Increasingly, online tools offer geolocation technology that allows you to determine a location shown in photos, videos, and other forms of media. This can be an essential capability for OSINT analysts looking to locate a place or person of interest. However, it’s imperative to know which tool will suit your needs the best for the type of investigation you’re following. During my research for Plessas Experts Network, Inc. (PEN), I analyzed various geolocation tools and methods and will be sharing my findings here. I hope that this will prove to be a readable and informative resource for people just dipping their toes into geolocation methods as well as an up-to-date guide for seasoned analysts.
Please note that while I primarily use Google Maps and Google My Maps as my mapping tools of choice, you can use plenty of other sites and applications. If you are interested in different tools, here is a site that details many prevalent mapping tools.
The types of tools and methods I will cover will fall into three distinct sections (and, unless otherwise stated, all tools are free to use). They are as follows:
AI-Based Geolocation:
Contains:
How to use AI-based geolocation tools to identify a location in an image
Accuracy and limitations of each tool
Personal successes and failures while testing tools
Tools Include: Geospy, Gemini, ChatGPT, etc.
Social Media Geolocation:
Contains:
How to use social media platforms in conjunction with other geolocation tools to locate a subject
Tools Include: Twitter/X, Grindr, MapDevelopers, etc.
Metadata Geolocation:
Contains:
How to extract metadata from an image or YouTube video to determine subject whereabouts
Tools Include: MW.io, Forensically, Pic2Map, etc.
The tools and methods mentioned in this article are not exhaustive, so please feel free to comment on this post, especially if you have any additional input or experience that will help me and others to be better educated on the subject.
Before we start unpacking the intricacies of geolocation, it’s essential to address the ethics of using these tools. While geolocation technology can provide a wealth of information, we need to understand how to balance our need for data with privacy and legal concerns, a complicated subject that I will talk about first.
Ethics
It's important to consider a few things when we collect data, particularly sensitive data (like the data we get from geolocation). Yes, people leave their location data everywhere. Yes, that means it’s free for anyone to exploit. But that doesn’t mean you have to do so, especially if you share that information with other individuals or organizations.
As stated in Deep Dive: Exploring the Real-World Value of Open Source Intelligence, Rae Baker's popular OSINT resource book, it’s crucial only to give your clients what they specifically request. I can think of two particular reasons for this. Firstly, if you’re looking for information that your clients don’t need, you’re wasting time on the task at hand. Additionally, if the information is unneeded and sensitive, you’re intruding on the person’s privacy without legal backing, which could get you and your organization in serious trouble.
It’s essential to take a step back and ask yourself, Is this task required of me? Would there be any legal consequences for doing this? How will using this tool and/or collecting this information affect others and/or myself? Is this a reasonable and ethical line of investigation?
If you’re a civilian investigator, I recommend turning any data you collect over to your local authorities. They are trained and can determine whether that data needs to be acted upon. Suppose you decide to act upon the data yourself and publicly inform the Internet of your findings (especially findings so sensitive as where people are, where they work, where they live, etc.). In that case, it can go very poorly, both for yourself and whoever you accuse. It can lead to legal repercussions and possibly even fatal consequences. I reference these in my previous article: A Budding Criminologist’s Perspectives on OSINT under the subheading: Deviant Amateurs: Asset or Liability? I would encourage everyone to read this article, particularly that subheading for more explanation.
Essentially, just do precisely what your elementary school teachers told you to do: follow the rules, don’t bully others (including spreading rumors about them), and if you see someone doing something unsafe, you tell the teacher (read: local authorities). Easy! Okay, now that we’ve got the playground rules out of the way, let’s test some tools!
AI Geolocation
This geolocation method is a growing field, so there aren’t many tools out yet that can do this. The way it is supposed to work is that you give the AI a photo, and they can tell you where it was taken. Ideally, you also want the AI to provide you with some sort of coordinates or map link so that you can verify on a map application that the results are accurate. However, some tools have not been developed that far. I tested various AI geolocation tools for their accuracy and efficacy during my analysis. A chart with my summarized assessments of each is provided immediately below, with my more detailed findings below that.
Tool Comparison Chart 1
Geospy is a tool that uses AI technology to analyze pictures and tell you the location featured in the image. It also has a Pro version, which I assume includes more features. However, the beta version of Geospy is pretty easy to use and does an accurate enough job that I would say it isn’t necessary to purchase/sign up for the Pro version. This is especially true if you’re trying to stay disconnected from your findings, although there are some minor wrinkles to work around when using the tool.
To test drive Geospy, I used the Sherlock Holmes Museum in London as my mock place of interest. I sourced my pictures from Google Images, starting with one from the exterior of the building. While Geospy has a drag-and-drop feature for the image you want to analyze, dragging and dropping Google Images was unsuccessful, and I had to download the pictures to upload them. This might not be a big deal depending on what site the location is on or who owns the picture (because they may be notified when someone downloads their photo), but it is certainly something to note for OPSEC purposes and for knowing how to use the site.
After unsuccessfully trying to drag and drop the Google Image again with another photo, I wised up and downloaded the pictures, clicked the square in the middle, and uploaded the first photo again. Once the photo was processed, I got a readout that told me the country, city, and partial address and gave me the coordinates and description for the location. Geospy also provides a map image as well as a link that takes you to Google Maps. However, the coordinates that it identifies aren’t entirely accurate.
The first picture’s coordinates were keyed to a point about 316 ft. away from the actual museum, which isn’t too bad, but it does mean that for locations that aren’t popular attractions or aren’t even labeled on the map, it may be more challenging to track them down. My other two attempts at accurately locating the museum with an exterior photo had similar results: not too far from the museum, and honestly, probably an acceptable distance for an analyst, but still not exact. However, since Geospy has proven to locate only a small distance from the pictures’ subject, I would suggest that it would be reasonable to assume its success in other trials. Thus, we would presume that with a bit of browsing in Street View in Google Maps, we would be able to quickly find the location after establishing a 350 ft. radius to search within, just in case the subject happens to be outside the 316-328 ft. error margin I got when testing.
Another point of note is that Geospy can positively identify and describe the museum from an interior picture I uploaded (the fourth picture). However, it still did not exactly pinpoint the location, though it was still close. Here is a map of all the guesses (represented by the numbered blue flags towards the top of the map) in relation to the museum (near the bottom of the map):
Geospy guesses are depicted with blue flags.
