According to its IPO prospectus submitted to the US Securities and Exchange Commission on February 22, 2024, Reddit has more than 100K active communities, 73 million daily active visitors, 267 million weekly unique visitors, and more than 1 billion cumulative posts. 

Source: https://www.sec.gov/Archives/edgar/data/1713445/000162828024006294/reddits-1q423.htm

Its large user base and immense data collection make Reddit a goldmine for Open Source intelligence (OSINT) and Social Media Intelligence (SOCMINT) investigations.

In this guide, we will demonstrate how to use Reddit to investigate and collect information on its users and communities.

First, however, we need to understand what Reddit is, how it works, and how users engage on the platform.

What Investigators Need to Know About Reddit 

Launched in 2005, Reddit is a US-based social media platform that serves as a vast network of user-generated content, organized into communities known as "subreddits." With over 100,000 subreddits, you could say Reddit is a community of communities. 

Often referred to as the "front page of the internet," it mirrors the structure of traditional internet discussion forums, with each subreddit focusing on a distinct topic. These topics cover a wide spectrum, from news, science, and technology to art, personal advice, and beyond.

Figure 1 - Reddit home page 

Anonymity and a unique culture of memes, in-jokes, and candid discussions define the platform, making it a unique space for diverse voices and perspectives.

Any registered user can create and moderate a subreddit. Each subreddit will have a dedicated page, profile image and header image, short description, and additional information about the subreddit like its rules or policies. 

Registered users can post text, links, images or videos in subreddits.

Users can upvote or downvote posts and comments, influencing their visibility and promoting engaging discussions (see Figure 2 below). 

Posts and comments that receive more upvotes become more visible, making them appear on the subreddit's first page and sometimes even the Reddit home page (see Figure 1 above). 

Figure 2 - An average Reddit post on the subreddit, r/NoStupidQuestions

This encourages users to post content that will appeal to the viewpoints, interests, and humor of the majority in that particular subreddit. Posts that don't align with the subreddit's prevailing attitudes may get downvoted and become less visible.

“Karma” on Reddit is a reflection of how much a user's content—both posts and comments—has been upvoted by the community, minus the number of downvotes they've received. However, the relationship between upvotes and Karma is not 1:1; the actual algorithm is more complex and not publicly disclosed by Reddit. 

Essentially, Karma serves as a rough indicator of how much a user has contributed positively to the Reddit community.

Reddit can also give “awards” and “trophies” to recognize users for their contributions and activities on the platform. They can be earned through various achievements like reaching a certain amount of Karma, the length of time they’ve been a member, participating in special events and more. Once earned, the trophies are displayed on a user’s Reddit profile. (See Figure 3)

Caution: Reddit's User Dynamics Can Be Misleading

Over time, Reddit communities can become deep-seated in closed virtual rooms as users upvote opinions they agree with and downvote those they don’t. 

This leads to the marginalization of minority opinions. Users seeking upvotes and Karma often post content that appeals to the crowd. Although moderation can somewhat limit these effects, biases within Reddit communities remain persistent.

For online investigations, this means Reddit offers a skewed sample that should not be considered fully representative of opinions or beliefs of a given community. Opposing ideas are suppressed.

On the other hand, vote counts can identify influential users — but their popularity may originate from posting content that appeals to the community, rather than reflecting their genuine thoughts and beliefs. 

OSINT analysts need to understand the demographics and biases of different subreddits when gathering information from the Reddit platform.

Is Reddit a Useful Data Source for OSINT/SOCMINT Investigations?

Reddit’s immense value as a data source for OSINT and SOCMINT investigations stems from its unique structure, vast user base, and the rich variety of data it hosts. 

Here are examples of some of the content and data types that may prove fruitful in investigations:

1. Text Posts

Reddit's text posts contain personal opinions and discussions that provide insight into a user's interests, views, expertise, hobbies, and more. 

For example, if a user suspected of a crime posted on r/privacytoolsIO asking about the best tools to destroy (erase) all files on a hard disk, this may reveal the user's intention to hide something.

