Skip to content

Fundamentals

What is SOCMINT? Social media intelligence, explained

Bernarda Škrabar Damnjanović5 min read

SOCMINT — social media intelligence — is the part of open-source work that deals with what people and organisations actually do on social platforms. Profiles, posts, the accounts someone follows and is followed by, who they reply to, what gets shared and how far it travels. It sits inside OSINT rather than beside it, and the same rule governs both: the material has to be lawfully accessible, and gathering it is the easy half of the job.

Public means public, and nothing past that

The boundary that matters most is the one a platform draws between what it shows to anyone and what it shows only to people an account has approved. A public post is fair to read and record. A private account is not, and there is no clever route around that. Sending a connection request under a false pretext to get behind someone's privacy setting is deception to defeat an access control, which puts the work outside open-source collection and, depending on the jurisdiction and the target, possibly outside the law. Terms of service add a further layer: breaching them is not automatically a crime, but it can change how a finding is treated when it counts. Teams that work to a standard hold the privacy setting as the line and stay on the public side of it.

The network is the intelligence, not the post

A single post seldom tells you anything you can rely on, because anyone can write anything. What is harder to fake is structure: who an account is connected to, which accounts consistently amplify it, how a message moves, whether a cluster of accounts all wake up in the same five minutes. A follower count flatters. The shape of a network — who talks to whom, and who seeds content versus who merely repeats it — is where coordination becomes visible. When the question is whether a surge of activity is real public feeling or a handful of people wearing a hundred masks, the answer lives in the connections and the timing, not in any one message.

Public data is still personal data

None of this escapes the GDPR because the source is open. A name attached to a face, a map of someone's associations, a stated employer or location — that is personal data whether it sat behind a login or on an open profile, and in Europe it carries the same obligations: a lawful basis and a defined purpose before collection, and no more gathered than the question needs. Political opinion, health, religion, sexuality and the other special categories are exactly the things people put on social media without a second thought, which is why a SOCMINT task can drift into sensitive territory faster than a company-register search ever would. Collect against a requirement, not because the data happens to be there.

Where SOCMINT goes wrong

The usual failure is mistaking volume for insight. A scraped list of ten thousand followers is a spreadsheet; it turns into intelligence only when someone asks a question of it and checks the answer. Captures without provenance are the other trap. A post saved with no record of the account, the URL, the timestamp and the time of capture is an anecdote a lawyer will pull apart, and social content is edited and deleted constantly, so your capture is often the only version that will ever exist. Verification carries more weight here than almost anywhere in open-source work, because social platforms are where recycled images, back-dated posts and impersonation accounts thrive. The product that earns its place is an assessment: this account is probably run from here, these accounts are probably coordinating, this claim is unverified — with reasoning and sources attached. Reading a network well enough to say that with a straight face is a trained skill, and a fair part of what OSINT training exists to build.

Frequently asked questions

What is SOCMINT?

SOCMINT stands for social media intelligence: the collection and analysis of lawfully accessible information from social media platforms — profiles, posts, connections, engagement and amplification — turned into an assessment against a defined requirement. It is the part of OSINT that focuses on social platforms.

Is SOCMINT legal?

Reading and recording genuinely public social media content is lawful, but in the EU that content is still personal data under the GDPR, so professional collection runs under a documented lawful basis with a defined purpose and data minimisation. Using deception or a false connection request to get behind a private account's privacy settings is not open-source collection and can be unlawful.

What is the difference between SOCMINT and OSINT?

OSINT is the broad discipline of producing intelligence from any publicly available source, including registers, news, technical data and social media. SOCMINT is the subset that focuses specifically on social platforms and the behaviour, connections and reach visible on them. All SOCMINT is OSINT; OSINT is much wider than social media.

Put this into practice

Next Sight delivers these workflows as services, platforms, and training — lawful, documented, and built for teams who carry consequences.