Doxing involves collecting and publicly sharing someone’s personal information without their consent, typically with malicious intent. The term originates from ‘dropping dox’ (documents), referring to exposing private records. Often used to intimidate, harass, or harm individuals, the practice reveals sensitive details such as real names, addresses, phone numbers, or financial information.
Prevalence of doxing
Doxing is becoming more common. SafeHome reports that nearly a quarter of Americans know someone who has been targeted, and an estimated 11 million adults have experienced it firsthand. With social media making personal details easy to find, protecting privacy online is more urgent than ever.
How does doxing work?
Doxing thrives on the availability of personal data online, which attackers gather and weaponize. Many people reuse usernames across multiple websites, making it easy to link accounts and compile information. If someone owns a domain, an online search can expose personal details unless privacy protection is enabled.
Cybercriminals also use phishing scams to trick victims into revealing sensitive information like login credentials or financial details. Public social media profiles often reveal personal details like places visited, workplaces, and family connections, allowing attackers to build a detailed profile.
Beyond social media, government databases may expose business licenses, voter registration, or property records. Attackers can also track an individual’s IP address to approximate their physical location. If they obtain a phone number, reverse lookup tools can provide even more information.
More advanced techniques include packet sniffing, where attackers intercept internet traffic to collect passwords, emails, and financial data. Data brokers further complicate matters by compiling and selling personal details from online purchases, social media activity, and other sources, making it even easier for doxers to assemble a comprehensive profile with minimal effort.
Read more: What is a phishing attack?
What information are doxers looking for?
Doxers seek personally identifiable information to harass, exploit, or intimidate their victims. Phone numbers can be used for phishing scams or direct harassment, while social security numbers make identity theft easier. Home addresses open the door to intimidation, fraud, and swatting attacks. Financial details, including credit card and bank account information, are especially valuable, enabling fraud and potentially damaging a victim’s credit rating.
Is doxing illegal?
Doxing laws remain inconsistent across the United States, with some states criminalizing the act while others rely on existing harassment and stalking statutes to address its impact. Oklahoma classifies doxing police officers as a misdemeanor, carrying penalties of up to six months in jail or a $1,000 fine. California has taken steps to protect reproductive healthcare workers and patients by enacting similar legislation. Even in jurisdictions without explicit anti-doxing laws, courts have occasionally ruled in favor of victims under privacy and intimidation statutes. Despite these legal responses, doxing remains a contentious issue, as it not only threatens individual safety but also raises complex questions about free speech and digital privacy.
A real-life example of doxing
In 2016, Tanya Gersh, a Jewish real estate agent and wedding planner from Montana, became the target of a relentless online harassment campaign after Andrew Anglin, the editor of the Neo-Nazi publication The Daily Stormer, published her personal information, including her phone number, email, and social media accounts, along with those of her young son. What followed was a barrage of death threats, anti-Semitic messages, and images of her family superimposed onto Nazi concentration camps. The harassment lasted for months, forcing Gersh to seek law enforcement protection, scrub her online presence, and endure severe emotional and physical distress. Although Montana had no specific anti-doxing law at the time, Gersh, with the support of the Southern Poverty Law Center, successfully sued Anglin for privacy invasion and emotional distress, winning a $14 million judgment, though she has yet to receive the money. Her case proved the impact of doxing and the need for stronger legal protections against it.
How to protect yourself from doxing
While it is difficult to prevent all doxing attempts, there are steps you can take to minimize your risk:
- Use strong, unique passwords: Employ complex passwords and avoid reusing them across multiple accounts.
- Adjust privacy settings: Regularly review and update privacy settings on social media platforms to limit the visibility of personal information.
- Be cautious with personal information: Avoid sharing sensitive details online, and be mindful of the information you post publicly.
- Utilize privacy tools: Consider using virtual private networks (VPNs) to mask your IP address and employ password managers to securely store and generate passwords.
- Hide WHOIS information: When registering a domain name, opt for privacy protection services to prevent personal details from being publicly accessible.
- Monitor financial accounts: Regularly check bank and credit card statements for suspicious activity and set up security alerts.
- Set up Google alerts: Create alerts for your name, phone number, and other sensitive information to receive notifications if they appear online.
What to do if you are doxed
If you discover that you have been doxed, take immediate action to minimize the damage:
- Report the incident: Notify law enforcement, especially if threats or harassment are involved.
- Document the exposure: Take screenshots and save evidence of what has been shared.
- Secure your accounts: Change passwords and update privacy settings immediately.
- Protect financial information: Contact your bank or credit card provider to prevent fraudulent activity.
- Seek support: Reach out to trusted friends, family, or legal professionals for guidance and assistance.
FAQs
What does doxing someone mean?
Doxing is the act of publicly revealing personal information about an individual without their consent, often with malicious intent.
Is doxing illegal?
In many cases, doxing itself is not illegal, but how the information is used, such as for harassment or threats, can make it a criminal offense.
Can you go to jail for doxing?
Yes, if doxing leads to harassment, identity theft, or threats, the perpetrator can face legal consequences, including jail time.
Why is doxing so concerning?
Doxing can lead to real-world harm, including threats, identity theft, job loss, and reputational damage. It can also have long-term psychological effects on victims.
Learn more: HIPAA Compliant Email: The Definitive Guide
Farah Amod
