Archive for the 'Private Investigator' Category

Page 2 of 18

Fortress Firefox II

The browser is the most used outward facing software you will use. It interacts with suspect web sites and other internet sites. Firefox is still my first choice for security and plug-ins, even though Chrome offers a speed advantage that adds-up over the course of many hours of research, while this little problem makes me avoid MS Internet Explorer: Microsoft warns of critical IE9, IE10 zero-day-Just visit the wrong web site and get remote-code execution.

No matter which browser you use, it will require proper configuration. No browser blocks JavaScript and all third-party cookies by default. These are my first security concerns.

In Firefox, go to Tools>Add-ons>Plugins and set the Java Script and Toolkit to Ask to Activate. I also set all the other plugins to Ask to Activate as well. This prevents a plugin from activating at the wrong time and thereby sending out data to the site that caused it to activate. A malicious site may activate a plugin to have it to transmit data that can be used to thwart your investigation.

Third party cookies compile a long-term record of your browsing history. This is dangerous as it can reveal what you are investigating. In Options>Privacy>History select Never for third party cookies. In my sandbox, I have several versions of the browser with different settings. For example, I prefer to never accept cookies of any kind, but some sites need them to function so I have a version with normal cookies enabled.

Exif Viewers

In a past article, I explained Exchangeable Image File or Exif data and pointed you to, an easy to use exif viewer with a geo-locator. The Exif viewer allows you to enter the image URL or to upload an image for analysis. It doesn’t require JavaScript and it doesn’t have any widgets.

Another easy to use online exif viewer may be found at, but you must enable JavaScript to use it. You can use the URL of the picture instead of uploading the image.

The online exif viewer at has a lot of widgets on it.

My last discovery was the Exif site at Just upload the picture and it will show the location where it was taken. It only works with .jpg or .tif files. You must upload the image to the site, so who knows where it might end-up. This uses the Google API for the mapping. Not all pictures have the GPS coordinates in them.

Trolling RSS Feeds

RSS (Rich Site Summary) is a format for delivering regularly changing web content. Many news-related sites, blogs and other online publishers syndicate their content as an RSS Feed to whoever wants it.

I have written quite a lot about RSS in the past. The following are my choices for both installation on a PC and for a web-based reader.


RSSOwl is cross-platform as it’s Java-based. It handles RSS, Atom and RDF in terms of feed formats. You must have Java installed, no matter where you run it. It cooperates with Firefox to add feeds to RSSOwl from the browser. Just go to the feed and copy the URL then go to RSSOwl and click on add feed and it knows where to find the feed. You can also drag and drop Feeds from Firefox into RSSOwl. RSS Owl has an embedded web browser, so you don’t have to open up a separate browser window to view links or to view the full version of feed items that are shortened. You do have to set this up under “Browser” in the Preferences menu option. Choose to Default to the Embedded Browser. To get the RSSOwl embedded browser to work properly with OneNote so that it includes the URL in pasted items, you must enable Java Script. I do not recommend doing this except on an isolated machine otherwise, malicious Java Script code could cause serious problems.


When I need to collect video and podcasts from RSS feeds, I turn to RssBandit. The embedded browser is MS Internet Explorer, therefore, it includes the pertinent URL when you copy to OneNote as the embedded browser is the same.

This is my favorite RSS reader overall, though, I have experienced occasional problems with exporting feeds for another implementation of the reader. This problem seems to stem from differences in the underlying OS on the importing computer. It can be an irritation when starting a project with tight deadlines.

RSSOwl has an edge for a group of researching working in a collaborative environment as it is easier to set-up and distribute to the group.

Web-based RSS Reader

The two most popular seem to be Feedly and Inoreader readers that offers similar features and options.

Inoreader offers secure HTTPS access and over 40 different customization options. If I must use a web-based reader this is the one.

I refuse to use Feedly because extensions like NoScript, Adblock, HTTPS Everywhere, etc. prevent the site from loading. I never use sites infested with stuff that my normal suite of extensions prevents from loading. You only have to encounter one ad with malicious code to cost you many hours of work to purge the problem code from your machine.

Sly Pols & Crats

There is nothing slipperier than a politician or bureaucrat trying to avoid accountability while extolling how transparent and open they are. These craven creatures turn our access to information laws into the proverbial greased pig. Continue reading ‘Sly Pols & Crats’

Taking Bitcoins to the Laundry

Bitcoins have interested me of late as I am writing my next book which is about issues of security, privacy, and anonymity while doing investigative internet research. Continue reading ‘Taking Bitcoins to the Laundry’

Bluetooth & Surveillance

I previously wrote about Bluetooth and Surveillance Detection and how Bluetooth could be used to determine if you were being followed.

