Privacy

Doxxing explained: What it is, how it works, and how to stay safe

Dawna Roberts

Nov 23, 202312 min read

Doxxing explained: What it is, how it works, and how to stay safe: Header image

Living in the modern digital age comes with dangers and challenges. One of them is doxxing, a practice that can be extremely harmful to the victim. 

If you aren’t yet aware of what doxxing is, keep reading to learn more about this threat, how it can affect you, and how to protect yourself. 

What is doxxing, or doxing?

Doxxing means the public release of private documents about someone online, revealing their most personal information without permission. 

Doxxing is considered harassment, and the person doing the doxxing is often trying to humiliate, bully, or harm the victim. 

Types of information that can be doxxed

The list of information that can be doxxed is vast. Here is a list of some of the most damaging personal details that might be leaked online:

  • Home address
  • Work address
  • Home phone number
  • Social security number
  • Driver’s license info
  • Passport info
  • Bank or credit card details
  • Personal communications (emails/texts/etc.)
  • Criminal history
  • Embarrassing private information or photos
Image of a driver's license ID.
Image by Pexels

Understanding doxxing

Typically, someone doxxes another person out of anger, spite, jealousy, or other malicious reasons. 

Many notable celebrities and public figures have been doxxed and suffered embarrassment and personal exposure after their personal information was posted online. 

It works when someone harvests data “breadcrumbs” by combing through the internet and other sources and then combining all the information they’ve gathered. Sometimes, doxxers use cybercriminal techniques to gather information, such as:

  • Phishing emails are where an attacker pretends to be another entity and requests information from the victim.
  • Social engineering is a technique where a bad actor gets someone to trust them and then asks for private information. 
  • Government and other public records are an excellent source of information for someone trying to put together a profile on an individual.
  • Man-in-the-middle attacks are used to collect private data by intercepting an online connection.
  • Social media stalking is another way perpetrators collect personal details about someone. 
  • Reverse lookups and data brokers are loaded with information, and doxxers use them to find information about people.
  • IP address tracking and packet sniffing are also used to collect data in doxxing attacks.

These are just some of the methods people use to get information about you to use in doxxing. Other times, the perpetrator may visit the dark web, where vast amounts of stolen personal information are bought and sold. 

Screenshot of a phishing email attempting to get info for doxxing.

Why is doxxing dangerous?

At the very least, doxxing is annoying and can be potentially damaging to a person’s reputation, career, and lifestyle. If enough information is leaked, the victim could suffer identity theft, which is very difficult to clean up and resolve.  

How and when did doxxing start?

Doxxing, also known as “doxing,” originated from hacker turf wars in the 1990s, when rival hackers would leak information about their competitors. The term “dropping documents” (shortened to docs) eventually evolved into “doxxing” and has since become a widespread problem not just among hackers. 

Doxxing is not illegal. So far, there are very few specific doxxing laws. However, courts handle them on a case-by-case basis as they come up. Typically, law enforcement charges doxxers with other crimes like harassment, stalking, cyberbullying, identity theft, or incitement to violence.

Local governments are starting to pass anti-doxxing laws. For example, Kentucky passed anti-doxxing legislation in 2021. Other countries like Hong Kong are doing the same. 

Why do people doxx?

People doxx others to punish, intimidate, or humiliate them. Regardless of the reason, doxxing results in a huge violation of privacy, something that has become very important to us all. 

Can doxxing lead to an arrest?

Even though doxxing is not illegal, a person can still be arrested for doxxing someone. Since there are no doxxing laws, law enforcement would instead charge the culprit with a related crime, such as stalking, harassment, or endangering the victim’s life. It all depends on the specifics of the case in question.

However, due to the online nature of doxxing, arresting someone for this would prove to be challenging if the perpetrator is located in another country and/or jurisdiction.

How to discover who doxxed you

Discovering who doxxed you can prove to be a difficult job, especially if they know basic skills to hide their identity, such as using a VPN. However, there are other things you can look out for that can give you a clue as to who they are. Here are a few:

  • Who has access to the leaked information? Make a list of everyone who had access to the leaked information. If that circle of people is small, then you have just narrowed your pool of suspects. For example, if embarrassing photos were leaked, who was there when the photo was taken? Who knew the photos existed?
  • Get professional tech help. There are things that can potentially identify a doxxer, but finding and analyzing this data can perhaps be outside of your scope. An IT tech professional can do it for you. They can look at details like metadata and IP addresses in an attempt to trace them back to the source.
  • Cross-reference the leaked information. The doxxer may have been careful to hide their tracks on one website. But were they as careful on other sites? Search for excerpts of the data to see if it appears anywhere else online. If it does, they may have gotten careless and left a telltale sign of who they are. Similarly, with images, do a reverse image search on Google and see if the images are elsewhere online.
  • Analyze social media interactions. If the information was leaked on social media, make a list of everyone who engaged with the post. Look at their profiles. Do they all have a common friend? Look for connections.

