Incognito — November 2023: How to Avoid Doxxing

Welcome to the November 2023 issue of Incognito, the monthly newsletter from DeleteMe that keeps you posted on all things privacy and security.

Here’s what we’re talking about this month: 

• How to avoid being doxxed by someone who doesn’t like your politics. 
• Recommended reads, including “23andMe User Data Breached”
• Q&A: How to know if a job is a scam there to only harvest data?

There’s no shortage of reasons why someone might want to harass you online, but politics seems to be the main one. 

People Hate You for Your Political Views (Whatever They Are)

According to a 2021 Pew Research survey, out of the almost 40% of Americans who were harassed online the year before the survey took place, half (20%) said they believed politics was the cause of their being targeted. Three years before the 2021 survey came out, this number was 14%. 

Fast forward to today, and the situation isn’t any better. In fact, political harassment has gotten much worse. 

• In a recent Anti-Defamation League report, 37% of American adults who experienced harassment said their political views were the reason why – way above other reasons like gender, race/ethnicity, occupation, religion, sexual orientation, etc. 

For politically conscious Americans who have yet to be harassed, it’s just a matter of time (or at least that’s how it seems to the majority). 6 in 10 people are very or somewhat worried their political views will result in them being harassed – again, above reasons like gender, religion, etc. 

Unfortunately, these worries are not unfounded. Political polarization is not only at an all-time high – so too is the number of people who agree with the statement that political violence is justified “these days.” 

What happens when you come under attack

You know “harassment” is a risk, but you might wonder what specific threats you face when you share your political opinion online (or it becomes known otherwise). 

Going back to the Anti-Defamation League report, Americans commonly report experiencing the following harassing behavior: offensive name-calling, purposeful embarrassment, physical threats, stalking, doxing, and swatting (among others). 

Most worryingly, doxing (where someone shares your personal details, like where you live, publicly) seems to be a rising trend. As of 2023, more than 43 million Americans (2 in 10) say they’ve been doxxed. 

FYI: Doxing can be a jumping-off point for other threats, i.e., once someone has your personal information, they can stalk you, intimidate you (slash your tires, break windows, etc.), swat you (i.e., call law enforcement to your home on false pretenses), etc. 

It Doesn’t Matter What You Believe

Liberal, Republican, Libertarian, Green, Independent, etc. Whatever your political opinions, there will always be people who disagree with you. This is normal. Less normal is the increasing presence of a small minority of people who will actively target you for your beliefs.

Unfortunately, you can’t always predict how far these people will go to hurt you or when you will become a target.

As one X (formerly Twitter) user found out, you can even become a target for online harassment just for saying there should be a way to mute politics on social media.

Become Undoxxable During This Election Season

The less anyone can find out about you online, the harder it will be for “political activists” to dox you (and carry out other harassing behavior).

This year and next, becoming an undoxxable individual means doing two things:

1. Being hyper-aware of anything you share on the internet. This doesn’t just extend to your political views but also other aspects of your life. For example, you probably don’t need to tell your Facebook friends what your favorite cafe in town is or chime in on a Reddit (online forum) thread about hating your employer (unless you use a Reddit username that can’t be linked to you or your other online accounts).

2. Google yourself. We advocate for this all the time, but now, in particular, is a good time to see what someone could find out about you if they tried searching for you on the internet. Don’t forget that some people search sites let you look up people based on their usernames. If you removed all mentions of your name online (or at least all mentions that you think could reasonably put you at risk), set Google Alerts to get a notification when a new mention of you shows up.

Tip: To learn more about the risks of doxxing and how to prevent it, read our latest doxxing guide on our blog.  

Recommended Reads

Our recent favorites to keep you up to date in today’s digital privacy landscape. 

Meta’s AI Assistant Trained on Facebook and Instagram Posts

Meta used public Facebook and Instagram posts to train its new AI tool. Both image and text-based posts were used, though Meta noted that it did not use private posts (like those shared with family and friends only) or private messages as training data. According to Meta, the company has put in place measures to exclude private information from public datasets fed to the AI. The company did not specify what those measures are.