Another thing for investigators to remember is that getting a full screengrab of the entire readout page provided by Geospy is challenging. While Fireshot (a tool I used for most, if not all, of the screenshots in this article) is usually very good at capturing whole pages, it struggles with Geospy. Additionally, saving the page as a webpage does not yield readable results, making it hard to keep data records. It might work if you screengrabbed each viewable portion of the readout using Fireshot, but it would take slightly longer, and you would have more files to organize. Despite its difficulties, though, using this tool is still worth it due to the relative accuracy and descriptive information that it shares. However, as I have mentioned, investigators should consider the minor hindrances of using this tool.
Let’s say you don’t want to use Geospy but still need a geolocation tool. What do you do? Thankfully, you can use plenty of other tools, some of which are included in the subheader link.
However, I would first recommend a source not on that list: Gemini. In some ways, I found it to be even better than Geospy but less satisfactory in others.
Gemini did incredibly well in identifying both the first exterior picture of the Sherlock Holmes Museum as well as that of its interior. Like most of the other chat-based AI tools, it described the location. However, unlike Geospy, it did not provide me with a workable link, not even a plaintext URL, which was somewhat frustrating. Despite this obstacle, I did like that it explained why it couldn’t (safety reasons), as it helped me to understand its limitations. Here’s the result of the initial search I did through Gemini:
Gemini correctly identified the image as the exterior of the Sherlock Holmes Museum.
While my idea of using a link to Google Maps to assess the accuracy of Gemini’s geolocating capabilities had failed, I came up with a slightly less efficient but still effective plan. I tried asking Gemini for the coordinates of the locations in each picture. When I copied and pasted those coordinates, it took me directly to the Sherlock Holmes Museum, making it one of the most accurate geolocation tools I have yet seen, which you can see from the map below.
Because of these findings, I recommend using Gemini over Geospy because of the sheer accuracy (despite the slight inefficiencies of copying and pasting coordinates instead of clicking a link). However, if Gemini doesn’t get the job done for whatever reason, Geospy has proven to be a close second. Or, as we will see from the success of ChatGPT, a close third.
I found working with ChatGPT a very teachable experience for my OSINT skills. As it was the first tool after Geospy that I tested for geolocation accuracy, it formed the basis for what problems I might expect when working with chat-based AI tools and what workarounds to employ when I don’t see the solution I am looking for. My later interactions with AI tools like Claude, Gemini, Copilot, and others got me thinking about other ways I could trick the system into working for me, but had I simply given up on ChatGPT, I would have missed the incredible accuracy it provides.
What’s also interesting about ChatGPT is that it has many different tools that geolocate, but as it is the same AI, I don’t think it makes much of a difference which you use, as you will see in my findings.
The first tool I analyzed was called QGISGPT. My tests started promisingly when the tool positively identified the first photo as the Sherlock Holmes Museum and described the place. However, like Gemini, it did not automatically provide me with a map image or link to a mapping site, so I had to ask for one. Unfortunately, links cannot be clicked in ChatGPT, which was frustrating. So, I tried something different. I asked it for a plaintext URL so I could select, copy, and paste it into the search bar. I was pretty proud of this idea until it gave me a link that didn’t work. I asked for a different link, and this time, it worked. Through my trials, I found that the initial link you get (the one beginning with goo.gl) will not work, but when you ask for another one, a link containing www.google.com/maps will pop up and will work. However, when it took me to Google Maps, it only showed me a general area and didn’t give me a pinpoint location of where it thought the museum was. Thankfully, the area did feature the pin showing the museum, but if we were investigating a less public place or one not labeled on the map, this might present more of an issue. I also tried the interior photo and got similar results. Here is an image of my conversation with QGISGPT:
My conversation with Cartographer, another tool through ChatGPT, presented roughly the same outcome with the first exterior photo as QGISGPT. However, I also decided to try asking it to show me a picture of the map so I could finally assess its mapping accuracy, but when it gave me a file, I was unable to open it. I think the issue might be that I do not have the paid version of ChatGPT. At this point, I realized that all the ChatGPT geolocation tools might have the same capabilities and limitations. This realization was furthered when I found I had to pause my exploration of ChatGPT tools because the platform only allows you to upload a certain number of pictures to analyze within a set period of time; otherwise, you have to sign up for the Pro Version. Once my restriction had been lifted, I tested the interior photo and obtained similar results even though I tried multiple phrases to get a map image (none worked).
Another issue of note came up when I was using a third ChatGPT geolocation tool: ChatGIS. When I put in my query, the AI’s responses came back in Spanish. This may not be a problem where Spanish is a native language, but in the United States, investigators who aren’t fluent in Spanish need to take the extra step to translate the output (I used Google Lens). Other than the difference in language, the results were roughly the same. There is at least one other tool (GPT StreetGuy) that ChatGPT offers for geolocation needs, but as I figured the results would be the same, I didn’t test it.
However, after testing other AI-based tools, I came up with two solutions for my chief issue with ChatGPT geolocation: the inability to pinpoint an exact location when using Google Maps links provided by the site. Your first option is to ask ChatGPT for coordinates to the location, and if you plug them into Google Maps, you should get an exact result, much like Gemini.
Another workaround is copying and pasting the coordinates from a Google Maps link provided by ChatGPT and pasting those into Google Maps. You’ll get slightly different coordinates, but they will still land you in roughly the same spot as the other workaround. This, at least, works with QGISGPT, but since the other programs performed so similarly in my other tests, I don’t expect they would behave differently in this regard.
Finally, like Gemini, this should be one of the first go-to geolocation tools any OSINT analyst uses.
At first, Claude struggled with this task. Identifying the first exterior image was challenging, but the AI succeeded when I asked about the interior and second exterior pictures. My guess is that the trouble had to do with the resolution of the images, but I can’t be sure. Claude gives workable Google Maps links, but, unfortunately, it does not form these links such that they pinpoint a location, just like Chat-GPT. However, if you copy and paste the coordinates from the link’s search bar and then search those coordinates in Google Maps, you will get a more exact location. Once I finally had the guessed location plotted, I discovered that Claude was also pretty close in its guess, even closer than Geospy's (Claude’s guess was roughly 255 ft. from the museum). However, due to the issues with correctly identifying images, I would be cautious when taking advice from this chatbot, especially if your photo is blurry or has low resolution.