Keep in mind that tracing a doxxer can potentially be dangerous. Exercise extreme caution and go to the police if you have evidence of the doxxer’s identity.

How to protect yourself from a doxxing attack

So, how do you avoid being doxxed in the first place? What can you do to lessen or eliminate the risk of being doxxed?

Closely guard sensitive documents

With the rise of social media, everybody seems to think that it is natural to share every facet of their lives with complete strangers. There are those who share pictures of plane tickets, boarding passes, or newly acquired driver’s licenses, all of which contain highly valuable and sensitive information.

As a rule, never publicly share any sensitive information or documents online. And if you must do so, use a blurring tool to redact any sensitive information, such as your social security number and date of birth.

On a related note, set all social media posts with potentially sensitive information to “Friends Only.” And review your friends lists regularly.

Google yourself

A major way to stop doxxing in its tracks is to Google yourself and see what information is available about you online. If anything is embarrassing and/or potentially compromising, take proactive steps to have the information removed.

To remove information about you online:

  • Ask the site owner to remove the information. 
  • Take down old social media posts. 
  • Ask Google to delist the page (they will likely only comply if there is a legal reason for doing so).

If all else fails, report the website to the internet service provider hosting the site. You can find the ISP by performing an ICANN lookup. If you show the company what is on the site, you may be able to persuade them to remove the page or even the entire website.

Don’t get into arguments online

One way to gain a doxxer is to annoy them online, whether through a discussion about politics or publicly mocking them. Just don’t do it.

Many people deliberately court controversy online either for career reasons or to gain attention. But this can spectacularly backfire when someone calls them out on it. Nobody likes to be publicly humiliated. If the person has a thin-skinned vengeful streak in them, they may do everything in their power to hit back at you. Overall, try not to make enemies (although this is often easier said than done).

Never reveal your contact details

In an era when everything is digitized and personal data is sucked up by data brokers, safeguarding your information can feel like an exhausting endeavor. However, this doesn’t mean you should stop trying.

Here are a few ways to keep your information safe:

  • If you need to reveal an address for business reasons, set up a post office box.
  • If you need to give someone a phone number, give them a burner number.
  • If you need to give someone your name and you’re not sure about them, give them a fake one.
  • Never reveal the personal details of your spouse, children, or other relatives. Don’t distribute images of them online without their explicit permission.
  • Never publicly reveal your personal email addresses. Set up a separate throwaway email account for people you don’t completely trust yet.
  • If you need to chat online, use an encrypted platform such as WhatsApp or Signal.
  • As often as possible, disable GPS and location services on your phone. Never allow anyone to track you, and don’t share locations you frequently visit online.
  • To prevent someone from tracking you via your IP address, use a VPN to encrypt your IP address. Most importantly, always use a VPN when accessing public Wi-Fi, although you should ideally avoid public networks altogether. We recommend using ClearVPN.

Never loan your phone to someone

Since so much of your personal information is stored on your phone, you need to guard that phone extremely carefully. This means:

  • Never loaning it to someone
  • Always putting a PIN code on the screen
  • Locking down your installed apps
  • Never letting the phone out of your sight where someone could try to fiddle with it
  • Never putting any wallpapers on the lock screen that show potentially private information — even a picture of your dog wearing a collar can potentially expose you if the collar tag has a phone number (or the beginning of one) visible
  • Disabling app notifications on the lock screen that may show excerpts of private messages or emails

Use antivirus software

If someone has managed to get spyware onto your computer, they could use the data they steal to doxx you. It pays to run regular antivirus scans to uncover any current threats you may be facing. Check out Moonlock Engine, which will locate and eliminate malware, including spyware.

Use strong passwords and two-factor authentication

If your online accounts have been compromised in a data breach or someone may have directly hacked in, your risk of being doxxed has increased. The best way to avoid this scenario is to lock your online accounts down tight.

Use very strong passwords, store them in a secure password manager, and enable 2-factor authentication on accounts that support it. If the platform in question does not support 2FA, it may be time to switch to one that does.

The easiest way for a doxxer to plant a virus on your devices is to send you a phishing email with a link. They could be posing as a trusted individual or company, such as your bank.

You should also check the email header to see the email address the email originated from. If Bank of America is emailing you from a Gmail address, that tells you everything you need to know. Some hackers really don’t try very hard.

In general, if you receive an email asking you to click a link, don’t do it. Instead, go to the website in question directly and log in.

