Doxxers expose your personal details to intimidate, humiliate, and disrupt your life. Learn if you are at risk of this rising cybersecurity threat.
What is doxxing?
What does doxing mean? Doxing is the act of releasing identifying information on someone, typically with malicious intent. The term doxxing is a shortened form of the phrase “dropping dox,” where dox is slang for documents. To avoid confusion, note that there are two different spellings of this term: doxing and doxxing. Both are correct, and we’ll use both in our guide.
What is doxing someone?
If someone has been doxxed, meaning their anonymity was purposefully compromised via a release of identifying information, they can face online and real-world threats. This can include exposing their real name, professional position, familial relationships, phone number, email address, financial information, and more. This information is released without the victim’s permission, and it often has significant consequences. Because doxing is often used maliciously to expose someone who has different beliefs than another, the aftermath has serious safety concerns.
While doxing is often considered a new security threat, that’s only partly true. While internet-assisted doxing is certainly a newer phenomenon, the practice of leaking information on someone who wants to stay confidential has always existed. The earliest forms of internet-assisted doxing can be traced back to the 90s when hackers on different sides of certain issues would “drop docs” as a tool of war.
Today, doxxing isn’t just for hackers or public figures. It refers to any act in which personal information is exposed. As such, doxxing doesn’t have to involve unmasking an alias — it can simply refer to releasing identifying information on someone with the goal of humiliation, fear, or bringing tensions from the internet out into the real world.
For instance, journalists and editors face a heightened risk of doxxing since their jobs involve publishing information that may challenge the views of others. While they may write under an alias, personal information that they want to conceal is exposed, making this an instance of doxxing. Scott Bixby of The Daily Beast, Nathan Mattise of Ars Technica, and Anna Merlan of Jezebel are just a few names in this world that have experienced the consequences of doxxing, including death threats, exposed home addresses, online harassment, and real-world harassment.
What information do doxxers expose?
What makes doxxing such a dangerous activity is the type of information that it leaks. When the internet at large can access these sensitive personal details, victims could face very real threats such as job loss, harassment, humiliation, vandalism, and even personal safety concerns.
Targeted information can include:
- Date of birth
- Home address
- Criminal history
- Private conversations
- Financial information
- Credit or debit card numbers
- Phone number or email address
- Embarrassing personal information
- Sensitive browsing activity
- Social Security number
- Personal pictures
- And plenty more
How does doxxing work?
The internet is filled with personal information on all of us. Doxxers can use this information as a breadcrumb trail to more sensitive and consequential information. To this effect, there are a few resources and methods at their disposal:
- Data brokers: Doxxers can easily access personal information by searching your details on data brokers. These sites scour public records, social media, and other websites for your personal information and then store it in profiles that can be sold to the highest bidder. As you can imagine, this is exactly the type of service a doxxer would use.
- Government records: Government records contain a lot of information about you, and doxxers can try to get access to them from relevant departments. This could include your birth certificate (containing your date of birth and parents’ names), driver’s license (containing your name, weight, height, and home address), marriage certificate (containing information on your family), court records (containing arrest records and other public records), and plenty more.
- Packet sniffing: Doxxers exploit public networks to intercept your internet data to dig around for sensitive information. This can include your credit and debit card numbers, login credentials, email correspondence, passwords, and plenty more.
- WHOIS domain search: All domains need to be registered to real people or entities. If you own a domain, doxxers can run a WHOIS search to discover your name and contact information.
- Username tracking: Because many people use the same or highly similar usernames across online services, doxxers might be able to track your activities across many sites. They can compile and expose your interests, activities, and correspondence across forums, message boards, and Reddit.
- IP logging: Doxxers can trick their victims into triggering an IP logger. These loggers are invisible, and most victims will have no idea that their IP address is now being tracked and sent to the doxxer.
- Social media stalking: Social media accounts contain a lot of personal information, and if your account is set to “public,” then anyone can see that information. Doxxers may use your social media information to locate other accounts and personal details that aid them in further invasions of your privacy.
- Sophisticated phishing: If a doxxer is targeting you, they can create sophisticated phishing schemes to try to steal your personal information — without you being any the wiser. This may involve sending a convincing email from an imposter address purporting to be your bank. If this email contains a link to log in to your account, it may be a false input box meant to steal your credentials.
Are you at risk of being doxxed?
Doxing is all about escalating tensions. It can be used if the victim holds beliefs that don’t match the doxxer’s, if they have been in conflict on the internet, or even if the doxxer just wants to disrupt someone’s life for their own entertainment.