2. User Comments

The comments and discussions on a post can also provide information. For example, if a user was involved in heated debate across multiple subreddits about an issue like gun control, this could showcase a user's position and thinking. 

3. Images & Video

Multimedia posts can visually corroborate identities, locations, and events. For example, if a user frequently posts images from a particular city, it is likely they live there.

4. Metadata

Post metadata like timestamps can help create timelines of activity and geotag users' locations.

5. Account Connections

Analyzing account connections by tracking posts and comments can reveal relationships between different Reddit users. 
For example, if two Reddit users consistently engage in exchanges across multiple subreddits, liking and replying to each other's posts and comments, this pattern can reveal a close relationship or friendship between them.

6. Subreddit Membership

The subreddits a user is active in can demonstrate their interests and affiliations.

7. User Influence

Upvotes, award patterns, and “karma” can reveal a user's level of influence within particular subreddits.

The Challenges of Investigating Reddit

Though the vast amount of data that is available on Reddit makes it a valuable site for OSINT investigations, it also comes with challenges. 

1. Anonymity

Reddit allows users to remain anonymous, making verifying identities or connecting online personas to real-world individuals difficult. This anonymity can be a significant hurdle in investigations. But anonymity can also be a double-edged sword: users may feel shielded from repercussions or consequences and share more personal or incriminating information that could be used to identify them. 

2. Volume of Data

Reddit has millions of posts and comments generated daily across thousands of subreddits. It's huge. Sifting through this massive amount of data to find relevant information can be time-consuming and requires well-thought-out strategy and tactics

3. Ephemerality

Popular posts can disappear quickly as newer posts and comments are upvoted by users. Users may also delete comments or remove accounts altogether. As a result, OSINT investigators may deep dive in older Reddit activities only to find that a specific comment has been deleted.

4. "Sock Puppets"

A large number of Reddit user accounts can belong to one person. This allows a group of users created by one person to manipulate votes or spread coordinated disinformation easily across the platform.

5. Language and Slang

Reddit has its own culture, complete with slang, memes, and references that can be perplexing to outsiders. Understanding these nuances is vital for accurately interpreting information.

Now that we have a clear picture of how Reddit works, how it is structured, the challenges and the kind of information that can be found, let’s begin investigating Reddit user profiles.

OSINT Tactics for Investigating Reddit User Profiles

Every Reddit user has a profile. Accessing a Reddit user profile page will show all the posts and comments made by that user. All posts and comments are made under their username. Their real name will not appear, lending some anonymity to their interactions.

The Anatomy of a Reddit User Profile Page

A Reddit user profile page contains the following elements:

1. Profile image
2. Profile header image
3. Username (begins with u/)
4. Display name (optional)
5. Karma 
6. Cake day (The date the profile was created.)
7. Trophy Case
8. On the upper-left side of the user profile page, you’ll find links to the user’s "Comments" and "Posts" in all subreddits (see Figure 3).

Figure 3 - A general overview of the Reddit user profile page 

At the top of a Reddit user’s profile, there are links to all the user's posts and comments. We can navigate and sort the post and comments using filters, like time, most trending, or new. (See Figure 4).

Figure 4 - Using Reddit filters to filter a Reddit user's Posts and Comments 

Important Note: We’re using the Opera web browser to show experiments in this guide. Major web browsers, such as Chrome and Firefox, use similar naming conventions. 

Inspecting a User Profile Image on Reddit

To inspect a user profile image on Reddit, click over the Reddit user profile image to open it in a new tab. 

If the image is not clickable, then right-click the image and select "Open image in new tab". 

The profile image should appear in a new web browser window in full size (see Figure 5).

Figure 5 - Open Reddit user profile image in a new web browser tab and save it to a local computer

Now that we have the image, we can do a reverse image search to see where else online this image appears. 

First, you’ll need to save the profile image by right-clicking over the image and selecting "Save image as.”

There are quite a few different reverse image search engines — here are the most important ones:

• Google reverse image search
• Bing Visual Search
• TinEye reverse image search
• Pinterest Lens
• Yahoo Image Search
• PimEyes Reverse Image Search
• Face Search By ESPY

It is advisable to use multiple search engines when reverse searching for the profile images, as not all search providers will return the same results.

