Doxing: What It Is and How to Fight It
The Web is an amazing invention that has changed the way we live our lives. One of the benefits of being on the Web is the ability to communicate with people all around the world without revealing our personally identifying information, anonymously posting our thoughts, opinions, and reactions online without fear.
The ability to be completely anonymous online is one of the key benefits of the Internet, but this benefit can be exploited by other people, especially since there is a vast repository of information available for free for anyone who has the time, motivation, and interest to put together clues and take away that anonymity.
Consider the following situations that break through this anonymity online:
You receive a message from someone named RedDog14 on YouTube. They don't like the comment you just posted on their video, and threaten to tell your place of employment that you once donated to a politically controversial campaign.
A local college is hosting a fitness workshop. The person leading the workshop has a popular Instagram channel with hundreds of thousands of followers. One of the people attending the workshop takes offense at something this personality says, so posts her real name, home address, and phone number on all of her social media platforms.
A high school drama teacher chooses the lead for the school play. Some students in the class don't agree with this decision, so they pretend to be this young man's friend, getting him to share personal information and then sharing this information – complete with images – on the school website.
All of these situations, while different, violate privacy and tear down anonymity. These are examples of doxing.
What is Doxing?
The word “doxing”, or “doxxing”, originated out of “documents”, or "dropping docs", eventually shortened simply to "dox". Doxing refers to the practice of searching, sharing, and publicizing the personal information of people on the Web on a website, forum, or other publicly accessible venue.
This could include full names, home addresses, work addresses, phone numbers (both personal and professional), images, relatives, usernames, everything they’ve posted online (even things that were once thought private), etc.
Doxing is most often aimed at “regular” people who are using websites anonymously who aren’t necessarily people in the public eye, as well as anyone those people might be associated with: their friends, their relatives, their professional associates, and so on. This information can be revealed privately as in our example above, or, it can be posted publicly.
What Kind of Information Can Be Found by Doxing?
In addition to names, address, and phone numbers, doxing attempts can also reveal network details, email information, organizational structures, and other hidden data – anything from embarrassing photos to unfortunate political viewpoints.
It’s important to understand that all of this information – such as an address, phone number, or images – is already online and publicly available. Doxing simply brings all this information from across different sources into one place, therefore making it available and accessible to anyone.
Are There Different Kinds of Doxing?
While there are many different ways that people can be doxed, most common doxing situations fall into one or more of the following:
Releasing a private citizen’s private, personally identifying information online
Releasing previously unknown information of a private citizen online
Releasing information of a private citizen online that could be damaging to not only their reputation, but to those of their personal and/or professional associates
Any of the examples given in this article could fall under one or more of these characterizations. At its core, doxing is an invasion of privacy.
Why Do People Dox Other People?
Doxing is usually done with the intent to maliciously harm someone else, for whatever reason.
Doxing can also be seen as a way to right perceived wrongs, bring someone to justice in the public eye, or reveal an agenda that had previously not been publicly disclosed.
Intentionally releasing personal information about an individual online usually comes with the intent to somehow punish, intimidate, or humiliate the party in question. However, the core purpose of doxing is to violate privacy.
What Kind of Harm Can be Done by Doxing?
While the motive behind doxing missions can sometimes definitely fall on the side of good, the purpose behind doxing most often is to do harm of some kind.
In the situation of attempting to bring someone to justice in the public eye by doxing them, significant harm can be done by well-meaning people who go after a doxing target who is not related to the issue at hand, revealing an innocent bystander’s personally identifying information online.
Revealing someone else’s information online without their knowledge or consent can be incredibly intrusive. It also can cause real damage: damage to both personal and professional reputations, potential financial implications, and social backlash.
Examples of Doxing
There are several reasons why people decide to “dox” other people. Our example above illustrates one common reason why people decide to dox; one individual becomes upset with another individual, for whatever reason, and decides to teach him or her a lesson. Doxing gives perceived power over the targeted individual by demonstrating how much personal information is available within just a few minutes of searching.
As doxing has become more mainstream, situations including doxing have increasingly emerged into the public eye. A few of the more well-known examples of doxing include the following:
The Ashley Madison scandal: Ashley Madison was an online dating site that catered towards people interested in dating outside of committed relationships. A hacker group made demands of the management behind Ashley Madison; when those demands were not met, the group then released sensitive user data, thereby doxing millions of people in the process and causing humiliation, public embarrassment, and the potential for harm to both personal and professional reputations.
Cecil the Lion: A dentist from Minnesota illegally hunted and killed a lion living in a protected game preserve in Zimbabwe. Some of his identifying information was released, which resulted in even more personal information publicly posted online by people who were upset about his actions and wanted to see him publicly punished.
