What Is OSINT? A Plain-English Guide
Open-source intelligence, explained for recruiters, HR teams, and anyone who has to vet a person or a company without a security background.
OSINT (open-source intelligence) means gathering and analyzing information that is already public. Think of it as careful, organized looking-up. You use sources anyone could reach, such as websites, public records, and DNS data, to confirm whether a person, vendor, or candidate is who they say they are. It is not hacking and it is not surveillance. The line is simple: OSINT stays within public, lawfully accessible data, and never breaks into private accounts or systems.
What OSINT actually means
OSINT stands for open-source intelligence. The term comes from the intelligence and security world, but the everyday version is much less dramatic. It just means collecting information from sources that are openly available, then making sense of it. The US Office of the Director of National Intelligence defines open-source intelligence as intelligence produced from publicly available information, and that framing applies just as well to a recruiter checking a vendor.
The "open source" part has nothing to do with open-source software. It refers to open sources of information: things anyone can access without special permission, a password, or a court order.
What counts as a public source
A public source is any information that is lawfully available to a normal member of the public. Common examples include:
- Company websites, blogs, and press releases.
- Public social media profiles and professional networks.
- Business registries, court filings, and other government records that are open to the public.
- Domain and DNS data, including who hosts a site and which mail servers it uses.
- News articles, academic papers, and conference talks.
- Public phone-number metadata such as carrier and line type.
If you would need to log into someone else's account, guess a password, or trick a person into handing over data they meant to keep private, you have left OSINT territory.
Everyday uses
You probably already do informal OSINT. Doing it deliberately just makes it faster and more reliable.
Vetting a contact
Someone emails you a deal that seems too good. A quick check of their domain, the age of their email setup, and whether the company actually exists can tell you a lot before you reply.
Checking a vendor
Before sending money or sharing data, confirm the business is registered, the website is real and not freshly created, and the contact details line up across public sources.
Screening a candidate
For remote roles especially, light public checks help confirm a candidate is who they claim to be. This matters in fraud-prevention contexts, including the candidate-impersonation schemes that the US Department of Justice has described in public enforcement actions.
OSINT versus surveillance and hacking
This is the part people most often get wrong, so it is worth being clear.
- OSINT uses information that is already public. No access controls are bypassed and no one is secretly monitored.
- Hacking means gaining access to systems or accounts you are not authorized to use. In most places this is illegal under laws such as the US Computer Fraud and Abuse Act.
- Surveillance means actively monitoring a person, often without their knowledge, which can carry its own legal and ethical limits.
The same fact can be fine or not fine depending on how you got it. Reading a public LinkedIn post is OSINT. Logging into someone's account to read their private messages is not.
The "public data only" line
Responsible OSINT follows a few simple rules:
- Public only. Stick to data a member of the public could lawfully reach. Do not bypass logins, paywalls you have not paid for, or technical protections.
- Purpose matters. Even public data can be regulated when used for hiring, credit, or tenancy decisions. Privacy rules such as the EU GDPR and sector laws like the US Fair Credit Reporting Act may apply.
- Proportionate. Collect what you actually need for a clear reason, not everything you can find.
- Treat findings as leads, not verdicts. One data point rarely proves anything. Use it to ask a better question.
When in doubt, check your organization's policy and applicable law before acting on what you find.
Try OSINT with no setup
CleanOSINT runs four free, public-data-only lookups in your browser. No login, nothing stored.
Open the OSINT tools →This guide is educational and reflects publicly available information about open-source intelligence practices and the laws referenced. It is not legal advice, hiring advice, or a recommendation about any specific person, company, or decision. Checks involving people should follow your organization's policies and applicable law.