Doxing, also known as “doxxing“, is a cyberbullying attempt to find someone’s sensitive personal information and post it online. Hackers use doxing to harass, threaten or retaliate against anyone online
While personal data may be more easily accessible, malicious individuals may gather information about you to harm you.
Table of Contents
What does Doxing someone mean?
The name Doxing is of English origin: a contraction of “dropping” and “Documents Word Docs”. It is a cyber attack to find the true identity of the internet user and an online threat to your privacy.
This fashion, which has been in the hacker community since the 90s, poses a great threat to any Internet user who engages in activities on the Internet and social networks.
Methods used to obtain this information include public databases and social media sites (such as Facebook, Twitter…), hacking, and social engineering.
The information sought in doxing might include:
- social profiles
- personal pictures
- social Security number
- last name and first name
- phone number
What is the goal of doxing practitioner?
Criminals can do doxing for a variety of reasons. In most cases, it is mainly used as an attack method.
- Video extortion and blackmail
- Support for justice from the community
- Business analysis
- Journalistic investigations
- revenge porn
Doxxing is often used in a negative way and is often triggered by revenge. There is no need to commit a criminal or immoral act to be a victim. The human tendency towards packing effect and unnecessary lynching can lead to dramatic situations.
Although in some cases the victims have committed reprehensible acts from a moral point of view, the unequal killings and consequences against themselves and their entourage are in no way justified. Internet users cannot replace justice when needed and can unilaterally attack anyone by establishing themselves as a People’s Tribunal.
Examples of doxing in recent years on social networks:
- A journalist mistakenly revealed the identity of an Internet user to a Twitter account owner in an article.
- Supermarket managers fired after the safari.
- The plight of textile manufacturers with the irresponsible behavior of private employees.
- A company has punished an employee who made racist comments on Twitter.
- Bad talk about student lifestyle after her statements in the report on student uncertainty.
- Taxpayers who use social networks to track fraudsters.
What is the Legal action against Doxers?
The law of the case varies from country to country. In the U.S, according to a legal arsenal case, the perpetrators of this type of attack could face up to 5 years in prison and a fine of up to 30,000$.
Under U.S law, depending on the acts committed and their use, doxing may fall within the scope of the penal code and be considered:
- Attack on privacy.
- A blasphemous rebuttal.
- Violation of the Privacy of Correspondence.
- Collection, processing, and disclosure of personal data without the consent or legal authority of the victim.
What are the potential consequences of Doxing?
Some victims had very difficult times, which in the most extreme cases led to suicide. The lives of the victims are chaotic for a long time, in many cases, their identity is linked to events in search engines.
Some attacks lead to media propaganda in the national media and magazines. The effects of this unwanted media coverage are that victims lose their jobs, their families, and their privacy.
Hiding the targets of these attacks, deleting all their online accounts, going home, changing owners…
Major Potential damages to Victims:
- Damage to personal or business reputation.
- Shame on the victim and her team.
- Making serious lies and raiding homes.
- Bad sensation for owner or brand ricochet.
- Aggression provokes a social response.
- Identity can lead to theft.
- Causes cyber attacks.
- Invite harassment and death threats.
Extensive coverage in the press and the Streisand Effect event for the victim.
How to avoid becoming a victim of Doxing?
To protect your personal data and avoid becoming a victim, here is a list of recommendations.
Pay attention to the metadata of your files
It is possible to learn a lot about yourself by looking at the metadata of your files. For example, if you go into the “details” of a word file, who created it, who edited it, on what date, by what company …
Images contain EXIF data that tells the smartphone model, its resolution, and the time the photo was taken. Additionally, if GPS is enabled while taking a photo it will also reveal your location.
Limit the information you share online
In general, the less information you make available to the public, the less likely you are to use it fraudulently or maliciously.
So limit the information you post online. Remove information you find illegal from search engines and the various sites on which it is placed.
Use Two-factor authentication
Use Two-factor authentication for essential services and social networks. Two-factor authentication should be enabled whenever available.
Think before you comment on social media
Review all texts in your tweets, Facebook messages, Instagram posts before posting. Is there any personally identifiable information about your location? Your contact details? Are your relatives? Your true identity? Your company?
The Internet gives you the freedom to express yourself, but also to give others the freedom to access any information you post. If you think you’re vulnerable to identity theft or profiling, be careful what you write and the reactions it causes.
Use disposable email and phone numbers
Use an e-mail other than your main e-mail when registering on forums or social networks. E-mail addresses are used as logins to create accounts on many sites (professional tools, e-commerce, institutional sites, etc.).
Most sites hack their database regularly. Email and passwords can be found for free download on dark websites.
Use unique e-mail addresses for each use and be sure to separate:
- Business e-mail: Used for business use and exchange only.
- Nominal or personal e-mail: Used only for personal exchanges and accounts on authorized sites (telephone subscription, taxes, EDF, social security, etc.).
- Non-Nominal Disposable Email: Used for all other uses (social networks, dating sites, e-commerce, newsletters, etc.).
Avoid hasty registration processes through Facebook or Google Account
Most apps and websites that require registration use the “Login with Facebook” or “Login with Google” button.
These login methods will register you on the website using the email you used to create your Facebook or Google Account.
The site will automatically give you access to information associated with your Facebook or Google Account, namely:
- Phone number
- Mother tongue
- Family information
- Even more
Use complex passwords
When dealing with the proliferation of online accounts, it is common practice to use the same password on multiple sites. Because multiple accounts have the same email/password attachment, hacking one of them allows access to other accounts.
For your safety:
- Use complex passwords (uppercase letters, numbers, special characters).
- Use different passwords on all sites.
- Do not type the password on or off your PC.
Doxing is generally defined as the deliberate public disclosure of personal data on the Internet, which is used to identify or trace a person without their permission. This often happens with the intent of insulting, threatening, intimidating, or punishing the identified person (Douglas, 2016, p. 199). Once personal data is released and transmitted over the Internet, it can be very difficult to erase it.
This “low-tech, high-harm” privacy breach often leads to extreme disruption and anxiety and sometimes even physical harm or other serious consequences (NYU Tandon School of Engineering). Hence there are pressing calls for legal intervention and regulation.
At first glance, there appear to be ample reasons to deny that doxing is a toxic practice and a form of technical violence and abuse (TFVA). Despite its undoubtedly dark side, doxing – or unauthorized disclosure of personal data – has become an important strategy even for those engaged in social work.
For example, netizens used doxing to uncover the identities of police officers who used excessive force on peaceful protesters during Occupy Wall Street (Tenold, 2018) and released personal data of a hacker group known by an anonymous name. Members as part of The fight against racism (Wolf, 2015).
Doxing is seen by some as a “power democratization“, a strategy of resistance and a political tool to expose and insult wrongdoers (Tenalds, 2018, paragraph 14). Trotter (2019) noted that doxing for political purposes is closely related to the concept of digital vigilance, which means that netizens take the law into their own hands in the name of justice.
Hey! now you understand what doxing is? Don’t forget to learn the precautionary measures that we have mentioned above in order to stay protected against such practices. And, also don’t forget to share this wonderful information with others. Thank You