Archive for the 'Search Strategies' Category

Page 2 of 12

Chrome is Listening

So you want to use Chrome as your browser. Are you aware that it has recently been reported that a Chrome Bug Allows Sites to Listen to Your Private Conversations?

The best way to avoid this threat is as follows:

  • Go to chrome://settings/content
  • Scroll down to Media
  • Select “Do not allow any sites to access my camera and microphone.

This will disable Google’s Conversational Search, etc. but security will be increased.

I never liked the way Chrome ‘phoned home’ to Google with user tracking, bug tracking etc. I have also found extensions that had malware-filled updates. However, it is faster than Firefox, which over the course of a research project may save hours of extra time. I resisted using Chrome due to security & privacy issues.

I now use is Comodo Dragon, which is based on the open-source Chrome browser, however, it is more private and secure if used properly. I disable the camera & mic as SOP, so I haven’t investigated how Dragon responds to this exploit. The setting change that I outlined was in reference to the actual Chrome browser and this particular exploit, there may be more that I don’t know about.

I am very careful about exposing myself to the internet. My outward-facing computers don’t have cameras or mics to entirely circumvent malicious software like this and the likes of Finspy.

Exif Viewers

In a past article, I explained Exchangeable Image File or Exif data and pointed you to www.regex.info, an easy to use exif viewer with a geo-locator. The regex.info Exif viewer allows you to enter the image URL or to upload an image for analysis. It doesn’t require JavaScript and it doesn’t have any widgets.

Another easy to use online exif viewer may be found at www.fotoforensics.com, but you must enable JavaScript to use it. You can use the URL of the picture instead of uploading the image.

The online exif viewer at www.gbimg.org has a lot of widgets on it.

My last discovery was the Exif site at http://www.findpicturelocation.com. Just upload the picture and it will show the location where it was taken. It only works with .jpg or .tif files. You must upload the image to the site, so who knows where it might end-up. This uses the Google API for the mapping. Not all pictures have the GPS coordinates in them.

Trolling RSS Feeds

RSS (Rich Site Summary) is a format for delivering regularly changing web content. Many news-related sites, blogs and other online publishers syndicate their content as an RSS Feed to whoever wants it.

I have written quite a lot about RSS in the past. The following are my choices for both installation on a PC and for a web-based reader.

RSSOwl

RSSOwl is cross-platform as it’s Java-based. It handles RSS, Atom and RDF in terms of feed formats. You must have Java installed, no matter where you run it. It cooperates with Firefox to add feeds to RSSOwl from the browser. Just go to the feed and copy the URL then go to RSSOwl and click on add feed and it knows where to find the feed. You can also drag and drop Feeds from Firefox into RSSOwl. RSS Owl has an embedded web browser, so you don’t have to open up a separate browser window to view links or to view the full version of feed items that are shortened. You do have to set this up under “Browser” in the Preferences menu option. Choose to Default to the Embedded Browser. To get the RSSOwl embedded browser to work properly with OneNote so that it includes the URL in pasted items, you must enable Java Script. I do not recommend doing this except on an isolated machine otherwise, malicious Java Script code could cause serious problems.

RssBandit

When I need to collect video and podcasts from RSS feeds, I turn to RssBandit. The embedded browser is MS Internet Explorer, therefore, it includes the pertinent URL when you copy to OneNote as the embedded browser is the same.

This is my favorite RSS reader overall, though, I have experienced occasional problems with exporting feeds for another implementation of the reader. This problem seems to stem from differences in the underlying OS on the importing computer. It can be an irritation when starting a project with tight deadlines.

RSSOwl has an edge for a group of researching working in a collaborative environment as it is easier to set-up and distribute to the group.

Web-based RSS Reader

The two most popular seem to be Feedly and Inoreader readers that offers similar features and options.

Inoreader offers secure HTTPS access and over 40 different customization options. If I must use a web-based reader this is the one.

I refuse to use Feedly because extensions like NoScript, Adblock, HTTPS Everywhere, etc. prevent the site from loading. I never use sites infested with stuff that my normal suite of extensions prevents from loading. You only have to encounter one ad with malicious code to cost you many hours of work to purge the problem code from your machine.

Incognito Searching

Your search and browsing behaviour allows Google to personalise your search results. To escape this filtering of your results use a private browser window called incognito as it is called in Chrome. Google will then ignore tracking and search cookies to stop personalising your results. To get a private browser or incognito window use the following key combinations:

  • Chrome –  Ctrl+Shift+N
  • FireFox – Ctrl+Shift+P
  • Internet Explorer – Ctrl+Shift+P

I have found that this approach doesn’t work with Bing.

