When I started my research about what is doxxing and how it’s one of the growing online threats, I reached out to different victims to get to the gist of the problem.
And finally, I got the opportunity to chat with Donna Wilson [the victim’s name has been changed to protect her privacy], who talked about how she was doxxed by her ex-boyfriend and the impact it’s having on her life and career.
The True Story of a Doxxing Victim (In Her Own Words)
“I broke up with a very abusive boyfriend who I am currently fighting in court. He tried to destroy me in the last way he knew – online.
As a digital marketer, my online reputation is vital. Knowing this, he posted my Google results on websites like cheatereport.com and cheaterland.com, fabricated a story full of lies, and called out two of my previous co-workers falsely along with my mother.
These posts are extremely defamational and also feature pictures of me, my full name, and damaging lies. I found out about this because of a friend who uses a Google Chrome extension which searches for people’s Google results when you’re talking to them on messenger, and these websites popped up.
Mind you, these websites are extortion rings as well – you have to pay up to $400 to remove every post, and he’s posted about a dozen or so at this point, so removing them continues to cost me my hard-earned money.
It’s easy to find personal information about people nowadays, so I don’t know exactly how to prevent it, especially if you’re looking to shake things up in this world. From the Gamergate controversy to me, men love doxxing women and putting them through the hell that then ensues.”
That’s right, anyone who has the time, interest, and motivation to collect your personal information can share it publicly and attempt to doxx you. Read on to learn more about doxxing, its types, and how to protect yourself from being doxxed.
What Is Doxxing – A Definition
Searching for and publishing personally identifiable information of a person publicly with malicious intent is called doxxing. The word is derived from “dropping docs”, a revenge tactic that was used by hackers to drop malicious information on someone, usually a rival.
Fast-forward to today, doxxing is a tactic employed by cyberbullies that entails leaking private information about an individual to the public. You don’t have to be known and popular – anybody can fall a victim to this form of online harassment, if and when they get on a bad guy’s radar.
Image Credit: flickr.com
Let’s suppose you comment on a Facebook post that caught your eye. The page admin, though, doesn’t like your opposite opinion and decides to get back at you by doxing you. They then publicly reveal personal details like embarrassing photos, financial documents, home address, etc. One can only imagine the impact of such a serious privacy violation!
According to Daniel Smith, Security Researcher at Radware,”Hackers find this information though a technique called Open Source Intelligence Gathering or OSINT.”
I’ll talk more about the different methods through which doxers can collect information later on…
Are There Different Types of Doxxing?
There are a variety of ways to dox people online. However, most doxing situations fall under one or more of the following:
- Disclosing a user’s personally identifiable information (PII) online.
- Disclosing previously unknown information of a user online.
- Disclosing information of a user online that may damage not only their reputation, but also that of their professional or personal associates.
Why Do People Dox Others?
Doxxing, more often than not, is done with the intent to threaten or harass someone, for whatever reason. It’s also used as a way to reveal an undisclosed agenda, right perceived wrongs, or bring someone to justice in the eyes of the public.
The motive behind releasing personal information is undoubtedly always negative – to either humiliate, punish, or intimidate the person in question. However, the core purpose of doxxing is to invade or violate privacy.
Smith further stated,”Normally someone is doxed after being rude, offensive or fighting with someone online. Other times their actions in the real world may trigger a hacker into exposing and publicly humiliating them.”
How Is Doxxing Done?
Now, you may be wondering “How easy is to dox someone?” Well, there are various techniques that can be used by doxers to collect information on an individual.
Image Credit: eurasiareview.com
In some cases, all it takes is harvesting data that is publicly available on the Internet. In others, it involves the use of doxing tools.
Here are some common methods:
- Packet Sniffing: The data you send over a Wi-Fi network can be intercepted by breaking its security measures to capture valuable information like credit card data, emails, passwords, bank account details, etc.
- IP Logging: An IP logger, which is a piece of invisible code, can be sent to your device via email or message to sniff out your IP address. Once the message is opened, your IP address is tracked and secretly sent back to the sender.
- Reverse Cellphone Lookup: Talking about doxing tools, reverse cellphone lookup allows a doxer to find an individual’s personal details like name, email address, age, home address, etc. by using their cellphone number.
- Analyzing Social Media: Most Internet users are active on social media sites like Twitter and Facebook. What’s more is that they are usually unaware of the risks they face online, and hence their profiles have weak privacy settings. If someone wants to dox a person, turning to their social media profiles may provide them a wealth of information.
What Happens After Being Doxed?
“Once you have been doxed you can expect to be harassed, experience identity theft, humiliation, stalking and you could possibly lose your job if your personal life is morally or ethically questionable.
Criminals can use this information for financial gain as well. The data exposed can also help social engineers bait a hook for a phishing attack against you,“explained Smith.
Is Doxxing Illegal or Legal?
Since there are no definitive anti-doxxing laws in the US, doxxing isn’t exactly illegal. While you’ll come across many online platforms and services with anti-doxxing policies in place to keep the environment safe for everyone, doxing itself isn’t a crime.
