What is Doxing?

The term ‘Doxing’ originates from “dropping dox,” with ‘dox’ referring to documents. Generally, doxing is a malicious practice aimed at individuals whom the hacker opposes or has negative feelings towards.

What is Doxing?

Doxing, also known as Doxxing, involves the unauthorized disclosure of personal information about someone online, such as their real name, address, workplace, phone number, and financial details, without their permission.

The term “doxing” originated in the online hacker community during the 1990s when anonymity was highly valued. It referred to the practice of exposing personal information (“dropping docs”) about individuals previously known only by usernames or aliases. Over time, “docs” became “dox” and evolved into a standalone verb.

Today, doxing has expanded beyond the hacker community and is used in various contexts, often involving ideological or personal disputes. The goal is to escalate conflicts by revealing sensitive details like home addresses, phone numbers, financial information, and private correspondence.

Doxing can range from minor annoyances like fake sign-ups or deliveries to serious offenses such as harassment, identity theft, cyberbullying, or physical intimidation. Celebrities, politicians, journalists, and others in the public eye are common targets, facing online harassment and safety threats as a result.

Motivations for doxing vary, including revenge, ideological disagreements, or the desire to publicly shame or intimidate individuals. Regardless of the motive, doxing is a serious invasion of privacy that can have profound and harmful consequences for those targeted.

How Does Doxing Work?

In the era of big data, personal information abounds on the internet, often beyond individuals’ control, making it susceptible to exploitation by those with the inclination, resources, and interest.

Various methods are employed to carry out doxing:

• Tracking Usernames: Many individuals use consistent usernames across multiple platforms, allowing potential doxers to piece together their online activities and interests.
• WHOIS Domain Searches: Public registries, accessible through WHOIS searches, reveal personal information of domain owners unless obscured at registration.
• Phishing: Insecure email accounts or falling victim to phishing scams can expose sensitive emails to hackers.
• Social Media Stalking: Public social media accounts provide a wealth of personal information, facilitating the deduction of details such as location, workplace, relationships, and more.
• Government Records: While not all personal records are online, government websites may contain information like business licenses, marriage records, and voter registration logs.
• IP Address Tracking: Doxers can discover IP addresses and, consequently, physical locations, potentially using social engineering tactics to glean further information from ISPs.
• Reverse Mobile Phone Lookup: Services like Whitepages allow identification of mobile phone owners, often for a fee, offering additional personal information.
• Packet Sniffing: Intercepting internet data allows hackers to extract sensitive information like passwords, credit card numbers, and email messages.
• Data Brokers: These entities compile and sell personal information obtained from various sources, including public records and online activities.

By aggregating these breadcrumbs of information, doxers can unveil the real identities behind online aliases, including names, addresses, contact details, and more. This information can be wielded menacingly, such as publicly sharing it to intimidate or harass targets.

The threat extends beyond mere access to information; it’s about how it’s utilized. Doxing can lead to physical threats, communication disruptions, or even identity theft if sensitive details are exposed. With determination and internet access, anyone can construct a profile of an individual, especially if the target’s information is readily accessible online.

Examples of Doxing

The most common scenarios of doxing typically fit into three main categories:

• Disclosing an individual’s private, personally identifying details on the internet.
• Unveiling previously undisclosed information about a private individual online.
• Publicizing personal information of a private individual online, which could detrimentally affect their reputation and that of their personal and/or professional contacts.

Several notable instances of doxing include:

• Ashley Madison: A hacker collective targeted Ashley Madison, an online dating platform for individuals seeking extramarital affairs, demanding action from its management. When their demands went unmet, the group leaked sensitive user data, resulting in the doxing of millions of individuals. This led to widespread humiliation, embarrassment, and potential harm to both personal and professional reputations.
• Cecil the Lion: Following the illegal hunting and killing of Cecil the Lion by a Minnesota dentist in a protected game reserve in Zimbabwe, some of the dentist’s personal information was released online. This prompted further disclosure of personal details by individuals outraged by his actions, aiming for public retribution.
• Boston Marathon Bombing: In the aftermath of the Boston Marathon bombing, thousands of users on Reddit collectively gathered and analyzed information related to the event and its investigation, intending to aid law enforcement. However, this effort resulted in the inadvertent identification of innocent individuals, leading to a misguided public pursuit.

Is Doxing Illegal?

Doxing carries the potential to inflict serious harm on individuals and their families by subjecting them to harassment both online and offline. But is it illegal?

The answer isn’t straightforward: in many cases, doxing falls into a legal gray area. If the information revealed is already publicly available and obtained legally, it may not be considered illegal. However, depending on the jurisdiction, doxing could violate laws related to stalking, harassment, or threats.

The legality also hinges on the type of information disclosed. For instance, exposing someone’s real name might not carry the same legal weight as revealing their home address or phone number. Nonetheless, in the United States, doxing a government employee can be prosecuted under federal conspiracy laws, constituting a federal offense. Yet, as doxing is a relatively recent phenomenon, the legal landscape surrounding it remains uncertain and evolving.

Regardless of legal implications, doxing often breaches the terms of service of online platforms, potentially leading to account suspensions or bans. This is because doxing is widely regarded as unethical, typically driven by malicious intent to intimidate, blackmail, or manipulate others. It exposes victims to numerous risks, including harassment, identity theft, public embarrassment, loss of employment, and social isolation.

How to Protect Yourself From Doxing

Given the wide array of search tools and easily accessible information on the internet, nearly anyone can become a victim of doxing.

If you’ve ever engaged in online activities like posting in forums, using social media platforms, signing online petitions, or even buying property, your information may be publicly available. Additionally, vast amounts of data can be accessed through public databases, county records, state records, search engines, and similar sources.