Prior to a recent surveillance assignment, I scanned for nearby devices and was able to identify each of the other investigators’ mobile phones. This was not a good start. I required all the team members to demonstrate that they had shut off both Bluetooth and WiFi or at least set the Bluetooth signal to be hidden except to authorized devices and shut-off the WiFi.

Google Free Wednesday — Yahoo! Alerts

The apparent demise of Google Alerts forced me to turn to Talkwalker and Mention for alerts. However, Yahoo! Alerts offer some utility for keeping up with the world. In the past Yahoo! Alerts was only good for news. It now extends into the full web as catalogued by the Bing database. If you don’t already know it, Microsoft swallowed Yahoo! search whole in 2009. Perhaps we should call it Microhoo.

You need a Yahoo! account for Yahoo! Alerts. The results cannot be pushed to an RSS feed, they only arrive via email, Yahoo Messenger, or mobile device, depending on what you have set-up in your Yahoo! account. Not all alerts allow for delivery using all three of the above delivery options.

To create an alert, select Y! Search from the drop-down list on the right side of the opening page or select Y!Search from the list on the initial screen. Next sign-in to your Yahoo! account. In the Search keyword field add the search terms as you would in the normal Yahoo! search box. In the next drop-down list select what you want searched, I normally select Web or News. Finally select the frequency of the search. The search preview will only show anything added to the database in the last 24 hours.

What You See Matters

I don’t like doing surveillance work. It’s hectic and often unproductive, but somebody has to do it.

I have always preferred using a real camera whenever possible — the real SLR type with a long lenses. Knowing this, a colleague asked me to help out as the second man.

This white-collar type went from one office complex to another and coffee shop to coffee shop all morning. He met people and I got good pictures of the people he met. He went for lunch in a shopping mall food court. This was rather strange as he was wearing a $2000 suit. From the mezzanie I watched. He opened his briefcase and I took pictures of its contents.

The briefcase contained three intersting items, all were books. The titles were:

  • How To Survive Prison For The First Time Inmate: Take a look at a dangerous society within our society
  • Prison Guide: Prison Survival Secrets Revealed
  • The Suburban Inmate: A Man’s Guide To Surviving Prison

Now this shone an entirely different light upon what we were doing. You guessed it, he was settling his affairs before the sentencing.

Connect the Dots and the Dox

You don’t need to hack into a computer to learn about someone. Today, most people that I investigate leave a revealing online profile — I just have to connect the dots or the publicly available dox (documents).

Online malefactors try to do their misdeeds anonymously through an alias. Usually, they tend to reuse their aliases. It only takes one obscure use connected to the miscreant’s real name. Now I have the real name to run through the usual searches which will reveal other aliases, Facebook pages, and Twitter accounts, all of which yield titbits of useful information.

Business Interrupted

Managers sometimes tie themselves into knots worrying about the risk or threat rather than analysing the impact of interrupted business processes. My advice is to stop fretting about the cause and concentrate on alleviating the impact of the interrupted business processes.

To do this, defeat the problem in detail as follows:

  • Decide which processes are critical and which are not.
  • Determine how long any particular process can be interrupted before it’s loss become detrimental to operations, profitability, and customer satisfaction.
  • Design a plan of action to determine if the disruption will continue beyond the tolerable time limit.
  • Have a plan to replace each missing process.
  • Plan for the concurrent loss of several critical processes.

The key to a successful business continuity plan is concentrating on the critical day-to-day operations.

How does this relate to investigtion and research? The answer is quite simple:

  • Have you ever done a security survey?
  • Have you ever done a competitor SWOT analysis?
  • Have you ever done due diligence on a critial supplier?

Libelous Questions

I recently conducted a series of interviews that were quite sensitive in nature. This used to be a common occurrence for me. Today, it is less so. The prevalence of small electronic recording devices has curtailed my willingness to conduct such interviews. My concern is that you never know where the recording will go, nor do you know how it will be used or edited. You have no knowledge of the motives, ethics, or interests of the people who may at some point possess the recording.

Libel happens when you publish or make public a statement that is untrue about someone. Any investigator may inquire about things that prove to be untrue during an interview. Ask yourself what might happen if a snippet of the interview is published and it contains questions about something that was later proven untrue. The concept of the libelous question is well established in law. Investigators may have a certain privilege to ask questions but, this won’t stop someone from suing you. The public disclosure of private facts that might be part of an interview also causes concern. What if the interview reveals information that is not of public concern, and the release of which would offends someone? Unlike libel, truth is not a defense for what may be seen as an invasion of privacy.

