Defensive OSINT: what you're leaking without knowing it
Methodical OSINT audit on yourself. Leak sites, leak databases, OSINT mapping. Systematic cleanup. The right-to-erasure myth.
Last reviewed May 27, 2026 Business travel
02 / 06
Identity and accounts
What identifies you online — email, MFA, phone number, OSINT profile — and how to reduce the surface.
Your digital identity is an assembly: one or several email addresses, phone numbers, accounts linked together through MFA, recovery, history. Each link is exploitable. Each connection between links too.
This axis covers identity foundations: why your primary email address is a public passport, why your cloud-based MFA app betrays you, how a SIM swap attack is set up in 4 hours, and what an honest OSINT audit reveals about yourself.
The goal is not paranoia. The goal is clean operation.
Your email address is your passport. And it's public.
Email threat model. Personal/professional/sensitive separation. Disposable aliases. Proton, Tuta, Fastmail: what they actually protect, what's marketing.
Last reviewed May 27, 2026 General publicSIM swap: 4 hours to become you
Real mechanics of a SIM swap attack. Carrier entry points (US/UK/EU). eSIM as partial mitigation. What carrier PINs are actually worth.
Last reviewed May 27, 2026 Business travelMFA: why your Google Authenticator app is letting you down
Real MFA robustness hierarchy: SMS < cloud TOTP < local TOTP < FIDO2 hardware. The cloud backup trap. Choosing and managing your keys.
Last reviewed May 27, 2026 General public