The Boston Marathon bombing: During the manhunt for the perpetrators of the Boston Marathon bombing, thousands of users in the Reddit community collectively pored through news and information about the event and subsequent investigation. The intent was good: provide information to law enforcement that they could then use to seek justice. Instead, innocent people who were not actually involved in the crimes were outed, resulting in a misguided witch hunt.
How Easy Is It To Dox Someone?
One small piece of information can be used as a key to find much more data online. Simply plugging one piece of information into a variety of search tools as well as common people search resources, social media, and other public data sources can reveal an amazing amount of information.
Some of the more commonly used channels for finding information intended for doxing include:
Track a username: Many people use the same username across a wide variety of services. This makes it simple for the would-be doxer to find what their potential victim is interested in, where they spend their time, and pick up other bits of information that can be used to build a more complete profile.
Run a WHOIS search on a domain name. Anyone who owns a domain name will have their information in a registry that is available via a WHOIS search; this is a simple data pull that looks up who owns that particular domain name. If the person who bought the domain name didn’t obscure their private information at the time of purchase, their personally identifying information (name, address, phone number, business, email address) is available online for anyone who cares to search for it.
Social media: The amount of personally identifying information shared on social media sites is a dream come true to doxers. Profiles including full names, birth dates, email addresses, images, and much more can be easily found and accessed.
Government records: While most personal records are not available online, there is still quite a bit of information that can be gleaned here.
Multiple search engines: Simply using a variety of search tools can yield a rich harvest of data.
How do people extract information using these publicly accessible channels? Simply by taking one or more pieces of information that they already have and slowly building on that foundation, taking combinations of data and experimenting on various sites and services to see what kind of results are possible. Anyone who has determination, time, and access to the Internet – along with motivation – will be able to put together a profile of someone. And if the target of this doxing effort has made their information fairly easy to access online, this is made even easier.
Should I Be Concerned About Getting Doxed?
Maybe you’re not that concerned about having your address posted for everyone to see; after all, it’s public information if anyone really wanted to dig for it. However, maybe you did something embarrassing back when you were a teenager and unfortunately there are digital records.
Perhaps there was an exploration into illegal substances in your college days, or humiliating poetry attempts during a first love affair, or video footage of something you said you didn’t say but the proof is out there for all to see.
We all probably have something in our past or present that we’re not that proud of, and would prefer to keep private.
Is Doxing Illegal?
Doxing is not illegal. Most online services and platforms have anti-doxing policies to keep their communities safe, but doxing itself is not illegal. That being said, posting restricted or previously undisclosed personal information in order to threaten, intimidate, or harass could definitely be considered illegal under state or federal law.
How Can I Prevent Getting Doxed?
While there are specific steps everyone can take to guard their privacy online, the stark reality is that anyone can be a victim of doxing, especially with the vast variety of search tools and information easily available online.
If you’ve ever bought a house, posted in an online forum, participated in a social media site, or signed an online petition, your information is publicly available. In addition, there are masses of data easily available online to anyone who cares to look it up in public databases, county records, state records, search engines, and other repositories.
However, while this information is available to those who really want to look for it, that doesn’t mean that there isn’t anything you can do to prevent being doxed. There are a few common sense online behaviors everyone should cultivate in order to protect their information:
Be aware of how much personal information you are sharing. Small details can be pieced together over time to create a completely identifying profile. For example, simply clicking on someone’s username on a site like Reddit or Pinterest or Twitter will disclose every single time they have contributed to a discussion, shared images, or posted an opinion.
Never share personally identifying information. If you have posted your address, phone number, or other information that could be used to identify you, take that information down.
Review your privacy settings on a regular basis. Websites such as Facebook and Google receive and store an incredible amount of personal information about their users; anything from browsing habits to pinpointed geo locations. Review the privacy settings of the sites that you visit the most, and make sure that you’re comfortable with the amount of information being shared.
Check your domain registrations. If you own a domain name, check to make sure that the registration information (“whois” data) is obscured. Most domain registrars offer privacy services at the time of domain registration that will mask this information.
Review how many sites actually have your information. While sites like MySpace might be out of vogue nowadays, profiles that were put up a decade ago are still there and publicly accessible. This applies to any site that you might have formerly been active on.
Use multiple usernames. Rather than using the same username across all of your online platforms, use different usernames that are only for specific use cases. For example, use one username for online forums, another username for social media, yet another one for gaming, and so on. This practice will make it much more difficult for people to track your movements across multiple sites.
The Best Defense is Common Sense
While we should all take the potential threat of private information being disclosed quite seriously, common sense online privacy measures can go a long way towards empowering and protecting ourselves online.