Frequently Asked Questions

This FAQ page is a digest of questions about mSIS that were e-mailed to Qwarie, along with the answers we supplied. For FAQs on the Cloud platform, go here.

1. Choice of Browser

A1.1. mSIS does not run on Chrome.
Chrome raises privacy concerns and should not be used if you intend to perform safe OSINT research.
Don't take our word for it!
https://restoreprivacy.com/secure-browser

A1.2. mSIS is not a browser, its a browser extension. A browser is a simple desktop application.
A browser has to be used to conduct online internet investigations, which provide access to many OSINT sources & resources.

A1.3. Depends how you define 'safe'. Technically Chromium is safe, but for OSINT research, we understand that it is not safe.
Check out these links:-
https://www.reddit.com/r/privacy/comments/34tc2f/how_safe_is_chromium_privacy_wise/


This one is more tech, but it demonstrates that the code behind Chromium makes a lot of connections with Google.
305, to be precise.
https://cs.chromium.org/search/?q=clients2.google.com&sq=package:chromium&type=cs

When an OSINT researcher uses Chromium, the evidence is leaking to Google.

As for mSIS on Chromium, sorry to say, but its not going to happen. An mSIS extension for Chromium would allow the extension to be installed on the Chrome browser. No investigator should use Chrome.

Reputationally, there is too much risk for Qwarie to release mSIS for Chromium.

A1.4. https://restoreprivacy.com/secure-browser/ advise that there are privacy concerns with:-
- Google Chrome
- Microsoft Internet Explorer/Edge
- Opera

A1.5. Good question!  Three reasons why Qwarie has not developed mSIS as a Chrome extension.

1. Privacy. Chrome leaks, Firefox doesn't leak.

2. GDPR. Chrome allows for rapid rendering of a page, so it can be saved as an off-line archive.
If we had made a Chrome extension, allowing a customer user to download and save personal information about people that are connected with the subject of an investigation on, for example, a Facebook page, where those other people that might be no part of the investigation, and where there is no legal basis to download and store that personal info, mSIS would allow the user to contravene the GDPR.
Our customer might receive a large fine from the ICO for contravening the GDPR. At Qwarie, we know we are safe. Our customer users won't get inadvertent exposure while using mSIS with Firefox.

3. Be diligent. As an OSINT researcher, you should keep your general web activity well separated from your OSINT research.
We recommend you should use Bravo for general web activity and Firefox for OSINT work. This way, pages that are not part of an investigation will not, by error, find their way into an investigation. Very unprofessional and embarrassing if it happens!

4. Stay safe with all of your on-line activity, do not use Chrome, Chromium, Internet Explorer/Edge.

A1.6. Ask your Sys Admin to check out other FAQs on this page, and hope they think again. If not, escalate the issue to your compliance officer or legal counsel, so that you are not responsible for decision that might compromise your company.

A1.7. Brave is a great browser.  It is a fork of Chromium that has effectively addressed many privacy issues common to other Chromium based browsers. As for mSIS on Brave. Sorry to say, but that is not going to happen. An mSIS extension for Brave would be hosted on the Chrome Web Store and could be installed on the Chrome browser. mSIS on Chrome would invite all the privacy issues that Qwarie, and our customers, are able to avoid, because we use mSIS on Firefox.

2. Firefox Browser Permissions & mSIS Connection Issues

A2.1. Short Answer: This is safe. Accept them.

Long Answer: Here is an explanation of the permissions requirements.

1. Access your data for all websites:
Required to allow the user to extract website data into an mSIS case, while performing actions such as webpage archiving, extracting a Facebook id or other actions required during the research process.

2. Download files and read and modify the browser’s download history:
Required to generate/export case bundle; remove mSIS case bundle export history entries, as it clutters up the download history listing (can be 100s of files in one export added to downloads history)

3. Access browsing history:
Removes certain mSIS add-on specific urls from navigation history (eg: popup panel urls)

4. Display notifications to you:
Required to display notifications when mSIS (successfully or not) performs certain actions such as grabbing a Facebook id, archiving webpages, etc.

5. Access browser tabs:
Required for opening tabs (mSIS related (like the generated report tab) or search options linking to websites)

6. Store unlimited amount of client-side data:
Required for storing case data locally

More info from Mozilla

A2.2. If you can't connect to mSIS, go to the Privacy & Security settings in Firefox.