Have I been doxxed? Here are the signs to look for

Usually, people find out they have been doxxed when the information hits the internet and people get in contact to warn them — or, in some cases, to laugh at their misfortune. But sometimes, it can take a bit more time for the doxxing to become apparent.

What are the signs that you have been doxxed?

Your private information is showing up online

The obvious first sign is when you see your information showing up online. This may occur on social media, or you may be informed through a Google alert (which everyone should set up for their name). 

This is when you need to spring into action and take steps to get the content removed. You also need to find out how it was leaked and plug that hole immediately.

People start mentioning private things to you

This can be anybody from your employer to colleagues, friends, family, or online acquaintances. If your boss calls you into their office one day and asks about something that you thought was secret, then that should sound the alarm bells that something is very wrong.

Someone starts threatening you

Doxxing can take many forms. While it usually amounts to harassment, intimidation, bullying, and a desire to humiliate, it can also take more sinister turns.

Doxxing can lead to:

  • Threats on your life
  • Sexual harassment
  • Threats to abduct you or family members
  • Threats to expose further embarrassing information if you don’t meet their demands (anything of a sexual nature is called sextortion and is, unfortunately, an extremely serious problem)
  • Threats to come to your home address and harass you or members of your family

How to prevent doxxing

Preventing doxxing means beefing up your cybersecurity efforts and protecting your personal information at all costs. 

Some ways to prevent yourself from being doxxed include:

  • Hide your IP address using a VPN.
  • Keep your social media posts private and minimize what you share online.
  • Don’t log in with third-party options like Google, Apple, and Facebook.
  • Use a fake name and an alternate email address on public websites so no one knows who you are, and you can remain anonymous.
  • Set up multi-factor authentication on all your accounts.
  • Never share passwords or login information with anyone.
  • Use strong passwords and a password vault to keep them in.
  • Install antivirus/antimalware software on all your devices and run deep scans often.
  • Don’t connect to public Wi-Fi without a VPN.
  • Be aware of phishing and social engineering tactics. Don’t click links or respond.
  • Contact websites and data brokers and request the removal of your private information.
  • Set up Google alerts to be notified when you show up online. 
Hide your IP with CleanVPN.

How to recover after being doxxed

Recovering from a doxxing incident can take a long time in terms of repairing the damage caused, as well as the psychological trauma associated with it. The following are a few steps to help you ensure that you have completely recovered.

Talk to a mental health professional

If you are suffering mentally from the doxxing experience — and who wouldn’t be — seek the services of a professional therapist.

Press criminal charges

For the sake of closure, you should press criminal charges if the doxxer has been identified. The downside of this is that you will likely have to testify, and your personal information will be revealed again in court. If left unpunished, however, that person may come back and do it again.

At the very least, you’re sending a warning to other potential doxxers that you won’t tolerate their behavior.

Tighten up your online security

The next step is to repair the online damage caused to you. This should include:

  • Setting up new online accounts with strong passwords and 2-factor authentication
  • Taking a break from social media
  • Removing all non-professional information about you from the internet

Where do you report if you’ve been doxxed?

A lot of doxxing victims don’t report the incident because they think, rightly or wrongly, that nothing can be done. The fact is if you collect enough evidence for the police to work with, action can potentially be taken. Success is not guaranteed, but you need to fight back in all ways possible. 

From the moment it starts, start collecting evidence. This includes emails, screenshots, chat messages, email addresses and IP addresses you’ve been contacted from, and lists of people you have potentially annoyed recently. Anything that can help an investigator get started.

You should also report the incident to your bank, credit card company, and the credit bureaus. Take the proactive step of approaching your family and employer if you think the knowledge will affect your relationships with them.

Conclusion

Doxxing is an abhorrent activity that does nothing but cause tremendous amounts of stress, heartache, and damage to the victim’s life. Fortunately, as we have just shown, there are many proactive steps you can take to protect yourself from a doxxing incident, as well as mitigate the damage if a doxx starts on you.

You are never helpless. You have options to take advantage of and people on your side. Stand up for yourself and fight back.

Dawna Roberts Dawna Roberts
Dawna has spent her entire career in web dev, cybersecurity, and IT. Her work has been featured on Forbes, Adobe, Airtable, Backblaze, Cyberleaf, Lifewire, and other online publications for the past ten years.
You might also like
Is a VPN safe to use, and are there any privacy concerns with VPNs? Header image
Is a VPN safe to use, and are there any privacy concerns with VPNs?
Oct 18, 2024
10 min read
How to hide orders on Amazon and clear your browsing history: Header image
How to hide orders on Amazon and clear your browsing history
Oct 11, 2024
8 min read
Is my iPhone listening to me? Here's how to make it stop (Header image)
Is my iPhone listening to me? Here’s how to make it stop
Oct 4, 2024
7 min read