Initially, I liked this site. It allowed me to upload my first exterior photo of the museum without issue, and came up with a results page shortly after. What threw me off was that the site said that it didn’t know where the photo was despite fairly obvious indications as to where it was (AKA the large sign hanging outside). However, they did offer suggestions as to where the picture could have originated, and under different circumstances, I would have found that to be a nice touch. The problem was that the confidence ratings for the guesses were extremely low, even though two of the guesses were in London. The other was in Camden Town, so I didn’t bother plotting it on the map. After consulting with Google Maps, it turned out that the guesses Picarta gave me weren’t even close to the museum. Picarta’s first guess (at approximately 51.50699920279341, -0.12767849046925764) was 1.72 mi. away on foot, which means that if you had to take that radius into account when using the tool during investigations, you might end up having to crawl for hours on Google Maps to reach your target (I say this because when I checked the walking time from Picarta’s guessed location to the museum, it was not a short time, leading me to believe it would also take a long time to crawl through Street View). This is particularly problematic when looking for a less well-known location in a big city with many buildings and streets to check for your target.
Of all the tools I’ve tried, I recommend Copilot the least. On many attempts, I have not gotten the AI to identify the correct location. Here’s the funniest part. The location it picked was in a completely different country and continent, as Google My Maps told me (The location, shown below, is in Canada). This site also struggles with giving URLs, so even if you did get the proper location, you would have to add the extra inefficiencies of having to copy and paste the URL into a Google Map. I will say that the site did provide a map showing the incorrect location, and I assumed that if I clicked the link on the map, it would take me to a mapping site. However, it only took me to the location's website, which may be helpful in some investigations, but for my purposes, it was utterly useless. It also seems to be an AI that is unwilling to learn. On correcting it on the location that was actually in the photo, the AI repeatedly misconstrued my differently worded queries on the topic as being me having an issue with the coordinates rather than the actual location guess. Overall, it was a very frustrating experience, and I would highly discourage its use until it undergoes more development.
Perplexity is also supposed to be able to do geolocation. However, I was dismayed to learn that uploading photos requires money, either for a subscription or the Pro version. Since we’ve already established the success of Gemini and ChatGPT, I doubt there would be anything more that Perplexity could offer.
Social Media Geolocation
There used to be many more social media apps that provided effective geolocation, but as technology evolves and privacy concerns ebb and flow, there have been many changes in the tools available to investigators. Here’s a chart I have made that discusses the current status of the geolocation potential of many prevalent social media platforms:
Facebook has never had a geolocation feature, but it does have geotags. However, there’s no restriction on how far away you have to be from a place to geotag yourself in it, meaning that it’s incredibly possible for a person to have taken pictures in a completely different place from where they tagged themselves. If you are unsure of the location and aren’t having any luck with AI-based geolocation tools, look at the picture/video and compare it to the geotagged location. Ask yourself if it seems possible for the media to have been taken at the geotagged location. If there’s lots of evidence that supports the geotag, you may find luck plugging the location into Google Maps to see if the media matches the map display. If there’s an apparent disconnect between the geotag and the media or no evidence to support a match, try a different tack. Tools and tags may be helpful, but remember, your most valuable assets as an investigator are your brain and your common sense.
Instagram is owned by Facebook, so the geotags here will be similarly unreliable. To geolocate subjects' Instagram post locations, you’ll need to employ similar tactics as you would with its parent platform.
Snapchat
Snapchat does have geolocation capability, but only on the mobile app. If you go into the Snap Map, you can see little hotspots showing where people post snaps. If the area is bluer, only a few people are posting there. If the area is a dark red, many people are posting.
Tap on the area you’re interested in, and you should be able to scroll through the snaps in that area. You may be tempted to screenshot the display once you’ve found your desired post. Under no circumstances must you do this. Snapchat lets its users know when another user has screenshotted one of their snaps. If you do, you’re potentially tipping off your suspect that you’re onto them, which will cause them to go underground and become more challenging to find. The best action is to take another mobile device or camera and take a picture of your screen. Then, you’ll have both the evidence you need and the post's location, and your suspect will be none the wiser.
Twitter/X
I learned most of my tricks here from a triangulation course given by Plessas Experts Network (PEN). While some of the capabilities taught in the class have changed, you can still geolocate with Twitter/X.
Let’s say you’re looking for posts from within a particular location range that may give you clues as to a subject's whereabouts, but you don’t know any Twitter/X handles that can be reliably tied to your subject. To find a post within a location range, the first step is to go to a site called MapDevelopers. Here, you will be utilizing the draw circle tool to determine a range that holds relevant posts, and once you’ve found the appropriate posts, narrow down the search field to a more manageable size.
Once you’re in MapDevelopers, zoom in within the map display to the location relevant to your investigation. Then, click on that location. A circle will pop up, with the clicked location becoming where the circle's central point rests. It will come with a preset radius, but you can edit this and the units with which you desire to work in one of the boxes above the map display. Simply click on the distance amount and unit of measure, change them to your specifications, and, most importantly, click the Edit Circle button.
Now that you’ve made a circle that meets your specifications, you should see coordinates above the map display. Those coordinates will correspond to the center point of your circle. Copy those coordinates, then go to Twitter/X.
You’re now going to employ the use of a geocode string. In the search bar of Twitter/X (please note that this technique works best under the Latest tab on your Twitter/X feed), you will type in this formula: geocode:pastecentercoordinateshere, insertradiusandunitofmeasurehere. This formula will not work if you include any spaces other than the one after the comma immediately before the radius and unit of measure. If you desire other strings to narrow your search, some will narrow the search results to a specific time frame, but for the purposes of this example, we’ll keep it simple. Hit enter.
Scroll through your results and edit both your search terms and circle as needed. Once you find the post you’re looking for, you will want to go back to MapDevelopers (first, however, duplicate the tab holding your original post so that you have the original coordinates and distance information to refer to should anything go wrong later on). Here’s the post I will be using for this example:
Click the map feed, creating another circle. Then, drag your new circle so that it overlaps part of the original circle, but place it such that the central point of the new circle rests on the edge of the old circle. The coordinates above the map display should now reflect the center of your new circle. Your circles should look something like those in the figure below. Copy and paste these coordinates in place of the old coordinates in the search bar of your feed.