How is doxxing still legal? Nothing says fairness like destroying people’s lives and careers because you disagree with what they said/did
— Astrid K 🇨🇦🇸🇪 (@littlered_ace) February 13, 2018
However, it could be considered illegal under federal or state law if the personal information was disclosed with the intent to harass, threaten, or intimidate an individual.
Scenarios to Better Understand Doxxing
So, what exactly classifies as doxing? Consider the following scenarios to better understand the act and how it can affect you:
- A high school basketball coach selects the captain for the upcoming tournament. However, some students find this decision unfair, so they make the new captain believe that they are his friends, got him to share personal information, and then posted it on the school’s official site.
- A new restaurant has opened its doors in the area. The owner, who has thousands of followers on this Instagram account, takes offense when one customer criticizes the restaurant’s serving sizes, so he posts her phone number, home address, and real name on his Instagram to get back at her.
- A particular employee takes the manager’s honest feedback about his work a bit too personally, so he goes to various work-related forums, posts the manager’s private details like photo, name, company name, etc. and warns jobseekers to be cautious when it comes to working with professionals like him.
Real-Life Doxxing Examples
As doxing has become more common, incidents of doxing have regularly emerged from time to time. The following are a few well-known examples of doxing:
Boston Marathon Bombing
Following the Boston Marathon bombing in 2013, the Reddit community wrongly identified a few people as suspects of the event. While the intent was to provide law enforcement agencies with relevant information which they could use to make arrests, it instead resulted in innocent people who weren’t even involved in the crime being outed.
@alexisohanian After the Boston bombing, @Reddit came under fire for doxxing, leading to the suicide of someone mentioned by name, not a matter of public record. This event today, shows a redditor would send flowers to a sitting judge…Crickets from Reddit? #reddit #redditadmin
— TickTockManitowoc (@TManitowoc) December 1, 2017
However, this isn’t the only incident of doxing on Reddit, and there have been a few instances where people posted the personal details of individuals.
Hit List of Abortion Providers
In the 1990’s, pro-life activists got their hands on the personal information of abortion providers like their photographs, home addresses, and phone numbers and posted them online as a hit list.
Dr. Slepian was killed by a sniper while in his kitchen. You condone doxxing, you condone putting abortion providers/activists at that risk.
— Feminist Lady (@feministlady) February 6, 2016
The website not only included gore graphics, but also celebrated the deaths of abortion providers and incited others to injure or kill the remaining providers.
Ashley Madison Data Breach
Ashley Madison is a Canadian online dating service marketed to people who are in committed relationships. In 2015, a group called “The Impact Team” demanded the immediate shut down of the website.
Are you aware that among the various other problems caused by the Ashley Madison hack, several people outed committed suicide?
Do you think that if, for example, an LGBTQ person living in an intolerant environment could not be harmed if they were outed due to leaked data?
— Kath Rella (@KathRella) January 30, 2018
Since the demand wasn’t met, the group leaked over 25 gigabytes worth of company data, which also included sensitive user details, potentially harming millions of people in the process.
Anonymous Exposes Information
Doxing was brought into mainstream public awareness through the media coverage attracted by hacktivist entities like Anonymous.
Anonymous Reveals Full List Of Alleged KKK Members – Really scary stuff, many have Facebook pages with lotsa hate propaganda
— brian pomerantz (@bpomer) November 9, 2015
In 2011, detailed information of 7,000 law enforcement officials was exposed by Anonymous as a response to investigations into hacking-related activities. In 2015, they released an official list of supposed members and sympathizers of the Ku Klux Klan (KKK).
SWATting – Another New Trend in Online Harassment
Back in the old days, if a trickster wanted to seek revenge on someone who wronged them, they simply used to phone up all the pizza joints in town and order pizzas posing as the victim. The target of this mischievous prank would soon have a front door full of frustrated pizza delivery drivers demanding to be paid.
Now that doxxing enables information to be gathered on anybody from anywhere in the world, pranks have gone too far and even become life-threatening. These attacks are called Swatting and they have become commonplace in the U.S., affecting everyone from online gamers and celebrities to lawmakers and ordinary citizens.
Swatting consists of a perpetrator making a 9-1-1 call to false report a bomb threat or other emergency situations that force the police to dispatch a SWAT team to the unsuspecting victim’s home. They then show up on the doorstep fully armed, only to realize that it was a false alarm. The prank has even resulted in the deaths of innocent people!
Related Read: What is SWATting & How to Avoid a SWATting Death?
How to Prevent Doxing?
While your information can be found by those who are very keen to look for it, that doesn’t necessarily mean there’s nothing you can do to avoid being doxed, or at the least, minimize the harm it can cause.
The following are few measures that should be followed to protect your online identity from doxxing:
1. Hide Your IP Address with a VPN
A VPN acts like a secure tunnel that protects all your Internet traffic and is the most important tool when it comes to protecting yourself against doxxing. Smith added,”One major source of identification is your IP address, which is why I advise everyone to use a VPN to help mask your origin IP.”
Once connected, not only does it secure your entire connection with an unbreakable layer of encryption, but also hides your IP address to mask your online identity so that snoopers can’t get their hands on your personal information.
