Crowdsourced Intelligence: The Power and Perils of Open-Source Investigations

Introduction

Open-source intelligence (OSINT) has become essential in today’s investigators' toolkit. Together with its associated disciplines, such as human intelligence (HUMINT) and social media intelligence (SOCMINT), it has had a transformative effect on increasing the number of available sources during an investigation and reducing the speed and cost of gathering information and evidence.

However, it’s also acted as a catalyst for greater collaboration between professionals who routinely share tools, techniques, and knowledge, giving rise to numerous OSINT-related practitioner communities, such as the UK OSINT Community[1], the Coalition of Cyber Investigators[2], OSINT Experts Community[3] and the global OSINT community of OSINT-FR[4].

This spirit of collaboration has also given birth to another OSINT-focused investigation model: crowdsourced OSINT.

The rise of crowdsourced OSINT has allowed ordinary private-sector practitioners to play an active role in areas previously exclusive to investigative journalists, intelligence agencies, and law enforcement.

Collective intelligence gathering and investigation have become accepted and practical tools for analysing publicly available data, with many well-publicised successes. However, as crowdsourcing OSINT continues to gain prominence, significant issues still need to be addressed; for example, questions remain about how critical topics such as misinformation, ethics, privacy, and the balance between transparency and accountability will be tackled. These are questions that even professional OSINT practitioners still must reach a consensus on.

Understanding Crowdsourced OSINT

The practice of community-driven intelligence is not new. Historically, informal networks of concerned citizens have contributed to investigations, such as neighbourhood watch programs or public appeals for information during major criminal inquiries. However, the digital age has revolutionised this approach.

1. Crowdsourcing and Intelligence Gathering

Crowdsourcing collects information, opinions, or work from scattered people, usually via the Internet. It grants organisations access to diverse competencies and perspectives that transcend the more traditional trappings of institutional bureaucracy. In practice, crowdsourcing has proved a particularly effective tool in OSINT, allowing investigators to process vast amounts of publicly available data, catalysing some of the most significant investigative stories.

It is further developed with the Crowd-Sourced Intelligence Agency[5] (CSIA), an interactive research project reimagining, on this model, an OSINT system wherein the participants cooperated on the intelligence analysis. The outcome shows how CSIA, now operating under the most favourable conditions, highlights the junction between digital technologies, public engagement, and intelligence collection.

2. HUMINT and SOCMINT in Crowdsourced Investigations

While OSINT is primarily concerned with analysing publicly available data, crowdsourced investigations often blur the lines between OSINT and other intelligence disciplines:

Human Intelligence: While OSINT is conducted on open data, HUMINT relies upon intelligence gathered from human sources, such as informants, whistleblowers, or undercover interactions. In crowdsourced OSINT, these volunteers become informants who pass on inside information through forums, social media, and encrypted platforms. Yet, the motives for sharing vary from altruistic to personal, financial, and ideological. This has implications regarding the reliability of their disclosures and their ethics.

Social Media Intelligence: SOCMINT has become the most important, as crowdsourced investigations happen on Reddit[6], ‘X’ (Twitter)[7], Discord[8], and Bluesky[9]. From geolocating images to following misinformation campaigns, social media is a double-edged sword: it is an excellent source of intelligence opportunities but also creates considerable risks in terms of privacy, misinterpretation, and ethical boundaries.

3. The “Black” and “White” Definitions of OSINT

The Coalition of Cyber Investigators distinguishes between two fundamental types of OSINT[10]:

• White OSINT refers to intelligence gathering for lawful, ethical, and transparent purposes, such as journalism, legal investigations, security research, or academic studies.

• Black OSINT involves intelligence collection for malicious, unethical, or illegal purposes, such as corporate espionage, doxing[11], or cybercriminal activities.

Crowdsourced OSINT can oscillate between these definitions, depending on intent, methodology, and impact. While many OSINT communities prioritise ethical frameworks, lack of oversight can sometimes result in investigations that cross into questionable moral or legal territory.