Before hitting enter (which will let you see if the space where the new circle and the old circle overlap contains the location where the post was created), here’s a tip that will help you avoid scrolling through numerous results until you find the post you’re looking for. Copy the post's caption, put a space after the latest string in your search bar, then paste the caption. There is no need to remove spaces here. This new string will allow you to only see that post in whatever string you use, provided it is within that location range. Now, back to our example.
If your post doesn’t appear in the area, you should get an error message like this:
If you get this message, don’t worry! Just check your string to ensure you haven’t made any mistakes or included unnecessary spaces. If your string is clean, you’ll have to try looking elsewhere. Try moving Circle #2 to the opposite side of the circle and see if your elusive location is there. My circles now look like this:
If needed, try the top and bottom edges of the circle as well if your post still doesn’t appear because there are small areas where the left and right sides will not cover. In this example, however, my post showed up, so I’m ready to move on to the next step, which involves creating a third circle. Place Circle #3 such that the circle's center point rests on one of the points of the football that marks the space you have identified as containing the post. Your circles should look something like this:
Search this area to see if it contains your post. If not, move Circle #3 to the opposite point of the football. Once you’ve found the football half that includes your post, make a new circle, and, this time, drag it so that the center point is roughly in the middle of the identified area. Adjust the radius so that the circle can cover the entire region. It’s okay if it goes a little outside the boundaries of the region; just don’t go inside the boundaries and risk missing the little bit of the area that has your location. Your map should look like this:
Search this circle area to make sure it contains the post (it should, but it’s good to double-check), remembering to edit the radius as well as the coordinates because both will have changed. Once you get your confirmation, delete all the circles except the most recent one so you won’t have a mess of circles to sort through in future steps. Your map should now look like this:
But what if you want to narrow your area down even further? We’ll have to repeat the process. However, before you create more circles to overlap your new starting circle, you’ll need to click on the new starting circle. This will ensure that any new circles you make have the same radius as the starting circle. When you removed the other circles earlier, the original radius reappeared in the radius box, which would have made the new circles have the old radius. This would not be ideal since you would then be widening your scope instead of narrowing it, hence why you need to select the new starting circle to make the new overlap circles. Your circles should look like this again with the restarting of the triangulation process:
Then, once we’ve found the half of the circle that contains our post, we’ll overlap half of the football again.
We’ll cover the area with a new circle and adjust the radius to cover it.
While I would like to check further that this circle is accurate, Twitter/X has recently made a very frustrating change. Any geocode string that asks for a distance of roughly less than 2.80 mi. will not work even if your string is clean. It’s not ideal, but we are closer than when we started, which is a plus. However, we still have a chance to locate the post. We just need to get a little creative. First, you’ll delete all the circles except the most recent one and zoom in around the circle's center. Your screen will look like this:
Pick a point on the map that you can easily search in Google Maps. For this example, I picked the Burke Nursery & Garden Centre. Then, go to Google Maps and search for that location, opening Satellite View as you do.
Since our post focuses on opening a parking garage, we’ll go to the search bar and search for parking garages.
Search all the parking garages in Street View until you find the one that matches the architecture of the one in the post. We already know from the post comment that it’s the Monument Center Commuter Garage. Still, had that information not been readily available, we would have had to go through the triangulation process and search all the parking lots in the area. To speed the example along, however, I searched it up to be sure the location matched. Here is the Street View of the location:
This was the side that most matched the photo, although I couldn’t find the Slug Lane sign featured in the photo. Near the bottom right of this readout, it explains why this might be. This Street View image is dated May 2023, and the post we were using as an example says that the parking garage had just opened. Given that we see the construction in the Google Maps image, we can deduce that Google Maps probably hasn’t come up with an updated view of the parking garage and hasn’t had reason to, as it would have just shown more construction until right around the opening. Additionally, Google Maps did not offer Street View of all sides of the building, so I could not search for the sign there either. However, the distinctive architecture of the building and the glass-enclosed stairwells that are featured in both images of the post also appear in this Street View, leading me to say that even if I hadn’t known where this building was from the beginning, I would have found this location to be the likely target.
There is one problem that would have occurred if I had tried to locate it without any information about its location. If we look at the distance between the parking garage and the garden center that marked roughly the center of the circle meant to contain our post, we will see that the geocode string wasn’t very accurate.
The 6.87 mi. distance would indicate that this triangulation process isn’t very accurate, but sometimes it is, so it’s worth using this tool. Besides, there may be a plausible explanation for why the geocode string led us to the Burke area. It could be that the post was not uploaded at the parking garage itself, but at the office where the person who posted it works. If we look at the user, we see that Supervisor James Walkinshaw uploaded the post. Let’s see if we can find him on LinkedIn to see where he works.
If we look at the results, the second one from the top has a profile picture that matches the one on Twitter, meaning that this is likely also an account belonging to the James Walkinshaw we are looking for. His home location is Burke, Virginia, indicating we’re on the right track. His job title is a little cut off, so let’s go into his profile to see it more clearly. If we do, we will see that he is the Braddock District Supervisor at the Fairfax County Board of Supervisors. Let’s see where the Fairfax County Board of Supervisors meets on Google Maps.
If we look at the search results, we do see the Fairfax County Board of Supervisors, but it has multiple results. However, we also see that the Braddock District Supervisor’s Office comes up in the results! It looks like we’ve found James Walkinshaw’s office! Now, let’s see if it is within the range of the circle that we made.
Our smallest circle’s radius was 1.96 mi., and it looks like the office is 1.37 mi. from the garden center around the center of our circle. We can see that it is incredibly likely that James Walkinshaw made the post about the parking garage here. However, if we look at one of the places labeled as where the Board of Supervisors meets, we will also see that it rests within the area we identified as containing the post’s geocode.
This meeting place is also within 1.73 mi. of the garden center, meaning that it is also possible for the post James Walkinshaw uploaded to Twitter/X to have originated from that location. Of course, he could have also used a spoofing tool. Still, since there are two other very plausible locations and James Walkinshaw is a public figure, I doubt he would spoof the location where he posted an announcement of a parking garage opening.
TikTok
Please see the Facebook section of this article.
Tinder
Tinder is tricky because you can never be completely confident that the location capabilities are accurate, as you probably saw in the linked article by All About Cookies. The article explains that Tinder users can change their locations through VPNs, spoofers, paid subscriptions, Facebook location changing, and more. Thus, we have to rely on the same techniques as we would with Facebook and other social media platforms with unreliable geotags.
Grindr
Grindr does have geolocation capabilities, but to effectively utilize these capabilities, you’ll need to implement a more boots-on-the-ground approach.
