A Raw Take on OSINT's Broken State - Time for Real Change

Brett Redman's article "What Does OSINT Really Mean Anymore?" hit readers like a cold splash of reality - frankly, it's about time someone said it. He is spot-on about platform bias, but that's scratching the surface of the inconsistencies we see in modern open-source intelligence (OSINT) practice.

Platform Bias: When Algorithms Become Intelligence Officers

Here's what keeps OSINT practitioners awake at night - and we mean this literally, not just as a dramatic flourish. Every time many run a search on “X”, previously known as Twitter, they get completely different results depending on the device used or even the time of day.

Are the algorithms running these platforms? They're designed by people who focus on engagement metrics more than truth. This is troubling when you remember that intelligence analysts are forming assessments - at times involving life‑and‑death decisions - based on algorithmically filtered noise.

The risks of OSINT algorithms include their potential for misuse in spreading misinformation, privacy breaches, and social engineering attacks, as well as the chance for algorithmic bias and mistakes that can lead to false conclusions. Platforms also pose dangers to investigators with inadequate or, in some cases, no operational security (OpSec) safeguards. This could leave a digital trail that malicious actors might exploit or expose an analyst to retaliatory attacks. Additionally, artificial intelligence (AI) models used in OSINT may have difficulty understanding the nuances of human language, which can result in misinterpretations and inaccurate outcomes.

For example, two analysts from different teams received completely contradictory results when searching for the same organised crime activity on Facebook. The same search terms, the same timeframe, different outcomes. Why? Facebook's algorithm decided one analyst should see more "engaging" content while the other was presented with sanitised corporate-friendly results.

This isn't just bias; it could be seen as intelligence malpractice dressed up as technological convenience.

The Google Problem

Google search results can also differ so much, depending on location, that it's almost humorous. Imagine a grandmother in rural Yorkshire, England - her terrorism-related search results might be entirely different and occasionally more accurate than her grandsons in London, simply because Google hasn't "personalised" her results into oblivion.

The Coalition of Cyber Investigators nailed this when they wrote, "Disinformation campaigns often thrive through the strategic misuse of OSINT, turning public information into a tool for manipulation." However, they didn't emphasise enough that the platforms themselves are unwitting accomplices in this manipulation.

Let's discuss the elephant in the room - third-party OSINT tools. They're everywhere, and the risks range from being poorly maintained and sudden disappearance, to serious security vulnerabilities.

Many OSINT tools have security that is scarcely fit for purpose. They ask for your API keys and store your credentials in plaintext, but they haven't been updated for an unacceptable period.

Data flows through so many third-party services that tracking where your intelligence ends up is like following breadcrumbs in a hurricane. At The Coalition of Cyber Investigators, we’ve seen tools that cache search results on AWS servers indefinitely. Who has access to that data? The tool developer? Amazon? Are some random contractors in Bangladesh managing the database? Nobody knows, seems to care, or even asks if we need to be concerned.

The Abandonment Crisis (Or: Why OSINT Tools Have Trust Issues)

OSINT tools often have a short lifespan. Developers create something brilliant, get bored (or get real jobs), and abandon their projects. Meanwhile, intelligence analysts are still using tools with known vulnerabilities because they're afraid to switch to something new.

The Coalition of Cyber Investigators highlighted this perfectly in their piece about ethical dilemmas in data breach investigations - you can't maintain ethical standards when ghosts maintain your tools.

Consider data hosting, the question nobody likes answering: Where is your collected intelligence stored? Who can access it? How long is it retained? Most OSINT practitioners store sensitive intelligence data on cloud services they don't control, in jurisdictions they can't influence, under terms of service they haven't read.

The Coalition of Cyber Investigators wrote extensively about the challenges in OSINT analysis concerning digital evidence, but the evidence preservation problem starts with basic data custody. You can't preserve what you don't control, and you can't trust what you can't verify.

The Grading System We Don't Have

In traditional intelligence, sources are graded based on reliability, and information is given confidence ratings. There are also procedures, protocols, and documentation requirements. In OSINT land? It's amateur hour, but with professional consequences.

The Coalition of Cyber Investigators also discussed how white OSINT can counter disinformation operations. However, in many cases, in the modern OSINT world, we need to admit that much of what is claimed to be OSINT is just glorified Google searching with delusions of grandeur.

Digital Forensics: The Standard OSINT Should Learn From

Digital forensics has solved the problem of standards. It has evidence preservation standards, chain of custody requirements, reproducible methodologies, and court-admissible documentation.

