Once, me and Shadab were discussing, how traceable were we on the Internet? So, we decided to do this reconnaissance on each other. This is the documentation of how I did the same on him and how much I could trace him.
Let me first tell you how much I know about him. His name is Shadab Zafar, pursuing B.Tech from Jamia Milla Islamia, same as me. He and me both are a part of JMILUG (a group sort of thing in our college promoting the open source. Hail Linux!!) under which we host some events from time to time. He did a GSoC project in metabrainz foundation. He loves his laptop very much, been a coder since like 10th grade or may be earlier. Here’s his Github account, he has coded a lot of things. He is proficient in web development, interested in Cryptography and Security and Hacking-n-stuff. He was Islamic but now he is an atheist thanks to some books I guess. He has read quite a lot of books.He has one sibling five years younger than him. Well, all of this is sounding more of an endorsement of Mr Shadab Zafar. I am feeling weird now. Lets stop. I will be attempting to trace all the above things I have said and may be more. The things I am assuming I know is his name, Shadab Zafar, his face and the college where he studies. I will be using Incognito Mode of Chrome Browser to search for him. This way, I am not signed in to any social media account, which might have aided me to find him easily. Of course, Google will be the search engine.
Lets start with Google Images first. Search string is “Shadab Zafar”. On second row I found 2 images of him. Awesome. This is how he looks - first, second (I know pathetic he looks, but lets not judge a book by its cover.) Clicking on ‘Visit page’ on each image we are sent to 2 pages,
- JMILUG recently hosted an event where the GSoCers came and spoke about their project.Thus, here our Shadab Zafar was one of the speakers. One link took us to this event page.
- Other link directed to his Github profile.
Lets see what we have got here from the above two links:
- Name - Shadab Zafar
- GSoC Project - A New Website for MusicBrainz Picard
- Github Handle - dufferzafar
- Lives in - India
- Email - firstname.lastname@example.org
- Blog - dufferzafar.github.io
- Github Repositories - here, have a look. I am not gonna type all of ‘em.
Now lets look at his repos and find out his interests in programming languages. Number of projects in each language are given below,
Clearly Python is the winner but looking at the nature of projects under python and the projects in JS and CSS, it can be said that he does a lot of web dev. Also, looking at one of the repos named ‘ctf-docs’ to which he has contributed, relates to the intro to security competitions. Thus, it shows his interest in cryptography and security.
Now, lets go to his blog.
- Blog Name - Duffer’s Log
- Blog Bio - Life. Philosophy. Code.
- Last written on - 25th June, 2014
- Total posts written - 24
Looking at the first post he wrote this year (2014) entitled, “It’s Been Five Years” we can know some interesting facts about him.
- He tried to make a personalized Windows XP (here, is his unattended question)
- Another blog he wrote as a 12th grader - “SHADAB SOFTS. INC.”
Now, from this blog we get to know about him a some more (written by him, of course, on his about page),
- Hails from - Haryana, India
- Birthday - 24th August
- Zodiac - Virgo
- Philosophy of life - “Think More, Do More, Expect Less”
- Ambition in life - To become a “Computer Forensics Expert” (told ya, he was interested in security and cryptography and Hacking-n-stuff.)
This, above information was all from the image search by the search string “Shadab Zafar”. Now, we have one more search string - dufferzafar - apparently he uses this term in lot of things as visible from his blogurl, Github handle, email and we will find the same pattern in other things like usernames, twitter handle, etc. too.
Now, lets see what will we get by searching images for dufferzafar. Here again we get the Github profile pic. Then there is also the home page of his blog in probably from one of his posts. There might me more from his blog but I am not getting into that. There is also an art having
From the above image results a lot of information on Shadab was easily available. I didn’t expect that when I started doing this. That’s enough with image search. Lets get to web search starting from search string “Shadab Zafar”.
So, from the first page itself I get,
- Github Profile (again)
Twitter Profile Here, from twitter we get his current location, which is Delhi and his blog url which we have already seen. We don’t get much useful content, except for his 237 tweets, 23 followers and the list of 142 people he follows.
- LinkedIn Profile From LinkedIn we get his college, Jamia Millia Islamia. We also get that he has worked in MetaBrainz Foundation as a student developer under GSoC. And, we also get JS, CSS and web development from his skills section in the profile. Since I didn’t sign in, I couldn’t see his whole profile.
On second search page we have his Quora profile. There I can see the college he goes to and the profile pic on which the text says “Life Runs On Code”. This obviously seems to be the guy we are inspecting. I also saw this image when I searched images for “Shadab Zafar” and “dufferzafar”. Going back for those images, we get to this same quora profile also to his StackOverflow profile. Here, he has a reputation of 11. And, have accounts on Super User and English Language & Usage which are also the parts of the Stack Exchange Inc. along with StackOverflow.
Searching by image, using this above image in Google search, unfortunately we don’t get anything. Now, it’s time for our final search, that is, searching on Google using the search term “dufferzafar”. Behold, here we get,
- Github Account (and again!!)
- Twitter Profile
- StackOverflow Account
BitBucket Profile (another Github like website) From here we get sure that his location is India. He is a member of this website since Jan 2014. We get his blog url from here too.
