What is Doxxing? Why It’s Dangerous and How to Avoid It

Ever commented on Reddit, Quora, or any other forum-like platform? Maybe even made quirky remarks about Trump or any other political figure?

It seems innocent, right?

Well, in most cases, it is. But sometimes, people can get so offended by comments that they decide you need to be punished.

And when I say punished, I don’t mean someone leaving you a snarky reply or trolling you.

I’m talking about actions with real-life consequences, like plastering your personal information and pictures all over the internet. And this could be just the beginning.

In some cases, the offenders don’t stop at slamming their keyboards at or about you. They can harass you, publicly humiliate you, stalk you, call the cops on you, and affect your real life in very unexpected ways.

The practice is called doxxing, and it’s like cyberbullying on steroids.

Let’s take a closer look at it and what you can do to make sure it doesn’t happen to you.

The origins of doxxing

Doxxing activity began in the early 1990s, and its name comes from docs, the abbreviation of documents. Hackers used it as a revenge tactic against people they disagreed with, and it involved revealing their personal information in a publicly accessible file online.

As bad as it sounds, this was just the beginning. The soft version of doxxing toughened up, with dangerous consequences.

Let’s take the Tyler Barriss story, for example.

After Barris got into an argument with a gamer while playing Call of Duty, he made a so-called swatting call to local police reporting a fake hostage situation. Barriss gave the address where he thought his opponent lived.

However, the call led to the address of a man who had no connection to the situation.

As police officers believed this man killed his father and was holding family members hostage, they eventually shot him.

Doxxing isn’t always illegal

Clearly, doxxing can do a lot of damage. Yet, it’s not always a crime.

For example, if doxxers expose information that is part of public records (birth and marriage certificates, divorce records, etc.) even without your consent, it is not considered an illegal activity.

However, disclosing private information like bank statements, credit card numbers, personal email addresses, pictures, or other details is illegal.

But just like with plenty of other digital crimes, most often, victims fail to find justice.

Yet, that’s about to change in some parts of the world. For example, Kansas City and Kentucky have already passed anti-doxxing legislation.

You are vulnerable to doxxing

When you go online, you leave a footprint behind. And for someone who wants to know more about you, it can be merely a puzzle.

Research has even revealed that some people are more vulnerable than others.

Doxing, the act of broadcasting private or identifying information about an individual for the purpose of harassment, and particularly racial and gender-based harassment, has been well documented. Women, gender non-binary people, queer people, and racialized peoples are more likely to not just have their ideas attacked, but their identities attacked.
Alex Ketchum, PhD, Faculty Lecturer of the Institute for Gender, Sexuality, and Feminist Studies of McGill University, Canada

Here are some of the things that leave you vulnerable to doxxing.

Your forum posts

Plenty of doxxing cases start with comments posted on forums.

Cloaked by nicknames, people feel braver, and they can throw allegations around or really speak their minds. And that can turn into a dangerous game, even when you thought a throwaway account would be enough to keep you safe.

Let’s take a look at what happened to violentacrez.

Michael Brutsch, aka Violentacrez on Reddit, published many questionable things online, including photos of women (without their consent) and inappropriate jokes.

But after an American journalist revealed his true identity, Brutsch became a polarizing figure and was later fired from his job.

Here’s what advice Alex Hamerstone, a true online safety specialist, has to give you about doxxing:

Be aware of what information you are sharing and where it is in general and guard your privacy by limiting the amount of data you share. The one specific piece of technical advice I would give though is: don’t use the same username across multiple platforms. That is how a lot of people get “doxxed” (where doxxing is finding out and sharing the real name of someone and sharing it). They use a username in a place where someone can figure out their real name or phone number, and then use the same username on a site where they are trying to be anonymous…
Alex Hamerstone | TrustedSec The technology security consultants and researchers at TrustedSec are the best in the infosec world.

Get to know Alex Hamerstone here.

           

 

Your social media posts

Social media has always been one of doxxers’ favorite playgrounds.

If you’re an active social media poster, you often disclose more personal information than you imagine. Your pictures, check-ins, and opinions are all breadcrumbs that can lead people with malicious intent right back to you. And sometimes, people you don’t even know can take your pictures and post them on social media.

Such was the case of Kyle Quinn, a University of Arkansas assistant professor, who was mistaken for Andrew Dodson, a man who took part in a white supremacist rally in Charlottesville.

Because Quinn and Dodson shared similar facial features, Quinn was hit by waves of harassments, threats, and accusations of racism so intense he and his family became afraid to leave the house.

Find out more about the Charlottesville rally case that started on Twitter.

Your IP address

Once a doxxer is determined to make your life a living hell, you can expect anything, from phishing attempts to hacking your devices.

