Doxing
What is doxing?
Doxing, also spelled “doxxing,” is short for “dropping documents” and refers to publicly exposing someone’s private information without their consent.
This information can include anything from home addresses, phone numbers, and email addresses to more sensitive details like social security numbers, medical records, and even private photos.
The main goal behind doxing is usually to harass, intimidate, or shame the individual whose information is exposed. It’s often done with malicious intent, which can lead to emotional distress, safety concerns, and even physical danger.
How does doxing work?
Doxing typically follows a series of steps aimed at uncovering and sharing personal data. Here’s how it usually plays out:
- Information Gathering: The doxer starts by gathering bits of data from various sources. This can include public records, social media profiles, online forums, and even leaked databases.
- Connecting the Dots: These fragments of information are then pieced together to form a detailed profile of the target. This can involve linking an online alias to a real name or uncovering phone numbers, email addresses, home addresses, and even passwords.
- Verification: Before exposing the information, the doxer will often verify the accuracy of the data. They may cross-check information using Open Source Intelligence (OSINT) techniques or other methods to ensure it’s valid.
- Public Exposure: Once verified, the information is made public. It’s typically posted on social media, forums, or even dedicated websites, with the goal of encouraging others to harass or shame the individual.
- Harassment: After the exposure, the target often faces harassment, threats, or even physical violence. The shared details can also lead to more severe outcomes like identity theft.
Examples of doxing
- Gamergate: During 2014 - 2015, several women in the gaming industry, most notably, Anita Sarkeesian, Zoë Quinn and Brianna Wu, were victims victims of doxing. Their personal details, included leaking addresses, phone numbers, and other sensitive details were leaked online, leading to intense harassment and threats.
- Cecil the Lion’s Hunter: In 2015, Walter Palmer, the dentist who killed Cecil the Lion, was doxed with his personal and professional details exposed. The leaked data included his home address, phone numbers, email addresses, and the location and contact details of his dental clinic. As a result, Walter was forced to temporarily close his practice and go into hiding.
- HBGary Federal: In 2011, HBGary’s CEO, Aaron Barr, claimed to have infiltrated Anonymous and threatened to reveal its members’ identities. In retaliation, Anonymous hacked into HBGary’s website, accessed company emails, and exposed over 60,000 internal messages. These emails revealed questionable business practices, including plans to undermine journalists and labor unions. The breach not only severely damaged HBGary’s reputation but ultimately led to Aaron Barr’s resignation.
Is doxing illegal?
In most cases, yes, doxing is illegal.
Exposing someone’s personal details without their consent is a violation of privacy and can lead to serious consequences, both criminal and civil.
Depending on the jurisdiction, doxing could result in criminal charges, especially if it leads to harassment, threats, or other harmful actions.
Even in areas where laws around doxing aren’t explicitly defined, victims can often pursue legal action through civil lawsuits.
How to protect yourself from doxing
Here are a few things you can do to protect yourself from doxing:
- Limit Personal Information Online: Avoid sharing your home address, phone number, and other private information on social media or public forums.
- Use Strong, Unique Passwords: Use a password manager to generate unique, strong passwords for each app and enable two-factor authentication where possible.
- Privacy Settings: Adjust the privacy settings on your social media accounts to restrict who can see your information and posts.
- Avoid Using Real Names: Use pseudonyms or screen names on forums, websites, and other online platforms where your real identity isn’t necessary.
- Monitor Your Online Presence: Regularly search for your name online to see what information is publicly available. If you find sensitive data, take steps to have it removed or secured.
- Beware of Phishing Attempts: Be cautious when clicking on links in unsolicited emails or messages, as these could be phishing attempts to gather your personal data.
What should you do if you’re doxed?
If you find yourself the victim of doxing, follow these steps to protect yourself and respond quickly:
- Document Everything: Take screenshots of the doxed information, including the URLs where it’s posted. This documentation will be important for law enforcement and for having the content removed.
- Report to Authorities: Contact local law enforcement to report the incident, as doxing is illegal in many areas and can be a serious threat to your personal safety.
- Notify the Platform: Report the doxing to the website or platform where the information was shared. Most have policies against doxing and can remove the content.
- Strengthen Your Security: Change your passwords, enable two-factor authentication (2FA), and review your online security settings to prevent further exposure.
- Alert Family and Friends: Let your close contacts know about the doxing so they can be avoid being tricked by any related scams.