Examples of Crowdsourced OSINT in Action

Several high-profile cases have showcased the power of collective intelligence:

• Bellingcat, founded by Eliot Higgins in 2014, is an “independent investigative collective of researchers, investigators and citizen journalists brought together by a passion for open-source research”[12]. Bellingcat has become synonymous with crowdsourced OSINT, using publicly available data to uncover the truth behind major high-profile cases. They produce advanced training materials and have robust guidance for contributors. Their investigation into the downing of Malaysia Airlines Flight MH17 in 2014 demonstrated the power of collaborative intelligence. By analysing social media posts, satellite imagery, and other open-source data, Bellingcat and its crowdsourced network of contributors were able to trace the missile system responsible for the tragedy back to a Russian military unit. This investigation revealed critical details about the incident and showcased the potential of crowdsourced OSINT to hold powerful actors accountable[13].

• Another example is the work of Trace Labs, a non-profit organisation that uses crowdsourced OSINT to assist in finding missing persons[14]. Trace Labs hosts "Capture the Flag (CTF)" events, where participants compete to gather information about real cases of missing persons. These events have led to significant breakthroughs, providing law enforcement with leads that may have taken them significantly longer to uncover, if at all. In addition, they provide training and freely available specialised virtual machines configured for OSINT investigations[15].

• The subreddit r/RBI (Reddit Bureau of Investigation) has gained a reputation for bringing together people to solve real-world issues, such as identifying missing persons, locating witnesses, or tracking lost or stolen property. It currently has over 786,000 members[16].

• Following the January 6th, 2021, Capitol riots in the United States, members of the public and online communities collectively helped identify those involved. These private sector investigators identified dozens of individuals who participated in the riots using publicly available footage, social media posts, and facial recognition tools[17]. Their efforts aided law enforcement and demonstrated the speed and efficiency of crowdsourced investigations.

Challenges and Ethical Dilemmas

1. Misinformation, Disinformation, and Tipping Off Suspects

One of the most significant risks of crowdsourced intelligence is the spread of misinformation (unintentional falsehoods) and disinformation (deliberate deception). A notorious example was the 2013 Boston Marathon bombing, where Reddit users incorrectly identified an innocent individual as a suspect, leading to harassment, distress, and litigation[18].

Additionally, untrained investigators may inadvertently tip off suspects, especially when OSINT findings are shared publicly on social media before law enforcement acts. According to the Coalition of Cyber Investigators[19], common pitfalls include:

• Posting findings publicly for recognition or validation

• Failing to use operational security (OPSEC)[20]

• Accidentally revealing investigative methods

• Multiple uncoordinated investigators alerting the target

• Mainstream media amplifying incomplete or speculative findings

2. Intelligence Grading, Handling, and Dissemination

Unlike professional intelligence agencies, crowdsourced OSINT lacks standardised grading and dissemination protocols. Intelligence must be evaluated based on source credibility, reliability, and corroboration to prevent false accusations and unreliable conclusions[21]. Formal OSINT methodologies, such as the Admiralty Code, grade intelligence based on its accuracy and source credibility[22], yet these standards are rarely followed in public investigations.

3. “Blue-on-Blue” Conflicts

Conflicts can arise when private-sector OSINT practitioners interfere with government or law enforcement investigations, known as “blue-on-blue” incidents. While public-sector investigators have safeguards to prevent this, private OSINT efforts may disrupt official intelligence-gathering processes. A lack of coordination between proactive OSINT communities and formal institutions can lead to duplicate efforts, exposure of sensitive intelligence, or operational conflicts.

4. Witness Intimidation and Privacy Risks

Crowdsourced OSINT investigations often involve identifying, contacting, or exposing individuals. However, witnesses can be stalked or intimidated online, making them reluctant to testify or provide critical information. Additionally, private individuals conducting OSINT investigations may unknowingly violate data protection laws or expose personal data without legal authority.

Privacy is another primary concern, as the line between public and private information can be unclear. Professional OSINT investigators must navigate complex ethical and legal questions about the fair use of data and how to balance transparency with respect for individual privacy. However, crowdsourcing participants and public members may not have the skills or experience to manage this risk effectively.

