What Is Doxxing?
Doxxing, also spelled “doxing”, is the unethical practice of revealing an individual’s personal information online without their permission. This can include their home address, current location, financial details, workplace, or any other private information.
Doxxing can also involve the sharing of compromising or embarrassing photographs, criminal history, and private conversations.
It nearly always involves malicious intent and is often linked to intimidation, cyberbullying, harassment, stalking and identity theft. The word originates from 1990s hacker culture and means dropping documents, docs – “dox”. The term has evolved to encompass any kind of data shared online.
Doxxing is very common. Research suggests that 21% of Americans have been victims of online doxxing. Strangers are involved in 52% of incidents, but nearly 25% of victims are doxxed by somebody known to them.
How Does Doxxing Work?
Unfortunately, doxxing someone is often a trivially simple thing to do, particularly if the perpetrator already knows the person in question. In the vast majority of cases, an instance of doxxing looks like this:
- Someone becomes disgruntled and vindictive towards another person, online.
- Very often, there may be accompanying threats from the disgruntled person or community.
- The disgruntled person(s) use digital intelligence tools to discover the actual identity of the target, or those personal details are already known.
- The disgruntled person(s) shares the victim’s sensitive personal information (PII) online, somewhere where the assumption is that the community will use it to harass and intimidate the victim.
- The victim likely receives a flurry of calls, emails and DMs, and this pattern of harassment may extend to persons and organizations associated with the victim – friends and family or the victim’s employer.
Learn how doxxing can transition into identity theft and why identity protection is becoming more important.
Read More
Malicious online behavior in general has had a significant amount of attention in the media. Some instances of particularly vindictive doxxing include:
- acquiring financial information, either from legitimate sources or from places like the dark web, and sharing it publicly
- sharing private images, messages and conversations beyond the circle they were intended for – “revenge porn” is an example of this, but there are several forms it can take
- hacking, packet sniffing, and other technical practices that facilitate access to personal information
- hacking into and combing through someone’s social media accounts and sharing information found
After any of these take place, there is, of course, a significant amount of degradation to the victim’s personal life.
Taking the leaked information and using it to harass the victim is not only par for the course, but very much expected by the initially disgruntled doxxer.
Is Doxxing Illegal?
Depending on the specifics, doxxing often falls into a legal gray area. While some countries and regions– such as Hong Kong and the state of Kentucky – have introduced specific anti-doxxing legislation, there are not yet widespread and coordinated laws relating to the practice. However, the crimes that originate from and involve doxxing are often illegal in themselves.
Doxxing-related crime can include stalking, intimidation, fraud and online bullying. So, often, even when there is no specific law against disclosing the information to begin with, the incident can be addressed through these. Doxing can lead to a person’s life being significantly affected, even ruined as they snowball. Justifiably, the extent of the detriment to the victim is often commensurate to the punishment.
It’s also relevant to note that some social media platforms ban doxxing-related behavior as part of their terms and conditions. Twitter, for example, states that “sharing someone’s private information online without their permission, sometimes called doxxing, is a breach of their privacy and of the Twitter Rules”.
Examples of Doxxing
Here are some things that, in some contexts, might seem incidental, but still amount to doxxing:
- establishing the true identity of an individual using an online alias or username, and sharing the information online
- revealing little-known or private information about an individual, with the intention of causing them embarrassment or compromising their reputation
- publicly publishing details of an individual’s current location
- publishing unknown details of somebody’s personal life – celebrities often fall victim to this variety of doxxing
Malicious doxxing behavior is abundant. Part of what makes it so prevalent is how easy it is to execute in many cases. Angry at someone online? If you know them, just a few taps and you can share personal photos or contact information. You got your revenge – but now you have to watch as it spirals way past reasonable, and you’re guilty of doxxing in a very real and punishable way.
There are also any number of “nuisance” activities, which seem trivial but, over time and at scale, have been shown to be extremely detrimental to the victim’s wellbeing.
These are things like sending pizza deliveries or taxis to a victim’s address. This seemingly silly prank can become overwhelming and amount to harassment when entire online communities coordinate to do it, with the deliveries reaching the hundreds.
The Consequences of Doxxing
Doxxing can have serious real-world consequences, and the impact of the fallout often hits the headlines. Victims have even been pushed to suicide and self-harm as a result of doxxing. Others have had to move, change jobs or even countries. The perpetrator may be banned from online communities or websites, while legal consequences can include fines, penalties or even jail sentences.
In addition, there have been incidents of doxxing perpetrators targeting the wrong victims, with equally tragic outcomes.
A high-profile example ended up landing the perpetrator with a five-year jail sentence, when his doxxing campaign led to harassment and “swatting” – falsely reporting that the victim is guilty of a major crime, resulting in a large police reaction.
Following this, the owner of the @tennessee Twitter handle, who was the victim, had a fatal heart attack. The original doxxer, Shane Sonderman, was found culpable for his death, though it was not him who called in the fake criminal report.
Partner with SEON to reduce fraud rates in your business with real-time data enrichment, whitebox machine learning, and advanced APIs.
Ask an Expert
How to Protect Against Doxxing
Protecting against doxxing involves being cyber aware and practicing strong online security: using antivirus software and VPNs, exercising caution on public WiFi networks, maintaining strong passwords, and being alert to phishing emails and suspicious phonecalls.
Beyond this, it’s also wise to be extremely selective about what information to reveal online and where. Having a healthy skepticism of who to trust and where to trust can be crucial.
Keeping social media circles small can be a good idea, and privacy settings should be carefully configured to ensure that public access to information is restricted as much as possible. Any information you submit online could potentially – particularly in the case of a data breach – be leaked.