- Location - India
- Member Since - Jan 2014
- Blog - dufferzafar.github.io
Trello Account In their own terms, “Trello is the free, flexible, and visual way to organize anything with anyone.”. We get the same image showing “Life Runs On Code” on this service as his profile pic. This is definitely our guy. He now seems inactive on this site but looking at his past activities I observed that there are 2 boards he was a part of, namely, Cryptex and Projects. Cryptex seems to be a hacking competition similar to one he contributed to on Github. Whereas, on projects board we see a few projects listed. Nothing else. Summarizing,
Last.fm Profile Lastfm, is a place where you share with the world what type of music listen to and how frequently. Then, it recommends you some more music based on your music taste. Well, we are not going to determine his taste here. But a few highlights from the account are,
- Blog - dufferzafar.github.io
- Age - 21
- Member Since - 2 Apr, 2013
- Total songs played - 16542
- Loved Tracks - 134
- Total Artists in the Library - 844
- Most listened band - Kings of Leon
MusicBrainz Forums Account A forum where he Registered on 10 Jul 2014. He has discussed about his GSoC Project there from the community for whom he did the project.
Keybase.io profile Keybase, is a place where you get a public key, safely, starting just with someone’s social media username(s). Mr Zafar, have registered here too.
Reddit Account Everyone knows Reddit, no wonder he is a redditor for 1 year. He has written 6 comments in total having a comment karma of -2. Pathetic. Most of his comments are on the posts of sub-reddit r/windowsphone.
Sourcegraph profile (yet another Github like website) There’s nothing done here by him except providing the links to his blog and Github Profile.
SoundCloud Account Again, nothing here. Just made an account and abandoned it.
Facebook Profile Here, he has shared very less with the public. You can see his name, profile pic, cover photo and favorites. This all doesn’t give much about him. His profile pic is similar to his profile pic on Quora. And his cover photo is similar to one I saw when I searched for images of “Shadab Zafar”. Guess what? It takes me to his G+ profile where he is apparently not that active.
HackThisSite Account Hack This Site is a free, safe and legal training ground for hackers to test and expand their hacking skills. Mr Zafar, was once the active member of this site. Some stats are,
- Joined on - 14 Oct 2012
- Basic Level - 10
- Realistic Level - 2
- Application Level - 1
Oninstagram profile This guy has posted a single image on Instagram in his life and you can see that on this above link.
Goodreads Profile I told you that this guy reads a lot of books. Well above link will show you how much. Goodreads is a lastfm like place but for books. Share what you have read and what you are reading. He has rated 58 books with an average rating of 3.81 and has written 5 reviews yet. There are 194 books in his ‘to-read’ list. That’s a lot of books.
- Zafar’s GSoC 2014 Proposal
- location - India
- Blog - dufferzafar.github.io
- Favorite bands / musical artists - Kings Of Leon
- Favorite books - Harry Potter
- Favorite writers - John Green, J K Rowling
- Favorite games - Age of Empires
Now, Kings of Leon is his most listened band as shown on the Lastfm. And here he has mentioned it as his favorite band. Thus, I think we can confidently say this that he likes this band a lot. Secondly, Harry potter was rated highly by him on Goodreads. That again is clearly his most liked book.
Fuck!! I have reached page 3 on Google search and yet new web services or comment on some forum or a question asked on some forum keeps popping up. This is a cumbersome task. This tediousness was the reason this post was on hold for 4 months.
The fucking result of this whole post is that Mr Zafar, you are pretty traceable. And, this amount of information was gathered when,
- I didn’t sign in on any service.
- I didn’t go for his friends on the various services he was present on else, I might have covered more of his web presence.
- Did just a few name searches. A determined person can get hell of a lot more information on him.
As for me, I don’t know how much traceable I am. I hope Mr Zafar will check the same for me. Although, unlike him I am not that active on the web, so lets see how much data he gathers on me.
In writing this post (a bit fun and a quite lot of tedious) I got an idea for a project. Although, I think it must already be made by someone. Still, I’ll explain it here. You might have already guessed it.
A tool to find everything about a person of the web. Everything meaning everything,
- How many services he is present on?
- When did he join that service?
- On which forums he commented on?
- What type of data he shared?
- With whom he shared?
- Preferences in various things - songs, books, web-services, etc.
- Trying other search engines (Bing, DuckDuckGo)
- I can’t guess more, but, clearly there are many more things still remaining.
How can we go about doing this?
Honestly, I don’t know. If I were to do the same at my present knowledge then, I guess I would go exactly as I did in this post.
I will assume I have one image and the real name to search for. Firstly, the images will be searched, for the given name and on all the images a comparison will be calculated from the provided image. Thus, tentative results will be gathered. These results might be in the form of a dictionary where for each service there is required data. And, there will also be 2 separate lists for the images to search for and search terms to search for. These lists will keep on growing as new services/accounts will be discovered. Images list might grow due to the images uploaded as profile pic, shared on social networking sites, included on the blog etc. And the ‘search term’ list will grow as new usernames, first name, middle name, last names will be gathered over the searches. Thus, by searching recursively we might be able to get a considerable amount of data on a person to create a sort of timeline of him on the Internet and generate a profile of him.
Now, as you can see, this tool is not much of a use for the general public. It is almost a spying/stalking/recon tool. I can’t think where else it might be used legally. Anyway, this was just an idea. There are a lot of constraints here in making this piece of software.
EDIT The approach I used to find about Shadab Zafar is not a general approach, I have realized this. After writing this post one of my friend Aditya, made me realize that there are some factors that come into play while finding about a person.
- Person need to have a good web presence.
- A unique identifier (like dufferzafar in Shadab’s case).
- Real name is not that common.
I saw these facts unfolding in front of me by searching about Aditya. His name is pretty common so, I got a lot of results with the same name. In the image search I never got a result matching his image (but there were a lot of faces with which the image recog will give false positives). Moreover, in the web results too, I didn’t get anything on him on the first few pages of Google search. This again fails my approach of finding about a person. And, hence this totally destroys the tool if the person is doesn’t have 1 or 2 things mentioned above.