Examining Reddit User Profile Header Images

Reddit user profile pages have a header image, but these images are not always clickable, making opening it in a new tab for closer inspection a bit more difficult. 

When you encounter a header that cannot open:

Figure 6 - Click "Inspect element" to get the full URL of the Reddit user profile header image

Figure 7 - Copy the HTML code of the Reddit user profile header image

Step 3: Select and copy the entire image HTML element text. Paste this into a text file to inspect it alone. The copied HTML code will look something like this:

<div class="_2ZyL7luKQghNeMnczY3gqW" style="background-image: url(&quot;https://styles.redditmedia.com/t5_73xdr/styles/profileBanner_x4jy8gtt59fa1.jpg?width=1280&amp;height=384&amp;crop=1280:384,smart&amp;s=3540480677f4bca15d59e560fdddcc13c074c1b1&quot;);"></div>

Figure 8 - Viewing Reddit user profile header image in full-size

This allows us to retrieve the underlying image file in the profile header. 

Enlarging Reddit Profile Images

Sometimes, a Reddit’s profile image may be very small, making it difficult to discern or analyze. In these cases, we can use Artificial Intelligence (AI) powered tools to enhance and enlarge the image without losing quality. Some tools can remove backgrounds from images for a clearer view. 

Here are some online services for enlarging small photos: 

• VanceAI
• Upscale Media
• letsenhance
• pixlr

Inspecting Reddit Image & Video Metadata

Image and video posts are common on Reddit. 

And like almost all other digital file types, these image and video files contain hidden descriptive information called metadata, which are worth analyzing because they may contain sensitive user information.

Here are some examples of informative metadata associated with photo and video file types:

• Date/time when the file was created or modified
• GPS coordinates showing the location where the photo or video was captured
• Capturing device model
• Other technical information related to the capturing device

Exchangeable Image File Format (EXIF) metadata is associated with most image file types and there are many tools for revealing them. 

Here are some prominent metadata extraction tools for image files:

• ExifTool by Phil Harvey
• IRFANVIEW graphic viewer
• Exif Pilot
• GeoSetter
• Metadata Extraction Tool

In Figure 9, we've used the ExifTool to inspect an image. Here you will see the various types of metadata information we can get from an image.

Figure 9 - Using ExifTool to retrieve a JPG image metadata 

Note: Using online metadata viewers is not recommended for inspecting sensitive digital files. When uploading files to online platforms, the files can be intercepted during transfer or stored by the online service, revealing the case you are working on.

Examining Reddit Display Name and Username

Every Reddit has a username beginning with “u/” and an optional display name. It’s common for social media users to use the same username across different platforms, making them very useful for OSCINT investigations. 

To find out if a particular username appears on other social media websites, you can use a dedicated username search service:

• Namechk
• Instant Username Search
• Username Social

Using Data Breach Websites for Investigating Usernames

Data breach websites aggregate credentials and accounts that were previously exposed in website security breaches, including emails, usernames, passwords and other identifying information. Searching data breach repositories for a Reddit user's username can reveal additional accounts connected to that user.

Here are some data breach repositories where you can search for Reddit usernames:

• Have I Been Pwned
• Pastes.io
• Pastebin.com
• Google Custom Search Engine for search 48 pastebin sites
• Checkusernames

Finding the particular Reddit username in a breach can give us an idea of where else online that user has an account. This allows us to discover more relations and expand the investigation.

Other Elements to Examine in a Reddit User Profile

There are other elements included in Reddit User profiles that can also give important information and can help expand the investigation. 

For example, many users include a short bio that can reveal information about their interests or links to other content. 

Their “Cake Day” is when the profile was first created. 

The profile may also have links to other social media accounts, like Facebook, Youtube, or Instagram. (See Figure 10.)

Figure 10 - Reddit user profile may contain links to other social media platforms and a short bio about the user 

What Investigators Need to Know About Reddit Communities and Subreddits

As we’ve already mentioned, Reddit has more than 100K active communities called subreddits. Some subreddits are incredibly popular and have over 20 million members with thousands of posts and comments daily. 

