Doxing 101

D

What is doxing?

‘Doxing’ sometimes spelt ‘doxxing’ is one of the biggest threats to both your privacy and security.  It is the process of discovering your real identity by another party – usually a bad actor with the intent to cause you some combination of distress, financial or reputational loss and in some cases even physical harm.  This is usually achieved by publicising your full identity, residential address, phone numbers, place of employment, revealing photographs and so forth in the public domain. 

How does it happen?

The term itself derives from ‘docs’ (documents) which are complied based on your interaction and use of the internet by the bad actor.  The easiest way we’ve heard it described draws on the story of Hansel and Gretel.  If you’re unfamiliar with the story it’s about two kids driven into the woods at the word of their evil stepmother because the region was stricken by famine and the two kids were just two more mouths to feed.  Hansel learned of the plan and dropped breadcrumbs along the trail their father took so all they had to do to return home was to follow the breadcrumbs

You can probably see where this is going right? The ‘docs’ are the breadcrumbs! A bad actor starts to collect the various breadcrumbs you leave on the internet to trace them back to their origin – you!  A lot of people are careless with the information they share on the internet and unknowingly leave these breadcrumbs all over the place.  Here is a list of some of the main sources of your data a bad actor, or ‘doxer’, will investigate / breach:

  • Packet Sniffing: Breaking Wi-Fi security measures to intercept information such as credit card data, emails, passwords and similar accounts and numbers. 
  • Social Media: Not just what you comment on but think of the local businesses you follow and the photos you post (especially of your family)
  • Online discussion board comments, surveys and purchases
  • Public records such as property ownership & voter registration
  • Email: If you use one email to register for everything there are plenty of data points available
  • IP address: Using an IP Logger to trace your online activities, such as the websites you visit.
  • Devices: They will try to breach your devices such as USB drives, computers, laptops, mobile phones which all contain substantial data about you. This extends beyond your personal with your workplace devices also of interest once the bad actor finds out where you work.

This list is by no means complete but it should give you an idea of the various layers of data you have out there.  Individually these breadcrumbs are benign and pose little threat, harm only comes if someone has the energy and motivation to collate enough to piece them together. Even if you use pseudonyms that doesn’t protect you and usually forms part of the appeal for a doxer as it becomes a bit of a challenge.  They usually set out from the start to tie an anonymous online profile to the true identity behind it.

What is the purpose of doxing?

Revenge is probably the broad umbrella term to use.  Perhaps you posted a controversial view or caused offence of sorts and since we live in a world of outrage and cancel culture you can unknowingly paint a target on your back.  Revenge is the broad motivator; however, the primary purpose may be to cause you:

  • Humiliation
  • Punishment
  • Embarrassment
  • Intimidation
  • Business or employment loss
  • Financial loss
  • Family breakdown
  • Marital separation
  • Identity theft

Doxing is essentially trial by the mob – even if you apologise for and/or delete the controversial content it is rarely enough contrition to prevent the doxing from going ahead.  For some, doxing you is how they “win” the debate they had with you.  The threat of doxing can also be used for financial gain where the bad actor follows through unless a ransom is paid.

What does it look like?

There are obviously many ways doxing can go but some of the typical impacts you would experience include:

  • You will get abusive messages calling you every name under the sun, these can be through social media direct messaging, email or SMS depending on how much of your information has been found out and publicly posted
  • The abusive messages can go so far as threatening your life and/or the lives of your loved ones
  • Sensitive information about you will be broadcast publicly, this can include posting of private, embarrassing, or damaging photographs or any medical conditions you may have
  • If your residential address has been outed people may turn up at your house and protest on your front yard, damage your property, or threaten you in person
  • In severe cases you can lose your job or business if the bad actor/s gain access to those emails and send nasty messages to colleagues, bosses, suppliers, contractors, etc
  • You may lose personal friendships and professional networks
  • Your marriage may break down from the stress associated from being doxing with potential flow on impacts such as restrictions to your custody of your children
  • Financially speaking you may need to pay a ransom or donation to stop it or you may be forced to move house.

Does it happen often?

Often? Well that depends on your basis of comparison, but it certainly does happen regularly and not just to private individuals.  Public figures who invest into personal security and privacy have been doxed, people from Hillary Clinton to Beyoncé have had their private information outed.  Journalists, Instagram Influencers, Bloggers and other such professions are not immune even though the intent of their content is usually for the greater good.  We won’t list the details of examples here, but you can certainly search online to read about some real-world examples for yourself. 

How can I prevent it?

Information is a currency these days, we’ve all heard that before and it’s why so many services and apps are free – we pay for them with our personal data when we buy or sign up.  Organisations are very interested in building demographic data, ideal customer profiles and targeted marketing campaigns based on the data you provide.  Data brokers are businesses that exist for the express purpose of collating lists of such data for the purpose to resell.  Whilst data brokers don’t sell individual data, as mentioned, doxers like a challenge and will happily work through large volumes of data to start matching up some of those breadcrumbs. 

We will write a detailed guide on how to prevent doxing and follow it with another guide on how to respond to doxing if it happens to you.  This will be a substantial amount of content and we want to ensure we cover as many steps as possible, the purpose of this article is an introduction to the subject and to define it.  Not to leave you hanging though, there are some precautions you can take:

  • The biggest one is to be wary of what you share online and resist getting into arguments about controversial issues online
  • Remember nothing on the internet is free if you have to sign up or somehow share your data to redeem the 10% off or the one-month free trial or whatever.  Even your name and email address is a data point best kept to yourself.  Think of it as a currency
  • Use a VPN to secure your internet connection
  • Increase privacy settings on your social media accounts
  • Set up two factor authentication (2FA) wherever possible
  • Don’t log into apps with Facebook or Google accounts
  • Set strong, unique passwords.

Conclusion

Doxing turns data into a weapon and it has the potential to ruin your life.  It’s safe to say we have all posted comments or photos which could haunt us today and most of us probably have more than one enemy – even if we don’t know it.  A jealous co-worker, a bitter ex-partner, a former friend or roommate – such people may be willing to dox or help you be doxed.  The bad actors who dox may not even be known to us – your comment on a social media post may have just angered them enough to target you. Just remember: a seemingly innocuous comment can draw the rage of the internet mob, don’t get drawn in and resist being ‘triggered’

This article is written in line with our Terms & Conditions and Disclaimer. As such all content is of a general nature only and is not intended as legal, financial, social or professional advice of any sort. Actions, decisions, investments or changes to device settings or personal behaviour as a result of this content is at the users own risk. Privacy Rightfully makes no guarantees of the accuracy, results or outcomes of the content and does not represent the content to be a full and complete solution to any issue discussed. Privacy Rightfully will not be held liable for any actions taken by a user/s as a result of this content. Please consider your own circumstances, conduct further research, assess all risks and engage professional advice where possible.

Recent Posts

Contact us