OSINT: Kestrel and Webloc

A username used to mean a loose trail of clues. Now one free tool can check more than 800 sites at once, pull public bios and follower counts, and throw out a lot of the fake matches that used to waste an investigator’s time. That tool is called Kestrel, and its GitHub page says it searches 800-plus platforms simultaneously, uses guest tokens on sites like X, and validates doubtful hits with a dummy username before reporting them. In plain English, it is trying to answer one question fast: is this the same person, or just someone with the same handle. The old weakness in username hunting was the false positive. Many scanners treated any page that returned a normal web response as a match, while Kestrel says it looks for things like the username itself, a follower count, or other expected profile content before it calls the result real. That sounds small until you picture scale. A search that once meant opening dozens of tabs across Reddit, GitHub, Instagram, Chess.com, and X can now be done in one sweep, with metadata like display names, bios, avatars, and post counts attached when the site exposes them publicly. At the same time, a very different system was built around the same basic idea: collect scattered public or semi-public signals, then stitch them into a person-shaped map. Citizen Lab reported on April 9, 2026 that a product called Webloc uses location data bought from mobile apps and digital advertising to monitor hundreds of millions of people around the world. Citizen Lab says Webloc is sold as an add-on to a social media and web intelligence system called Tangles. Instead of asking “where does this username appear,” Webloc asks “where has this phone been,” using device identifiers and ad-tech location records like breadcrumbs dropped by apps. The Hungary angle came from a joint investigation published by VSquare on April 9, 2026. VSquare reported that Hungarian intelligence agencies used Webloc, making Hungary the first confirmed European Union country tied to the system, and said license documents and sources indicated use since at least early 2022. VSquare also reported that a new round of Cobwebs license renewals, including Webloc, was completed in March 2026, just weeks before Hungary’s April 12 parliamentary election. That timing matters because the same report says Hungary’s intelligence procurements are classified, so the public does not get the kind of contract trail that would normally show who bought what. This is where the two stories meet. Kestrel works on openly visible profile data, while Webloc works on location data pulled from the advertising system inside mobile apps, but both reduce the cost of turning fragments into identity. The companies are converging too. PenLink announced on July 11, 2023 that Cobwebs Technologies had joined its platform, adding open-source intelligence capabilities for law enforcement, public safety, and national security customers; Citizen Lab now describes Webloc as a PenLink product that traces back to Cobwebs. The line people used to draw was simple: open-source intelligence looked at what you posted, and surveillance looked at what the state could secretly collect. In 2026, that line is thinner, because the same commercial data markets and search automation can link your handle, your bio, your friends, your device, and your movements into one file.