All subreddits begin with "r/" followed by the subreddit name like r/CyberSecurity, r/Gaming or  r/Physics. Users actively participate within these communities by posting, partaking in discussions, asking questions, and interacting through votes and comments.

There are Reddit communities to cover nearly every niche or specific topic you can imagine. These niche communities and the level of anonymity provided by the platform makes it an even more valuable data source for OSINT investigations.

Because users only post under usernames and there is no robust user identity verification system, you can find many discussions on Reddit about controversial or illegal activities.

For example, misinformation and extremist communities have thrived on Reddit, with subreddits dedicated to ideologies like white nationalism, hate speech, involuntary celibates, racist content, and illegal drug markets and transactions. Thankfully, many are now banned from the platform.

Incriminating evidence that OSINT investigators can find on Reddit includes:

• Extremist rhetoric and recruitment in fringe subreddits
• Discussions of illegal actions such as tax evasion, revenge porn, or computer hacking
• Confessions of illegal drug use and other personal details
• Metadata revealing geo locations, real identities of people, employment, and mailing address – by doing a reverse image search (as we previously discussed). 
• Connections between different users that may map criminal or terrorist networks

Now that we understand what kind of evidence can be found through subreddits, let’s start investigating. 

OSINT Tactics for Investigating Subreddits or Reddit Communities

First, find the subreddit you want to inspect by using the Reddit search bar at the top of the homepage.  

To find a list of all subreddits, visit redditlist.com where they are ranked in three lists:

• Recent Activity – Ranked by the most recent activity
• Subscribers – Ranked by subscriber count
• Growth (24Hrs) – Ranked by the most subscriber growth in 24 hours. 

Next, visit the subreddit you want to inspect. You will find the following elements:

• Subreddit name
• Subreddit profile image or icon
• Subreddit header image
• Brief description 
• Number of users subscribed to the subreddit
• Rank by size
• Number of subreddit subscribers currently online
• Community bookmarks or links to other websites
• Community rules
• List of moderators – users responsible for enforcing community rules on all posts and comments.
• The community's main feed — made up of posts of either text, images, videos, or links to other sites.

We will use the same techniques we used previously when inspecting a Reddit user profile, to investigate the following elements:

1. Subreddit name
2. Subreddit profile image or icon
3. Subreddit header image

Next, read the subreddit’s brief description to see if it contains any links to other resources or mention any useful information such as the subreddit creator/s name. 

Then it is time to review the subreddits rules. All subreddits list the rules that govern behavior and norms around posts, comments, and discussions. Rules on each subreddit are different and specific to that community. Some subreddits have longer, more detailed community rules that contain links to other resources or websites, potentially revealing linked websites or associated persons. 

Make sure to look through all of the linked resources. Many subreddits include entire sections dedicated to linking to other related subreddits, resources, social media profiles, or websites. 

And finally, don’t forget to review the list of moderators. This is a list of Reddit members working to moderate the community and enforce its rules. You can inspect each moderator's user profile similarly to how we investigated individual user profiles earlier. 

General Search Techniques for Reddit

Like other social media websites, Reddit has a built-in search engine. The search address bar, which is located on the top of the page, allows users to search within the entire Reddit platform (when you are on the Reddit home page) or within a specific subreddit (when you are searching from within a particular subreddit).

For example, if we want to search for the keyword "OSINT resources" from the search bar on the Reddit main page, the built-in filter allows me to search within a specific area, like posts, comments, communities or people. 

You can further refine and organize search results according to filters like “Relevance”, what’s trending or “Hot”, the most popular or “Top”, the most recent in “New”, “Most Comments” and timeframe (All Time, Past Year, Past Month, Past Week, Past 24 Hours, Past Hour). (See Figure 11) 

Figure 11 – Using Reddit search on the home page to search within the entire Reddit platform

To search for terms within a specific subreddit, first you need to access it. While you are accessing the subreddit, its name and icon will appear in the top search bar, indicating that the search will bring up results only from this subreddit. (See Figure 12).