Make sure that under "History" the setting "Firefox will"
- is NOT set up to "Never Remember History"
- or if "Use custom settings for History" is selected, the option "Always use private browsing mode" is NOT checked

 

3. Tor Browser & the Dark Web

A3.1. a default setting in Tor has to be changed. Uncheck "use private mode" and mSIS will work with Tor

A3.2. No proxy required. The Tor browser is a fork of Mozilla Firefox. mSIS installs on Tor, just like it does for Firefox.

4. Procurement

A4.1. No. VAT is not included in the published price.

The Paypal payment system charges £100/licence/year plus VAT at 20%.

Entities in Europe, that are not VAT registered, including private individuals shall be charged £10 on top of the product price.
The value of the VAT, £10 is applied to the price and cannot be deducted.

Any buyer from outside of Europe, should use the form here to recover the VAT paid with an on-line purchase.

Businesses in Europe that are VAT registered might wish to recover the VAT from Qwarie
but also, they can recover the VAT on their next VAT return.

A4.2. Contact Qwarie using the form here.

Discounts are available on volume purchases and induction training is included free for a purchase of 10 and more licences.
Expenses might be charged.

A4.3. Currently, mSIS is a 'self-hosted' extension. But because mSIS Lite is now free, we do plan to publish mSIS on addons.mozilla.org

5. mSIS & OSINT Research Processes

A5.1. As you are an insurance company, you are obliged to comply with the GDPR. Where you archive a page on a corporate website, there is unlikely to be a GDPR issue. However, where you archive a page from a social media platform, there are GDPR implications. The page might include posts and 'likes' from users that are not the subject of your investigation. You have no legal basis to store information about any person that is not the subject of your investigation.

To be sure, you should take advice from your Compliance Officer or Legal Counsel. Pass the responsibility for your investigation policy to the appropriate department, so that you are not held responsible in the event of an ICO investigation.

A5.2. As a UK Law Enforcement Agency, you have to comply with RIPA. Be really careful about the wording of the authority you receive. For sure, you can archive pages that relate to the subject of your investigation, but what happens if the person you research has the same name as your subject, but is not your subject?

It is unlikely that your authority will extend to, for example, all people called John Smith.

Chances are, the authority will only permit you to archive data relating to the subject. The LED might permit the storage of some collateral personal data, but be careful, step outside of the Directive and a defence counsel might have your prosecution thrown out on that, 'technicality'.

Why do you want to archive anyway? Lets assume you do have the authority to archive safely, the data is in a flat file. Do you have the capability to extract the personal data into an intelligence analysis application?

We recommend you stay safe, conduct effective OSINT and Social Media research, by taking appropriately annotated screenshots of legitimate evidence, and deliver a legally safe Case Bundle for prosecution.

An agency policy that allows you to archive pages on social media platforms exposes your agency to risk that is not necessary, where good OSINT research protocols are followed.

A5.3. Short answer: Yes!

Long Answer: Within the mSIS Audit Log, every page visited is recorded and time-stamped.

mSIS keeps a count of the number of times a page is visited. So that each time a visit to the same page is recorded, the total number of visits is aggregated.

This is reported in the Detailed View of the Audit Log, in the Actions and Statistics column.

A5.4. Short answer: Yes!

Long Answer: When a search using a common search-engines or other common database is initiated from within mSIS, the search string is automatically recorded by mSIS.

While performing an on-line enquiry with mSIS open, and therefore recoding the activity, a researcher might use any search engine or other database, with a direct input of a search string.

mSIS cannot detect the search string that the researcher uses, but, mSIS does provide an input field for the researcher to copy, then paste, the search string used.

This way, mSIS keeps a record of the search strings used by the researcher.

6. mSIS Disclosure Capacity

A6.1. Short Answer: Yes!

Unused material is any material that has been gathered into mSIS but is not included in the report.

mSIS generates a separate report that details all of the unused material.

The Unused Material report is saved to the Report Folder in the Case Bundle, and the file is hashed to prevent tampering.

A6.2. Short Answer: Yes!

Long Answer: All evidence that has been marked as sensitive, either during the research process, or at a later review, is itemised in the sensitive material report.

A6.3. Short answer: Yes!

Long Answer: In mSIS LE it is not possible to delete anything. If a case bundle is accessed outside of mSIS and evidence is deleted, the next time the Case Bundle is opened with mSIS, the fact that some files are missing will be detected. The missing files will display as a hashes conflict.

The matter should be escalated to the SIO.

mSIS CVL is different. Files can be deleted, but a record of the deletion is made in the Audit Log.