Doxing

 

What is Doxing?

Doxing, also spelled “Doxxing,” is short for “dropping documents”.

Doxing is the act of publicly exposing someone’s private information without their consent.

Common examples of the types of data leaked include home addresses, phone numbers, and email addresses.

It’s not uncommon for highly sensitive details to be leaked as well. This includes social security numbers, medical records, and private photos.

The main goal behind doxing is usually to harass, intimidate, or shame the individual whose information is exposed.

It’s often done with malicious intent. This leads to emotional distress, safety concerns, and even physical danger.

How does doxing work?

Doxing typically follows a series of steps aimed at uncovering and sharing personal data. Here’s how it usually happens:

  1. Information Gathering: The doxer starts by gathering bits of data from various sources. This can include public records, social media profiles, online forums, and even leaked databases.
  2. Connecting the Dots: These fragments of information are then pieced together to form a detailed profile of the target. This can involve linking an online alias to a real name or uncovering a home address and even passwords.
  3. Verification: Before exposing the information, the doxer will often verify the accuracy of the data. They often cross-check information using Open Source Intelligence (OSINT) techniques.
  4. Public Exposure: Once verified, the information is made public. It’s typically posted on social media, forums, or even dedicated websites. The goal is to encourage others to harass or shame the victim.
  5. Harassment: After the exposure, the target often faces harassment and threats. They may even suffer physical violence. The shared details can also lead to more severe outcomes, like identity theft.

Examples of doxing

  • Gamergate: During 2014 - 2015, several women in the gaming industry, most notably, Anita Sarkeesian, Zoë Quinn and Brianna Wu, were victims victims of doxing. Their personal details, including leaked addresses and phone numbers, were posted online. This led to intense harassment and threats.
  • Cecil the Lion’s Hunter: In 2015, Walter Palmer, the dentist who killed Cecil the Lion, was doxed with his personal and professional details exposed. The leaked data included his home address, phone numbers, email addresses, and the location and contact details of his dental clinic. As a result, Walter was forced to temporarily close his practice and go into hiding.
  • HBGary Federal: In 2011, HBGary’s CEO, Aaron Barr, claimed to have infiltrated Anonymous and threatened to reveal its members’ identities. In retaliation, Anonymous hacked into HBGary’s website, accessed company emails, and exposed over 60,000 internal messages. These emails revealed questionable business practices, including plans to undermine journalists and labor unions. The breach not only severely damaged HBGary’s reputation but ultimately led to Aaron Barr’s resignation.

Is doxing illegal?

In most cases, yes, doxing is illegal.

Exposing someone’s personal details without their consent violates their privacy. It can lead to serious criminal and civil consequences.

Depending on the jurisdiction, doxing can result in criminal charges. This is especially true when it leads to harassment, threats, or other harmful actions.

Even in areas where laws around doxing aren’t clear, victims can often file a civil lawsuit.

How to protect yourself from doxing

Here are a few things you can do to protect yourself from doxing:

  1. Limit Personal Information Online: Don’t share your home address, phone number, or other private info on social media or public forums.
  2. Use Strong, Unique Passwords: Use a password manager to generate unique, strong passwords for each app. Enable two-factor authentication wherever possible.
  3. Privacy Settings: Adjust the privacy settings on your social media accounts to restrict who can see your posts.
  4. Avoid Using Real Names: Use pseudonyms or screen names on online platforms where your real identity isn’t necessary.
  5. Monitor Your Online Presence: Regularly search for your name online to see what information is publicly available. If you find sensitive data, take steps to have it removed or secured.
  6. Beware of Phishing Attempts: Be cautious when clicking on links in unsolicited emails or messages. They could be phishing attempts to steal your personal data.

What should you do if you’re doxed?

If you find yourself the victim of doxing, follow these steps to protect yourself and respond quickly:

  1. Document Everything: Take screenshots of the doxed information, including the URLs where it’s posted. This documentation will be important for law enforcement and for having the content removed.
  2. Report to Authorities: Contact local law enforcement to report the incident. Doxing is illegal in many areas and can be a serious threat to your personal safety.
  3. Notify the Platform: Report the doxing to the website or platform where the information was shared. Most have policies against doxing and can remove the content.
  4. Strengthen Your Security: Change your passwords. Enable two-factor authentication (2FA). Review your online security settings to prevent further exposure.
  5. Alert Family and Friends: Let your close contacts know about the doxing so they can avoid being tricked by any related scams.