Some of the highest-risk individuals include:
- Celebrities: Anyone in the public spotlight is at a heightened risk of being doxxed. Celebrities and influencers are high-profile targets for doxxers and should be extremely cautious about their privacy and security posture.
- Politicians: Politicians and political commentators are also at a heightened risk of doxxing. By making their views known and engaging in sensitive political exchanges, it’s much more likely that they’ll become the target of a doxxer.
But doxxing doesn’t only happen to people in the public sphere. You should also begin protecting yourself if you’re in any of the following groups:
- Active social media posters: If you regularly post about your activities or beliefs on social media, it may be more likely that you fall into a doxxer’s sights.
- Active forum users: Doxxers may scour message boards known for beliefs they disagree with to find their victims. They may then publish your views and identifying information about you to stir up backlash.
- Specialists: People in specialist careers face unpredictable risks when it comes to doxxing. In a pandemic, heroes in the healthcare professions may be seen by fringe groups as a population worth doxxing. Lawyers, professors, journalists, law enforcement, and other groups may be similarly targeted.
- Activists: Doxxing is often used in cultural battles, which puts any easily identifiable person with clear beliefs at risk.
- Average people in high-profile events: Even if you aren’t in the public spotlight, any association with a high-profile event could result in doxxing. It could be as simple as being in the background on a news broadcast or being in a comment thread of a post that goes viral. For instance, Skai Jackson made headlines when she doxxed a 13-year-old boy for his offensive comments on Twitter. The backlash negatively affected a lot of users who weren’t affiliated with the intended target, including residents of homes that were falsely believed to be Jackson’s.
Is doxxing illegal?
Most people are surprised to learn that many instances of doxxing aren’t considered illegal. Even though releasing personal information on someone can have serious consequences for the victim and those closest to them, if the information was obtained legally and the exposed information is in public records, then it’s legal.
Of course, exposing private information (such as financial account numbers or sensitive pictures) would be considered a crime. But in most cases, the victim needs to be able to prove that they’ve been negatively impacted by the doxxer, and they need to know the doxxer’s identity to begin a lawsuit. As you can imagine, this isn’t always easy. The doxxer could be anyone, anywhere.
Does that mean that doxxers can get away with no repercussions? Not quite. Even if doxxers can’t always be charged with illegal activity, their actions normally violate the terms and conditions of websites they use. Bringing a doxxer’s activities to the attention of service providers could result in some repercussions.
How to prevent doxxing
The best cybersecurity practice is prevention. By knowing what activities leave you vulnerable to being targeted, you learn how to prevent doxxing before it happens by reducing your visibility and increasing your security.
Go private on social media
If your social media accounts are set to public, anyone can track you down on the internet and access the information you post. This is the jackpot for a doxxer. Make sure you set your social media accounts to private to ward off unwanted attention.
We mentioned the dangers of a public social media account, but even if your account is set to private, an imposter is just one friend request away from accessing your account. This is why it’s so important to never overshare information. Make sure your posts and pictures never include unnecessary information such as your location, license plates, addresses, and so on.
Use a VPN for anonymity
When you browse the internet using a virtual private network (VPN), your internet traffic is encrypted. This masks your IP address and scrambles internet activity that may otherwise be intercepted by a doxxer. A dependable VPN will keep your information private at home and on public networks.
Use strong passwords
Cybercriminals have password cracking programs that can run through hundreds of thousands of common passwords very quickly. If your passwords have been leaked in a data breach, these programs may break into your account in no time. Always use completely unique, randomized passwords for all of your accounts.
Enable two-factor authentication
Even with a strong password, a doxxer may be able to access an account via social engineering or a data breach. With two-factor authentication enabled, no one can access your account without your approval on an authentication device. This is a very strong last defense in an attempt to compromise your account.
Set up alerts for your name
You can be notified when content associated with your name appears on search engines. For instance, Google Alerts is a free service that can email you daily or weekly with a list of new search engine entries mentioning your name or whichever keywords you choose.
Don’t use the same usernames
If you frequent message boards, game clients, or any other type of service that requires usernames, make sure your usernames are distinct. This will make it nearly impossible for doxxers to find your accounts across multiple services, limiting the amount of information they can attain.
Don’t use the same email address
Make sure you have designated email addresses for different purposes. Never use your business email address for personal correspondence, and never use your personal email to discuss business. After all, you probably want your business email to be visible for future opportunities.