Google-Free Wednesday–Metasearch

Metasearch for the Big Guys

Dogpile returns results from Google, Yahoo!, and Yandex. The Russian engine, Yandex, is the fourth largest search engine in the world and Yahoo! is really the Bing search engine database.

Dogpile is only good for short and simple search statements, however, it is a good for a quick look at what you are likely to get from the largest search engines.

Copernic Agent

Copernic has stopped selling its professional version metasearch tool and discontinued all support for both the professional and free personal versions of Copernic Agent. It only searches five of the 15 search engines it purports to search (Google, Bing, Yahoo, Dogpile, and Open Directory Project).

Copernic is Windows only.

iMetaSearch

iMetaseach is a possible replacement for Copernic. It is now in version 5.03, so it isn’t a new kid on the block. The paid version searches Google and purports to search 11 other search engines.

The program groups search results by concept; click a group that interest you and the search results will be revised. This is an effective method to refine search results and get the most relevant results. It’s very effective for ambiguous search terms.

Unfortunately, iMetasearch has a steep learning curve, but if you frequently conduct Investigative Internet Research it is worth the effort to learn how to use this advanced web search tool.

iMetasearch is Windows only.

Google Free Wednesday—DDG Site Search Command

The DuckDuckGo (DDG) search engine aggregates content to provide search results while offering significant privacy features. My favorite search shortcut in DDG is its version of the Google site: command. Place an exclamation point before the site you want to search–for example, “private investigator” !facebook. The exclamation point directs the search to a specific site. In this case, you will have to login to your Facebook account to see the results.

Google Free Wednesday — Yahoo! Alerts

The apparent demise of Google Alerts forced me to turn to Talkwalker and Mention for alerts. However, Yahoo! Alerts offer some utility for keeping up with the world. In the past Yahoo! Alerts was only good for news. It now extends into the full web as catalogued by the Bing database. If you don’t already know it, Microsoft swallowed Yahoo! search whole in 2009. Perhaps we should call it Microhoo.

You need a Yahoo! account for Yahoo! Alerts. The results cannot be pushed to an RSS feed, they only arrive via email, Yahoo Messenger, or mobile device, depending on what you have set-up in your Yahoo! account. Not all alerts allow for delivery using all three of the above delivery options.

To create an alert, select Y! Search from the drop-down list on the right side of the opening page or select Y!Search from the list on the initial screen. Next sign-in to your Yahoo! account. In the Search keyword field add the search terms as you would in the normal Yahoo! search box. In the next drop-down list select what you want searched, I normally select Web or News. Finally select the frequency of the search. The search preview will only show anything added to the database in the last 24 hours.

Windows Error Reporting Risk

Windows Error Reporting (WER) is a crash reporting technology introduced by Microsoft with Windows XP. However, we now know that it may send Microsoft unencrypted personally identifiable information contained in the memory and application data that may make you vulnerable to attack. WER is turned on by default. WER from Windows 8 may now use TLS encryption.

The Snowdon leaks described how the U.S. National Security Agency intercepts the unencrypted WER logs to fingerprint machines like some malware to identify potential system, network and application weaknesses to execute attacks that move through an enterprise network. WER reports on more than Windows crashes. It reports hardware changes, such as the first-time use of a new USB device and mobile devices. It sends time-stamp data, device manufacturer, identifier and revision, along with host computer information such as default language, operating system service pack and update version, hardware manufacturer, model and name, as well as BIOS version and unique machine identifier. This creates a blueprint of the applications running on a network to help an attacker develop or execute attacks with little chance of detection.

This is only one example of the OS, applications, browsers, etc. leaking information that the investigator must be aware of when conducting investigative internet research.

To shut-off WER in Windows 7 go to Control Panel>System and Security>Action Center>Change Action Center settings>Related settings>Problem reporting settings. The selections for “Each time a problem occurs, ask me before checking for solutions” and “Never check for solutions” disable WER. Choosing Never check for solutions will fully disable error reporting in Windows 7.

 

Training for Investigative Internet Research (IIR)

IIR is a very competitive sport. If you don’t find the needed data, then the opposition wins.

Now you might ask, “how does one train for the ongoing IIR competition?” My answer to this question comes in two parts.

First, read about IIR and read the manuals for the software that you use to produce your end product. You must learn about sources and the methods used to produce a report that is fit for decision-making.

Second, one must practice using these sources and methods.

You can get a sound grasp of the first requirement from my book, Sources and Methods for Investigative Internet Research and this and other blogs, and I will share some secrets about the second requirement right now.

