Executive digital privacy

Why Social Engineers Target the Executive's Family

A protected principal is a locked front door. The behavioural data shows the family is the side door: less defended, more susceptible, and the path attackers take to reach the principal.

6 min·4 Jun 2026

How to Protect Your Digital Footprint: What You Can Do Now, and Where It Stops

Most guides on protecting your digital footprint stop at strong passwords and private accounts. The work that actually reduces your exposure is elsewhere — in metadata, identifiers, and device defaults.

10 min·4 Jun 2026

The Optimal Moment: How Your Digital Footprint Tells an Attacker When to Strike

Sophisticated social engineering attacks are not random. They are timed. The data that reveals when to strike is largely public — and most of it you have already published yourself.

9 min·4 Jun 2026

What Does the Internet Know About Me?

Your browser transmits a detailed fingerprint before you do anything on a page. This piece maps five standard data layers and dissects a real fingerprint to show how investigators chain device signals to a single identity.

8 min·2 Jun 2026

The Structural Doxing Problem: European Executives Face Harder Exposure Than Their US Peers

From Rotterdam to Glasgow, activist campaigns are targeting corporate offices across Europe through supply-chain research. In September 2025, that escalation reached executives' personal residences in the UK. Here is what the research chain looks like — and what you can do about it.

7 min·1 Jun 2026

When Privacy Becomes a Price Tag: The Three-Tier Problem in Europe’s Data Market Debate

A Bruegel working paper proposes regulated data markets as Europe’s fix for the consent impasse. On examination, the three-tier model makes full privacy available only to those who can pay for it.

11 min·27 May 2026

EU Facial Recognition: Loud Regulation, Quiet Enforcement

The EU has the strictest facial-recognition rules in any major jurisdiction. It also has Clearview AI, fined more than €110 million across five member states, paying nothing, still indexing EU residents’ faces. The gap between regulation and enforcement is the story.

11 min·4 May 2026

What Traces Do You Leave Online: The Silent Data Trail

Your visible online presence is only the surface. Below it sit contact graphs built by others, location broker pipelines, insurance registers, archive snapshots, and an AI assistant layer that logs and may train on everything you type.

16 min·4 May 2026

METHOD

How a Mirror Investigation Runs

What actually happens in 48 hours of a Mirror investigation: the four sequential stages a finding moves through before it appears in the report.

14 min·30 Apr 2026

Is Doxxing Illegal? How EU, UK and US Law Treat It in 2026

How doxxing is treated under Dutch, German, French, UK and US law in 2026: dedicated criminal statutes, GDPR overlay, federal-and-state patchwork, and what victims can do.

13 min·29 Apr 2026

The Identity Pack: How Breaches Without Credentials Fuel Executive Targeting

When a breach notification says no credentials were exposed, the data that was exposed is often exactly what executive targeting is built from.

10 min·20 Apr 2026

The Reconnaissance Phase: Why Whaling Attacks Start With Your Data Broker Listings

BEC and whaling attacks rely on personal data gathered during the reconnaissance phase. Removing that data from brokers and breach databases disrupts the attack before it begins.

9 min·7 Apr 2026

Agentic AI Is Building Executive Profiles. Here’s What Feeds Them.

AI search engines build executive profiles by connecting data across brokers, breach databases, and public registries in real time.

8 min·7 Apr 2026

Deepfake Detection: A Practical Guide for Executives and Their Teams

How deepfake fraud works, why detection alone is failing, and the verification protocols that actually prevent losses.

10 min·3 Apr 2026

METHOD

OSINT Research vs Stalkerware: Where Investigation Ends and Surveillance Begins

The FOUR rubric used by law enforcement — Fixated, Obsessive, Unwanted, Repeated — applied to the line between legitimate OSINT research and stalkerware surveillance, from both the investigator's and target's perspective.

12 min·28 Mar 2026

How Executives Get Doxxed — and What Europe Is Doing About It

From the CEO Database to the Netherlands' first doxxing arrest, executive targeting has become organised. Here is where the data comes from, what the law now says, and what you can do about it.

7 min·24 Mar 2026

What Is a Digital Footprint — and How Attackers Use Yours

Your digital footprint is the sum of all data that can be linked back to you online. Here is what it contains — and how attackers exploit each piece.

9 min·23 Mar 2026

If You Were in the Odido Breach — What to Do Now

The Odido dataset is public. If you were a customer — even a decade ago — your data is likely in it. This is what the exposure enables, and what closes it.

7 min·14 Mar 2026

METHOD

The Mosaic Effect: How Harmless Data Combines Into a Complete Profile

Your employer is public. Your general location is public. Your gym, your commute pattern, your lunch spot — all public. None of it is sensitive on its own. But combine them, and something qualitatively different emerges.

8 min·9 Mar 2026

What Cryptocurrency Transactions Reveal About You — Without You Knowing

Bitcoin transactions do not contain your name — but pseudonymous is not anonymous. The moment a wallet address links to your identity, that link is permanent and retroactive. Covers KYC breach risk, blockchain tracing methodology, Monero's reputational problem, and the Bitfinex and Colonial Pipeline cases.

8 min·8 Mar 2026

If Dutch Ministers Could Not Stay Out of the Odido Dataset, You Probably Didn't Either

Four ministers. A senior intelligence officer. Three individuals under active government protection. The Odido breach did not distinguish between ordinary customers and people who thought they were managing their exposure. What each data field enables — and why the window for acting is narrowing.

6 min·8 Mar 2026

The Accounts You Forgot About Are the Ones That Expose You Most

Most people think about their current online presence. They overlook the usernames, photos, emails, and forum posts from a decade ago — and that is exactly what attackers are looking at.

8 min·6 Mar 2026

Your Digital Profile Already Exists. You Just Have Not Seen It.

Before anyone searches for you, your profile is already assembled. Three freely available layers — social media, data brokers, and breach data — combine into something far more complete than most people realise.

9 min·4 Mar 2026

The OSINT Ethics Spectrum: When Does a Tool Become a Weapon?

Sherlock, GHunt, SpiderFoot, Recon-ng, Maltego — the same tools used in legitimate investigations are used in stalking and doxxing. A feature-by-feature ethics map of the most popular OSINT platforms.

22 min·2 Mar 2026

Punch the Monkey: OSINT and the Battle of Narratives

A baby spider monkey, three conflicting headlines — and a masterclass in how the same footage can be spun into entirely different stories. Here is how OSINT methodology cuts through viral fiction to find what is actually true.

5 min·27 Feb 2026

What Investigators See When They Search You: A 2026 OSINT Breakdown

A step-by-step walkthrough of how OSINT analysts build a complete profile on any individual using only public sources in 2026 — and what you can do about it.

10 min·26 Feb 2026

Why Using AI for OSINT Leaves a Trail — And What to Do Instead

Using ChatGPT or Perplexity for OSINT research leaves an auditable trace that compromises operational security. Why automation with manual interpretation is the correct methodology.

12 min·26 Feb 2026

How Criminals Bypass KYC Checks Using Your Leaked Data

KYC identity verification was designed to stop fraud. Here's how criminals use your leaked data to defeat it — and what that means for your exposure.

8 min·25 Feb 2026