Have you ever heard of doxxing? Well, if you haven't, it's important you to today – doxxing can happen to anyone using the internet and often puts internet users in danger.
This guide will fill you in on everything you need to know – including how to keep yourself safe.
What is doxxing?
The word 'doxxing' refers to the process of 'dropping docs' or 'dox' – in other words, finding personal information about someone through the internet, such as their home address, banking information, or personal photographs, and making it public without their consent.
Importantly, there are no rules at all to what constitutes as 'doxxing' – it can be any sort of information a given individual does want to be made public.
A doxxer's aims are usually twofold:
- Intimidating the victim they have leaked private information about.
- Starting a perpetual loop of harassment by making that information available to others.
When did doxxing start?
The first official cases of doxxing date back to interactions on discussion site Usenet in the 1990s, where personal information would be posted during arguments as a form of retaliation.
Then, in 2003, Doxware came into existence. It's essentially the inverse of ransomware – instead of paying to get the personal information the ransomware has encrypted decrypted, as ransomware demands, Doxware demands you pay up or risk your personal information being published.
The practice stayed in the further corners of the internet for many years, with hackers, notoriously precious about their privacy, would dox each other. It then made its way over to places like Reddit and 4chan, before really hitting the mainstream internet in the last decade.
Since then, it has become an effective tool for not just criminals, hackers, or disgruntled citizens with an ax to grind with power, but for politicians themselves as well as activists, journalists and various others in 'public eye' professions on both side of the aisle.
Examples of doxxing
To avoid any misunderstanding, here are some famous examples of individuals who were doxxed in the last few years:
- Daily Beast Journalist Scott Bixby was doxxed this year after writing a not-so-flattering article about former presidential candidate Bernie Sanders' staffer using a private Twitter account to abuse others.
- Rapper Post Malone was 'accidentally' doxxed by YouTuber Jake Paul in 2017, who filmed the outside of his house during a collaborative YouTube video. Malone's house was broken into shortly after.
- 16-year-old Twitch streamer Kyle Giersdorf was doxxed in 2019, which resulted in a false police report being filed to his house and a SWAT team turning up at his door.
- In 2013, hackers published the financial details of 12 high-profile celebrities, including Beyonce and Jay Z.
It's important to remember that doxxing has proven fatal on more than one occasion – although the individuals mentioned above may have got off lightly, for others, the consequences are a lot more serious.
Types of doxxing
Vengeance and justice doxxing
The first large-scale doxxing study found revenge and justice were the two key motivations behind most instances of the practice.
This involves someone outing personal information of another individual who is perceived to have harmed or wronged them in some way. Justice-based doxxing often happens to politically controversial figures who are perceived to be supporting, endorsing or participating in injustices.
There are several examples of people who have taken vengeance on trolls by revealing the true identity behind accounts that have been sending them abuse.
Swatting
As Kyle from the above story will know, 'swatting' is a particularly high-stakes version of doxxing. Swatting takes place when someone's info is doxxed (specifically their house address), and then individuals who now have access to that public information filing false police reports about serious criminal activity in their house.
This has been happening to celebrities and US politicians for several years and is prevalent enough for the FBI to regularly put out statements warning people about it. It has also happened to several Twitch streamers, which seems to have some sort of sadistic appeal for doxxers as they then get to see the raid unfold on the stream.
Misplaced/Faulty doxxing
Some doxxing occurs by mistake. This doesn't mean the perpetrator didn't intend to release another individual's personal information – they just got the wrong person. This sort of mistake tends to occur in the aftermath of protests or riots – Kyle Quinn was doxxed in 2017 after he was mistaken for a Neo-Nazi photographed at a rally.
How do doxxers obtain personal information?
Your IP Address
People can find an individual's IP address and trace your online activities, which could then be used to reveal personal information about them.
Social Media
Hacking into the social media of an individual who hasn't bothered to use a strong password is a common way to access private information, or release private messages that have been sent from the account.
However, there's a concerning amount of personal information that can be obtained through just viewing the social media account of someone who hasn't bothered to adjust their privacy settings. For information about how to stay secure on social media check out our social media guide.
Data Brokers
Some hackers, particularly if they have a specific individual in mind, will look to infiltrate the data sold to companies for marketing purposes. Finding info about an individual by cross-referencing these lists gives the hackers much more detail and is often easier than trying to break into their social media accounts.
Other sources of public information
A much larger amount of information about you may be public than you initially think – there are tonnes of websites that compile public records, from family tree-tracing pages to background check sites.
Self-doxxing is finding exactly out what information is available about you online, knowing where it's located, and either managing it or requesting it be removed.
How do I protect myself from doxxing?
- Download a VPN to enhance your privacy
- Ask Google to remove data you do not want online
- Update your privacy settings on your social media
- Create 'burner' passwords for less secure sites
- Diversify the passwords you use for your favorite sites
- Never give out your personal information online
- Invest in an antivirus program to protect you from doxware
Use a VPN to protect against doxxing
Although it can't make you completely anonymous, a VPN will significantly enhance your privacy by making your internet traffic untraceable to you through masking your IP Address – which is one big piece of personal info.
Here are the most secure VPNs, and for an in-depth analysis see our detailed VPN reviews.
- ExpressVPN - The most secure VPN on our list. This service is super secure but doesn’t compromise on speed and performance.
- Private Internet Access - A secure zero-logs VPN. Not only is it packed with security features, but it has proven its no-logs policy in court!
- CyberGhost VPN - An easy-to-use VPN with watertight security. It offers slick apps for Android & iOS with the same great levels of privacy.
- Surfshark - A secure VPN that is packed with value. For $2.49 a month you get excellent encryption, privacy features and fast connection speeds.
- Proton VPN - A very secure VPN service from the developers of ProtonMail. With that pedigree it's no surprise that it made it into our top picks.
What should I do if someone doxxes me?
There are a couple of things you can do to limit the damage if you have been doxxed:
- Take screenshots or photos of the evidence, especially if you think you'll be taking legal action against the person who shared your information.
- Assess your personal safety: If you think your location may be compromised and you could be in imminent danger, contact the relevant law enforcement authorities.
- Speak to someone you trust: just like any problem, sharing the burden and a second pair of eyes can often be helpful.
- Report the doxxing to the platform it occurred on. They may be able to take the information down and ban the user who posted it.
- Keep track of what is going on: If your information has been compromised, you need to monitor where and when.