OsintSupport

@EthicalHoopz @PolitlcsGlobal @lemondefr All you have to do is scrape the activities on a regular basis and you can do this all day long, despite even the pentagon telling it staff to stop using strava they still do, along with lot of other sensitive locations. Ive posted a few times about it x.com/osintsupport/s…

@PolitlcsGlobal @lemondefr If I had a nickel for every time sensitive military information has been exposed with Strava, I’d have 4 nickels, which isn’t a lot, but it’s weird that it happened 4 times

🚨🇫🇷 NEW: The location of the French aircraft carrier, FS Charles de Gaulle, has been given away by a sailor using Strava whilst jogging on the ship deck [@lemondefr]

@LifeInGen6 @TechloreInc What’s more wild is how this method is very very rarely protected with rate limiting. Facebook, WhatsApp, Apple, Strava, all of them have fallen fowl of this.

What’s wild is how often “contact discovery” ends up being the soft spot in systems people assume are private. It shows how fragile messaging infrastructure still is when identity and communication aren’t verifiable or protected at the protocol level. A reminder that privacy by design isn’t optional anymore.

🚨 MASSIVE: Researchers scraped 3.5 BILLION WhatsApp phone numbers using the app's contact discovery feature, along with profile photos and bios for millions of people. This would be "the largest data leak in history" if it hadn't been done by researchers 🧵

@nbacyberguy @CraigHRowland Exactly. However that would take a level of integrity he clearly lacks. Instead of admitting he’s wrong, he doubles down. Even his Tor comment is nonsense.

@OsintSupport @CraigHRowland It would be so easy for him to say "I made a mistake". But no, he just making it worse

I'd estimate about 99% of all Tor traffic is kiddie porn, fraud and other crime. If you are using it to "ProTECt mY AnoNYmity" you are painting the hugest target on your forehead to be surveilled. The slightest error and you will not be anonymous.

@CraigHRowland Ask any survivor how they feel about their abuse being called “porn.” They don’t. That’s why professionals use CSAM, it’s about respect and accuracy. You work in security, you know precision matters. Calling CSAM “porn” is like calling a malware payload “software.”

@OsintSupport Don't put words in my mouth. You'd have to be an idiot to not know that child pornography is abuse.

@CraigHRowland It’s not pornography, it’s child abuse. The fact you don’t see the difference is exactly why terminology matters.

@OsintSupport Who thinks child pornography implies consent or is legal?

@CraigHRowland The acronym isn’t about “hiding it” , it’s about accuracy. “Kiddie porn” implies consent or legality. CSAM makes it clear it’s child sexual abuse, not “pornography.” The wording matters because the harm is real.

@OsintSupport Everyone knows what I am saying and there is no need to hide it behind an acronym.

@CraigHRowland People love to claim Tor is full of CSAM, but the reality is far darker, most abuse material surfaces on the clear web, social platforms, and messaging apps. Tor isn’t the source of the problem; the open internet is. 2/2

@CraigHRowland The term “kiddie porn” trivializes real child abuse. The correct term is CSAM (Child Sexual Abuse Material) it’s evidence of a crime, not “pornography.” Words matter. 1/2

@jaredlander You should check out ClickHouse

Was helping a client today with a 500 million row dataset. It took about 42 GB as a CSV & 7 GB as a parquet file. We needed a count of rows per ID. We tried Arrow but gave up after staring at the console for a few minutes. Switched to DuckDB & got an answer in less than a second.

@AIBuzzNews @UnslothAI @xai I have a maxed out MacBook Pro M4 with 128GB of ram for this very reason.

@UnslothAI @xai Who has 120 GB locally? I have a fairly powerful computer with 64 GB of memory, which most people don't have.

You can now run @xAI Grok 2.5 locally on just 120GB RAM! 🚀 The 270B parameter model runs ~5 t/s on a 128GB Mac with our Dynamic 3-bit GGUF. We shrunk the 539GB model to 118GB (-80%) & left key layers in higher 8-bits Guide: docs.unsloth.ai/basics/grok-2 GGUF: huggingface.co/unsloth/grok-2…

@FWOsint @UKOSINT @unusual_whales I was working on something a couple of months ago with the same dataset which could predict with extremely high accuracy people who worked at these locations and other so long as they did activities within 1-2 miles. And was close to more than 3-4 of these locations. 3/3

@FWOsint @UKOSINT @unusual_whales I was able to then identify people who worked at sensitive locations like the Pentagon/CIA/NSA and then their home addresses. Even Putins Palace. It’s not just Americans but even Russians using the app at sensitive bases/locations. 2/3

BREAKING: Elon Musk asked who went to Epstein's island, and it answered: Bill Clinton, Prince Andrew, Alan Dershowitz. It also notes Trump used the plane.

[9/9] I might write a full article on this once the run and research are complete. In the meantime, if you’re interested in the details like methods, performance, tooling, or results, feel free to DM me.

[8/9] Progress snapshot Scaling well.

[1/9] Working on a new and extremely ambitious project. Generating 208 Trillion Gmail addresses to brute force a hash table of 80M MD5s. Trying to reverse anonymised emails at scale. Here's how it works and why it matters. #osint #infosec