Additionally, there is the risk of vigilantism. While many OSINT communities operate with noble intentions, the lack of governance in crowdsourced efforts can lead to actions that may interfere with official investigations or lead to members of the public taking the law into their own hands, putting individuals at risk. Ethical frameworks and best practices that can help mitigate this risk are also less likely to be implemented in crowdsourced OSINT activities, resulting in the perception that an investigation is not being undertaken professionally and controlled.

The Future of Crowdsourced OSINT

This increases the above risk factors as more people become part of this OSINT community. Technological improvements, particularly in artificial intelligence (AI) and machine learning, will enhance public sector investigators' capabilities and encourage the crowd to get more involved in crowdsourcing. However, all these flag up ethical concerns about the technological nature of intelligence gathering, especially regarding the public, who are less likely to be trained in these critical areas.

Another trend to be watched is that professionalisation through OSINT alone keeps improving. Organisations such as Bellingcat and Trace Labs have shown that communities of crowdsourced investigations can meet professional-level outputs while managing risks associated with disclosure. However, with the growing public membership in crowdsourced intelligence and investigation, there are increasing calls for training, certification, and standardisation today. Initiatives like the OSINT Framework[23] and many more put resources and tools in the hands of practitioners, closing the gap between amateur and professional investigations. Unfortunately, no effort has yet produced similar guidance or resources to aid crowdsourced intelligence participants in privacy and ethical risk management.

Conclusion

Crowdsourced OSINT fundamentally changes how intelligence is collected, processed, and published. Empowering private sector researchers' work takes open-source intelligence out of the institutions and into people's lives by showing its ability to solve everyday problems, uncover hidden facts, and bring accountability to the powers that be. Success within organisations like Bellingcat and Trace Labs will continue to unlock the potential of collaborative intelligence, proving this can be a professional-level result of crowdsourced efforts.

But with its growing importance, crowdsourced OSINT also brings with it a host of significant challenges that must be met if there is going to be any credibility and ethical integrity within it: misinformation, privacy concerns, tipping off suspects, vigilantism; only some of the things which work against the very positive contribution this movement could make. Without strict ethical guidelines and training, much greater accountability is called for, lest crowdsourced OSINT threatens to prove a double-edged sword-it may bring about justice but does indeed cause unintended harm.

To ensure the survivability of this CSIS investigative model, a professional and crowdsourced OSINT community should work toward establishing best practices, standardised frameworks, and education initiatives that will help mitigate these risks. Avoiding these past mistakes will depend on ethical behaviour, responsible data handling, and verification techniques. Collaboration between private investigators and more traditional institutions, such as law enforcement and intelligence experts, could refine crowdsourced efforts while retaining an organised and ethical methodology.

The future of crowdsourced OSINT is a delicate balance of innovation and responsibility. If ethics guide them in concert with technological advancement and a commitment to accuracy, then crowdsourced intelligence can continue to play a role in investigations today. This allows individual efforts to contribute the highest possible amount to truth-seeking processes while maintaining protective measures against misinformation and reckless investigative practices.

Authored by: The Coalition of Cyber Investigators

© 2025 The Coalition of Cyber Investigators. All rights reserved.

The Coalition of Cyber Investigators is a collaboration between

Paul Wright (United Kingdom) - Experienced Cybercrime, Intelligence (OSINT & HUMINT) and Digital Forensics Investigator; and

Neal Ysart (Philippines) - Elite Investigator & Strategic Risk Advisor, Ex-Big 4 Forensic Leader.

With over 80 years of combined hands-on experience, Paul and Neal remain actively engaged in their field.

They established the Coalition to provide a platform to collaborate and share their expertise and analysis of topical issues in the converging domains of investigations, digital forensics and OSINT. Recognising that this convergence has created grey areas around critical topics, including the admissibility of evidence, process integrity, ethics, contextual analysis and validation, the coalition is Paul and Neal’s way of contributing to a discussion that is essential if the unresolved issues around OSINT derived evidence are to be addressed effectively. Please feel free to share this article and contribute your views.

