Doxing

Doxing is the act of researching and publicly exposing private or identifying information, breaching personal privacy.

Back to glossary

Doxing, a term derived from the phrase "dropping documents", is a cyber threat that involves the public revelation of private information about an individual without their consent. This practice is typically carried out with malicious intent, often to harass, threaten, or intimidate the target. In the realm of cybersecurity, understanding doxing is crucial as it represents a significant threat to privacy and personal safety.

The act of doxing can have serious consequences, ranging from minor embarrassment to severe psychological distress, and in some cases, physical harm. The information revealed can include anything from a person's real name, address, and phone number, to more sensitive data like social security numbers, bank account details, and even personal photographs. This article aims to provide a comprehensive understanding of doxing, its techniques, and how to protect oneself from it.

History of doxing

The practice of doxing has its roots in the hacker culture of the 1990s, where it was used as a form of retaliation or punishment within the community. The term itself is derived from ""docs,"" short for documents, referring to the personal documents that were made public. Over time, the practice has evolved and spread beyond the hacker community, becoming a common tool of harassment online.

While doxing was initially a practice confined to obscure corners of the internet, it has since entered mainstream consciousness. High-profile cases of doxing, often involving celebrities or public figures, have brought the issue to the forefront of public discourse on internet privacy and cybersecurity.

Early instances

One of the earliest recorded instances of doxing occurred in the hacker community in the 1990s. Hackers would often dox each other as a form of retaliation, using their technical skills to uncover and reveal personal information about their rivals. This was often done as a way to assert dominance or to punish perceived wrongs.

These early instances of doxing were largely confined to the hacker community and did not receive much mainstream attention. However, they set the stage for the evolution of doxing into a widespread tool of harassment and intimidation online.

Mainstream recognition

The practice of doxing entered mainstream consciousness in the late 2000s and early 2010s, with several high-profile cases drawing public attention to the issue. These cases often involved celebrities or public figures being doxed, with their personal information being spread across the internet.

These high-profile cases brought the issue of doxing to the forefront of public discourse on internet privacy and cybersecurity. They also highlighted the serious consequences of doxing, with many victims reporting severe psychological distress and fear for their personal safety.

Techniques used in doxing

Doxing can be carried out using a variety of techniques, many of which involve the use of publicly available information. This can include information that the target has shared online themselves, as well as information that can be found through online databases and social media platforms.

Some doxers also use more advanced techniques, such as hacking and social engineering, to obtain private information. These techniques require a higher level of technical skill and are often used in more serious cases of doxing.

Publicly available information

One of the most common techniques used in doxing is the collection of publicly available information. This can include information that the target has shared online themselves, such as their name, location, and workplace. It can also include information that can be found through online databases and social media platforms, such as phone numbers and addresses.

Publicly available information can often provide a wealth of data about an individual. By piecing together this information, a doxer can build a comprehensive profile of their target, which can then be used to harass or intimidate them.

Hacking and social engineering

Some doxers use more advanced techniques, such as hacking and social engineering, to obtain private information. Hacking involves the use of technical skills to gain unauthorized access to a person's private data, such as their email account or personal files. Social engineering, on the other hand, involves manipulating people into revealing confidential information, often by posing as a trusted individual or organization.

These techniques require a higher level of technical skill and are often used in more serious cases of doxing. They can also have more severe consequences, as they can allow the doxer to access highly sensitive information, such as social security numbers and bank account details.

Consequences of doxing

The consequences of doxing can be severe, ranging from minor embarrassment to serious psychological distress and fear for personal safety. The impact of doxing can also extend beyond the individual target, affecting their family, friends, and even their workplace.

It's important to note that while doxing is often carried out with malicious intent, the consequences can be just as severe even when the doxer does not intend to cause harm. The public revelation of private information can lead to unintended consequences, such as identity theft or stalking by third parties.

Psychological impact

The psychological impact of doxing can be severe. Many victims report feeling violated and vulnerable after being doxed, with some even experiencing symptoms of post-traumatic stress disorder (PTSD). The fear and anxiety caused by doxing can also lead to other mental health issues, such as depression and anxiety disorders.

Furthermore, the public nature of doxing can lead to social stigma and isolation. Victims may feel judged or ostracized by their community, and may even be forced to change their lifestyle or move to a new location to escape the harassment.

