What is Doxing and How Can You Protect Yourself From it?
As the line between the offline and online worlds increasingly blurs, individuals and organizations with negative intentions increasingly find more pointed methods to harass, stalk, and extort people they perceive to be vulnerable.
In recent years, one of these tactics has become the go-to playbook for targeted harassment. It's a concept that lurks in the margins of many of the most worrying media coverage of online abuse: doxing.
What Is Doxing?
In the simplest terms, doxing is the distribution of an individual's personal information to the internet at large, without that person's intent or permission.
By definition, doxing is not simply gathering information on a person. It refers to the moment of the release of that collected information to either interested parties or openly for the consumption of the internet at large, without consent.
The word "dox" has roots in the hacker communities of the early internet, who came to use the term as a pithy shorthand for "dropping documents" for their communities to freely share. Today, with so much information widely available on the modern internet, doxing is regularly committed by people with no connection to the hacking community or the associated skills.
Why Malicious Internet Users Dox People
The most common purposes for doxing are:
Encouraging general harassment of a targeted person for personal motivations
Using the threat of releasing information to extort someone
Making strangers feel unsafe
Vigilantism against public figures
Celebrities, journalists, and elected officials are often the targets of the most high-profile doxing incidents. Among political activists doxing is regularly deployed as a method against opposing political groups.
Many doxing incidents occur between people in smaller interpersonal circles, even if the information dumped to the internet is seen, consumed and acted upon by a wider network of unconnected people.
The strangest version of doxing, however, is when the motivation is unclear. There are many documented incidents of completely random doxing, leaving victims confused and terrorized for no discernible reason at all.
The Kinds of Information Used to Dox
When a malicious internet user releases a dox, the contents are rarely similar from one incident to the next. Depending on their target and the availability of personal information, the materials they unleash cover a wide range.
Many doxes include:
Full legal name
Home or mobile phone numbers
Links to social media accounts, including those not intentionally connected to the individual's public identity
Financial details, such as active bank account or credit card numbers
Personal correspondence (SMS, private social media messages, emails, letters)
Private media, such as photos or video
Usernames and passwords for various online accounts
Just a few of these pieces of private information, released into the wild, can have devastating effects on almost anyone. Even details that may be innocuous to some -- such as social media profiles -- can be ruinous to people with professional obligations that clash with the information released.
How Doxers Find Personal Details
Doxing is particularly potent not because of the difficulty, but because of the method by which it presents so much information useful for harassment in a single "dump" of content.
Doxing is rarely the product of the high-level hacking that some might assume. Most often, doxers simply use standard search engines to look at publicly available information. They connect breadcrumbs that link one piece of information to another, such as similar usernames or registered birthdates across accounts, to piece together the larger picture of a dox.
Some information gathering strategies are based on the simple logic of a confidence scam. Doxers contact their target or people connected to them, and present themselves in dishonest ways to gain confidence and access to private information. Sometimes the contents of these types of conversations become the meat of the dox itself.
Still others leverage access to illegal information to bolster their dox. Incidents like retail data breaches are sometimes responsible for providing the most damaging details, like financial information.
While the glut of public information online makes doxing accessible to anyone with internet access and a vulnerable target, sometimes high tech tactics are responsible for doxing. Malicious methods like keyloggers -- software that tracks and transmits everything typed into the host PC -- are a prominent tool for this upper echelon of doxers. This type of attacker will often employ doxing as part of a larger extortion strategy, alongside other types of malware.
How to Prevent Doxing
The steps for protecting yourself start with a simple tactic: Google yourself, and see what you find. Try using as many terms as possible to dig out information on yourself, putting yourself into the mindset of a doxer trying to connect information from across the internet to create a single footprint of one person.
For most people, the results are shocking.
To prevent doxing, you'll need to account for more information than you likely know is available. Here's a great start:
Make a list of every social media account you have and remove or hide certain information
Check social media and apps for GPS functionality, and turn it off in case it appends location data to your posts
Search for old usernames on services you no longer use and delete these accounts
Contact online publications to take down content you no longer want publicly available
Change your passwords and develop a plan to regularly update them for every service you use, with no common factors between each password
Activate two-factor authentication for every account that supports it
It can be difficult to gain all the necessary information for the above, of course. Every individual has extremely varied levels of accessible traces online, as well as completely different privacy needs.
Doxing is problematic because it is simultaneously simple to do, and costly for the victim. Often, the targets of doxing are unaware that the information used against them was obtained with so little effort. Because of the low barrier to entry, it is prudent for all internet users to take a moment to develop a plan to prevent being doxed.
To learn more about our services, check out the PrivacyGuard home page.