A lot of us balance privacy concerns vs. usability and in that regard some (maybe most?) are unaware of the data that can be obtained with their Gmail account. Gmail makes use of a Google identifier (Gaia ID), which stores publicly shared data. This data can be reviews, checkins, or various forms of geo tagging you might have made public. How much data can someone gleam from this? What information could someone discern based on our public reviews?
GAIA ID Reveals Much
On the surface, it doesn’t seem like we could get a lot of useful data from my review of a car mechanic. The usefulness of sharing and gaining insight from the reviews of others, is a very compelling pull. We like to share, the good and especially the bad of a venue or purchase. However, if we had tools that could aggregate the data for analysis, then a single user’s spending could come into play. Imagine knowing all the places I review, and then seeing a cost associated with the venue and from that deducing my monthly spend.
Aggregation of Spending
Using a tool like GHunt (an OSINT toolkit for use with Gmail) a Gmail account’s GAIA ID is pulled from the public API and the associated account data is cross referenced with cost metrics. All those venue reviews, it adds up to a complete user profile.
Here’s an example of some data of a person:
Look at the statistics pulled. We can quickly see the amount of reviews, ratings, photos and answers. Wow. The average rating on those reviews is a 4.8 out of 5 (mostly positive), and a cost breakdown is provided: that the places reviewed Google has tagged 14 of them as “moderately expensive.”
GHunt is so nice, it breaks down the expenditures by category. On the left, we can see that this person mostly eats out at Mexican or American venues.
It appears their diet is heavy to fast food. As fast food is usually cheap, the “moderately expensive” spend must come from something other than food.
We can also see this person paid for Air conditioning repair services, indicating they own a property (renters don’t pay for that).
HVAC repairs were tied to this account, another indicator of a home owner.
Interestingly, we cal also get an idea of their traveling habits. While they went to various parks (6 occasions), and one nature preserve, they don’t seem to pay for lodging very often. From this I might wonder if they are living near a local wildlife preserve or park.
There was a wedding venue mentioned, so if this is part of an investigation, that opens relationship possibilities (either getting married or attending a wedding).
Shopping wise, we see spending at appliance stores, music stores, home improvement and building material stores. This reinforces the idea of home ownership.
All in all, we can get a rather interesting view of a person based on their public data and an OSINT investigator would make use on this data to pivot into more aspects of the target’s life.
Where does this data come from? It’s from reviews left through the Google ecosystem. When we leave a review it is obviously public because we want to share about our experience. Google has tagged those venues with cost data from the community (cheap, moderately expensive, expensive, etc.) Google also tags those venues with the types of services they provide.
This is how we can get all that juicy data from a simple Gmail account.
Geo Tagging
We don’t need a fancy tool to find where a Google user has been spotted. If we view a venue on Google maps, and then peruse the reviews, clicking on a reviewer will disclose the locations of all their reviews. Above is an example of this type of aggregate analysis. We can see in the screenshot a person’s geo location, what they like to do or where they spend their money.
GHunt can also do this. The first thing GHunt attempts to pull from the GAIA ID, is a map of check-ins/reviews associated with that Gmail account. That link, will create a similar view as the one above. The difference is in scope. Clicking on a reviewer of a venue is rather random, whereas researching a Gmail account is very targeted. Tools like GHunt can quickly generate a profile on spending and location of a target.
Privacy Concerns
If your privacy is a concern, then consider what you are voluntarily sharing with each review or “check-in” on social media. While such data isn’t as easily accessible from Facebook/X/Mastedon, Gmail makes it very accessible. You can turn off this data (on your phone) but that means your reviews all become private and unaccessible for the public. If you share on Google, then your data can be accessed, aggregated and analyzed. The risk to reward is something each person needs to resolve for themselves.
As a minor stop gap measure, you could try and separate concerns. Having one Gmail account for reviews and another for sending email, will limit your exposure from a tool like GHunt (where a email recipient may investigate you based on your email). However, it doesn’t prevent the situation where someone who comes across a review could easily pull up your profile and see where you spend money, visit, and check-in.
OSINT
For OSINT, having a Gmail can be game changing. An investigation into a target may hit limitations, until you discover their spending habits and geo-locations, all thanks to historic data they volunteered with Google.
While you can dig through a Google profile on Google Maps, it’s much easier to use a tool that aggregates all the data, breaking it down into cost and venue analysis. GHunt makes this easy.
For OSINT, GHunt is a useful tool for the toolbox.