When you’re picking a VPN service, its best opt for one that offers advanced security features like PureVPN as you can reduce the ways through which doxers may try to gain access to your personal data.
2. Increase Privacy on Social Media
There may be personal information on your social media accounts that can be viewed by the public. Or, your social media accounts could be public as well. “In a world where we are constantly sharing we are also constantly exposing personal information about our private lives,”emphasized Smith.
On Facebook, you can set your privacy settings from here. Some things to keep in mind include:
- Set all the profile pictures you’ve used in the past to private.
- Make your profile unsearchable to everyone.
- Hide your friends list by changing it to private.
- Remove featured photos, if any.
- Consider using a profile picture that’s benign or professional in case it gets posted anywhere else.
For other social media sites like Quora, Twitter, Instagram, etc. here are some measures to take:
- Check your profile pictures and change them to something that’s benign or professional in case it gets posted anywhere else.
- Make your Instagram feed private as photos can reveal your location.
- Set your privacy settings; much like Facebook, almost every social media platform comes with privacy settings.
- Select who can follow you and see your posts.
3. Set Strong Passwords
If you haven’t changed the passwords of your online accounts for some time, now would be a good time to do the needful. However, make sure you create strong, unique passwords for each one – 15 characters is the minimum. We’d recommend using computer generated passwords as they’re almost impossible to guess.
You can create complex passwords by using services such as the Norton Identity Safe Password Generator. As far as saving those passwords are concerned, services like Passpack make it easier than ever to store all your passwords away safely.
Tip: For an additional layer of security, also enable 2FA on your online accounts.
4. Use a Disposable Email Account
Surely, your email address probably looks something like this: [email protected]/gmail/yahoo.com.
However, an email address like that immediately exposes your identity and so using them to register on websites or forums isn’t exactly the best idea.
If the website or forum publicly displays your email address, all a doxer would need to do is take a look at your profile. So, when you’re registering on websites, message boards, or forums, always use a disposable email account.
About emails and passwords, Smith said,”Never use the same email and password for multiple accounts. By mixing up login credentials it prevents a criminal from logging into all of your profiles from one compromised email/password.”
5. Be Wary of What Information You Share Online
Even the smallest of details are important as they can be pieced together to create an identifying profile of you. Take, for instance, by doing something as simple as clicking on person’s username on social media sites like Twitter, Reddit, Instagram, etc. doxers can find out every time you’ve posted your opinions, shared your pictures, or contributed to discussions.
Therefore, if you have ever posted personally identifiable information anywhere online, you need to take that down immediately.
Smith highlighted,”Most people share content without thinking about the consequences. Recently a picture was taken and posted of an employee at the Hawaii Emergency Management Agency.
This picture included location of surveillance cameras, employee ID badge, passwords, software and equipment used inside the agency. What’s worse is that all of this information was gathered from one innocent picture.”
6. Find Out What Information Google Has on You, and Delete It
All you have to do is search up your name on Google, and see if you come across any of your information on messaging boards, internet forums, social media networks, etc. If you do, delete it right away and this also includes any online accounts that you don’t use anymore.
When it comes to removing any information that you don’t have access to, using services like DeleteMe and PrivacyDuck can be of great assistance as they remove your personal information on the Internet.
7. Remove Yourself from Data Broker Sites
Did you know that data broker sites mine data from the Internet and organize it all in one location? This may include information like email, phone number, address, photos and social media profiles. Find this impossible?
Well, check this website out then: https://pro.whitepages.com/
Most of these companies allow you to opt out, but since that isn’t exactly good for business, they make the process as time-consuming as possible. We’d recommend using the services mentioned above to clean up all your personal information for you.
8. Install an Antivirus
Doxware, also sometimes referred to as extortionware, is a new type of malware in which a hacker gains access to the victims’ confidential information and threatens to publish it publicly unless the payment of a ransom is made.
Therefore, it’s important that you keep your computer or device secure by installing a strong anti-virus program. Make sure to apply all updates as soon as they’re available – setting up automatic updates can prove useful here!
9. Don’t Login With Facebook or Google
Most websites and apps allow users to register using the “Login with Google”, “Login with Facebook”, or “Login with Twitter” buttons. Basically, this enables you to complete the registration process with the email you used for your Google, Facebook, or Twitter accounts.
However, the downside of using them is that you’ll automatically give the information attached to your Google/Facebook/Twitter accounts to the website. For this reason, you should register manually so that you can control the type and amount of information they have on you.
10. Use Varying Usernames
If you have set up accounts on controversial forums or websites, you’re better off creating unique usernames for each one of them so they can’t be traced back to you. Using the same username on these sites will do you no good and only negatively impact your anonymity.
I asked Wilson about what can be done to prevent these kind of doxing attempts, and if there are any anti-doxxing laws or movements that exist for victims.
She responded,“My biggest piece of advice is to never stop fighting back. Laws are still catching up when it comes to digital harassment, but we can help to shape these laws by standing up.
While I have an order of protection against my abuser, the continual postings of websites isn’t a technical “violation” – which is absolutely absurd.”
What are your views about the lack of anti-doxing laws? Feel free to voice your opinions and support for Donna in the comments section below and we’d be more than happy to get back to you.