName to find as many inputs as possible. A short list of these can be found in the Username OSINT cheat sheet (https://github.com/cipher387/cheatsheets/tree/main?tab=readme-ov-file#username-osint).