Practice finding more details about obscure news items that you see on TV or Twitter. You must collect the full story, write the story in report format, and preserve all the supporting material. Time yourself for completing the overall task. Also time your wasted effort. It is important to do both if you want to improve your performance. You can also set a time limit for the task using a countdown timer like XNote Stopwatch. For a timer that allows you to log wasted time, you can use Time Stamp.

Consider the following training exercise; there is a news item about a Spitz dog found near death on a trash heap in California during the week of 9 Dec 13. I knew the dog was a Spitz from the TV news item and I also knew the approximate date from the date of the news item. My training task was to get the basic 5 W’s on paper in twenty minutes. Could you do the same thing? If not, then here’s how.

I had the basic when and where—only in a vague sense. I know that search engines are not very good at handling calendar dates. I know my basic search statement will be dog trash California and I am certain they won’t report the breed accurately. That leaves me with the date, search statement, and as it was a TV news items there will be images and video. Where do I start to get it done in twenty minutes?

I know that only Google handles calendar dates in a usable manner and that it has excellent news content. I should also search Bing, Yahoo!, DDG, and Devilfinder. Time is not on my side.

I set-up a OneNote notebook with two tabs. One for research material collected from the web and one for the 5 W’s. Under the 5 W’s tab, I create a sub page for each W. I will use the 5 W’s material to create my report in Word as I would any other report.

Fagan Finder to the rescue. It organises search engines into useable groups and gives you an easy to use interface, such as the Google Ultimate Interface and Google Search By Date Interface.

For the search term, dog trash California, Google had excellent results and Bing had poor results, as did DDG and Yahoo!. The problem was that there were two similar stories one involving a poodle and one that was the subject of this exercise. Google eliminated the poodle stories when searched by date. Devilfinder produced excellent results as well.

From Devilfinder, along with the Google Ultimate Interface and Google Search By Date Interface I was able to provide all the W’s and complete a short reporting memo in twenty minutes while maintaining the proper citations and source material in OneNote.

Train hard.

Geo-locating Images

MyPicsMap.com allows viewing Flickr photos on a fullscreen Google map. To view photos of a  particular Flickr user just enter the username.

loc.alize.us provides the geo-location of photographs uploaded to Flickr. You can search by username, tags, and sort them by date. It uses satellite imagery is provided by Google.

Connect the Dots and the Dox

You don’t need to hack into a computer to learn about someone. Today, most people that I investigate leave a revealing online profile — I just have to connect the dots or the publicly available dox (documents).

Online malefactors try to do their misdeeds anonymously through an alias. Usually, they tend to reuse their aliases. It only takes one obscure use connected to the miscreant’s real name. Now I have the real name to run through the usual searches which will reveal other aliases, Facebook pages, and Twitter accounts, all of which yield titbits of useful information.

Getting Advance Knowledge of New Products

Companies operating in the U.S. often file ‘Intent-To-Use’ applications for trademarks and thereby disclose the names and descriptions of forthcoming products and services six months before the product launch. Extensions of up to two years are sometimes granted if the launch process becomes bogged down.

Searching the Trademark Electronic Search System (TESS) of the U.S. Patent & Trademark Office will find the ‘Intent-To-Use’ applications.

How to Get More Relevant Google Results

Did you know that you can improve your Google results by changing the order of the words in your search statement? Try searches for “civil society” or “society civil”, with and without double quotes. Do you notice any difference in the search results?

Did you know that you can make your Google search results more relevant by changing the reading level? If your search statement is complex or the topic is complex then selecting the advanced reading level may yield more relevant sites. To make this selection, click on Search tools then All Results and click on Reading level. The results will then be annotated with reading levels as well as a percentage breakdown of results by reading level. To filter by a reading level, click on the desired reading level. To go back to all results, click on View results for all.

Carrot Search

I use clustering search engines to build the most specific search statement possible for use in the large search engines. Carrot Search is a clustering search engine that I have added to my stable of tools. It uses Lingo3G — the third generation document clustering engine that features multilingual and hierarchical clustering, synonyms, and advanced tuning capabilities. This produces good results that are properly clustered with tabs to cluster results from different search engines, except Google.

ICANN Wants to Close Whois

A working group for Internet regulators at ICANN wants to close all Whois databases. They what to force anybody needing this data to grovel before them before granting access. They are trying to centralize global control over a key component of the Internet. WHOIS allows you to find out who owns a domain name. Without this data, fraud and other crimes will become easier to commit and harder to solve.