What is doxing, and how do you protect yourself from it?

What does doxing mean?

Doxing is an abbreviated form of “dropping dox”, an old revenge tactic created by the hacking community in the 1990s. Hackers would find and release documents – known as “dox” or docs – about previously-anonymous rivals, revealing their true identities and exposing them to authorities who might have been trying to track them down.

Doxing has since evolved into a more mainstream type of online harassment. It usually involves uncovering and compiling someone’s personal information without their knowledge or permission — such as their real name, address, job, or phone number — and sharing it publicly on the internet.

Many people are increasing the amount of time they spend online and, as a consequence, the amount of information they’re revealing about themselves. For example, your social media pages might have posts with photos, geotags, and other identifying information attached to them.

“Doxing has since evolved into a more mainstream type of online harassment."

There are also internet service providers, data brokers, and other companies that want to collect and trade data about you. These records might not be public, but there’s a chance that a company with access to them could be breached, exposing that information to opportunistic bullies and trolls.

The bottom line is that if someone wants to harass you, they can often find and follow the digital ‘footprints’ you’ve left online, piece together your personal information, and share it without your consent.

Who is at risk of doxing?

In the past, internet trolls and bullies would often focus their efforts on public figures, celebrities, and people with a large following or status online. The average person wasn’t usually at risk of having their personal information collected and shared publicly.

But doxing is no longer limited to celebrities, journalists, social media influencers, and politicians. The internet playing a larger role in our lives has led to a rise in the number and types of people being doxed. Anyone can potentially be a victim of doxing — all it takes is someone who dislikes or disagrees with you enough to spend the time to search out, compile, and release your private information in the hopes that you’ll get fired, publicly shamed, or harassed.

Doxing for social engineering

The end goal of doxing isn’t always to release someone’s private information onto the internet. Sometimes a criminal will dox a target in order to hack or break into their online accounts.

In these instances, an attacker will still search for ‘breadcrumbs’ of your personal information. But rather than exposing them to the public, they might keep these facts and try to use them to access some of your online accounts.

“The attacker might use what they’ve learned to try to guess your usernames and passwords."

For example, the attacker might use what they’ve learned to try to guess your usernames and passwords, answer security questions, or persuade someone via a phone call, email, or live chat that they’re the account owner.

What tactics are used to dox someone?

You might not have realized or stopped to consider how much of a footprint you’re leaving online, or how much of your personal identity is already on the internet. Doxers can collect ‘breadcrumbs’ from all over the internet, then use those details to invade a person’s privacy and reveal information without their consent.

There are many tactics doxers might use to discover information about you. For example, they could look through your social media profiles, as well as the friends and followers connected to them. They might try to pin down your IP address to reveal your physical location, launch phishing campaigns, or even look through public records.

How to protect yourself against doxing

The best way to protect yourself against doxing is to be conscious of the information you’re sharing online. If you haven’t already done so, take some time to review and prune what you’ve posted previously, as this will help protect what you want to remain private.

There are a number of other actions you can take to minimize your online footprint and avoid leaving ‘breadcrumbs.’ Here are a few steps you can take:

1) Be mindful of what you post on public social media accounts. To protect yourself, consider making some of your accounts private, or using tools and settings to control who can see what on your page.

Many people who use social media want a single, recognizable username for all their accounts. This can make professional profiles, personal brands, and content easier to find, share, and follow. But for all your other accounts, consider using random, unique usernames. If you use the same username for everything, it makes it easier for doxers to collect information from each account and put it together.

2) Avoid third-party login options. Websites will often try to use “sign in with” services to request information that you’ve shared with another company or platform. This means that your personal information is being shared and compiled by more companies, which could one day be breached and exposed to trolls.

3) Review your apps’ permissions to check what’s being shared and publicly accessible. Apps will often ask for all sorts of personal information, like your phone’s address book, photos, or location. Think carefully about these requests (does a recipe app really need to know your age?) and, where possible, minimize the permissions that you’ve already given to the apps on your devices.

Many of your online accounts likely contain a lot of information that you want to keep private. The best way to keep this data secure is by protecting your accounts with strong, unique passwords. A password manager like 1Password will help you create secure, distinctive passwords to guard each of your online accounts from potential attackers.

1Password’s Watchtower will also alert you if any of your passwords are affected by a data breach, so you can change them before a doxer tries to gain access to one of your accounts.

Staying safe online

Doxing is on the rise, and the tactics that bullies are using to collect people’s information are always changing. But that doesn’t mean there’s nothing you can do to protect yourself. Take the time to review what you’ve previously shared online and be mindful of the breadcrumbs you might be leaving on the internet each day. Using a password manager like 1Password will also help you remain vigilant and protect your passwords, addresses, and other private information from criminals, bullies, and trolls.

1Password