First, you’ll need to look up the user you are searching for. Take a screenshot of the readout that displays the distance away you are from them. Then, drive a little way in one direction. Open your Google Maps app and take a screenshot of your location like this:
After that, you’ll want to return to Grindr and see how the distance has changed. Take a screenshot of the new readout. A readout from Grindr should look like this:
To triangulate your subject’s location, repeat these steps, considering whether the distance between you and the subject increases or decreases. Do this approximately three times.
Once you’ve gotten your three points (assuming you haven’t already located your subject), get your laptop out and go to Google Maps. Find your starting location on this map. Right-click and then click the coordinates that pop up. This will allow you to copy the location coordinates to your clipboard.
Take these coordinates to MapDevelopers and paste them into the coordinates box. You will now do something similar to what we did in the Twitter/X example. Adjust the radius to the distance your subject was away from you. You may need to adjust the units of measure to do this. Click the New Circle button. Do the same thing for each of the other points you stopped at. Once you’re done, look at the space where all the circles overlap. Assuming your subject hasn’t moved, they should be in that space. Here’s a finished map showing all the overlapping circles. Can you tell me where our subject is?
Due to the reduced search space, locating your subject should be much easier. If you need to repeat the triangulation process, that’s okay, especially if, after the first triangulation, you are still left with a large amount of space to search.
Hinge
Hinge is interesting in that, as Security.org says, it is meant to take into account both spontaneous and scheduled outings, which is great if you have a trip to an area outside your usual sphere and want to meet up with people in the town you’re passing through. However, it also means that people can change their location with no indication as to where they might be at the time. Because of this, we need to take the distances Hinge gives us with a grain of salt and verify using the same methods we used with Facebook.
YikYak
YikYak used to have geolocation capabilities, but they don’t anymore. My guess is that this app's ability was removed due to safety concerns over the app's target audience: college students. It makes sense. While YikYak is intended to be a way for college students to connect and make friends, it could just as easily be used for malevolent purposes (e.g. stalking).
Still, while investigators can’t directly geolocate through YikYak, they can run any media of interest through an AI-based geolocation tool.
Swarm
Swarm (initially known as Foursquare) is a way to share places you visit with people you friend on the app. You likely won’t find your suspect on here due to the immense popularity of other apps (everyone’s talking about TikTok and Snapchat nowadays, but I’ve hardly ever heard Swarm mentioned), but it’s still worthwhile to check. If you find your subject on Swarm, you may be disappointed to find that explicit location information is blocked for people the user has not friended. However, you can still glean a lot of information on your subject if they have a Swarm account.
Firstly, you can see the number of Check-Ins a person has submitted through Swarm. This is the amount of times they have tagged themselves at any location. Depending on how high the number is, you can get a sense of how often the subject uses the app. If they use it frequently, you should monitor their account to see if any new Check-Ins pop up with accompanying photos. Swarm allows the user to attach images of their location when they check in; if you’re lucky, your subject will use this capability to share their surroundings with their friends. What difference does that make to us? One of the few pieces of information Swarm gives us is the list of photos the user has uploaded. If the subject tends to use pictures when they complete a check-in, we can then use our AI-based geolocation tools to keep tabs on their location.
In addition to seeing the number of check-ins a user has and their photos, we can also see how many different types of places they’ve been to (under categories). This may not seem helpful, but if we scroll down past their photos, we can see the stickers that the user has collected. These come from completing achievements within the app, sometimes from going to specific places. If we know what each sticker means, we can establish what types of places the person may check into, even if we don’t explicitly know the category.
The other statistics would not offer us much beyond conjectures and vague estimates that might not be accurate. Despite this, as an OSINT professional, it is not our job to go undercover and attempt to friend the subject. This breach of OPSEC and OSINT etiquette could tip off the subject that someone is onto them.
Flickr
While the app doesn’t share geolocating capabilities, we can use Flickr's website version for this purpose. Just click on the picture you’re interested in, then scroll down. You’ll see a bunch of data that will be extremely helpful for your investigations.
Firstly, you’ll see the date the photo was taken as well as when it was uploaded, which will help you establish a timeline of events. You can also see who has viewed and favorited the photo and any comments that may be attached. These may contain helpful information that could reveal accomplices or connections not already known. You can also see what camera the photo was taken with and, most importantly, where the picture was taken.
Flickr will show you this location on OpenStreetMap, but, as we know from previous examples, it does not show Satellite View, so we will need to grab the coordinates from the OpenStreetMap link and paste them into Google Maps. As with the Twitter example, testing Flickr showed that you cannot always guarantee a complete match with Google Maps. When I searched for pictures to test, I gave the search term ‘beach’ and filtered it within the span of a couple of days occurring earlier this month. Unfortunately, while the infrastructure in the distance in the photo did look similar to those of the Google Maps Street Views I could find of the location, there was enough of a difference to be somewhat uneasy about confirming it as an absolute match. When I looked at the various Street Views, the most recent one appeared to have been taken in 2020.
Since four years have passed, I will admit it is plausible for the infrastructure to have changed, so I will only offer that I am mostly confident in the platform’s success. I have attached pictures so you can judge for yourself. The first is the photo I got from Flickr, and the second is the most recent image I could find on Google Maps.
Now that I’ve covered a few geolocation tools, I’ll move to my next topic: tools that use metadata stored within pictures and videos to geolocate suspects.
Metadata in Pictures
A Quick Note On OPSEC: When you take pictures, there’s always a chance you could be giving away your location. Some of this might stem from visible clues that you could reverse image search. However, even if you do your best to remove that variable, you may still be playing into the hands of malicious OSINT analysts due to the metadata stored in your pictures. To avoid this, ensure that when you post or share images from sensitive locations (your home, your workplace, a close contact’s home or workplace, etc.) with others, your location is not tracked with your camera app. This is relatively easy to do. Go into your mobile phone settings, and after some searching, you will find a setting that disallows location sharing through your camera app.
Fortunately, this vulnerability can be a possible liability for our subjects, allowing us to track them down. I’ll start showing you how on images first.
Image Metadata Tools
Several tools can help us find this metadata and then geolocate it. To test the accuracy of these tools, I will use pictures taken from my own phone, like playing both subject and analyst at once. Can I find myself? We’ll see!
