In this digital age, we go online to complete a growing majority of the business of daily life: shopping, banking, finding and applying for a job, filing taxes and even dating. The internet can save us time and effort on these mundane tasks, but it also means that a shocking amount of our personal data is available to criminals and trolls who may seek to do us harm.
What is Doxing?
“Doxing” is one of the newest methods that perpetrators are using to target their online victims. Doxing, short for “dropping documents,” was originally a revenge tactic developed by hackers in which they published private or embarrassing information about a rival online.
Today, doxing is often used to shame, punish or intimidate individuals for beliefs or behavior that may go against the mainstream of a larger group. The individual’s home address, phone number, place of employment or other identifying information may be shared widely online to invite others to harass them, or embarrassing photos of the victim may be posted on social media or other forums.
Doxing often inspires a mob-like response from the internet, and in many cases, the rush to judgement catches the wrong person in the crossfire. For example, a professor at the University of Arkansas was mistakenly identified in a photo as a white nationalist participating in the marches in Charlottesville, Virginia in 2017.
His name, home address and faculty photo were published online, and he received physical threats as well as demands that his employer fire him for his alleged involvement with hate groups. Fortunately, the university supported the victim, and local law enforcement protected his home and family until the furor subsided, but the doxing caused the innocent victim massive long-term emotional and physical upheaval.
In addition to the damage that doxing can cause, the exposure of personal information online can lead to secondary harassment known as swatting. In cases of swatting, perpetrators use the victim’s personal information to falsely report a serious situation like a bomb threat or armed standoff involving the victim. The goal is to get a SWAT team to swarm the person’s home or office to frighten them, but in at least one case, the swatting victim was mistakenly targeted and killed by law enforcement officers.
How Can Doxers Get My Personal Data?
Doxers can be extremely resourceful in tracking down information online. In many cases, they use a single clue or data point and follow its trail to uncover more personal information that they can use to target you. The methods described below are commonly used by cyberstalkers, trolls and other bad actors to gather information about you:
- Social media posts, discussion forums and message boards: If you post frequently on Facebook, Instagram or other online forums, you may be revealing more personal information than you realize. Doxers can use clues from your posts to narrow down details like your physical location, occupation and more.
- Packet sniffing: This hacking method typically involves intercepting your connection to a wireless network to capture your data in real time.
- File metadata: Doxers can use data embedded in Microsoft Office files and photos to gather details about who created the file or photo, the company or individual who owns the software and even the location from which it originated.
- IP logging: IP logging tools attach an undetectable code to a message or email that, once opened by the recipient, identifies their IP address and communicates it to the doxer.
How Can I Protect Myself from Doxing?
Fortunately, there are many preventive measures you can take to protect yourself from doxing.
Use a VPN
A Virtual Private Network (VPN) filters the information going to and from your computer to conceal your IP address, location and other information while also encrypting your data so even your internet service provider (ISP) can’t access it.
Don’t log in via social networks or other accounts
Many websites and apps let you circumvent the need to fill out new registration forms by clicking “Log in with Facebook” or “Log in with Google.” These shortcuts use the stored information from these sites to register you on the new site, which saves you time but also discloses far more information than is explicitly requested. By filling out forms manually, you limit the amount of information you expose to the site.
Lock down your social media accounts
Limit the amount of information available to strangers by updating your privacy settings and disabling geotagging.
Limit where you use your personal email address
Your personal email address (and work email address, for that matter) likely contains some or all of your real name and possibly other clues about your location or interests. It’s a good precaution to create a “burner” email address to be used solely for registering for discussion forums and other websites so your personal email address isn’t as vulnerable to hackers and doxers.
Opt out of data broker systems
Online data brokers like Intelius, PeekYou and WhitePages gather, store and sell your personal data, including your name, address, phone number, email address and even your Social Security number. Most brokers allow you to complete a form that removes your information from their system, but if you don’t have time to complete the opt-out process for dozens of individual data brokers, you can subscribe to a service like Removaly that will do it for you.