The term “doxing”, also commonly known as “doxxing”, first emerged among online hackers in the 1990s. While the practice of revealing one’s private information has existed for a long time, the term originated from rival hackers “dropping docs” on each other, then led to “docs” becoming “dox”, and finally becoming a verb by itself, that is, without the prefix “drop”.
According to Kaspersky, doxing is “the act of revealing identifying information about someone online, such as their real name, home address, workplace, phone, financial, and other personal information, which is then circulated to the public without the victim’s permission”.
The feat is usually perpetrated by intimate partners, “friends” (both online and offline), internet strangers, media publications, companies, hackers, or anyone who may possess animosity towards you. One of the most well-known and earliest instances of doxing was when anti-abortion activists secured abortion providers' personal information, such as home addresses, phone numbers, and photographs, and posted them as a hit list.
The process of getting doxed starts small; this could be anywhere from social media snooping, as well as finding names, emails, or phone numbers. Because of how easy it is for individuals to have their private information relayed to the public, including through people search sites, Garbo does not provide access to an individual’s full name, address, or other personal identifying information.
These relatively minor pieces of information can lead to bigger stunts, such as examining file metadata, which can also impart individuals with personal information, as files such as Word documents have sections that reveal who set the document up and edited it, as well as when and where it was created. IP logging occurs when hackers slip an invisible piece of code called the IP logger into one’s device via texts or email, which allows them to track down one’s IP address. Wi-Fi Sniffing, another tactic to begin the doxing process, is when a hacker intercepts one’s internet connection, obtains real-time data, and steals sensitive details from a public Wi-Fi network.
Doxing is a relatively new phenomenon that has ramped up in the ever increasing digital age.
More and more studies are being conducted to study the impacts and effects of doxing.
So how can you protect yourself from being doxed in a technology-dominated world?
Traditional online background checks, you know, the ones you see ads and posts saying things like “Search Public Records. Phone, Address, Social, Marriage & Crime Records. Criminal Record Report” or “Anonymous Searching - See Anyone's Public Records. Enter Any Name To Reveal Records!”, are notoriously dangerous.
We really hate people search sites.
They provide easy access to information like your home address, phone numbers, email addresses, social media accounts, and more.
In our testing, we found that many of these types of sites had ZERO criminal records - even though they say they do! That’s why Garbo set out to revolutionize the online background check industry by focusing only on the reporting of violence.
You can request to remove your information from these sites one by one or use a service like DeleteMe.
A VPN, or a Virtual Private Network, can be easily found online. VPNs are useful as they secure your network and help to hide your private information by stopping applications or websites from keeping track of your activity online.
They’re not a silver bullet for online safety, but they are a good start to securing your personal information online.
Photo metadata is a set of data describing and providing information about the rights and administration of an image. This metadata, although beneficial for organizational purposes, also contains information such as the date and time the photograph was taken, camera settings, manufacturer make and model, and in the case of smartphones, the GPS coordinates of where the photo was taken. Removing photo metadata prior to sending an image to someone can be done by a quick Google Search, or you can check out the link here.
Strong passwords usually consist of at least ten characters, a combination of letters (upper and lowercase), numbers, and symbols, and have no relation to information about yourself (i.e. your birthday, name, pet’s name, etc) Password managers allow users to store, generate, and manage passwords for local applications and online services.
This can be anything from personal images to private information. If you find something on your Google results you can email the website to have them remove it. In the case that a website doesn’t respond or is unwilling to cooperate, you can try contacting them directly using either of these links:
Kaspersky writes that although online quizzes may appear harmless, you may unknowingly provide a rich source of personal information, which could come in the form of questions that serve as security questions or access to your social media accounts.
If you download a lot of new apps, you want to keep checking the permission settings you give them. If someone else has access to your device (a partner, a child, a family member) make sure you check your app permissions for unknown applications you did not download.
If you’re worried about being stalked or doxxed, make sure seemingly harmless apps don’t have your location turned on (like the friends feature on iPhones). Also make sure they didn’t give themselves access to your calendar.
This point is particularly relevant if you are in an abusive relationship or if you are afraid someone who has accessed your device might dox you. Learn more about digital stalking in one of our recent blog posts.
Unless absolutely necessary, avoid disclosing confidential information, such as home address, driver’s license number, Social Security Number, or any credit card or bank account information. This includes information sharing through emails, text messages, or phone calls. You never know who you're interacting with and they could be using tactics of love bombing to get you to share personal identifying information (PII).
Often times people are doxed because they become a victim to romance scams or other online dating scams.
Even opening an email can reveal your address to someone via IP trackers.
Never open or click on an email unless you:
The best way to make it more difficult for attackers to track your private information is to dox yourself. Slate shows that this can be done by:
As doxing is an act that reveals personal information of an individual online, doxing tends not to be illegal, specifically if the obtained details were exposed in a public domain and found using legal methods. However, doxing can also fall under laws in place to combat stalking, harassment, and threats.
Making doxing illegal also depends on the particular information shared by the perpetrator, as well as the doxing victim. For instance, disclosing an individual’s name on the internet would not be as serious as exposing home addresses, credit card numbers, or Social Security numbers. As for the victim, if they are a government employee, the perpetrator would be subject to breaking federal conspiracy laws and will have committed a federal offense. Because doxing is a relatively recent offense, as it began with the use of technology, laws are not set in place and not as flushed out. Regardless of whether doxing is legal, on many websites, doxing is seen as a violation of their terms of service, and the perpetrator can be banned.
Although there have not been any direct doxing laws written in the United States, efforts have been made in states such as California, which has a specific cybercrime law and other stalking laws that can apply to doxing.
Doxing legal action must first be divided into civil law and criminal law.
Here is some additional information about Doxing Criminal Cases.
State and federal laws relating to doxing in California include:
California Penal Code § 653.2 PC - Electronic Cyber Harassment
This is a state law for California that specifically targets cyber harassment, such as doxing. It makes it illegal for any person to use an electronic device, such as a computer, phone, or tablet to:
Violating this law can result in up to one year in county jail, and/or a fine of up to $1,000.
18 U.S. Code § 2261A (2015) – Stalking
This law runs through the federal courts and was originally written to target stalking. But the wording allows it to apply to cyberstalking and doxing.
It allows charges to be filed against anyone:
Learn more about what we recommend doing if you’ve been doxed.
In the case that you have been doxed, we recommend that you follow these steps:
Being doxed can lead to immense fear and panic. It’s completely normal to feel vulnerable and scared. Doxing is purposely made to inhibit your sense of security and trigger panic attacks, lash outs, or shut downs.
If you are a victim of doxing, here are some additional resources that may be of assistance:
The Victims of Crime VictimConnect Hotline is available 24/7 via:
Live chat: https://victimconnect.org/get-help/victimconnect-chat/
For more information, consult: