What Is Doxxing and How To Avoid Getting Doxxed?

One peculiarity of the internet is that we need to reveal certain pieces of personal information about ourselves before using most of its features.

From photos, location, preferences, and banking details to other forms of data, we often give the online world a pretty clear idea of who we are and what we do.

However, these pieces of information can be put together to build a data-based profile by other people, even without our knowledge. It can become risky when these personal details get into the hands of individuals who want to expose you to legal prosecution, criticism, bullying, embarrassment, or harm.

In this way, innocently sharing information on the internet can make you a victim of doxing – an online attack when someone researches and broadcasts private information about you, usually without your consent. This is why it’s important to protect yourself from this form of social engineering. Or at least know what to do if you fall victim.

What does doxxing mean?

In simple terms, doxxing is an online threat to user privacy. The word comes from an altered version of ‘documents’ – dox. It emerged about three decades ago when the first hackers used to ‘drop dox’ on people as a revenge tactic. However, for a broader definition, it means to search, collect, and publicly share personal information that can reveal the victim’s identity (whether it is an individual or organization) without their consent. 

It has gone from a tactic employed by hackers looking to disclose people’s anonymity and expose them to legal prosecution, to just anyone who has any form of malice against someone else online. From online gamers to cyberbullies, anyone can doxx you. And with the amount of doxxing incidents rising, it’s clear this could potentially happen to all of us.

The impact of doxxing can go from subtle consequences to life-changing ones. Some people’s lives have been ruined by doxxing.

Who can get doxxed?

Anyone on the internet can easily be doxxed. One reason is that identity theft is now harder to undertake than before, so the next malicious act down from this is doxxing. As we mentioned earlier, you don’t have to be a public figure to be a victim of doxxing. Anyone’s image and reputation can be torn down at any point on the internet, and it’s become a prevalent practice.

Most people have private information ranging from name, address, phone number, social security number, to names and contact details of family, check-ins, and other relevant information about them available online. Some of the social media platforms we use also make it easy for whoever plans to dox you to find your location without breaking into a sweat.

There are a lot of reasons why a person can get doxxed. The reasons usually come down to someone having malicious intentions against a person or company. It can be a form of revenge for an attack, slight, or criticism. It can even result from something as petty as beating them in an online game. It can also escalate to swatting – with the 2017 Call of Duty bet a classic example.

How harmful can doxxing be?

Obviously, doxxing may seem harmless – I mean, didn’t you deliberately put all that information on the internet for people to find? However, when someone researches deeply and acquires information you don’t even remember sharing online, then uses this to harm you, it can be an extreme act with damaging consequences.
 

The results of this can range from subtle things like:

• Exposing anonymous identities
• Prank calling
• Having to delete social media accounts

To life-changing consequences such as:

• Public shaming and humiliation
• Cyberbullying and social media backlash
• Harming a professional or personal reputation
• Identity theft
• Cyberattacks
• Legal prosecution
• Immediate relocation
• Loss of job, families, or homes
• Assaults and harassments
• Swatting (false reporting of incidents such as hostage situations at your home address)
• Loss of lives

How does doxxing work?

How do people get doxxed? The first step to doxxing is to collect private information on a person – from easy-to-get information (name, email, phone number) to advanced internet hacking to access hard-to-find details (credit card and Social Security numbers). Doxxing involves combining these two types of information hacking. It becomes way more straightforward for the attacker to get at a victim if they only have a low-level of cybersecurity in place.

Doxxing can take place in a day or over many months and go as far as uncovering an anonymous profile or buying and selling personal info on the dark web. Techniques for tapping information include:

Wi-Fi sniffing

Public Wi-Fi networks are the most common means for hackers to get personal information. A hacker will easily intercept the internet connection, obtain real-time data from you, such as from the websites you browse, and steal your sensitive details. They’ll have access to information including your personal data and passwords.

Examining file metadata

Your file metadata can give a lot more information about you than you know. For instance, a Word document’s details section will reveal who set it up and edited it, and when and where it was created. If a hacker gets access to these pieces of information, they can do a lot with it and learn a great deal about you.

Also, photos have EXIF data that can show the model of the camera or phone used to take the shot, its resolution, and the time the image was taken. It could also go as far as revealing your location if GPS was enabled when the photo was taken.

IP logging

When going the extra mile, hackers can slip an invisible piece of code called the IP logger into your device via texts or email. The IP logger allows them to track down your IP address.

What is swatting?

Swatting is an advanced level of doxxing. It’s merely using the information you have on someone to make a false report that leads a trail to them. It’s usually sent to the police. When someone makes a false report, the law enforcers rush in on the reported person with the information they’ve received. It often leads to hurt or a bad incident caused by the confusion. Swatting is fast becoming a dangerous phenomenon and works almost the same way as doxxing – by the derivation of information.