To start my investigation on myself, let’s imagine that I posted the following photos a few days ago:
I probably also would have put some sort of caption related to the fact that I was at a church, a conclusion an investigator would likely have already come to from the spire-like architecture of the building behind me in the selfie, as well as the statue of someone in a nun’s habit with a rosary and book. Let’s say I, the investigator (we’ll refer to this persona as Olivia 1), am trying to figure out where subject me (Olivia 2) was because she’s suspected of a crime. They want to bring her in for questioning. To start, Olivia 1 opens up forensically and inputs the first picture. She gets something looking like this:
The Magnifier won’t help Olivia 1 much here, so she’ll scroll down the page until she sees the tab on the sidebar that says ‘Metadata’ and click it.
Wow, that’s a lot of information. However, as an investigator, Olivia 1 knows what information is most important. The type of camera Olivia 2 used to take her photos is of interest. You can see here that she used an Apple iPhone 12 Pro. Also, if Olivia 1 already knew what time zone Olivia 2 was in when she took the photo, she could determine the exact time by converting the time shown in the readout to that time zone. I say this because the readout will always show GMT regardless of your or the subject's time zone. There are also the GPS coordinates there, which, theoretically, Olivia 1 could plug into Google Maps or some other mapping application to pin down Olivia 2’s location. However, there’s a much simpler way to do this. Olivia 1 scrolls down the sidebar to Geo Tags and clicks on it, getting this readout:
Here, Olivia 1 sees a lot of the same information, but if she scrolls down, there are links to an OpenStreetMap site, a GoogleMaps site, and a Flickr site. If Olivia 1 were to open the OpenStreetMap site, it would look like this:
Now, Olivia 1 could take this suggestion that Olivia 2 was at Saint Theresa Catholic Church at face value. Still, she has to be absolutely sure that the potentially devious Olivia 2 didn’t somehow edit the metadata or make it look like her phone was broadcasting from somewhere else. Olivia 1 can’t do this very easily without having a Satellite View to ensure the landmarks from the photo match up, so she’ll go to the Google Maps link in Forensically. She does some scrolling around in Street View for a little bit, but then she finally comes across this:
A match! The bronzy spire and the three windows to the left of it match what appeared in the photo of Olivia 2. Olivia 1 can also see that some of the shrubbery and foliage look pretty close to what was behind Olivia 2. Olivia 1 could also go completely nuts and confirm exactly where the statue was. Between the above Google Maps photo, the below Google Maps photo, and corroborating pictures online, she could know precisely where Olivia 2 was standing when she took a picture of the statue. She would eventually conclude that the statue featured in the above photo was incredibly likely to be the one that Olivia 2 took a picture of.
Let’s say that Olivia 2 posts again before Olivia 1 can locate her. Like Carmen Sandiego, she’s popped up in a completely new location. She posts the following picture with the comment: “A great day for baseball! Such lovely weather!”
Olivia 1 is off like a shot, uploading the photo to Forensically. She looks through the metadata readout before finally clicking on the Geo Tag readout. She gets something like this:
Let’s say she skips straight to Google Maps, scrolls around for a bit, then comes to this image:
If we look at where that sneaky Olivia 2 is, we see a picnic table behind her. Olivia 1 notices the same thing and compares it to the Google Maps readout. Look! There’s also a picnic table! There’s also a trash can of a similar shape and colors in the same spot as the one behind Olivia 2! Additionally, we can also see similarities between the wooden planks and hedges featured in both the Google Maps image and the one posted by our subject! And, of course, there’s the very prominent baseball field. Olivia 1 knows she has enough evidence to find her subject. But, oh no! Olivia 2 has posted again! She’s posted the following pictures and the caption: “Through these doors lies boundless knowledge! Can’t wait to go inside!”
Olivia 1 knows she needs to be speedy. She opens the file in Forensically, clicks open the Geo Tag Tab, and sees the following information:
She goes into Google Maps, scrolls around for a bit, and finds this:
The structure definitely looks similar to the one Olivia 2 posed by. Still, with the bushes blocking the location she thinks Olivia 2 took the picture, it’s challenging to look for landmarks in the pictures to verify that this is the correct location. With a little more digging, Olivia 1 finds a more usable snapshot:
If Olivia 1 looks closer, she can see that Olivia 2 made a critical mistake. She forgot to crop out the address above the picture of the sliding glass doors! If we compare what we know from Google Maps is the entrance to the Gum Spring Public Library to the picture Olivia 2 posted, Olivia 1 can see the building number in the same spot above some very similar-looking sliding glass doors. Olivia 1 can also compare the angle of the sidewalk's edge in the background to Olivia 2’s picture. If Olivia 1 considers what she knows of the Google Maps image, she can determine that Olivia 2 was standing on the other side of the archway and off the sidewalk when she took a picture of the location. Gotcha! Olivia 2 is at the Gum Spring Public Library! Olivia 2 is tracked down and taken in for questioning. She turns out to be innocent but has valuable insight into the events she was framed for, and the real criminal is brought to justice.
On a more serious note, I mentioned earlier that Forensically provides Flickr links. Still, I couldn’t find corroborating images from any of my locations featured in this example. Maybe with more famous locations, an investigator might find pictures to compare, but in my experience, it has not worked.
It’s clear from this silly example that Forensically otherwise works really well, but if you find it doesn’t suit your needs for whatever reason, Pic2Map is a close second.
When you upload a picture to Pic2Map, you should get a readout like the one below, followed by images of nearby places.
This gives you some different information from Forensically, some of which could tell you more accurately the position of the photo (see the GPS Information section). However, just like Forensically, it tells you where the photo was taken and does so (from my experience) accurately. Unlike Forensically, however, it does not directly link to satellite maps, meaning that visual confirmation must be obtained by copying the address or coordinates and pasting the information into Google Maps or some other mapping application that has a Satellite View. This would take more time than simply clicking on the link provided by Forensically, but not by much. I would still prefer to use Forensically due to its higher efficiency. However, due to the slight differences in each tool's data types, a situation may call for using Pic2Map instead.
YouTube
Another Quick Note On OPSEC: Yes, geolocating metadata can be found in YouTube videos. But, this time, you need to actively decide to break OPSEC procedures to mess this up. YouTube will only geolocate your videos if you opt into it. If you don’t, congratulations! You’ve got an extra layer of security between you and anyone trying to stalk you or steal your data. If you do, well… all I can say is that, depending on the location, that’s a choice.
