Dumpster Diving…A Treasure Trove

Valuable Open Source information is thrown away every day, waiting to be collected by the thoughtful researcher. Dubbed “dumpster diving,” or “trash picking” a wastebasket becomes a friend to researchers and a foe of anyone you are collecting on. Few people outside the investigative community give much thought to what they are throwing away. Even companies that try to recycle often do it for economic reasons – paper, metal and plastic may bring back money – or for social reasons other than security. Because it can be financially remunerative many people who are looking for a cash turnaround rather than information engage in dumpster diving. Occasionally their efforts turn up in media reports when something that probably should not have been thrown away is found. Protection against dumpster divers of any sort is a major security measure – one that is often overlooked.

How useful dumpster diving is can be readily seen by the fact that a highly-placed US intelligence official was convicted and sentenced to life in prison for working with Moscow operatives. He had thoughtlessly thrown away key clues to his betrayal, not thinking they would end up on a prosecutor’s desk. Expecting anything to be buried forever in a trash heap can be a major mistake.

In the United States the Supreme Court has said that, as a general rule, things left in trash cans curbside are considered “abandoned” and are there for the taking. Municipal ordinances, often designed to assure recycling is economically viable to the city, may alter the legal landscape. Dumpster diving is illegal in some locations, but where it is lawful it is a way to get critical information

Trash cans, dumpsters, recycling bins, and even members of the nightly cleaning crew can help researchers piece together inside information. Recycling containers are often sought out, not only because they don’t contain old banana peels and coffee-impregnated paper cups, but because that is where people trash their notes, their drafts, and the information miscellany that will tell more about an operation than an inside snitch. People may shred things, but many rely on shredders that cut pages into thin strips that can be readily pasted back together instead of the confetti size squares that would make ticker-tape parade snow. Cross-cut shredders are an investment that makes dumpster diving less useful for research. Some of the best shredders will take care of CDs and credit cards. Hard drives and thumb drives require special erasure and disposal techniques.

While a single letter, paper, document, or even a slip of paper with a phone number may seem insignificant at first glance, when combined with other knowledge a piece of trash may provide crucial clues. Moreover, many things that Personally Identifiable Information (PII) including Social Security numbers, make their way to the trashcan.

Dumpster diving – also called trash picking – is safest when people wear long sleeve shirts, jeans, heavy leather gloves, and leather boots because people do throw away sharp and dangerous items.

From a self-protection standpoint, remember that trash containing sensitive information may be intercepted at many points – while the material is at your location, in transit, or even at the dump or recycling facility. Open recycling bins and trash cans are not safe storage for sensitive items on their way to the dump or recycle site. Threats from loose paperwork are almost too many and diverse to mention. However organizations seldom want to make a plethora of things available to snoopers. Key items include:

  • Attendance records
  • Correspondence
  • Coursework or information about training, marketing or sales
  • Credit card information, including offers
  • Customer or order information
  • Delivery and deliverable information
  • Development plans for future projects
  • Digital media such as floppy or CD disks
  • Emails
  • Employment data
  • Financial records of any type
  • Insurance information
  • Internal notes and memoranda
  • Maintenance records
  • Medical files or information
  • Payroll Information
  • Personal notes
  • Price lists or invoices
  • Reports
  • Rosters or phone tree information
  • Schedules
  • Shipping or other labels
  • Supplier data
  • Travel information

Copyright Mark Monday 2018 Text from the next edition of What You Don’t Know…

Google Activity

Google knows quite a bit about you…but how much does it really know?  Take some time to have a look and make sure that the activity meets your personal privacy preferences.

Let’s find the settings.  First, go to google.com.  In the upper right corner, click on the square of squares:

Click on ‘My Account’

Click on ‘Manage your Google activity’ in the ‘Personal info & Privacy’ menu.

Sign in to your Google account.

Once logged in, you can control the settings for the following:

  1. Web and App Activity
  2. Location History
  3. Device Information
  4. Voice & Audio Activity
  5. YouTube Search History
  6. YouTube Watch History

For example, here are my past YouTube searches.

There are even more settings to explore when you look at the ‘Other Google Activity’ menu option.  Keep in mind that that in addition to turning all these monitoring settings off, you can avoid a lot of this being tracked via two methods: 1) most browsers now have a built in feature to do private browsing (see screen shot of Chrome’s Incognito Mode), meaning all the settings like cookies and other tracking mechanisms are turned off.  Keep in mind though, that when you use this feature, it will break a lot of sites. 2) Don’t log into Google!

If you use any of Google’s services (email, docs, drive, etc.), keep in mind that all this data is available to them by default.

From the Revised Book… Emojis

Emojis — those little symbols that have become so popular in the last few years — are a means of communication. They should never be ignored, or forgotten. Modern researchers need to be aware of emojis whenever they are used, and their appearance – which may vary depending on the platform they appear on.


Simple emojis can be used to communicate complex ideas. They have reportedly been used in the past for selling drugs – a dollar sign symbol meaning “for sale.” Crystal meth might be noted as a gemstone; injectable drugs, including heroin, could be shown by a syringe.


Emojis can also be used in many ways. As a code one symbol stands for a word or concept different from the picture. Emojis can be used as a cipher, replacing an alphabet or other writing system. They can easily be used as an alternative alphabet. The site at https://codemoji.org/#/encrypt does a good job of explaining cipher encryption with emojis. When used in these ways the messages require decoding – they may be simple cipher, or complex enough to require the use of codebreakers. That is beyond this book. Nonetheless, when sent in the open, and even if they require decoding, emojis are fair game for open source work and are treated as any foreign language page or a message needing translation.


Researchers must be aware, whenever and wherever encountering an emoji, and particularly several in a series, that information is being conveyed though the message may not be apparent to the uninitiated.

A useful guide to official emojis is at https://emojipedia.org


Copyright Mark Monday 2018 Text from the next edition of What You Don’t Know…