When I learned about all of the harmful things that can happen as a result of doxxing – from harassment to actual murder – I wondered: is doxxing illegal?
It seemed to me like the act of releasing someone’s private information onto the internet (or “dropping dox” or docs on them) without their consent should be against the law.
As it turns out, it’s a bit more complicated than that.
Is Doxxing Illegal?
The short answer is no. Doxxing (or doxing) is not illegal in and of itself, according to federal law in the US. However, doxxing can lead to illegal activities for which the doxer can be charged.
Additionally, some states in the US have put in place laws that address doxxing, like Kentucky, which passed what is known as the “Anti-Doxxing Bill” in 2021. In California, cyber harassment, including doxing, where the goal is to put individuals in danger, can result in perpetrators facing up to a year in jail or a fine (a misdemeanor charge under Penal Code §653.2).
Doxing isn’t considered a crime (in most cases) because it typically involves personal data that is publicly available (i.e., you don’t have to trick someone into handing it over or buying it on the dark web).
Publicly available information can include your real name, home address, email address, phone number, place of work, family members and their contact information, and so on.
Common sources of this information include public records, social media profiles, user accounts, and data brokers.
What are data brokers?
Data brokers (such as Spokeo, Whitepages, and Intelius) are companies whose business model is to collect pieces of information on individuals into a single profile and sell it to more or less anyone. They are sometimes also referred to as people search sites.
Finding out personal information about you through a data broker is incredibly simple. All someone needs is your full name/email address/phone number/address. Some data brokers even let you look up people based on their usernames.
Here’s an example of a data broker website:
Any public information on social media profiles, forums, apps, websites, or in official government records (property records, marriage certificates, convictions, etc.) can turn up on data brokers’ websites – and in your data broker report.
Some data brokers even gather information like your social security number and credit card details, and although they don’t just give it away to anyone, this can become a problem when hackers get involved.
Want to test how anonymous you are? Do a Google search on your name/address/phone number. Most people will see results from social media websites like LinkedIn or Facebook, along with entries from data brokers.
Can You Go to Jail for Doxxing Someone?
While the act of doxxing is not illegal, it can lead to illegal actions and fuel criminal charges.
For example, if a doxer looks for your information so they can commit identity theft, the steps they took to procure the information would be taken into account in the charges against them.
Not all crimes involving doxxing take place face to face. A doxxer could cyberstalk you across your social media profiles, engaging in online harassment and cyberbullying.
Whether in-person or online, if the accompanying charges are severe enough, a doxer could be facing jail time.
Can the Police Do Anything About Doxxing?
If you are being harassed, threatened, or physically endangered as a result of doxxing, you should absolutely talk to law enforcement.
Be sure to document as much evidence as you can to support your allegations (take screenshots of any messages, record phone calls, and so on) and any impacts that doxxing has had on you.
With sufficient proof, the person doxxing you could be charged.
Can You Sue Someone for Doxxing?
Although doxxing is only a criminal situation if it is accompanied by malicious intent and accompanying actions, it is always a civil situation (in the sense that you can bring a civil suit against someone who doxxed you).
Depending on the circumstances, you can sue someone for injuries to your reputation once they have doxxed you – provided you know who they are.
As with a criminal case, you’ll need to be prepared to show evidence of the doxxing and the impact it’s had on you.
Getting legal advice is a good next step if you plan on building a civil case.
What Are the Legal Repercussions for Doxxing?
If someone simply gathers public information about you together, or if they even post that information online, there are (typically) no legal ramifications.
However, if they use your personal information to directly cause harm to you (such as swatting you or sending you death threats), there could be criminal charges involved.
Protect Yourself Against Doxxing
Doxxing is scary. Realizing how much of your information is already out there on the internet can be uncomfortable, along with the recognition that there are entities actively trying to compile more about you as part of their business model.
Fortunately, you can take steps to protect your information and control the visibility of your online data.
Be sure to review the privacy settings on any social media platforms you use, and remove as much contact information (such as phone numbers and email addresses) as possible from any accounts visible to others. Read our guide on how to keep your LinkedIn profile private.
It won’t keep your information off the internet, but it will make it harder to find for the average troll.
Data brokers are a bit more problematic than social media accounts. To remove yourself from a data broker website, you will need to contact each broker directly and use either an opt out form or an email to clearly convey that you want your personal information removed from their website.
Unfortunately, data brokers regularly refresh their profile databases, meaning your data can wind up back online rather quickly – and you’ll need to repeat the opt-out process when it does.
Alternatively, you can choose a service like DeleteMe to have your personal details regularly scrubbed from data brokers on your behalf.
Other things you can do to reduce the likelihood that you’ll get doxxed include setting up a Google notification for your name to receive alerts when a new website publishes your information, using multi-factor authentication (and a password manager), and being wary of social engineering attempts (in particular, phishing emails and texts).
Read our guide on how to prevent doxxing attacks for more tips, including how someone can use the Whois domain name lookup tool to find out more about you and whether you should hide your IP address with a VPN to prevent doxers from getting more details about you from your internet service provider.
Laura Martisiute is DeleteMe’s content marketing specialist. Her job is to help DeleteMe communicate vital privacy information to the people that need it.
Since joining DeleteMe in 2020, Laura has done exactly that.
Creating some of the internet’s most popular privacy content on DeleteMe’s blog, writing the leading privacy newsletter Incognito, and helping DeleteMe plan and craft its messaging across different channels, Laura drives DeleteMe’s content.
Laura has a degree from University College Cork.
You can contact Laura with questions and ideas at firstname.lastname@example.org