OSINT in Denmark: An Essential Tool or a Privacy Nightmare?
Open Source Intelligence (OSINT) is a crucial practice employed by security professionals for collecting information from publicly available sources to support investigations and decision-making. Danish OSINT sources offer a rich source of data due to Denmark’s strong tradition of open data and transparency. However, personal information leakage through open APIs is a grave concern that security professionals must address.
Open APIs that allow access to sensitive information, such as a person’s name, telephone number, address, and other personal data, can be a significant privacy issue. Unauthorized access to this data without the individual’s consent can lead to devastating consequences. Therefore, security professionals must be vigilant to detect any such breaches.
MobilePay, a prevalent mobile payment application in Denmark, can be employed to convert almost any private telephone number to a particular name and photo, thus reviving the old phone books in modern times. Furthermore, one cannot protect themselves from leakage through MobilePay, since it is a critical app for real-time bank transfers.
In addition to personal information, Danish companies and websites are also subject to specific legal requirements. For example, it is legally mandatory for all company owners to be registered with the Central Business Register (CVR), which is maintained by the Danish Business Authority. By accessing the CVR, security professionals can retrieve information such as contact information and address of anyone who owns a company.
Similarly, website owners in Denmark must register with DK-Hostmaster, an organization responsible for managing the .dk domain. Access to DK-Hostmaster allows security professionals to retrieve information about a website, including owner details, contact information, and owner address.
What do you think about the use of open data for OSINT purposes? Is it a good thing because it can lead to innovation and support decision-making, or is it bad because it can potentially compromise individuals’ privacy and personal information?