AI-powered OSINT tool profiles YouTube commenters, raising privacy concerns
An open-source intelligence (OSINT) platform, Lolarchiver, has sparked major privacy and legal concerns with its AI-powered tools that can rapidly profile YouTube users based on their activity. The platform claims it can generate detailed profiles of YouTube users solely on the basis of their online behavior.
The tool, part of the “YouTube Tools” suite by pseudonymous developer Lolarchiver, allows users to run a series of AI-powered checks on any YouTube user. These checks include analyzing publicly available data such as a user's geographic location and potential political or cultural leanings.
According to a recent report by tech outlet 404 Media, the tool can produce reports within seconds that include inferred data about a user's location and interests. During a test, a user was reportedly identified as living in Italy based on Italian-language posts and references to an Italian TV show.
While the insights generated by YouTube Tools are based on publicly available data, the tool has significantly lowered the barrier to entry for digital profiling. Anyone can now look up what a YouTube user has written and make deductions about their identity without needing to conduct extensive research.
This raises significant concerns about privacy and the potential for misuse of this technology. As one expert noted, "With AI, all it takes is a click" to generate an invasive profile, often without the user's awareness or consent.
Broader implications
Lolarchiver also provides OSINT tools for other platforms such as Twitch, Kick, League of Legends, nHentai, leaked databases search, X, email reverse lookup and phone reverse lookup. This raises concerns about the potential for these tools to be used in violation of platform terms of service or local data protection laws.
Legal experts warn that some of these tools may be in violation of YouTube's policies, as they allow data scraping without respecting the website's robots.txt file. Additionally, searching for third-party data without a lawful basis can breach European Union's General Data Protection Regulation or state privacy laws in the US.
The rise of digital profiling
The emergence of tools like Lolarchiver highlights the long-term impact of historic and ongoing data breaches. Personal information is frequently exposed in hacks and database leaks, often making its way to stolen data marketplaces or services.
A recent example of this is Coinbase's data breach, which exposed users' account balances, ID images, phone numbers, home addresses and partially hidden bank details to attackers. Such incidents underscore the need for greater awareness and protection of personal data in the digital age.
The impact on cryptocurrency holders
For cryptocurrency holders, the exposure of KYC (Know Your Customer) data can be especially dangerous. Physical attacks targeting high-profile crypto holders are becoming increasingly common, with reports indicating that as cryptocurrency grows in popularity and price, so do the number of violent attacks.
A growing repository of known physical attacks on Bitcoin holders has reported 29 cases in 2025, not including unreported incidents or those that did not receive media attention. This underscores the need for greater awareness and protection of personal data among cryptocurrency holders.