While the practice of revealing personal information without one’s consent predates the internet, the term (term?) Doxing first emerged in the world of online hackers in the 1990s, when anonymity was considered sacred. Feuds between rival hackers would sometimes lead to someone deciding to “drop docs” on somebody else, who had previously been using only a username or alias.
“Docs” became “dox” and eventually became a verb by itself (i.e., without the prefix “drop”). As I’ll elaborate further, the definition of doxing has expanded beyond the hacker world community and now refers to personal information exposure. While the term is still used to describe the unmasking of anonymous users, that aspect has become less relevant today.
Unlike in old times, nowadays, most of us are using our real names on social media. Recently, doxing has become a tool in the culture wars, with rival hackers doxing those who hold opposing views on the opposite side. Doxers aim to escalate their conflict with targets from online to the real world, by revealing very sensitive information. So, what is Doxing and why should you be aware?
What Is Doxing?
Doxing (sometimes written as Doxxing) is the act of revealing identifying information about someone online, such as their real name, home address, workplace, phone, financial, and other personal information. That information is then circulated to the public — without the victim’s permission. The term ‘Doxing’ is short for “dropping dox” ‘dox’ is slang for documents.
Regardless of the law, doxing violates many websites’ terms of service and, therefore, may result in a ban. This is because doxing is usually seen as unethical and is mostly carried out with malicious intent to intimidate, blackmail, and control others. Exposing them to potential harassment, identity theft, humiliation, loss of jobs, and rejection from family and friends.
Typically, doxing is a malicious act, used against people with whom the hacker disagrees or dislikes. Doxing attacks can range from the relatively trivial, such as fake email sign-ups or pizza deliveries, to the far more dangerous ones. Like harassing a person’s family or employer, identity theft, threats, other forms of cyberbullying, or even in-person harassment.
Some form of information leak includes:
- Home addresses
- Workplace details
- Personal phone numbers
- Social security numbers
- Bank account or credit card information
- Private correspondence
- Criminal history
- Personal photos
- Embarrassing personal details
At it’s core, doxing can ruin lives, as it can expose targeted individuals and their families to both online and real-world harassment. But is it illegal? The answer is usually no!
One thing is for sure, doxing tends not to be illegal if the information exposed lies within the public domain, and it was obtained using legal methods. That said, depending on your jurisdiction, doxing may fall foul of laws designed to fight stalking, harassment, and threats. It also depends on the specific information revealed.
For example, disclosing someone’s real name is not as serious as revealing their home address or telephone number. However, in the US, doxing a government employee falls under federal conspiracy laws and is seen as a federal offense. Because doxing is a relatively recent phenomenon, the laws around it are constantly evolving and are not always clear-cut.
Real-Life Examples of Cybercrimes by Doxers
The most common doxing situations tend to fall into three categories. First, releasing an individual’s private, personally identifying information online. Secondly, revealing previously unknown information of a private person online.
Thirdly, it includes releasing information of a private person online could be damaging to their reputation and those of their personal and/or professional associates. Some of the most famous and commonly cited examples of doxing include:
Ashley Madison was an online dating site that catered towards people interested in dating outside of committed relationships. A hacker group made demands of the management behind Ashley Madison. When those demands were not met, the group released sensitive user data, doxing millions of people in the process and causing humiliation, embarrassment, and the potential for harm to both personal and professional reputations.
Cecil The Lion
A dentist from Minnesota illegally hunted and killed a lion living in a protected game preserve in Zimbabwe. Some of his identifying information was released, which resulted in even more personal information publicly posted online by people who were upset by his actions and wanted to see him publicly punished.
Boston Marathon Bombing
During the search for the Boston Marathon bombing perpetrators, thousands of users in the Reddit community collectively scoured news and information about the event and subsequent investigation. They intended to provide information to law enforcement that they could then use to seek justice. Instead, according to BBC Technology News, innocent people who were not involved in the crimes were outed. Whilst, resulting in a misguided witch hunt.
How Doxing Works
We live in an age of big data; there is a vast ocean of personal information on the internet, and people often have less control over it than they believe. This means that anyone with the time, motivation, and interest to do so can turn that data into a weapon. Celebrities, politicians, and journalists are amongst those who have been doxed.