For example, a doxxer with some tech knowledge can trick you into getting some malicious code on your device and then use it to sniff your IP.

That’s dangerous because your IP address is the digital equivalent of your ID card, and it reveals a lot of details about you:

      • Your country
      • Your region
      • Your city
      • Your ZIP code
      • Your longitude
      • Your latitude

You can see why you should be the only one knowing your IP address.

7 ways to prevent doxxing

Let’s play a little game.

Use a search engine to look for your name and take a close look at everything that comes up. Imagine how someone who has a bone to pick with you would use all that info against you.

Doxxing is a lowball practice and should be legally charged as any other crime. We all wish the internet was a safe place; however, it’s not, and you should be especially cautious of everyone. In short: be wary of “kind strangers,” make sure you use strong passwords for your accounts, and that you change them regularly.
Ada Ivan, Malware Analyst, CyberGhost VPN

Here is a detailed view on what you can do to protect yourself from doxxing.

1. Don’t overshare

As tempting as it might be, don’t turn your social media accounts into detailed reports of your daily life or your holidays. Once they’re online, it’s safe to assume you’ll never really be able to take them down anymore.

Use all the privacy settings available to you and restrict access to your information and feed as much as possible. Oh, and don’t post your personal details on the internet.

If everything you’ve been ready here so far scared you off social media, consider deleting your accounts. Our guides are waiting for you:

2. Remove your personal info from apps

Whenever you have to create a new profile for you, only give out the mandatory information.

Using fake details is also a popular alternative, but be careful whenever you use it. It could lead to you getting locked out of your account or having it deleted.

What’s more, double-check the platforms where you log in with your social media accounts. They could automatically populate your profile with lots of details you’d like to keep private, like your full name, picture, email address, and date of birth.

3. Don’t recycle your passwords

You’ve probably heard this over and over by now. But it’s such a crucial piece of advice: you need to use strong and unique passwords for each account to protect your digital privacy. Change them regularly, pair them with a reliable password manager, and you’re good to go.

Always generate complex passwords that include letters, numbers, and symbols. The longer, the better, because you wouldn’t want your doxxer quickly guessing or brute-forcing your passwords.

It wouldn’t even be that complicated:

Password length
Time it takes to crack it
9-character long
Up to 5 days
10-character long
Up to 4 months
11-character long
Up to 10 years
12-character long
Up to 200 years

Also, try to fight the convenience of registering for new websites by using buttons like “Login with Facebook” or “Login with Google.” Sure, you have one less set of credentials to add to your password manager, but the drop in security might not be worth it.

For more details, check out our 5 tips for creating a secure password.

4. Use 2FA and prevent unauthorized logins

Besides using strong passwords, you should also use the two-factor authentication (2FA) method, at least for your most used and essential accounts.

2FA adds a second security layer to your credentials by sending you a token through a text message on your phone or by email.

This way, it’s harder for hackers or doxxers to gain access to your information. Knowing your password alone won’t be enough anymore to pass the authentication check.

5. Use a VPN

A VPN significantly reduces your chances of becoming a doxxing victim.

When using a VPN, your traffic goes through an encrypted tunnel, so no one can intercept your data.

Your IP address is hidden and replaced with a new one, commonly shared with other users. This way, you’re just a drop in the ocean, untraceable and unnoticeable.

6. Use an antivirus

Antivirus apps can keep your computer and personal information protected.

Hackers, including doxxers, use viruses or other malicious programs to get into your email, operating system, or files. And since an antivirus doesn’t just scan and block online attacks, but it also detects suspicious behavior, it’s a must for staying safe.

7. Learn how to stay safe from digital threats

Unfortunately, it’s not just the possibility of getting doxxed that’s worrying right now. The ever-growing number of cyberattacks is also alarming.

Now is the time to educate yourself and learn how to spot phishing emails and other digital dangers. For more details, we’ve put together this guide for you, detailing how to stay safe online in 10 easy steps.

 

What to do if you’ve been doxxed

If the damage is done and you’ve been doxxed, here’s what you must do next:

  1. Report the attack to the platforms where your personal information has been posted.
  2. Contact your local police department.
  3. Select Report from the drop-down menu.
  4. Document and save details of the situation step by step. Take screenshots and save the pages where your information has been posted.
  5. If your financial information has been compromised, get in touch with your bank asap.
  6. Increase your cybersecurity protection. Change your passwords and use all the other tips we’ve just shared with you.

Remember that your safety is the most important, so consider locking down your accounts for a while. And, regardless of the shame and mixed emotions you might be feeling, don’t suffer in silence. Seek out all the help you need.

Are you worried about getting doxxed? Is there a law in your country that states clear punishments for doxxers?

Let me know in the comments below!

Leave a comment

Write a comment

Your email address will not be published. Required fields are marked*