All too often OSINT investigation is fixated by tools that we hope will make the job easier. Good tools do make OSINT easier, but they can never be a substitute for having a good understanding of the principles that underpin effective investigation. To be accurate and effective we need to know how to avoid common pitfalls like confirmation bias (you only find evidence that supports your hypothesis, and ignore evidence to the contrary), availability error (you choose to follow the easiest and most accessible line of enquiry, not necessarily the correct ones), or simply how to prioritise information and avoid drowning in a sea of useless data. If we aren’t alert to these dangers we can easily lose focus and come to the wrong conclusions.
Fiete Stegers‘ recent Quiztime challenge was a timely reminder of how easy it is to make mistakes by forgetting the basics of investigation. I rushed in with the wrong method and asked the wrong questions and so of course I got the wrong answer at first (or rather, no answer at all) but by correcting my mistakes I got there in the end.
Here is Fiete’s photo challenge:
Fiete asks the question “How old is this? Maybe the internet can help me find out.”
There were no quick hits with Yandex or Google, so I, like a few others, rushed into searching for information and images connected to “Post Hotel”. “Post Hotel” is not really a particularly common term in English, but I soon discovered it is widely used to describe certain kinds of hotel across Europe. There are in fact thousands of “Post Hotels” out there. The number of possible locations was so big they would be impossible to narrow down without additional information. I still did some fairly extensive image searching, even breaking the image up into separate “Post” and “Hotel” snippets and searching them individually but I came up empty-handed.
I started this post by mentioning how basic investigative mistakes lead to wrong conclusions, and no amount of good OSINT tools can correct them. In this challenge I had unconsciously made two basic mistakes before I even clicked to start my first search query, both of them caused me to go wrong.
Mistake #1 – the ABC of Investigation
Believe No One
Challenge Everything (or at least Clarify Everything)
Assuming is dangerous. We always have to make some assumptions when testing a hypothesis, but that’s fine when we know that we’re making them. They become dangerous when we don’t know that we’re making them, which is what I did in this case. I assumed that this was a geolocation question, because Quiztime always does geolocation quizzes, right? Wrong. But because I’d made this unconscious assumption, I’d spent an hour looking at hundreds of different “Post Hotels” all over Europe. To compound my mistake, I found this image of the Alte Wache Post Hotel in Hamburg:
Notice how similar the Hotel logo is to the one in the challenge picture? I assumed I was searching for a Post Hotel geolocation, so that is what I looked for and that is what I found. Availability error also led me here; it was one of the first results that appeared, so I assumed (dangerous again) that it was correct. Then I realised that this hotel was in Hamburg, which is where Fiete Stegers lives – so maybe he took the picture somewhere in his home town? This made me think that this really was the correct location, but this was confirmation bias kicking in (it suited my hypothesis about a Post Hotel Fiete might have chosen) and so naturally my efforts to find out more came to nothing. This is because I had made a second basic mistake:
Mistake #2 – RTFQ
Who said this was a geolocation quiz? I (along with others) had just assumed it was because I didn’t read the question closely enough. Fiete didn’t ask “where is this?”, he asked “how old is this?” No one actually said this was a geolocation quiz because it was really about object identification and research. With that in mind I changed my search parameters and began looking for objects, not places. By image searching around hotel signs and logos with blue text and post logos with red text I eventually stumbled upon this:
Doh! Although it took a long time and perhaps some slight luck with my image searches, as soon as I found this image I realised how wrong I had been and how much time I had wasted – and all because I rushed at the start without having a proper investigative method in place. Once I realised Fiete’s picture was of Lego bricks, it all made sense.
The rest of the quiz was much easier. There’s a huge database at Bricklink which catalogues just about every single Lego brick or set ever made. Searching there for “Hotel” branded bricks brought up this page with this image:
Bricklink tells us this brick was manufactured between 1958 and 1966. There is no confirmed date for the associated Post brick, but after Fiete provided us with some additional images from his set and with some extra research from @MCantow it seems we can be fairly confident that Fiete’s Lego dates from the mid to late 1950s.