After learning about how damaging and even dangerous having my information exposed online is, I made it a priority to find out how to prevent doxxing (and swatting) by keeping my identity as separate as possible from my online personas.
In this guide, I’ll go over the steps you can take to do the same.
What Is Doxxing?
A form of online harassment, doxxing involves publicly sharing someone’s personal information without their consent.
The practice originated in the hacker community in the 1990s when one hacker would ” drop dox” (short for documents or docs) on another hacker and has since become incredibly common among internet trolls.
You can get doxxed for pretty much anything these days – including liking a specific manga series, as this X (formerly Twitter) user found out:
To learn more about doxxing in general, as well as swatting (a practice that involves making false reports to law enforcement about someone else so that they go to the victim’s address), read our guide on doxxing.
How to Prevent Doxxing
It doesn’t take much for someone to doxx you – all they need is some basic information about you and the malicious intent to do something with it. That’s why it’s important to think of all the places doxxers can find your private details and then do your best to hide or remove your information from them.
Here are some steps you can take to minimize your digital footprint and reduce the likelihood of getting doxxed.
Remove yourself from data brokers
One of the easiest ways for someone to doxx you is through a data broker website, aka people search site/phone number lookup site/email address lookup site.
Data brokers are websites that collect data on individuals from a variety of sources (public records, social media, etc.), package this data into profiles, and then sell these profiles to others for as little as $0.99. Sometimes, data brokers even give away personal information for free.
Finding out more about you through a data broker website is really simple. All someone needs is your name/phone number/email address, or username.
Once they type this information into the search bar of the data broker site, they will get a report about you.
Here’s what a sample report looks like:
Data broker reports contain a lot of information. A typical report can include:
Family member information
Social media profiles
…and much more!
Basically, all the information someone who wants to dox another person needs (data broker information can also be used for identity theft and cybersecurity threats).
Fortunately, you can remove yourself from data brokers by opting out of their databases.
To do so, you’ll need to complete an opt-out form or send an email to every data broker website that your information appears on (the opt-out process differs from one data broker to the next).
Something to keep in mind is that data brokers renew their profile databases regularly. This means that when data brokers scrape more data about you, they will start a new profile on you, and you’ll need to contact the same data broker again.
If you’d rather not have to opt out from data brokers manually, you can subscribe to a data broker removal service like DeleteMe, where privacy experts will opt you out on your behalf.
Remove personal info from other sites
Data brokers are not the only sites that expose your personal information. Your own personal sites might also reveal too much. External sites can likewise put you at risk.
If you have a website or blog, remove your personal data from it so your full name, address, phone number, and email address can’t be easily collected. Using a contact form instead of leaving your email address visible is a good option if you want to remain reachable.
Website owners can also usually request that domain registration be made private so users of Whois lookup tool aren’t able to find their contact information.
If your personal info is on an external site, such as a Medium publication, a local community newspaper, or someone else’s blog, contact the owner of the page or publication and ask them to remove your details.
To find out who to contact, look for a “Contact Us” tab on the site or check Whois to see if their contact information is visible.
Ask Google to remove personal information
If you do a Google search of your name or other personal information and see results that contain information you’d rather keep private, there’s an easy way to request Google to remove it.
To do so, click on the three vertical dots to the right of the URL for the search result.
A popup menu will open. Click “Remove result” to be presented with a list of choices as to why you’d like to remove the result.
You can choose to remove the information either because it has your contact information, someone is attempting to harm you with the information (using online harassment), or whatever reason best fits your situation.
Set up Google alerts
To find out whenever information about you appears on Google Search, you can set up a real-time Google alert on yourself. That way, anytime more info appears, you’ll be notified, and you can take steps to remove it from the search engine if needed.
To set up a Google alert, go to the Google Alerts page, sign in to your Google account, and enter your name.
Treat every account as a separate entity
Do you use the same username across different online accounts? If yes, doxxing you has become much easier.
To prevent a doxxing incident, keeping your accounts unique and separate is key.
Use different usernames and passwords on every website.
Avoid using real-world information whenever possible (including your real name, phone number, and date of birth). Not only can this information be used to dox you, but combined with your social security number, it can be used to open bank accounts and credit cards in your name.
Don’t use identifying profile pictures.
Avoid using the same words and phrases between your different accounts.
Never link your accounts to one another.