Is doxxing illegal?

The legality of doxxing will depend on the jurisdiction and the basis of the case. First, the most general rule is that if the information used was publicly available, then using it is not illegal. However, if the data wasn’t publicly available but was used to endanger the victim, it can be regarded as unlawful. 

Most EU countries consider doxxing illegal, especially if the information was private and difficult to obtain, and it violated the victim’s privacy or security. Also, there are other crimes and cybercrimes that the perpetrator can be charged for, depending on the nature of the case. It could include identity theft, harassment, or incitement to violence.

You can go to jail for doxing someone if you’re found guilty of committing a crime.

What to do if you’ve been doxxed

Figuring out whether you’ve been doxxed or not isn’t tough. Suppose you’re getting harassing calls or messages from anonymous people, or you have an unusual social media growth. These things can indicate you’ve been doxxed. Even if you aren’t quite sure, there are a few steps you can take right away. They include:

1. Document all the evidence you have
2. Report this to whatever platform your information appears on
3. Report the harassment and cybercrime to other appropriate authorities
4. Change passwords, enable multi-factor authentication where possible, and reinforce your privacy settings on your accounts
5. Get help from trusted people on how to navigate the issue
6. Temporarily or permanently change your number

How to protect yourself against doxxing

Doxxing can be a difficult matter to deal with. However, it can also be avoided. Here are some of the most important steps you can take to avoid being doxxed.

Limit and protect internet communications

Being on the internet and using social media platforms means that a fair amount of your information is already available online for others to access. You can provide your full name, contact, home and work address, birthday, photos, family and friends’ information, interests, and so on. Providing these alone can serve as an excellent avenue for those planning to dox you.

However, you can put a limit to this by using your privacy settings. Not only will this limit those that see your information, but also those that interact with you. Censoring your comments and participation on public forums like Reddit can also reduce your susceptibility to doxxing. 

It’s way better to take these preventive measures rather than trying to fix things after you’ve been doxxed. Locking down your social media accounts and limiting your internet communication with those you don’t know also helps.

Use varying passwords

• Avoid using the same password for all your social media platforms to reduce your risk of being hacked.
• Using the same password (and username) across platforms can make it easier for anyone who wants to find you to do so.
• Set unique passwords across sites and use complex passwords that’ll be difficult to hack.
• Make sure these passwords are at least 12 characters with a mixture of upper and lower case letters, numbers, and special keyboard characters. You can also use a password manager to create secure, strong passwords for each account.

Avoid logging in with Facebook and Google on pop-ups

So many sites make the ‘sign in with Facebook’ and ‘sign in with Google’ feature a part of their account creation process. This is to make syncing easier for you.

While this may seem like an easier route, not all sites are secure enough to protect your information. Some of the third-party sites or apps are intended to gather and compile your personal information. The more websites you connect to with the same login credentials, the more your personal data can be collected and compiled.

Signing into many different sites with your Facebook or Google account makes you particularly vulnerable to a breach. Any breach will give a hacker access to your information across these sites. Avoid this as much as you can to remain safe.

Avoid data broker sites

Data broker websites are sites that compile and sell enormous amounts of personal data to businesses. You may not be aware of any data broker website with an extensive file on you. However, the information they have could include your browsing history, financial receipts, buying habits, criminal histories, medical records, and so much more.

You can opt-out of these sites, but this usually involves long and frustrating processes. An all-in-one cybersecurity Clario software can help you with the information removal process and monitor any information leaks.

Protect your information with Clario’s cybersecurity software

The first step in doxxing is obtaining the potential victim’s personal information. However, you can give your information an extra layer of protection by using cybersecurity software. 

• First, you need to protect your IP address with a VPN. As mentioned before, your IP address can show your physical address and make your location identifiable. The best way to avoid any identification from uninvited sources is by using a VPN to hide your IP address. This way you connect to a server before the public internet. Clario’s software provides you with additional privacy benefits to block anyone from snooping on your online profile.
• Clario helps you avoid the risk of being monitored on the dark web. Any information related to you that has been leaked or shared on data broker sites will be removed to avoid a breach. If your personal information gets compromised, you’ll get an immediate alert so you can duly protect your information.
• Clario also allows you to protect your password from doxxing. All of your online security needs are covered by the Clario all in one cybersecurity software.

Take advantage of Clario and protect yourself today!

Read more:

• How to Avoid Social Engineering Attacks
• What Is Spoofing?
• How To Protect Your Right To Digital Privacy