And, as a result, making them suffer from online mobs, fearing for their safety, and – in extreme cases – death threats. The practice has also spread to prominent company executives too. For example, when Proctor & Gamble’s Gillette released its, We Believe ad, which claimed to target toxic masculinity, Chief Brand Officer Marc Pritchard’s LinkedIn profile was shared on 4chan.
Whereby, this was coupled with the poster calling others to send angry messages to him. Doxing entered mainstream awareness in December 2011, when hacktivist group Anonymous exposed 7,000 law enforcement members’ detailed information in response to investigations into hacking activities. Since then, Anonymous has doxed hundreds of alleged KKK members, if I may.
Some of their most recent targets have included Q-Anon supporters. As an illustration, one of the best defenses is to make it harder for abusers to track down your private information. You can find out how easy it is to dox yourself by checking what information can be found out about you.
For example, you can:
- Google yourself
- Carry out a reverse image search
- Audit your social media profiles, including privacy settings
- Check to see if any of your email accounts were part of a major data breach by using a site such as Haveibeenpwned.com
- Check CVs, bios, and personal websites to see what personal information your professional presence conveys.
Be that as it may, if you have PDFs of CVs online, be sure to exclude details like your home address, personal email, and mobile phone number. Or even replace them with public-facing versions of that information.
What Are The Motivations Behind Doxing?
Important to realize, the motivations behind doxing vary. People feel they have been attacked or insulted by their target and could be seeking revenge as a result. If someone becomes known for their controversial opinions, they could target someone with opposing viewpoints.
But, this tends to be the case when the topic is especially polarized, rather than everyday political disagreements. Intentionally revealing personal information online usually comes with the intention to punish, intimidate, or humiliate the victim in question. That said, doxers can also see their actions as a way to right perceived wrongs.
Or rather, bring someone to justice in the public eye, or reveal an agenda that has previously not been publicly disclosed. Regardless of the motivation, the core purpose of doxing is to violate privacy, and it can put people in an uncomfortable situation — sometimes with dire consequences. Some of the methods used to dox people include:
#1: Tracking Usernames & Domains
Many people use the same username across a wide variety of services. This allows potential doxers to build up a picture of the target’s interests and how they spend their time on the internet. Likewise, it can also happen by running a WHOIS search on a domain name.
Anyone who owns a domain name has their information stored in a registry that is often publicly available via a WHOIS search. Suppose the person who bought the domain name did not obscure their private information at the purchase time. In that case, personally identifying information (such as their name, address, phone number, business, and email address) is available online for anyone to find.
#2: Web Phishing & Tracking IP
If the person uses an insecure email account or falls victim to a phishing scam, the hacker can uncover sensitive emails and post them online. Sometimes, it can also happen by sifting through government records. While most personal records are not available online, there is a fair amount of information that can be gleaned from government websites. Examples include databases of business licenses, county records, marriage licenses, DMV records, and voter registration logs – all contain personal information.
What about tracking IP Addresses? Well, doxers can use various methods to discover your IP address, which is linked to your physical location. Once they know it, they can then use social engineering tricks on your internet service provider (ISP) to discover more information about you. For example, they can file complaints about the owner of the IP address or attempt to hack into the network.
#3: Data Brokers & Social Media Stalking
At times, doxing can happen using data brokers. In reality, data brokers exist to collect information about people and sell that information for profit. Data brokers gather their info from publicly available records, loyalty cards (which track your online and offline buying behavior), online search histories (everything you search, read, or download), and from other data brokers.
Many data brokers sell their information to advertisers, but several people-search sites offer comprehensive records about individuals for relatively small amounts of money. All a doxer has to do is pay this small fee to obtain enough information to dox someone. What about social media stalking?
In general, if your social media accounts are public, anyone can find out information about you by cyber stalking you. They can find out your location, workplace, friends, photos, likes, and dislikes, places you have visited, the names of your family members, the names of your pets, and so on. Using this information, a doxer may even work out the answers to your security questions — which would help them break into other online accounts.
#4: Web Packets Sniffing & Reverse Lookup
The term packet sniffing is sometimes used in relation to doxing. This refers to doxers intercepting your internet data, looking for everything from your passwords, credit card numbers, and bank account information to old email messages. Doxers do this by connecting to an online network, cracking its security measures, and then capturing the data flowing into and out of the network. One way to protect yourself from packet sniffing is by using a VPN.