Now that you know how to protect yourself from what we’re about to do, we can get into how we, as OSINT analysts, can use this slightly creepy power for good, highlighting the website MattW.io as a key resource for doing so.
MattW.io
This website is awesome. It features many different tools, but I will focus on the tools under the YouTube subheading today. To test the accuracy of these tools, I went into the tool labeled MW Geofind Location, which allowed me to look for videos that were confirmed to be geotagged. I decided to filter my results down to within a 25km radius of a point the site placed somewhere within Washington D.C. to keep things simple.
The first video I picked was posted by the user Music by Fimora and had a title that translated to (thank you, Google Lens): “Vlog - NT Biakkima’s fight with Taylor Swift at Target,” followed by a target emoji. Now, I’m not even going to pretend to know what that means, but I do know where the video took place, not just because that’s where MW Geofind Location told me it was. It did offer the coordinates and the location of the video, but let’s say that I was an investigator, and all I had was the video link. Thankfully, MattW.io has another tool called MW Metadata that allows you to paste in a YouTube link and see if it can be geolocated.
So, I played pretend and pasted the link into the search bar. The following is part of the readout I got:
Just like in the description of the video and the Geofind Location site, we see that the location comes up as the Gaithersburg Presbyterian Church. Now, we don’t entirely know that this location matches what’s in the video. It may be that the video was only posted from the church or that Music by Fimora is using another tool to make it look like it was from there. Either way, we need to verify that this is at least one of the locations featured in the video to determine the location accuracy of MW.io. Thankfully, the Metadata site features a Google Maps link, and provides this view:
I realize that this image features two Gaithersburg Presbyterian Churches, so to avoid confusion, I will clarify that the point MW.io says we are analyzing is the one above and to the left of the point labeled “MVA - Walnut Hill.” Either way, this view doesn’t really help us because we can’t visually confirm anything. We need to go into Satellite View.
This is a Street View of the church. Now, if we go and search the video for matching frames, we come across this clip:
The architecture looks the same, but we can also confirm this as the correct location based on the placement of the bench, signage, light fixtures, windows, doors, and some of the foliage. Whoever Music By Fimora is was indeed present at Gaithersburg Presbyterian Church.
Let’s look at a trickier example.
The next video I tried was “Sophie Ellis-Bextor - Murder on the Dancefloor - Live at 9:30 Club DC USA - 6/3/24,” which was uploaded by Stephen Grall. This one is tricky because all the frames were interior. MW Geofind Location, where I had discovered the video, claimed that it was, indeed, at the 9:30 Club, as did MW Metadata. I knew the explicit Google Maps Satellite View wouldn’t help us here. However, when you go to Google Maps, pictures are often associated with public places that can give you a sense of the place. I decided to see if, by some miracle, I could find some aspect of the shadowy stage in the video that matched up to something on Google Maps. For context, here’s a frame from the video:
Very little is distinguishable in that picture. I was beginning to doubt I would find anything when I came across this picture:
Aha! I may not be able to tell the location from any structures inside, but the costume the performer is wearing is distinctive. Since my investigation started in the first couple of days of June 2024, I knew there was a minimal span of time that I could place the performer in. Therefore, it’s incredibly likely that Stephen Grall, who posted the YouTube video, was at the 9:30 Club on the day he claimed to be.
But what about the discrepancy between the date Stephen uses in the title and the date the video was uploaded? Depending on how late the set ran, plus whatever time Stephen took to get home, I can think of three possibilities that might have occurred. First, maybe Stephen got home late and was so excited to post that he stayed up into the wee hours of the morning of the next day getting the video ready. The second option is that Stephen had plans with friends following the concert and could not prep the footage for YouTube until the following day. Finally, it’s possible that after a long night of partying and excitement, Stephen was too tired to even think of doing anything other than going to bed and so couldn’t post until the next day. Lots of hypotheses, but how can we narrow them down? Let’s go back to MW Metadata. If we look through the data provided by the site, we come across this:
Okay, we can see when the video was published, but it’s not in the right time zone (note: it will always show GMT, so you will need to convert if you are not investigating that time zone). Thankfully, MW.io has a time zone converter. I clicked the link, put in the location I was looking for (Washington, D.C.) and got:
Based on the time I got from the converter, I doubt Stephen would have stayed up late after an evening event getting a video ready. This explains why the dates aren’t the same, but it doesn’t exactly prove that both he and the performer were there on June 3rd. To figure this out, we must do a bit of old-fashioned research.
According to Stephen’s description, we can guess that the performer’s name is Sophie Ellis-Bextor. I decided to look up previous concerts at the 9:30 Club to see if I could find her name and when she had performed. I came across a site called Concert Archives and found this:
If we look at the June 3rd entry, we see a match! We can be relatively sure that Stephen Grall was at the 9:30 Club on June 3rd and that he did not stay up late after the show posting a video.
The sheer amount of information you can get from a single YouTube video proves how invaluable both YouTube and MW.io tools can be in an investigation. However, since you must ensure the video has geolocation, I wouldn’t necessarily depend on it being a perfect solution for all scenarios. Suppose the video you’re looking at doesn’t have geolocation. In that case, I’d probably suggest trying to take a screenshot of the desired location in the video and plug that into one of the earlier-mentioned AI-based geolocation tools.
Conclusion
As you’ve seen, there are plenty of ways to geolocate a subject, whether through AI-based geolocation tools, social media geolocation and triangulation, or metadata targeting tools. Regarding AI-based geolocation tools, the best options I’ve found based on accuracy have been Gemini and the various geolocation tools under ChatGPT’s purview. Social media geolocation capabilities have been waning as of late, but screenshots uploaded to AI-based geolocation tools can provide a solution. However, for platforms that do have geolocation capabilities, triangulation with MapDevelopers is an excellent method. Forensically is best for finding metadata within images, while MattW.io proves instrumental for doing the same with YouTube videos.
As previously stated, I fully recognize that this article does not include every geolocation tool. If there is one that I haven’t mentioned that you’ve found to be particularly effective, please comment on my LinkedIn page so I can learn more about the tools available to the OSINT community.
In addition, the capabilities these tools offer us will change, perhaps even doing so during the time of this writing. If any of the information I have presented has since changed, please let me know in the comments so that others and I may continue to have a strong understanding of our field.
Lastly, if you have any feedback, positive or constructive criticism, don’t hesitate to share it. Happy geolocating!