Open up a tab in a private browser mode and try to locate information on yourself using basic details. How much shows up? How easy is it to follow breadcrumbs to more sensitive information? Can you track yourself from service to service? Would a doxxer with sophisticated abilities be able to find even more information?
What to do if you’re doxxed
Getting doxed might be intimidating, but you can fight back and keep your livelihood secure. In this section, we’re going to discuss how to report doxing, recover your privacy, and strengthen your security so it never happens again.
- Make a record of everything: Before you flag a doxxing post or report it to law enforcement, take a screenshot. The doxxer may try to cover his or her tracks, so make a record of as much of their relevant activities as possible – and then take swift action.
- Report doxxing to relevant websites: Doxxing typically occurs on popular social media platforms, such as Facebook, Twitter, and Reddit. If you’ve been doxed, minimize further damages by taking down the doxxer’s post. All of these sites treat doxxing as a violation of their terms of service.
- Report doxxing to law enforcement: You should file a report with your local law enforcement agency just to be safe. But if the doxxer conducted illegal activities, make sure you speak with law enforcement immediately. This includes leaking highly sensitive information (such as your Social Security number, banking information, or debit card numbers) or encouraging others to harm you or vandalize your property.
- Lock down your accounts: If you’ve been doxxed, the likelihood that your accounts will be broken into skyrockets. Go through all of your most important accounts and update them to enable two-factor authentication, use randomized passwords, and set all social media accounts to private.
- Prevent further crimes: If your doxxer exposed your debit or bank information, make sure you change your credentials, cancel your affected cards, and request new ones. If your Social Security number was exposed, take precautions now to avoid ID theft and tax fraud.
How Onerep can help
Doxxing requires information – and the easier it is to find information on you, the more likely it is that you’ll become a target. Chances are, your personal information is listed on hundreds of people-search sites. These sites scrape the internet for personal information and collect it in “profiles” that they can sell. A doxxer could be just one Google search away from finding it.
With Onerep, you can minimize the threat of doxing and protect your privacy by removing your information from over one hundred people-search sites. Normally, you would have to opt out of each site individually, but with Onerep, it’s done automatically. Here’s how it works:
- Scan: Onerep scans 199 people-search sites for your information. On average, an individual’s personal data is found on 46 people-search sites. In some cases, many of these sites will hold several profiles associated with you, with a listing generated for each variation in your name.
- Delete: When the Onerep tool discovers that your personal data is being exposed, it automatically sends opt-out requests on your behalf to all people-search sites involved. Even if these sites require complicated opt-out procedures, our tool keeps working until all of your profiles are removed. We also keep you updated on the status of your removal progress.
- Monitor: Deleting your profiles on people-search sites isn’t the whole story. Often, these sites will take your information down upon request and then put it back up later. With Onerep, we regularly revisit all of the data broker sites on our list to make sure that your information is still removed. If we see that your personal data has been published again or that it has shown up on additional sites, we automatically start the removal process again.
Wrapping it up…
As people-search sites continue to thrive in the digital age, your only recourse is constant removal and remediation. Onerep takes a load off of your back by handling all of that for you. Keep doxxers at bay with our one-of-a-kind tool, which scrubs your personal details off of the internet — and keeps them off.
What happens if you get doxed?
The goal of doxxing is often to espouse fear and humiliation in the victim. It can lead to real-world harassment and public shaming. The effects can go as far as people losing their jobs, homes and even their families.
How do I know if I’ve been doxxed?
If you’ve been receiving an influx of phone calls, emails, messages, or other sorts of communications that contain malicious content, then your information may have been exposed by a doxxer. Try to track down where it was exposed and report the activity as a privacy violation to the website.
Can doxxing get you arrested?
Any type of doxing involving government officials is considered a crime. However, the laws concerning doxxing other individuals are pretty vague. Depending on where you live and the context and severity of the doxxing attempt, it may or may not be considered illegal.
Is it illegal to post someone’s address on Facebook?
Since a home address can be found in public records, it is not illegal to post someone’s address on Facebook. That said, if an address is posted following a series of malicious remarks or threats, it could be a legal matter. In any case, this would also be a violation of Facebook’s privacy terms.
Who to report doxxing to?
If you’ve been doxxed, it’s recommended that you report the activity on whichever website it took place. This could result in a ban of the doxxer, minimizing the damage. You can also contact your local law enforcement agency on a non-emergency line to discuss what options are available.