By the same token, there’s also what is known as reverse mobile phone lookup. Once hackers know your mobile phone number, they can find out more about you. For example, reverse phone lookup services like Whitepages let you type in a mobile phone number — or any telephone number — to find out the identity of the person who owns the number. Sites such as Whitepages charge fees to provide information beyond the city and state associated with a mobile phone number. Though, those willing to pay can discover additional personal information about you from your mobile phone number.
#5: Web Net Breadcrumbs
By following breadcrumbs — small pieces of information about someone — scattered across the internet, doxers can build up a picture that leads to uncovering the real person behind an alias, including the person’s name, physical address, email address, phone number, and more. Doxers may also buy and sell personal info on the dark web.
The information found can be wielded in a threatening manner, for instance, tweeted at someone in response to a disagreement. Doxing can be less about the availability of the information and more about how it is used to intimidate or harass a target. For example, someone who has your address can locate you or your family.
Someone with your mobile phone number or email can bombard you with messages that disrupt your ability to communicate with your support network. Finally, someone with your name, date of birth, and Social Security number could also hack into your accounts or steal your identity.
Anyone who has the determination, time, access to the internet, and motivation — will be able to put together a profile of someone. And if the target of this doxing effort has made their information relatively accessible online — this is made even easier. Why A Strong Password Is Important For Your Web Security
How To Protect Yourself From Doxer Attacks
With the vast array of search tools and information readily available online, almost anyone can be a doxing victim. As an example, compromised passwords give cybercriminals an open door into your most personal accounts. So, of course, you’ll want to build a password that hackers are unlikely to discover.
The average user will create passwords to fool human hackers. This used to be a smart way to fight data theft. A criminal would use any information they could find about you and use common patterns in passwords to guess yours. You used to be able to just switch up the characters in your passwords and “Tr1Ck” your way into security. But hackers took notice.
Cybercriminals use sophisticated technology to get your passwords nowadays. This is important since many people try to make passwords hard for people to guess, but do not consider efficient algorithms. Software is designed to account for crafty user behavior as it guesses your passwords.
Learn More: Tips For Generating Strong And Unique Passwords
Equally important, if you have ever posted in an online forum, participated in a social media site, signed an online petition, or purchased a property, your information is publicly available. Plus, large amounts of data are readily available to anyone who searches for it in public databases.
From county records, state records, search engines, and other repositories. While this information is available to those who really want to look for it, there are steps you can take to protect your information including the following:
#1: Practice Good Cybersecurity & Protect Yourself
Anti-virus and malware detection software can stop doxers from stealing information through malicious applications. Regularly updated software helps to prevent any security ‘holes’ that leads to hacking and doxing of your data. It’s also good to make sure that you always protect yourself from any cybersecurity threats.
Protecting your IP address by using a VPN is the first thing you should consider. A VPN or virtual private network offers excellent protection against exposing IP addresses. A VPN takes the user’s internet traffic, encrypts it, and sends it through one of the service’s servers before heading out to the public internet – allowing you to browse the internet anonymously. Kaspersky Secure Connection protects you on public Wi-Fi, keeps your communications private, and ensures that you are not exposed to phishing, malware, viruses, and other cyber threats.
#2: Use strong passwords & usernames
A Strong Password normally includes a combination of uppercase and lowercase letters,
plus numbers and symbols. Avoid using the same password for multiple accounts, and make sure you change your passwords regularly. If you have problems remembering passwords, try using a password manager. Alternatively, you can use separate usernames for different platforms.
For instance, if you are using online forums like Reddit, 4Chan, Discord, YouTube, or others, make sure you use different usernames and passwords for each service. By using the same ones, doxers could search through your comments on different platforms and use that information to compile a detailed picture of you. Using different usernames for different purposes will make it more difficult for people to track your movements across multiple sites.
#3: Create Google Alerts & Separate Email Accounts
On one side, you can set up Google Alerts for your full name, phone number, home address, or other private data you are concerned about. Obviously, so that you’ll know if it suddenly appears online, it means you have been doxed. On the other side, it’s also important that you create separate email accounts for separate purposes.
