Sherlock: Hunt down social media accounts by username across 400 social networks

Original Article ↗ Hacker News Discussion ↗

Perceived Uses and Misuses

  • Suggested “non‑creepy” uses: OSINT / cybercrime research, awareness training about how linkable traces are, self‑auditing your own footprint, cleaning up accounts before running for office, finding a consistent username to register, importing content across sites.
  • Several commenters argue there is effectively no non‑creepy use; the tool is inherently suited for stalking, harassment, brigading across platforms, and cancel campaigns.
  • Some see it as an educational shock: a concrete demo that online anonymity is fragile.

Privacy, Anonymity, and Online Footprints

  • Many note how easy it is to correlate identities by username, email, phone, profile photo, time zones, and especially writing style (stylometry).
  • Some now assume all activity will be deanonymized and self‑censor accordingly, fearing future lawsuits or professional repercussions for old posts.
  • Others advocate embracing a public identity and simply not posting anything you’d regret, or using multiple personas/accounts depending on context.

Usernames, Identity, and Impersonation

  • Split advice:
    • Use unique usernames everywhere to make tracking harder.
    • Use the same username everywhere to build a clear, controlled public identity.
    • Claim your “main” handle widely to prevent impersonation, then use separate ones for sensitive topics.
  • Concerns that usernames alone are weak evidence; attackers can pre‑emptively register your handle on new platforms and damage your reputation.
  • LLMs and bots can now impersonate style, further muddying authenticity.

Technical Characteristics and Limitations of Sherlock

  • Tool essentially loops over ~400 sites, fetches profile URLs, and regex‑matches “user not found.”
  • It runs client‑side, querying sites directly rather than a central database.
  • Users report false positives (including for nonsense usernames) and links leading to 404s; some find it less useful than Google.
  • Critiques: overengineered for what is conceptually a simple script; CLI‑only and not very user‑friendly; UI on the website is confusing.

Legal and Ethical Context

  • Some jurisdictions reportedly restrict employers from searching candidates without consent, but commenters argue such rules are often unenforceable and widely ignored.
  • Debate over whether digging up old posts (10+ years) should be disqualifying, with tension between accountability and recognizing people can change.