Create multiple anonymous accounts on forums like Reddit, i.e., a different, unique profile for each one. Otherwise, you’ll be leaving breadcrumbs for someone to follow.
Compartmentalize your email accounts
Your email address can expose your identity. In the event of a cyber-attack or data breach, keeping your email accounts separate can help minimize the possibility that your other accounts and real identity will be jeopardized and end up on the dark web.
Tip: If someone typed in your email address into the HaveIBeenPwned tool, how many sites that you have an online account with would they be able to trace to you?
At a minimum, you should aim to have an “official” or professional email address, a personal email address for friends and family, and an email address for miscellaneous websites.
Adjust social media privacy settings
Check the privacy settings for every social media account you have.
Make sure that your biographical information and your posts are set to “friends only,” private, or whatever setting that hides your personally identifiable information and other details about your life from the general public.
If the platform allows you to opt out of data tracking or sharing, personalization, personalized ads, or anything along those lines, opt out to maximize your online privacy.
You may be prompted that the functionality of the platform will be affected, but it’s a small trade-off for protection from harassment and cyberbullying.
There’s a lot of discussion about the importance of using a virtual private network (VPN) or Tor to hide your IP address so as not to get doxxed.
But what can someone actually do with your IP address? Well, they can get an idea of your geographic region, your ISP, and your interests (based on the websites you visit). However, unless it’s law enforcement or some other government agency that’s after you, the chances of them being able to get your specific personal information with your IP address are slim.
The reason why is that most IP addresses are dynamic, meaning they change constantly.
That being said, if you believe that the person who’s after you can potentially find what IP address you were using on a specific date, then using a VPN or Tor is the safest option.
Beware of social engineering attempts
Someone can use a phishing email or message to trick you into handing over your personal details or clicking on a malware file disguised as something else that ends up being an info stealer.
Anytime you upload a photo to the internet, it can potentially be traced back to your specific location – unless you remove the geotag from it.
To remove your geotag from a photo before uploading it on your iOS phone, tablet, or laptop, go to your Photos and pull up the photo you’d like to upload.
Click the “Share” button in the lower left corner, and then click “Options” on the top of the screen.
Once there, you’ll see a “Location” slider (which is always on by default). Slide it to the left to turn it off. You’ll need to do this for every photo or batch of photos you upload.
On Android, open Google Photos, open the photo you’d like to share, click the three vertical dots, and then “Edit.”
Click “Remove location.”
As with iOS, you’ll need to do this with each photo, batch of photos, or video you upload to remove the GPS location data.
Use strong passwords and multi-factor authentication
Using the same password on multiple sites is a definite no-no, but what about using weak passwords?
If you use personal pieces of information like your spouse’s name, variations on the same word, or simple sequences of numbers and letters, it’s relatively easy for someone to guess your password.
You can set up a strong password by avoiding any real words, incorporating upper and lowercase letters, using special symbols (like ( , ! > and so on), and including non-sequential numbers.
Tip: Use a password manager to create unique passwords and keep track of them.
Whenever you’re posting or sharing something online, keep in mind that anything you upload can be used against you. Even the things you don’t think matter can be used to build a profile about who you are.
The worst part? Whether it’s deliberately saved by someone else as a screenshot or an automatic content scraper, the information you shared up until now could stay on the internet forever.
Now that you’ve (hopefully) done some of the above, it’s time to check what your digital footprint looks like.
How hard would it be for someone to doxx you right now?
→ Do a Google search on your own name and read what comes up, noting any personal details or private information (taking steps to remove it if needed).
→ Go to your social media profiles, Reddit username profiles, and any other profiles you have to see if you can use the public information there to figure out more about yourself and track down your other accounts.
By taking steps to prevent your private information from being publicly available, you’ll decrease the potential that someone can get ahold of it and dox you.
As long as you have a presence on the internet, the risk will always be there. But by being vigilant, taking security precautions, and regularly checking for your information online, your chances of experiencing a doxxing attack will be much slimmer.
Laura Martisiute is DeleteMe’s content marketing specialist. Her job is to help DeleteMe communicate vital privacy information to the people that need it.
Since joining DeleteMe in 2020, Laura has done exactly that.
Creating some of the internet’s most popular privacy content on DeleteMe’s blog, writing the leading privacy newsletter Incognito, and helping DeleteMe plan and craft its messaging across different channels, Laura drives DeleteMe’s content.
Laura has a degree from University College Cork.
You can contact Laura with questions and ideas at email@example.com