Figure 12 - Search within a specific subreddit

Using Advanced Google Search Queries to Search Reddit

Reddit built-in search function is fine if you’re searching for something on the Reddit platform. But it is a common in-joke with Reddit users that if you want to find something on Reddit, you’re better off using Google search. 

In fact, Google can be leveraged to return more accurate results from Reddit using advanced search queries.

Here are some advanced search query formats you can use to search the Reddit platform: 

• site:reddit.com [Search keyword] - This allows you to search for specific keywords that appear in Reddit posts and comments.
• site:reddit.com r/[subreddit] [keyword] - This allows you to search for particular keywords within a particular subreddit.
  • For example: Using “site:reddit.com r/cybersecurity OSINT” will search for the keyword "OSINT" in the subreddit "Cybersecurity". 
• site:reddit.com/r/[subreddit] inurl:"comments" [keyword] - This allows you to search for specific keywords within comments in a particular subreddit. 
  • For example: Using “site:reddit.com r/cybersecurity inurl:"comments" OSINT” will search for “OSINT within the comment section of r/Cybersecurity.

Searching for Deleted Content on Reddit

A Reddit user may delete some posts or comments after publishing for different reasons. 

This deleted content could be valuable and may contain information like names, email addresses, important URLs, or incriminating discussions.

To find deleted content, you will have to use a third-party service. Here are some of the most popular:

1. Reveddit 

Revedit is a service for finding deleted content on Reddit. It can retrieve deleted content for both users and subreddits. 

2. Redective

Redective is an online tool that lets you analyze Reddit users and subreddits. Simply enter the username on Redective's website and it will retrieve data in real-time directly from Reddit to provide a comprehensive report about a user's activities.

When searching for a user, Redective displays profile info, subreddit memberships, frequently used words, and posts. It highlights active times, top posts, and common themes (see Figure 13). 

Searching a subreddit shows its top contributors, popular posts, frequently used words, related subreddits, and traffic stats over time.

Figure 13 - Redective display dates of Reddit user posts and comments which can reveal important usage information about them such as when they are using the internet

3. Redditmetis

Redditmetis is another free online service for analyzing Reddit users' profiles. All you need to do is provide the target Reddit username and Redditmetis will provide a visual analysis of the last 1000 comments and 1000 submissions (see Figure 14).

Figure 14 - Using Redditmetis to analyze Reddit users' accounts 

Defensible Evidence Collection from Reddit  

As we’ve demonstrated, Reddit is a great source for collecting digital evidence to support various investigation needs. 

However, because Reddit allows users to remain anonymous, facilitating the spread of disinformation quickly across the platform, OSINT investigators should follow specific procedures when collecting evidence from Reddit to ensure the defensibility of their findings:

• Capture screenshots of relevant posts and comments, including timestamps and usernames, before they get deleted by the target user/s. 
  • NOTE: Screenshots may not be defensible in court unless they include proper metadata, context, hyperlinks and can be authenticated as genuine and  unaltered. To capture this data in an authenticated format, consider using a web evidence capture tool like WebPreserver or Social Discovery.
• Use web archives like the Wayback Machine to view archived snapshots of the relevant Reddit page.
• Document the search process including the keywords used and the date/time when the evidence was captured to establish a transparent chain of custody.

WebPreserver for Reddit Investigations

WebPreserver is a social media and web capture tool that allows you to capture long Reddit discussion threads or subreddit pages in just a couple of clicks. The browser plug-in will automatically expand comment threads or post previews, saving you time from manually expanding and capturing every post. Better yet – all evidence collected is complete with the appropriate metadata, digital signatures for authentication, and can be exported in native formatting, so you can present your evidence in context. 

Learn more about WebPreserver here. 

Reddit OSINT Investigations: Final Thoughts

In summary, Reddit can be a key resource for OSINT/SOCMINT investigations, presenting a rich field for intelligence gathering with its extensive community engagement and vast content archive. 

Its unique structure and culture, marked by over 100K active communities and billions of posts, provide both opportunities and challenges for investigators. 

Reading this guide has equipped you with sound strategies to explore user-generated content, analyze interactions, and unearth valuable intelligence while navigating the nuances and challenges that come with a vast data set of anonymized content.