[1] UK OSINT Community. (n.d.). United Kingdom OSINT Community. https://www.osint.uk/ (Accessed 4 February 2025).

[2] The Coalition of Cyber Investigators. (n.d.). The Coalition of Cyber Investigators’ post. LinkedIn. https://tinyurl.com/CoalitionCI (Accessed 4 February 2025).

[3] LinkedIn Login, Sign in | LinkedIn. (n.d.). LinkedIn. https://www.linkedin.com/groups/13047129/. (Accessed 4 February 2025).

[4] OSINT-FR. (n.d.). OSINT-FR: Global OSINT community. https://osintfr.com/en/home/ (Accessed 4 February 2025).

X. (n.d.). X. https://x.com (Accessed 4 February 2025).

[5] Crowd-Sourced Intelligence Agency. (n.d.-b). MIT - Docubase. https://docubase.mit.edu/project/crowd-sourced-intelligence-agency/#:~:text= (Accessed 4 February 2025).

[6] Reddit. (n.d.). Reddit. https://www.reddit.com (Accessed 4 February 2025).

[7] X.com. (n.d.). X (Formerly Twitter). https://x.com/home?lang=en(Accessed 4 February 2025).

[8] Discord. (n.d.). Discord. https://discord.com/ (Accessed 4 February 2025).

[9] Bluesky. (n.d.). Bluesky. https://bsky.app/ (Accessed 4 February 2025).

[10] Investigators, C. O. C. (2024, October 6). The use of black OSINT in disinformation operations and how white OSINT can be used to counter and fact check. https://www.linkedin.com/pulse/use-black-osint-disinformation-operations-wedcc/ (Accessed 4 February 2025).

[11] What is Doxing? | OSINT Glossary. (n.d.). https://sociallinks.io/glossary/doxing (Accessed 4 February 2025).

[12] Bellingcat. (n.d.). Who we are. Bellingcat. https://www.bellingcat.com/about/who-we-are/ (Accessed 4 February 2025).

[13] Higgins, E. (2021). We Are Bellingcat: An Intelligence Agency for the People. Bloomsbury Publishing.

[14] Trace Labs. (n.d.). About Trace Labs. https://www.tracelabs.org (Accessed 4 February 2025).

[15] Trace Labs. (n.d.). OSINT virtual machine (OSINT VM). Trace Labs. https://www.tracelabs.org/initiatives/osint-vm (Accessed 4 February 2025).

[16] Reddit. (n.d.). r/RBI. Reddit. https://www.reddit.com/r/RBI/ (Accessed 4 February 2025).

[17] Bond, S. (2021, January 11). How online sleuths identified rioters at the Capitol. NPR. https://www.npr.org/2021/01/11/955513539/how-online-sleuths-identified-rioters-at-the-capitol (Accessed 4 February 2025).

[18] CBC. (n.d.). Reddit websleuths. CBC Short Docs. https://www.cbc.ca/shortdocs/features/reddit-websleuths (Accessed 4 February 2025).

[19] Wright, P., & Ysart, N. (2024, November 28). Careful with that OSINT: No tipping off! The Coalition of Cyber Investigators https://www.osint.uk/content/careful-with-that-osint-no-tipping-off. (Accessed 4 February 2025).

[20] CSRC Content Editor. (n.d.). operations security (OPSEC) - Glossary | CSRC. https://csrc.nist.gov/glossary/term/operations_security (Accessed 4 February 2025).

[21] UK OSINT COMMUNITY LTD. (2024c, December 28). Embracing grading, handling, and dissemination practices in OSINT. https://www.osint.uk/content/embracing-grading-handling-and-dissemination-practices-in-osint (Accessed 4 February 2025).

[22] Kim, A. (2025, January 27). Enhance your Cyber Threat Intelligence with the Admiralty System | SANS Institute. https://www.sans.org/blog/enhance-your-cyber-threat-intelligence-with-the-admiralty-system/ (Accessed 4 February 2025).

[23] OSINT Framework. (n.d.). https://osintframework.com/. (Accessed 4 February 2025).