Sources (listed by first appearance):
AI-Based Geolocation Tools:
https://maps.google.com/ (Google Maps)
https://www.google.com/maps/d/u/0/ (Google My Maps)
https://www.sixt.com/magazine/tips/top-free-navigation-apps/ (Mapping Apps Article)
https://www.amazon.com/Deep-Dive-Exploring-Real-world-Intelligence/dp/1119933242 (Deep Dive: Exploring the Real-World Value of Open Source Intelligence on Amazon)
https://www.linkedin.com/feed/update/urn:li:activity:7206792969931108353/ (A Budding Criminologist’s Perspectives On OSINT)
https://geospy.ai/ (Geospy)
https://gemini.google.com/ (Gemini)
https://chatgpt.com/ (ChatGPT)
https://claude.ai/ (Claude)
https://picarta.ai/ (Picarta)
https://copilot.microsoft.com/ (Copilot)
https://www.perplexity.ai/ (Perplexity)
https://www.google.com/imgres?imgurl=https%3A%2F%2Fupload.wikimedia.org%2Fwikipedia%2Fcommons%2Fthumb%2F3%2F33%2F221B_Baker_Street%252C_London_-_Sherlock_Holmes_Museum.jpg%2F220px-221B_Baker_Street%252C_London_-_Sherlock_Holmes_Museum.jpg&tbnid=jppDtnV_wrV75M&vet=12ahUKEwivsabK5bOGAxUeDWIAHZ47BucQMygCegQIARBn..i&imgrefurl=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2F221B_Baker_Street&docid=eF-hK-VmFiorOM&w=220&h=165&q=221b%20baker%20street%20london&ved=2ahUKEwivsabK5bOGAxUeDWIAHZ47BucQMygCegQIARBn (First Sherlock Holmes Museum Image (sourced from Wikipedia))
https://www.google.com/imgres?imgurl=https%3A%2F%2Ftensorflight.com%2Fwp-content%2Fuploads%2F2022%2F12%2F1280px-Sherlock_Holmes_Museum_221B_Baker_Street-1024x768.jpg&tbnid=4ylcoFNkP_7SEM&vet=12ahUKEwivsabK5bOGAxUeDWIAHZ47BucQMygEegQIARBr..i&imgrefurl=https%3A%2F%2Ftensorflight.com%2Fbuildingoftheweek-221b-baker-st-london%2F&docid=Vdku1LRqtpt4_M&w=1024&h=768&q=221b%20baker%20street%20london&ved=2ahUKEwivsabK5bOGAxUeDWIAHZ47BucQMygEegQIARBr (Second Sherlock Holmes Museum Image (sourced from TensorFlight))
https://www.google.com/imgres?imgurl=https%3A%2F%2Fstatic.themoscowtimes.com%2Fimage%2Farticle_1360%2F38%2FB4E93907-62DE-464B-A013-36F75770A00F.jpeg&tbnid=t74W2naVBfzTDM&vet=12ahUKEwivsabK5bOGAxUeDWIAHZ47BucQMygKegQIARB3..i&imgrefurl=https%3A%2F%2Fwww.themoscowtimes.com%2F2020%2F11%2F11%2Fsherlock-a72013&docid=nU8R8ih0k542VM&w=1360&h=765&q=221b%20baker%20street%20london&ved=2ahUKEwivsabK5bOGAxUeDWIAHZ47BucQMygKegQIARB3 (Third Sherlock Holmes Museum Image (sourced from The Moscow Times))
https://www.google.com/url?sa=i&url=https%3A%2F%2Fwww.ianvisits.co.uk%2Farticles%2Fa-visit-to-the-sherlock-holmes-museum-51587%2F&psig=AOvVaw0Op5crCh0kySPbnA4EnZK_&ust=1717107952994000&source=images&cd=vfe&opi=89978449&ved=0CBIQjRxqFwoTCKDVouvzs4YDFQAAAAAdAAAAABAD (Fourth Sherlock Holmes Museum Image (sourced from ianVisits)
https://chromewebstore.google.com/detail/take-webpage-screenshots/mcbpblocgmgfnpjjppndjkmgjaogfceg (Fireshot Chrome Extension site)
https://theresanaiforthat.com/ai/geospy/ (Partial List of Geospy Competitors)
https://chatgpt.com/g/g-VGY7WI5JN-cartographer (Cartographer)
https://chat.openai.com/g/g-cX1i2spxz-gpt-streetguy (GPT StreetGuy)
Social Media:
www.facebook.com and Facebook app
www.instagram.com and Instagram app
www.snapchat.com, Snapchat web app, and Snapchat mobile app
www.x.com and Twitter/X app
https://academy.plessas.net/store/2hFLNpnD (PEN Triangulation Course)
https://mapdevelopers.com/draw-circle-tool.php (MapDevelopers)
https://www.linkedin.com/feed/ (LinkedIn)
https://www.tiktok.com/foryou and TikTok app
Tinder (primarily app)
https://allaboutcookies.org/how-to-change-location-on-tinder#:~:text=Tinder's%20paid%20subscriptions%20%E2%80%94%20Tinder%20Plus,choose%20any%20city%20you%20want. (All About Cookies article)
Grindr (primarily app)
Hinge (primarily app)
https://www.security.org/vpn/change-hinge-location/#:~:text=Hinge%20is%20based%20on%20location,have%20to%20change%20your%20settings. (Security.org article)
YikYak (primarily app)
Swarm (primarily app)
https://www.flickr.com/ and Flickr app
Metadata:
https://29a.ch/photo-forensics/#forensic-magnifier (Forensically)
https://www.openstreetmap.org/#map (OpenStreetMap)
https://www.pic2map.com/ (Pic2Map)
http://MattW.io (MattW.io)
https://mattw.io/youtube-geofind/location (MW Geofind Location)
https://www.youtube.com/watch?v=UhVOnDuQ6b0 (First YouTube example)
https://mattw.io/youtube-metadata/ (MW Metadata)
https://www.youtube.com/watch?v=LKmuYq5mJUk (Second YouTube example)
http://www.timeanddate.com (TimeandDate)
http://www.concertarchives.org (Concert Archives)
Content and Editing Contributors:
Kirby Plessas, CEO of Plessas Experts Network, Inc. (Content and editing)
Kyle Elliott, COO of Plessas Experts Network, Inc. (Editing)
Grammarly web extension (Editing)
ChatGPT (Editing)