You can never be certain that a recording device is not present. As a private investigator, I cannot search people and confiscate their electronic devices. Private investigators do not have any control over the people they interview, nor do they usually have control over the physical surroundings in which the interview occurs. This alters the nature of the questions asked and how they are put to the interview subject.

An extreme example from the U.S.A is one where a defense lawyer sat down with a prospective client in San Juan, Puerto Rico and asked about the GPS bracelet required by as a condition of bail. The prospective client told the lawyer that, “They speak to me through that thing”.  He filed a motion at the Puerto Rico State Superior Court to have the device removed before he interviewed prospective client. During that motion, he learned that it could be used to eavesdrop on their conversation without the lawyer or prospective client knowing. ( A recording knowingly made by the interview subject is not the only thing investigators need to consider.

This does not mean that every question will result in a libel action or that every room is bugged. It does mean that being dragged into an expensive libel action or media circus is something to consider before you start asking questions – especially ones that are sensitive.

ICANN Wants to Close Whois

A working group for Internet regulators at ICANN wants to close all Whois databases. They what to force anybody needing this data to grovel before them before granting access. They are trying to centralize global control over a key component of the Internet. WHOIS allows you to find out who owns a domain name. Without this data, fraud and other crimes will become easier to commit and harder to solve.

Are you a Suspicious Person?

The surveillance conscious subject is more common today than forty years ago when I started in the business. Lawyers coach claimants on how to deal with surveillance. Criminals teach each other on how to recognise surveillance. Unfortunately, PI’s do not receive much training on how to avoid detection of their surveillance efforts.

Clumsy choice or use of the initial vantage point may doom the entire surveillance effort. If the subject sees someone repeatedly over Time, in different Environments and over some Distance, and if the surveillant displays poor Demeanor, then he will know that he is under surveillance. This means that initial vantage point, and the PI’s presence there, must not be remarkable in any way.

Don’t chose the initial vantage point without first evaluating the location. Understand the appearance and behaviour of the people likely to be at the vantage point. Don’t be like the inept guy in the old detective movie — you know the one — the guy leaning against a lamp pole reading a newspaper in the middle of the night.

Observe the vantage point from a position that the subject cannot see — you have questions that need answering. What type of person is at or near the vantage point? How long can you remain at the vantage point without arousing suspicion? What appearance, behaviour or persona will allow you to remain in place without arousing suspicion? Can you follow the subject in your adopted persona or must another team member do that?

Tim Horton’s & Investigative Internet Research

An article titled, Tim Hortons apologizes for blocking gay and lesbian news website by The Canadian Press on Friday, July 19, 2013 caught my attention. Tim Hortons is a popular Canadian coffee shop chain.

The online site of a popular paper that caters to the gay community was blocked by the coffee shop chain as “not appropriate for all ages viewing in a public environment.”. Once the outrage got going, Tim Hortons relented and changed its WiFi network policy.

What has all this got to do with Investigative Internet Research (IIR), you ask? Well, think about it. We often work while on the road and that means doing some aspects of IIR in places like coffee shops.

When you do IIR outside your normal work environment, different rules apply. How do you know what the WiFi network allows and what it doesn’t? How do you know if some things are censored and others are not? How do you know that your results are complete?

Now do you understand the dangers that doing this presents? I haven’t even mentioned the security issues.

Google Reader is Gone

Canada Day (1 Jul 13) has come and gone, and so has Google Reader. You have until 15 July to get your data out of Google Reader.

Now what? Do I need an RSS reader? Where do I get a web-based RSS reader? Have Twitter lists (which you may divide into different topics that focus on blog sources, news feeds and individuals) supplanted RSS? So many questions! So many decisions to make!

The RSS sky isn’t falling quite yet. There are alternatives and choosing one is a good reason to do some digital housecleaning. Alternative readers offer versions for Web browsers, mobile devices running iOS and Android, and cloud-based service. Hopefully, we will see innovation and competition in RSS apps and platforms.

Certainly, social media offers a human element that isn’t present in RSS feeds. However, RSS usually offers focused technical or industry information, the details of which social media usually omits. In the short-term, using  Reeder and Feedly as a front-end for RSS won’t work as these relied on Google Reader. I’m sure that will change very quickly, if it hasn’t already. (I don’t use either of these.) Twitter and Flipboard won’t replace an RSS reader for the information worker. The passing of Google Reader will only affect the ‘normal’ user who relied upon it.

The demise of Google Reader hasn’t changed how we deal with RSS feeds while doing Investigative Internet Research (IIR).  For a detailed explanation of how to handle RSS feeds while doing IIR get my new book, Sources & Methods for Investigative Internet Research, which is scheduled for publication in September.

Addition: Here’s How You Can Extract All Your Google Reader Data