Consider maintaining separate email accounts for different purposes — professional, personal, and spam. Make your personal email address reservation only for private correspondence with close friends, family, and other contacts you trust. And again, avoid publicly listing this address. Doxers may use your spam email to sign up for accounts, services, and promotions.
Always remember, (whether you are a freelancer or a particular organization affiliate) there can be a public listing of your professional email address. As with public-facing social media accounts, avoid including too much-identifying information in your email handle. For example, make sure that you always steer clear of [email protected] in this case.
#4: Use Multi-Factor Authentication Settings
This means that you — and anyone else trying to access your account — will need at least two pieces of identification to log onto your site, usually your password and your phone number. It makes it harder for hackers to access a person’s devices or online accounts because knowing the victim’s password alone is not enough; they will also need access to a PIN number.
On the same note, make sure that you review and maximize your privacy settings on social media. Keeping in mind, reviewing the privacy settings on your social media profiles can greatly improve any of your security weaknesses. But then, make sure you are comfortable with the amount of information being shared and with whom.
In the same fashion, be strategic about which platforms you use for which purposes. If you are using a platform for personal reasons (like sharing photos with friends and family on Facebook or Instagram), tighten your privacy settings. Suppose you are using a platform for professional purposes — such as monitoring breaking news on Twitter — or tweeting links to your work).
In that case, you may decide to leave some of the settings public — in which case, avoid including sensitive personal information and images.
#5: Hide Your Information From Google & WHOIS
Scrubbing your data from unwanted sites is also another great way to go. As such, you can remove your information from data broker sites. Though, if you want to do it yourself without incurring costs, it can be labor-intensive. On the contrary, if you have limited time, you can start with the three major wholesalers: Epsilon, Oracle, and Acxiom.
You will need to regularly check these databases. Simply, because a republishing of your information can still happen even after its removal. You can also pay for a service like DeleteMe, PrivacyDuck, or Reputation Defender to do this for you. On the other hand, you can also ask Google to remove the information that you don’t want to see.
If personal information appears in Google search results, individuals can request its removal from the search engine. Google makes this a simple process through an online form. Many data brokers put this type of data online, usually for background checks or crime check information. Next, make sure that you hide your domain registration information from WHOIS too.
WHOIS is a database of all registered domain names on the web. Eventually, this public register can determine the person or organization that owns a given domain. As well as their physical address, and other contact information.
If you plan to run a website anonymously without disclosing your real identity, make sure your personal information is private and hidden from the WHOIS database. Domain registrars have controls over these privacy settings, so you will need to ask your domain registration company about how to do so.
#6: Avoid Disclosing Certain Sensitive Information Types
Forthwith, it’s also good to avoid disclosing certain types of information. Wherever possible, avoid disclosing certain pieces of information in public, such as your Social Security number, home address, driver’s license number, and any information regarding bank accounts or credit card numbers. Remember, hackers could intercept email messages, so you should not include private details in yours. In addition, it’s also good that you get rid of any obsolete profiles.
Review how many sites have your information. While sites like MySpace may now be out of fashion, decades-old profiles are still visible and publicly accessible. This applies to any site that you might have formerly been active on. Try to delete obsolete and old/unused profiles if you can. Not forgetting, you should also be alert for phishing emails.
Doxers might use phishing scams to trick you into disclosing your home address, Social Security number, or even passwords. Be wary whenever you receive a message that supposedly comes from a bank or credit card company and requests your personal information. Financial institutions will never ask for this information by email.
#7: Be wary of online quizzes and app permissions
Online quizzes may seem harmless, but they are often rich sources of personal information that you happily provide without thinking twice. Some parts of a quiz may even serve as security questions to your passwords. Since many quizzes ask for permission to see your social media information or your email address before showing you the quiz results, they can easily associate this information with your real identity, without much context on who is launching the quiz and why it is best to avoid taking them altogether.
Mobile apps are also sources of personal data. Many apps ask for access permissions to your data or device that should not concern the app software at all. For example, an image editing app has no logical use for your contacts. If it is requesting access to your camera or photos, that makes sense. But if it also wants to look at your contacts, GPS location, and social media profiles, then proceed with caution.
What To Do If You Become A Doxing Victim
Technically, it’s always good that you avoid giving hackers a reason to dox you. Be careful what you post online, and never share private information on forums, message boards, or social media sites. It is easy to think that the internet gives people the freedom to say — or type — whatever they want.