Impact on personal safety

Doxing can also pose a serious threat to personal safety. In some cases, doxing has led to stalking, harassment, and even physical violence. This is particularly true when the doxed information includes sensitive details like home addresses or personal photographs.

Even when physical harm does not occur, the fear of such harm can have a significant impact on a person's sense of safety and well-being. Many victims of doxing report feeling constantly on edge and fearful for their safety, even in their own homes.

Preventing doxing

Preventing doxing involves taking steps to protect your personal information online. This can include being mindful of the information you share on social media, using strong and unique passwords, and regularly checking your privacy settings on online platforms.

It's also important to be aware of the signs of doxing and to know what to do if you become a target. This can include reporting the incident to the relevant authorities and seeking support from friends, family, and professional services.

Protecting personal information

One of the most effective ways to prevent doxing is to protect your personal information online. This can include being mindful of the information you share on social media, such as your location, workplace, and personal photos. It's also a good idea to regularly check your privacy settings on online platforms to ensure that your information is not being shared more widely than you intend.

Using strong and unique passwords can also help to protect your personal information. This can make it more difficult for doxers to gain unauthorized access to your accounts and personal data. It's also a good idea to use two-factor authentication whenever possible, as this adds an extra layer of security.

Recognizing and responding to doxing

Recognizing the signs of doxing can help you to respond quickly and effectively if you become a target. This can include unusual activity on your online accounts, such as unsolicited friend requests or messages, or the sudden appearance of your personal information online.

If you believe you have been doxed, it's important to report the incident to the relevant authorities. This can include the police, as well as the administrators of the website or platform where the doxing occurred. It's also important to seek support from friends, family, and professional services, as the psychological impact of doxing can be severe.

The legal aspects of doxing can be complex, as they often involve issues of privacy, free speech, and online harassment. In many jurisdictions, doxing is considered a criminal act, particularly when it involves the disclosure of sensitive information like social security numbers or bank account details. However, the laws surrounding doxing can vary widely from one jurisdiction to another, and enforcement can be challenging.

Despite these challenges, there have been several successful prosecutions of doxers in recent years. These cases have often involved serious cases of doxing, such as those involving threats of violence or the disclosure of highly sensitive information.

In many jurisdictions, there are legal protections in place to protect individuals from doxing. These can include laws against online harassment, stalking, and identity theft. In some cases, doxing can also be considered a form of defamation, particularly if the information revealed is false or misleading.

However, the laws surrounding doxing can vary widely from one jurisdiction to another. In some jurisdictions, doxing is not explicitly illegal, but can be prosecuted under other laws, such as those against harassment or invasion of privacy. In other jurisdictions, doxing is considered a criminal act in its own right.

Challenges in enforcement

Despite the legal protections in place, enforcing the laws against doxing can be challenging. One of the main challenges is the global nature of the internet, which can make it difficult to prosecute doxers who are located in different jurisdictions. The anonymity of the internet can also make it difficult to identify doxers and bring them to justice.

Furthermore, the legal definition of doxing can be vague and open to interpretation. This can make it difficult to prove that a particular act constitutes doxing, particularly in cases where the information revealed is publicly available.

Conclusion

Doxing is a serious cyber threat that can have severe consequences for its victims. Understanding the techniques used in doxing, the potential consequences, and the steps that can be taken to prevent it is crucial in the realm of cybersecurity.

While the internet has brought many benefits, it has also brought new challenges and threats. Doxing is one such threat, and it is one that requires a comprehensive and informed response. By understanding doxing and taking steps to protect ourselves and others, we can help to create a safer and more respectful online environment.

This post has been updated on 17-11-2023 by Sofie Meyer.

Author Sofie Meyer

About the author

Sofie Meyer is a copywriter and phishing aficionado here at Moxso. She has a master´s degree in Danish and a great interest in cybercrime, which resulted in a master thesis project on phishing.

Similar definitions

Semantics Surge protector Moniker Name server lookup (nslookup) Not safe for work (NSFW) GLib Dark Web Ransomware Trojan horse Chief technology officer (CTO) Cryptography Boltzmann constant Exclusive or gate (XOR) Persistence Default gateway