While this information is open to those who actively seek it, there are measures you can take to safeguard your privacy:

1. Protect your IP address with a VPN: Utilizing a VPN (virtual private network) can effectively shield your IP address. By encrypting your internet traffic and routing it through the VPN’s servers, you can browse anonymously.
2. Practice good cybersecurity: Employ anti-virus and malware detection software to prevent doxers from accessing your information through malicious applications. Keep your software updated to plug security vulnerabilities.
3. Use strong passwords: Create strong passwords containing a mix of uppercase and lowercase letters, numbers, and symbols. Avoid reusing passwords across multiple accounts, and regularly update them. Consider using a password manager for added security.
4. Utilize different usernames for various platforms: Employ distinct usernames and passwords for different online services to prevent doxers from compiling a comprehensive profile of you across platforms.
5. Maintain separate email accounts: Consider having separate email addresses for different purposes, such as personal, professional, and spam. Minimize the sharing of your personal email address publicly to limit exposure.
6. Review and optimize privacy settings on social media: Take time to review and adjust the privacy settings on your social media profiles according to your comfort level with sharing information.
7. Implement multi-factor authentication: Enable multi-factor authentication for your online accounts to add an extra layer of security beyond passwords.
8. Delete obsolete profiles: Regularly review and delete outdated or unused online profiles to minimize the availability of your personal information.
9. Stay vigilant against phishing emails: Be cautious of unsolicited emails requesting personal information, as these could be phishing attempts by doxers.
10. Protect domain registration information: Ensure your personal information is concealed from WHOIS searches if you wish to maintain anonymity for your website.
11. Request removal of information from search engines: If personal information appears in search engine results, request its removal through the respective search engine’s removal process.
12. Scrub your data from data broker sites: Consider removing your information from data broker sites, either manually or through specialized services.
13. Exercise caution with online quizzes and app permissions: Be wary of sharing personal information through online quizzes and carefully review app permissions before granting access.
14. Limit disclosure of sensitive information: Refrain from publicly disclosing sensitive details such as Social Security numbers, home addresses, and financial information whenever possible.
15. Conduct self-doxing assessments: Regularly assess the information available about yourself online through various means like internet searches, social media audits, and email breach checks.
16. Set up Google alerts: Create alerts for your personal information to receive notifications if it appears online unexpectedly.
17. Exercise discretion in online interactions: Be mindful of the information you share online, particularly on public forums and social media platforms, to minimize the risk of becoming a target for doxing.

What To Do in Case You Are Doxed?

The most common reaction to being doxed is fear, often accompanied by a sense of vulnerability and panic. Doxing is specifically intended to violate your sense of security and provoke strong emotional responses like panic, anger, or withdrawal. If you find yourself targeted by doxing, here are steps you can take:

• Report it: Notify the platforms where your personal information has been posted. Refer to the platform’s terms of service or community guidelines to understand their reporting process for such incidents. Save the details of your report for future reference to avoid repeating yourself. Reporting is crucial to halt the spread of your personal information.
• Involve law enforcement: If the doxer makes personal threats against you, contact your local police department immediately. Treat any information pointing to your home address or financial details as a serious matter, especially if credible threats are involved.
• Document it: Capture screenshots or download pages showing where your information has been shared. Ensure the date and URL are visible in your documentation. This evidence is valuable for your own records and may assist law enforcement or other relevant agencies.
• Protect your financial accounts: If your bank account or credit card numbers have been exposed, notify your financial institution(s) promptly. Your credit card provider will likely cancel your card and issue a replacement. Change passwords for your online banking and credit card accounts as a precaution.
• Secure your accounts: Change passwords across all your accounts, use a password manager for enhanced security, enable multi-factor authentication where available, and review and strengthen privacy settings on all online platforms you use.
• Seek support from a trusted individual: Dealing with doxing can be emotionally draining. Reach out to a friend or family member you trust for support and guidance through this challenging situation. You don’t have to face it alone.

FAQ’s

What is Doxing?

Doxing, also known as Doxxing, involves the unauthorized disclosure of personal information about someone online, such as their real name, address, workplace, phone number, and financial details, without their permission.

How Does Doxing Work?

Doxing exploits the abundance of personal information available online, utilizing various methods like tracking usernames, WHOIS domain searches, phishing, social media stalking, accessing government records, tracking IP addresses, and using data brokers to compile detailed profiles of individuals.

Is Doxing Illegal?

The legality of doxing varies depending on jurisdiction and the nature of the information disclosed. While revealing publicly available information may not be illegal, doxing can violate laws related to stalking, harassment, or threats. Doxing government employees, for instance, can be considered a federal offense in the United States.

How Can I Protect Myself From Doxing?

To safeguard against doxing, individuals can employ measures such as using a VPN to protect their IP address, practicing good cybersecurity hygiene, using strong passwords and unique usernames for each platform, reviewing and optimizing privacy settings on social media, enabling multi-factor authentication, deleting obsolete online profiles, staying vigilant against phishing attempts, and limiting the disclosure of sensitive information online.

What Should I Do if I Am Doxed?

If you become a victim of doxing, it’s crucial to report the incident to relevant platforms, involve law enforcement if threats are made, document the doxing evidence, protect your financial accounts, secure your online accounts, and seek support from trusted individuals to navigate the emotional toll of the experience.

Conclusion

Doxing poses a serious threat to personal privacy and online security. While it may not always be illegal, its ethical implications are clear, violating privacy and exposing individuals to harassment and identity theft. To mitigate this risk, individuals must remain vigilant, employ robust cybersecurity measures, and carefully manage their online presence. Collaboration between platforms and authorities is crucial to combat doxing effectively and hold perpetrators accountable. By raising awareness and taking proactive steps to protect personal information, we can create a safer online environment for all.