“Doxing” is the increasingly common practice of tracing internet activity with the purpose of uncovering and then publishing personally identifiable information about the individual. The methods employed in pursuit of this information range from searching publically available databases and social media websites to hacking and social engineering.
In some ways, doxing is a form of cyberbullying, or even extortion. The tactic is often employed when the “doxer” wants to intimidate an individual into a certain behavior. It may be hard to imagine that the average user—you, in this case—would be an attractive target or would engage in any behavior that could cause you to become a victim of this exploitation. But it’s becoming a more and more common practice, mostly because it’s so simple to do and doesn’t require any set technological skill.
One of the unfortunate realities about doxing is that simply uncovering information about someone isn’t a crime; but using it to threaten, intimidate, or extort the victim is. However, some doxers feel completely justified in their behavior. For example, actor Adam Baldwin was doxed because of his involvement in a controversial movement entitled #GamerGate along with “Business Journal” columnist Milo Yiannopoulos and four other people.*. The doxer was apparently offended by their public stance on this controversial issue and punished them for their crimes with the release of personal information in a document posted on Pastebin that could be accessed by the public. Baldwin’s personal phone number was exposed, and other people had their parents’ addresses, their own addresses, and birthdates released. The sender threatened that if activities they found offensive continued “…this list grows”.
There are many ways by which scammers and stalkers can find out things about you just by skimming what you have posted online. Sometimes it can be difficult to understand the long-term implications of posting everyday activities, pictures, or updates about seemingly innocuous information or activities.
People who engage in “doxing” are usually doing it to scare or harass the person they have targeted. If someone targets you and claims to have your information, do not discuss it online or make it public, and do not become confrontational. You may very well be taking the bait the doxer is holding out, and you may inadvertently be confirming the authenticity of the information the doxer thinks he’s acquired. It can also encourage the person to harass you even more in order to get a stronger reaction out of you. Even if he threatens to release the information online, do not confront him or talk about it online. Report it to online moderators, and be sure to report the situation to the police as stalking or cyberbullying, so there is a confirmed paper trail of the initial behavior if the situation escalates.
The following information contains some suggestions that can help you stay safe online:
- Do not use your name or birthdate in your email, Twitter, Facebook, or other online profile names, such as firstname.lastname@example.org . This is the first thing doxers will look for, and it is an easy way to identify you if there are other people with a similar name.
- Use different names for each online profile. For example, do not use the same user name for your Facebook that you use on Pinterest. This will make it harder for people you don’t know to locate you in each social networking sphere.
- Do not input your real birthdate into any social networking site. It’s fun to have people tell you “happy birthday” online, but this information can be used to find out sensitive data about you. Even though you can make it private, it is safer not to have this information on a publicly accessible site. Use a fake birthdate unless the site has an age requirement to establish an account.
- Do not accept friend requests from just anyone. Look into who they are first. If you aren’t sure about them or don’t like what you see in their profiles, don’t friend them.
- Do not download any files from people you don’t know, and look into files or links sent from account holders you do know, just in case that person’s account was hacked. Those files may contain viruses or other ways by which hackers may gain access to your computer. Do not click on any links or share your email address, phone number, or other personal information with individuals you do not personally know.
- When taking pictures you wish to share online, it’s important to disable the geolocation or location settings in your smartphone or camera before taking the picture. This function, known as “geotagging”, allows smartphones to embed time and date stamps within the picture’s file, along with the GPS coordinates of where the photo was taken. That information gets shared with the photo when you post it online; a cute picture of your child playing in his bedroom can feed the coordinates to a hacker with the know-how and software to retrieve them. Simply switch the location settings to off in your device’s main menu before taking pictures, but remember you’ll need to re-engage the location settings in order to use certain apps, like your map or navigation apps.
This fact sheet should not be used in lieu of legal advice. Any requests to reproduce this material, other than by individual victims for their own use, should be directed to email@example.com.