This FAQ page is a digest of questions e-mailed to Qwarie, along with the answers we supplied.
1. Choice of Browser
A1.1. mSIS does not run on Chrome.
Chrome raises privacy concerns and should not be used if you intend to perform safe OSINT research.
Don't take our word for it!
A1.2. Depends how you define 'safe'. Technically Chromium is safe, but for OSINT research, we understand that it is not safe.
Check out these links:-
This one is more tech, but it demonstrates that the code behind Chromium makes a lot of connections with Google.
305, to be precise.
When an OSINT researcher uses Chromium, the evidence is leaking to Google.
Reputationally, there is too much risk for Qwarie to release mSIS for Chromium.
A1.3. https://restoreprivacy.com/secure-browser/ advise that there are privacy concerns with:-
- Google Chrome
- Microsoft Internet Explorer/Edge
A1.4. Good question! Three reasons why Qwarie has not developed mSIS as a Chrome extension.
1. Privacy. Chrome leaks, Firefox doesn't leak.
2. GDPR. Chrome allows for rapid rendering of a page, so it can be saved as an off-line archive.
If we had made a Chrome extension, allowing a customer user to download and save personal information about people that are connected with the subject of an investigation on, for example, a Facebook page, where those other people that might be no part of the investigation, and where there is no legal basis to download and store that personal info, mSIS would allow the user to contravene the GDPR.
Our customer might receive a large fine from the ICO for contravening the GDPR. At Qwarie, we know we are safe. Our customer users won't get inadvertent exposure while using mSIS with Firefox.
3. Be diligent. As an OSINT researcher, you should keep your general web activity well separated from your OSINT research.
We recommend you should use Bravo for general web activity and Firefox for OSINT work. This way, pages that are not part of an investigation will not, by error, find their way into an investigation. Very unprofessional and embarrassing if it happens!
4. Stay safe with all of your on-line activity, do not use Chrome, Chromium, Internet Explorer/Edge.
A1.5. Ask your Sys Admin to check out other FAQs on this page, and hope they think again. If not, escalate the issue to your compliance officer or legal counsel, so that you are not responsible for decision that might compromise your company.
A1.6. The Brave browser is addressing privacy issues. We are assessing Brave and if it proves to be safe, we will release an mSIS extension for Brave.
A1.7. According to some browser testings, once installed, Edge runs scripts for data collecting and tracking, and sends information to Microsoft, Google, and others.
Check Jonathan Sampson's post, and see exactly what happened when he installed the Edge browser.
A1.8. We researched Internet Explorer as a safe and secure platform for mSIS and OSINT research.
What we discovered was quite disturbing.
Clearly, IE is not safe for OSINT researchers. We did not want to expose our customers to risk, so we did not build mSIS for IE.
2. Firefox Browser Permissions & mSIS Connection Issues
A2.1. Here is an explanation of the permissions requirements.
1. Access your data for all websites:
Required to allow the user to extract website data into an mSIS case, while performing actions such as webpage archiving, extracting a Facebook id or other actions required during the research process.
2. Download files and read and modify the browser’s download history:
Required to generate/export case bundle; remove mSIS case bundle export history entries, as it clutters up the download history listing (can be 100s of files in one export added to downloads history)
3. Access browsing history:
Removes certain mSIS add-on specific urls from navigation history (eg: popup panel urls)
4. Display notifications to you:
Required to display notifications when mSIS (successfully or not) performs certain actions such as grabbing a Facebook id, archiving webpages, etc.
5. Access browser tabs:
Required for opening tabs (mSIS related (like the generated report tab) or search options linking to websites)
6. Store unlimited amount of client-side data:
Required for storing case data locally
A2.2. If you can't connect to mSIS, go to the Privacy & Security settings in Firefox.
Make sure that under "History" the setting "Firefox will"
- is NOT set up to "Never Remember History"
- or if "Use custom settings for History" is selected, the option "Always use private browsing mode" is NOT checked
3. Tor Browser & the Dark Web
A3.1. a default setting in Tor has to be changed. Uncheck "use private mode" and mSIS will work with Tor
A3.2. No proxy required. The Tor browser is a fork of Mozilla Firefox. mSIS installs on Tor, just like it does for Firefox.
A4.1. No. VAT is not included in the published price.
The Paypal payment system charges £50/licence/year plus VAT at 20%.
Entities in Europe, that are not VAT registered, including private individuals shall be charged £10 on top of the product price.
The value of the VAT, £10 is applied to the price and cannot be deducted.
Any buyer from outside of Europe, should use the form here to recover the VAT paid with an on-line purchase.
Businesses in Europe that are VAT registered might wish to recover the VAT from Qwarie
but also, they can recover the VAT on their next VAT return.
A4.2. Contact Qwarie using the form here.
Discounts are available on volume purchases and induction training is included free for a purchase of 10 and more licences.
Expenses might be charged.
5. mSIS & OSINT Research Processes
A5.1. As you are an insurance company, you are obliged to comply with the GDPR. Where you archive a page on a corporate website, there is unlikely to be a GDPR issue. However, where you archive a page from a social media platform, there are GDPR implications. The page might include posts and 'likes' from users that are not the subject of your investigation. You have no legal basis to store information about any person that is not the subject of your investigation.
To be sure, you should take advice from your Compliance Officer or Legal Counsel. Pass the responsibility for your investigation policy to the appropriate department, so that you are not held responsible in the event of an ICO investigation.
A5.2. As a UK Law Enforcement Agency, you have to comply with RIPA. Be really careful about the wording of the authority you receive. For sure, you can archive pages that relate to the subject of your investigation, but what happens if the person you research has the same name as your subject, but is not your subject?
It is unlikely that your authority will extend to, for example, all people called John Smith.
Chances are, the authority will only permit you to archive data relating to the subject. The LED might permit the storage of some collateral personal data, but be careful, step outside of the Directive and a defence counsel might have your prosecution thrown out on that, 'technicality'.
Why do you want to archive anyway? Lets assume you do have the authority to archive safely, the data is in a flat file. Do you have the capability to extract the personal data into an intelligence analysis application?
We recommend you stay safe, conduct effective OSINT and Social Media research, by taking appropriately annotated screenshots of legitimate evidence, and deliver a legally safe Case Bundle for prosecution.
An agency policy that allows you to archive pages on social media platforms exposes your agency to risk that is not necessary, where good OSINT research protocols are followed.