Why haven't OSINT practitioners adopted standards? Pride? Laziness? Competition in a sector that’s becoming more lucrative? Are you afraid that proper methodology will slow down OSINT work?

Here's a reality check: sloppy intelligence that leads to wrong decisions is infinitely slower than careful intelligence that gets it right the first time.

The Path Forward (Assuming We Want One)

Brett Redman's article asks what OSINT really means anymore. Here's an answer: it means whatever we make it mean. We're making it mean "unstructured information gathering with optional quality control.” That needs to change - now!

The OSINT domain needs mandatory certification programs - not the feel-good "I attended a webinar" certificates, but real, globally accepted certifications that require demonstrable competency in source evaluation, bias mitigation, evidence preservation, and ethical collection.

The Coalition of Cyber Investigators believes that a collaborative approach globally, that pools expertise, shares best practices, and holds each other accountable is what's truly needed.

Tool Certification and Security Audits

Every OSINT tool should undergo security auditing before being approved for intelligence use. We need curated, maintained, and regularly updated tool repositories with clear security standards.

No more "I found this cool script on GitHub" followed by six months of trying to figure out why classified data ended up in someone's personal cloud storage.

Platform-Independent Collection Methods

We must break our dependence on solely commercial social media platforms, period. That means developing indigenous collection capabilities, building direct relationships with information sources, and creating platform-agnostic analytical frameworks.

None of this will happen voluntarily. The current system works adequately for enough people and changing it will likely require regulatory pressure or catastrophic failure.

Regulation is unlikely to come before catastrophe. Given how slowly bureaucracies move, it isn’t easy to be optimistic. This was confirmed when we checked with an international organisation facilitating global cooperation to prevent and fight crime, asking them when they would be working on producing OSINT standards - the answer: not soon.

Final Thoughts (If You Can Call Them That)

Brett Redman's article should be required reading for every OSINT practitioner. Not because it has all the answers - no one does - but because it asks the right questions and dares to admit that our emperor has no clothes.

OSINT isn’t just flawed - it’s broken. This isn’t about small tweaks. It needs a transformation, but it’s within our reach as we have the knowledge, the technology, and increasingly, the will. However, on the downside, it often feels as if we lack the organisational courage to admit that current practices are inadequate and potentially dangerous.

The stakes - national security, public safety, and democratic processes - are too high to pretend that crowdsourced intelligence gathering is a substitute for rigorous intelligence discipline.

It's time to grow up, professionalise, and do better. The alternative is watching OSINT become the intelligence community's most outstanding liability instead of its most promising asset.

Authored by: The Coalition of Cyber Investigators

Paul Wright (United Kingdom) & Neal Ysart (Philippines)

©2025 The Coalition of Cyber Investigators. All rights reserved.

The Coalition of Cyber Investigators is a collaboration between

Paul Wright (United Kingdom) - Experienced Cybercrime, Intelligence (OSINT & HUMINT) and Digital Forensics Investigator;

Neal Ysart (Philippines) - Elite Investigator & Strategic Risk Advisor, Ex-Big 4 Forensic Leader; and

Lajos Antal (Hungary) is a highly experienced expert in cyberforensics, investigations, and cybercrime.

The Coalition unites leading experts to deliver cutting-edge research, OSINT, Investigations, & Cybercrime Advisory Services worldwide.

Our co-founders, Paul Wright and Neal Ysart, offer over 80 years of combined professional experience. Their careers span law enforcement, cyber investigations, open source intelligence, risk management, and strategic advisory roles across multiple continents.

They have been instrumental in setting formative legal precedents and stated cases in cybercrime investigations and contributing to the development of globally accepted guidance and standards for handling digital evidence.

Their leadership and expertise form the foundation of the Coalition’s commitment to excellence and ethical practice.

Alongside them, Lajos Antal, a founding member of our Boiler Room Investment Fraud Practice, brings deep expertise in cybercrime investigations, digital forensics and cyber response, further strengthening our team’s capabilities and reach.

If you've been affected by an investment fraud scheme and need assistance, The Coalition of Cyber Investigators specialise in investigating boiler room investment fraud. With decades of hands-on experience in investigations and OSINT, we are uniquely positioned to help.

We offer investigations, preparation of investigative reports for law enforcement, regulators and insurers, and pre-investment validation services to help you avoid scams in the first place.