23andMe User Data Breached

On the 6th of October, the genetic testing company 23andMe announced that hackers had stolen some user (specifically individuals of Ashkenazi Jewish origin and people with a Chinese heritage) data in a credential stuffing attack. Less than two weeks later, the same attacker leaked more data on a cybercrime forum, this time belonging to four million users, including “the wealthiest people living in the U.S. and Western Europe.”

Meta Wants to Charge EU Users for Ad-Free Experience

In response to EU bodies fining Meta for showing users personalized ads without consent, the tech giant reportedly plans to charge Europeans for an ad-free Facebook and Instagram experience. Users who do not pay will continue to see personalized ads. Privacy experts are not impressed, saying that people’s fundamental rights shouldn’t be for sale. It’s unlikely the same option will be available for US users. 

Chatbots Can Guess Your Personal Info From What You Type

In a new study, researchers at ETH Zurich say that AI models, like GPT-4, can accurately guess personal information about a person based on what they type. This information can include gender, race, age, location, and occupation, among other things. The researchers say hackers and other malicious individuals could use AI models to glean sensitive information from their targets. 

You Asked, We Answered

Here are some of the questions our readers asked us last month.

Q: How to know if a job is a scam there to only harvest data?

A: Great question. Fake job scams have always been around, but lately, they’ve become really popular. 

The best way to verify if a job is a scam is to go to the advertising company’s official website and see if the job is posted there (and if it is – apply directly through the site). 

For companies you’ve never heard of, Google the name with the words “scam” or “review” after it. If that doesn’t turn up any results, consider asking on forums like Reddit – someone might just have experience with the company. 

If the company asks for what you think is too much personal information or says it’ll send you a check in return for buying equipment and asks you to refund part of it or make a payment for any reason, it’s a 100% scam. 

Q: What’s the point of digital compartmentalization? 

A: By compartmentalizing different areas of your digital life, you can improve your privacy and security. 

For example:

• If you separate your professional and personal personas: It’s going to be more difficult for someone who has your LinkedIn to also find your personal accounts (something we discussed in a previous Incognito issue).
  
• If you create different usernames for different accounts: Tracking you across the internet will be that much harder, as will be building out your entire life story. The opposite is having the same username and risking that someone will use a username lookup tool to find out where else you hang out online. (If you use forums like Reddit, consider different usernames for engaging with different communities). 

• If you have separate emails for different purposes: It becomes harder to tie your email address to your real identity in case of a breach and also harder to phish you. 

• If you use virtual phone numbers: You get the same benefits as using separate emails. Also useful if you’re online dating – if a date doesn’t go well, but the person doesn’t get the message and is now stalking you (not as rare as you might think), you can simply delete the number, and they shouldn’t be able to track you down. 

• If you use separate browsers: It will make it harder for third parties to track you. One recommendation is to have an “accounts” browser, i.e., a browser where you log into your accounts and an “everyday” browser where you browse (but don’t log into any accounts) with maximum privacy settings enabled. 

Note that compartmentalization is not foolproof, and how far you take it is totally up to you. Examine benefits vs convenience, and go from there. 

Q: How can I use the California Delete Act? 

A: You can’t – yet. 

Although it’s been signed into law, the California Privacy Protection Agency has until 2026 to establish a data deletion mechanism. 

Back to You

We’d love to hear your thoughts about all things data privacy.

Get in touch with us. We love getting emails from our readers (or tweet us @DeleteMe).

Don’t forget to share! If you know someone who might enjoy learning more about data privacy, feel free to forward them this newsletter. If you’d like to subscribe to the newsletter, use this link.

Let us know. Are there any specific data privacy topics you’d like us to explore in the upcoming issues of Incognito? 

That’s it for this issue of Incognito. Stay safe, and we’ll see you in your inbox next month.