What is doxxing?

Have you ever left an anonymous comment you’re not proud of or shared something on an online forum you wouldn’t want anyone you know to find out about? If so, you might want to go ahead and delete that comment or post. Otherwise, you run the risk of getting “doxxed.” 

In the best-case scenario, doxxing will leave you feeling annoyed or embarrassed while in the worst case, it could make you terrified for your life. The really scary thing about doxxing is that pretty much anyone can fall victim to this toxic practice. You don’t need to be an internet troll to have your life ruined by a malicious actor online. 

Below, we discuss this cyber attack in detail (including whether it’s legal), talk about who is at risk, and go over the steps you can take to avoid getting doxxed. 

What Is Doxxing?

what is doxxing?
Photo by Chris Nguyen on Unsplash

Doxxing (or doxing) is the practice of exposing someone’s identity without their permission. The tactic is most commonly used to harass, punish, or intimidate the victim. However, doxxing can also be a form of vigilante justice (for example, revealing the identities of people who post racist comments anonymously).

Doxxing is by no means a new concept. The term is an abbreviated version of “dropping dox” (with “dox” referring to “docs” or “documents,”) a revenge tactic hackers used in the 90s to reveal the identities of their rivals. 

However, even then, hackers weren’t the only ones getting doxxed. According to Wired, the U.K. race relations campaigner Lord Herman Ouseley was kept awake by countless midnight calls in the 90s after far-right activists scattered cards with his phone number all over London. 

Today, doxxers tend to stick to public forums and social media. You can reach far more people through Twitter than offline public spaces. 

Unearthing personal information is also easier than ever before. The search term “doxing tutorial” returns hundreds of results. Dox-for-hire services are also a thing, in case doxxers can’t be bothered to do their own research.

Nevertheless, most doxxers acquire personally-identifiable information (like their victim’s name, address, phone number, and information about their family) via people search sites and social media platforms as well as through the dark web. Some might also use social engineering attacks and others may even stoop to hacking. 

Once you’ve been doxxed, there’s a real risk that you or your family will be harassed or stalked. You could also experience identity theft. Moreover, the information exposed could be used to craft a particularly convincing phishing attack. Depending on the data leaked, you could also lose your reputation and/or job. 

Some doxxing attacks can also lead to swatting. Swatting is when someone prank calls the police to report an emergency (like a hostage situation or a shooting), with the intent of getting a SWAT team to raid the victim’s home. 

This kind of hoax can have some severe consequences. It needlessly occupies law enforcement time, creating the risk that they won’t be able to respond to an actual emergency in a timely manner. It can also lead to fatal shootings. In 2019, a California man named Tyler Barriss made a fake 911 call on behalf of a gamer after the latter had an argument with another gamer. When the police arrived at the address supplied by Barriss, they fatally shot an innocent man with no connection to the gamers.

Who Might Be At Risk Of Getting Doxxed?

Who Might Be At Risk Of Getting Doxxed?
Photo by Fred Kearney on Unsplash

Public figures (like celebrities and politicians), news reporters, hackers, and gamers are particularly vulnerable to doxxing. That being said, anyone can fall victim to this cyber attack. If a bad actor feels insulted or attacked by someone or disagrees with someone’s opinions, they may decide to dox them. 

In 1997, the anti-abortion activist Neal Horsley published the “Nuremberg Files” website, which contained a list of active abortion providers (and their home addresses, phone numbers, and pictures). The site inadvertently encouraged violence against these individuals by routinely updating the list to mark the doctors injured or killed. 

In 2011, the hacktivist collective known as Anonymous exposed the details of 7,000 police officers for investigating hacking attacks. 

In 2017, hackers set up a searchable database that doxxed up to 500 celebrities, including Leonardo DiCaprio, Miley Cyrus, and Emma Watson.

That same year, CNN identified a Reddit user behind offensive content and threatened to expose his identity if he started sharing offending posts again.

Also in 2017, amateur internet sleuths wrongly accused the university professor Kyle Quinn of taking part in a white nationalist rally in Charlottesville. People posted his personal information online, demanded that he be fired, and generally made his life a living hell — all because he looked like one of the protesters. Things got so bad Quinn had to stay at his colleague’s house. Meanwhile, an exposed protester who did attend the rally lost his job.

Earlier this year, a Daily Beast journalist was doxxed after writing a critical story about a staffer on Bernie Sanders’ campaign. And earlier this month, CNN contributor Asha Rangappa doxxed a Free Beacon intern after the latter wrote about Rangappa criticizing the former U.N. Ambassador Nikki Haley for Americanizing her name.

Is Doxxing Illegal?

Is Doxxing Illegal?
Photo by Tim Gouw on Unsplash

There are no anti-doxxing laws in the U.S. However, doxxing might be considered illegal if the information is obtained via illegal methods (i.e., hacking) or with the intent of harassing, threatening, or intimidating the victim. Doxxing can also be unlawful if someone shares information that isn’t publicly available.

So, publishing information that’s part of the public record (like marriage certificates or driving records) is, in most cases, legal, if unethical. Leaking information that’s not part of the public record (like your social security number) is illegal.

How Can You Avoid Getting Doxxed?

How Can You Avoid Getting Doxxed?
Photo by Erik Lucatero on Unsplash

The best way to avoid getting doxxed is to share as little about yourself and your life on the internet as possible. You should also opt-out of people search sites, change your passwords regularly, use a VPN, be on alert for phishing scams, and consider using a masked email.

Your social media profiles can reveal an awful lot about you, especially if you’re prone to oversharing. Switch your accounts to private, be wary of who you accept as friends, and avoid giving away personal details like your date of birth or hometown. 

Similarly, be mindful of revealing too much on online forums or blogs. If you post on various different forums, consider doing so under different usernames and using a Masked Email.

Data brokers and people search sites can also supply doxxers with plenty of information, including your address, phone number, email address, and even information about your family. Luckily, many data brokers allow you to opt-out of their databases. We’ve compiled a comprehensive guide on how you can go about doing that. If you’re unsure where to start or don’t have the time and patience to fill out numerous online forms and make countless calls, we can do it for you.

Also, never reuse the same password across different accounts, learn how to identify a phishing attack, and use a virtual private network (VPN).

Online Safety — It’s In Your Hands

The more identifiable information is available about you online, the higher the risk that you’ll get doxxed. As such, it’s vital that you keep track of your digital footprint.

However, while you can monitor your social media profiles and other online activity, it’s much harder to keep up with data brokers and people search sites. Selling people’s private data is a highly profitable business. You can opt-out of some data brokers and people search sites, but your profile will likely be relisted, if not immediately, then in a few months’ time.

If you want to ensure that your private data stays off the internet for good, it’s worth hiring a company that specializes in removing people’s information from data brokers. DeleteMe is one such company. For just $10.75 a month, we’ll delete your data from popular data brokers and people search sites as many times as needed.