Now Reading: AI’s OSINT tool allow mass analysis of YouTube profiles
-
01
AI’s OSINT tool allow mass analysis of YouTube profiles
An open-source intelligence (OSINT) service claims it can generate detailed profiles on YouTube users based solely on their comment activity.
The tool, part of the “YouTube Tools” suite by pseudonymous developer Lolarchiver, allows users to run a series of AI-powered checks on any YouTube commenter. The tool’s webpage was recently altered to display only the administrator’s email address, presumably in response to increased media attention.
According to a May 28 report by tech outlet 404 Media, the tool can produce reports within seconds that include inferred data such as a user’s geographic location and potential political or cultural leanings.
During the, a user was reportedly identified as living in Italy based on Italian-language commentary and references to an Italian TV show.
AI is making OSINT lazy
While the insights generated by YouTube Tools are based on publicly available data, the tool has significantly lowered the barrier to entry for digital profiling. Anyone can look up what a YouTube commenter has written and make those deductions themselves.
Still, it would usually take painstaking research and reading through a lot of boring content. With AI, all it takes is a click.
In addition to YouTube Tools, Lolarchiver also provides OSINT tools for Twitch, Kick, League of Legends, nHentai, leaked databases search, X, email reverse lookup and phone reverse lookup. Legal experts warn that some of these tools may be in violation of platform terms of service or even local data protection laws, depending on where they are used.
Related: Third individual arrested in NYC crypto torture and kidnapping case
Not playing by the rules
YouTube Tools is likely in violation of YouTube’s policies. This is because the website’s terms of service allow data scraping, but “only in accordance with its robots.txt” file, which lists the indexable pages — this service likely does not respect such limitations.
The service also allows you to search leaked databases, and the legality of doing so depends on your location. While looking up your data is generally legal, searching for third-party data without a lawful basis can be a breach of the European Union’s General Data Protection Regulation or state privacy laws in the US.
If the data includes credentials, using them may cross the line from civil to criminal charges, depending on the jurisdiction. According to 404 Media, Lolarchiver’s administrator is located in Europe, and the EU has stringent requirements for processing personal data.
The importance of data security
The rise of tools like Lolarchiver highlights the long-term impact of historic and ongoing data breaches. Whether through newsletter sign-ups or Know Your Customer (KYC) processes on crypto platforms, personal information is frequently exposed in hacks and database leaks.
This is because databases often end up in leaks that then make their way to stolen data marketplaces or services, such as Lolarchiver. An old example that still echoes in the crypto space is a data leak by hardware wallet producer Ledger, exposing the personal information of over 270,000 customers.
The author of this article, who was affected by the leak, reports receiving scam emails daily as a result. A more recent example is Coinbase’s data breach from this month.
That hack exposed Coinbase users’ account balances, ID images, phone numbers, home addresses and partially hidden bank details to attackers. Such issues are part of why some in the cryptocurrency space raise concerns about KYC requirements.
Related: France arrests over 12 suspects linked to crypto kidnappings: Report
KYC and $5 wrench attacks
For cryptocurrency holders, the exposure of KYC data can be especially dangerous. A growing number of physical attacks — sometimes referred to as “$5 wrench attacks” — target individuals believed to hold large amounts of crypto.
Recent reports indicate that as cryptocurrency grows in popularity and price, some criminals are taking to violent measures to steal funds from high-profile crypto holders. A repository of known physical attacks on Bitcoin holders reports 29 cases in 2025, not including unreported incidents or those that did not receive media attention.
As privacy concerns mount, tools like YouTube Tools reflect a broader trend: the growing ease with which digital footprints can be turned into invasive profiles, often without user awareness or consent.
Magazine: In crypto, no one cares who you are: Here’s why that’s a good thing
Related Posts
Stay Informed With the Latest & Most Important News
Previous Post
Next Post
Advertisement
:max_bytes(150000):strip_icc()/GettyImages-2207841764-4e3e62598d124d3b969fc8ec44833a37.jpg?w=150&resize=150,150&ssl=1 "6 Key Alternative Investments to Consider for Your Legacy Plan")
:max_bytes(150000):strip_icc()/INV_SeniorLesbiansPayingBills_GettyImages-1400799722-7df21d05ac4847d5b90dd7588f27274f.jpg?w=150&resize=150,150&ssl=1 "This Potential Policy Tweak Could Supercharge Your Health Savings in Retirement")