Doxing

 

What is doxing?

Doxing (also spelled “doxxing”) is short for “dropping documents” and refers to the act of publicly leaking private information about an individual without their consent.

This information can include personal details like home addresses, phone numbers, email addresses, or even private photos, medical records, and social security numbers.

The intent behind doxing is often to harass, threaten, or shame the person whose information is exposed.

How does doxing work?

Doxing involves several steps to gather and expose personal information about someone. Here’s a simplified breakdown of how it usually works:

1. Information Gathering: The doxer starts by collecting bits of information from various sources. This can include public records, social media profiles, online forums, and databases.
2. Connecting the Dots: The collected pieces of information are then pieced together to form a more complete profile of the target. This might involve linking an online alias to a real name, finding addresses, phone numbers email addresses, and leaked passwords.
3. Verification: The doxer verifies the information to ensure its accuracy. This might involve cross-referencing multiple sources or using various OSINT techniques to validate the data.
4. Public Exposure: Once the information is gathered and verified, it is published online, often on social media, forums, or dedicated websites. The aim is to expose the target to online harassment, threats, or public shaming.
5. Harassment: After the information is made public, others often use it to harass or threaten the individual, causing emotional distress or even physical danger. In many cases, the leaked data eventually leads to identity theft.

Examples of doxing

• Gamergate: During 2014 - 2015, several women in the gaming industry, most notably, Anita Sarkeesian, Zoë Quinn and Brianna Wu, were victims victims of doxing. Their personal details, included leaking addresses, phone numbers, and other sensitive details were leaked online, leading to intense harassment and threats. This malicious exposure not only disrupted their professional lives but also posed serious risks to their personal safety.
• Cecil the Lion’s Hunter: In 2015, Walter Palmer, the dentist who killed Cecil the Lion, was doxed with his personal and professional details exposed. The leaked data included his home address, phone numbers, email addresses, and the location and contact details of his dental clinic. As a result, Walter was forced to temporarily close his practice and go into hiding.
• HBGary Federal: In 2011, HBGary’s CEO, Aaron Barr, claimed to have infiltrated Anonymous and threatened to reveal its members’ identities. In retaliation, Anonymous hacked into HBGary’s website, accessed company emails, and exposed over 60,000 internal messages. These emails revealed questionable business practices, including plans to undermine journalists and labor unions. The breach severely damaged HBGary’s reputation and led to Aaron Barr’s resignation.

Is doxing illegal?

Yes, doxing is generally illegal.

It involves sharing someone’s private information, like home address or phone number, without their permission, which can lead to harassment or harm.

Laws vary by location, but many regions have rules against doxing because it violates privacy and can put people at risk.

Even if not explicitly illegal everywhere, it can still result in civil lawsuits or other legal consequences.

How to protect yourself from doxing

There are several things you can do to protect yourself from doxing:

1. Limit Personal Information Online: Be cautious about sharing personal details such as your home address, phone number, and email address on social media and other online platforms.
2. Use Strong, Unique Passwords: Use a password manager to generate unique, strong passwords for each app and enable two-factor authentication where possible.
3. Privacy Settings: Adjust the privacy settings on your social media accounts to restrict who can see your information and posts.
4. Avoid Using Real Names: Use pseudonyms or screen names instead of your real name on forums and websites where possible.
5. Monitor Your Digital Footprint: Regularly search for your name online to see what information is publicly accessible and take steps to remove or secure it.
6. Be Cautious with Emails and Links: Avoid clicking on suspicious links or opening emails from unknown sources, as they can be phishing attempts to gather your information.

What should you do if you become a doxing victim?

If you become a victim of doxing, here are the steps you should take:

1. Document the Doxing: Take screenshots and save any evidence of the doxing, including the URLs where your information has been shared.
2. Report to Authorities: Contact local law enforcement to report the incident, as doxing is illegal in many areas and can be a serious threat to your safety.
3. Contact the Platform: Report the doxing to the website or platform where the information was shared. Most have policies against doxing and can remove the content.
4. Increase Security: Strengthen the security of your online accounts by changing passwords, enabling multi-factor authentication, and updating privacy settings.
5. Inform Family and Friends: Let your family and friends know about the doxing so they can be avoid being tricked by any related scams.