People may believe that creating anonymous identities gives them the chance to express whatever opinions they want. No matter how controversial, with no chance of any trace. But, as we have seen, that is not the case – so it is wise to be careful about what you say online. With that in mind, what do you do if you become a doxing victim?
First of all, the most common response to being doxed is fear, if not outright panic. Feeling vulnerable is understandable. The intention design of doxes is to violate your sense of security. And then, cause you to panic, lash out, or shut down. Fortunately, if you become a doxing victim, there are a few steps you can take as follows:
(A) Report It
Report the attack to the platforms on which your personal information has been posted. Search the relevant platform’s terms of service or community guidelines to determine their reporting process for this type of attack and follow it. While filling a form out once, save it for the future (so you do not have to repeat yourself).
This is the first step to stop the spread of your personal information. The next step you can also consider hand in hand is involving law enforcement. If a doxer makes personal threats against you, contact your local police department. Any information pointing to your home address or financial information should be a top priority. Especially, if there are attachments of credible threats.
(B) Document It
Take screenshots or download pages on your information postings. Try to ensure that the date and URL are visible. This evidence is essential for your own reference and can help law enforcement or other agencies involved. It’s good that you protect your financial accounts as well at all costs.
If doxers have published your bank account or credit card numbers, report this immediately to your financial institutions(s). Your credit card provider will likely cancel your card and send you a new one. You will also need to change the passwords for your online bank and credit card accounts.
(C) Accounts Lockdown
Whenever necessary, it’s good that you change your passwords, use a password manager, enable multi-factor authentication where possible, and strengthen your privacy settings on every account you use. Last but not least, make sure that you enlist a friend or family member for support. Now that doxing can be emotionally taxing. Ask someone you trust to help you navigate the issue, so you don’t have to deal with it alone.
(D) Cloud Security
The way cloud security is delivered will depend on the individual cloud provider or the cloud security solutions in place. However, the implementation of cloud security processes should be a joint responsibility between the business owner and the solution provider.
By all means, opting to take advantage of the Cloud Hosting Service enables companies to access data from almost any location and saves both time and money. As an example, many hosting providers offer their customers the possibility of cost-saving. While hosting both their personal and commercial data in the cloud.
Mozilla VPN is a security feature by Firefox that gives you the ability to connect confidently and keep your information safe from prying eyes and data thieves when you’re online. It uses advanced WireGuard® protocol to encrypt personal data on your laptop or desktop computer — for up to 5 devices. Stream shows, play games, shop, and go about your daily life online.
Perse, doxing is a serious issue that allows for easy access to personal information online. Staying safe in an online world is not always easy, but following cybersecurity best practices can help. At jmexclusives, we highly recommend using security protection as a start. More so, from the likes of Kaspersky Total Security Solution, if I may add.
Not to mention, it guards you against viruses on your PC, secures and stores your passwords and private documents. In addition, it encrypts the data you send and receive online with a VPN. Now that; out there, there are so many malicious acts to know. Some seek to damage data, steal data, or disrupt digital life in general. All these are forms of Cyber Security Threats or cyber-attacks.
Cyber-attacks include Computer Viruses, Malware, Password Attacks, and Data Breaches. As well as Phishing, SQL Injection, Man in the Middle (MITM), Denial of Service (DoS), etc. Thus, people use Cloudflare services for the purposes of increasing the security and performance of their websites and other related services. It’s one of the biggest networks operating on the Internet.
- Why Cyber Security Awareness Is Important | Useful Tools
- Website Security | 6 Tips To Secure Your Website Business
- What Is ISP Tracking? How To Protect Your Data Privacy
- Data Management | Systems, Challenges & Best Practices
- Online Privacy | 6 Tools to Protect Your Internet Information
Finally, it’s our hope that the above guideline is useful to you or even your business team. Overall, it applies to everyone; as long as you use the internet and fill in your details on one side or another. That said, in case you’ll need any more additional help, you can Consult Us and let us know how we can sort you out. We’ll be more than glad to see you more secure.
You can also donate in order to support what we do or even motivate our web content research team. All in all, you are welcome to share your thoughts, opinions, or even questions below. Feel free to share this article with your friends and other web readers.