Because we live our lives online, we reveal tons of information about ourselves. Your favorite websites and social media networks are all filled with personal information, photos, and geotags telling the world who and where you are. Your footprints are all over the internet; you regularly expose this information to your internet service provider, the websites you visit, data brokers, and many others. If someone doesn’t like you and is eager to collect the breadcrumbs, you may become a victim of doxxing.
Doxxing is a form of online harassment, which involves sharing a person’s private information; their name, address, or phone number, for example. Doxxers will search, collect, and publicly share personally identifiable information without a victim’s consent, and this can often lead to further harassment by people using the leaked details to target the person.
The word ‘doxxing’ comes from the term ‘dropping dox’ – a technique old-school hackers used as a revenge tactic back when IRC was popular. This was done to strip away one’s anonymity and intimidate or harass them, or even draw the attention of law enforcement agencies. For hackers, who strive to stay anonymous, doxxing was and still is a serious cyber threat.
Nowadays, doxxing is mostly employed by cyberbullies and online gamers. Someone might end up revealing personal information about you or your family members because they didn’t like the content you posted on social media or forums, or because they disliked you after you beat them at an online game. You don’t need to be a public figure — anyone can become a victim if information about them is available.
A doxxing attack might not seem harmful. What could someone do with your data if it already exists somewhere on the internet? Your details, like your home address, phone numbers, email addresses, and social security numbers, could be scattered across many platforms. But what if someone adds network data, financial documents, bank account information, private correspondence, embarrassing photos, signed petitions, and publicly shared opinions to the mix? Small, cherry-picked pieces of information can form a negative portrait of anyone. This is more than just a violation of your privacy. It can also:
Information collection methods range from easy-as-pie info harvesting to advanced hacking. Combine a high level of self-disclosure with a low level of security – and voilà! An attacker can learn a surprising amount about you.
Most common techniques include:
Public Wi-Fi networks are extremely vulnerable to hacking. A doxxer can intercept your internet connection without too much effort and see real-time data, like the websites you are visiting. This means that your sensitive data, such as login details and passwords, are at high risk of being compromised.
By simply looking at your file metadata, an attacker can learn a great deal about you. For example, if you go to the ‘Details’ section of a Word file, you will see who created, who edited it, when and possibly even from what company.
Similarly, photos have EXIF data. This shows the model of the smartphone or camera used to take the photo, its resolution, and the time when the photo was taken. Moreover, it can also reveal your location if GPS was enabled when the photo was taken.
Hackers can also slip an IP logger – an invisible piece of code – into your device through an email or a message so they can sniff out your IP address. IP addresses can be used to find your approximate geographical location.
Doxxing legality (or illegality) depends on the country internet users live in. However, if you reside in the US, there are federal and state laws that consider doxxing to be illegal, especially when it intentionally damages someone’s reputation or puts them in danger. Many EU countries also consider doxxing illegal, especially if the information was private or difficult to obtain and it violated the target’s privacy and security.
You can, and you should. Doxxing yourself is the best way to find out how much of your personal information is on the internet. This way, you can try to remove everything you don’t want available online.
What should you do with the information you find about yourself online? If you live in the European Union, you can demand that your personal data be erased from the website, thanks to the GDPR rules.
Unfortunately, it’s not as straightforward elsewhere in the world. You can still ask the website to delete information about you, and many will likely agree to do so. As for everything else, you will at least know what information about you is available online. And from this point onwards, you can be more careful. Make sure your new email, phone number, or home address do not end up online. Control what you and others post about you on social media, and be more careful with your data in general.
PRO TIP: Keep your social media profiles private. This is a good rule to follow for all-round privacy and security, but it’s particularly important for preventing doxxing.
The good thing is, there are steps you can take to avoid doxxing or at least minimize the risks.
Have you ever tried entering your name into a search engine? Give it a try because it’s the first place cyberbullies will go to collect information about you. Try using a privacy-oriented search engine. Why? Because Google provides search results based on your ‘user profile’ and your preferences, meaning you may not see the same information a hacker would.
Once you know what info about you is out there, try stripping as much of that content as possible. This can be challenging! A good chunk of it will most likely reside on Google’s platforms and your social media profiles. Use these guides to make your social media more private and to de-Googlify your life.
Forums or news websites that allow you to post anonymous or pseudo-anonymous comments still collect data about you like your IP address, which can reveal your location and your identity. If you feel the need to leave comments on websites, never enter your personal details that could result in identity theft, don’t log in with your social media accounts, and use a VPN to change your IP address.
Data brokers scrape the internet, gather your data in one place, and sell it to businesses. You can opt out, but because they make money from your data, they can make the process lengthy and frustrating. If you are not sure whether your data is on any such websites, you can check www.peoplefinder.com or www.whitepages.com.
Breaking into your online accounts is holy grail for hackers; it allows them to steal your data, commit identity theft, sell your private information on the dark web and launch other attacks against your contacts. Passwords are essential for protecting our financial accounts, social media profiles, and more. Make sure that you protect your accounts with strong and unique passwords. You can also use the NordPass random password generator. Don’t reuse your passwords and keep them safe. Password managers like NordPass can protect your data by storing it in an encrypted vault and remember them for you.
In addition, enable two-factor authentication wherever you can. Even if an attacker gets his hands on your password, they will bump into a wall at the next authentication step. Although any kind of 2FA is better than nothing, we recommend avoiding SMS as a method of verification, as they are vulnerable to sim swapping attacks.
Connecting to VPN encrypts your online data and hides your real IP address; it’s one of the most effective security measures that you can take. This way, snoopers won’t sniff your private information and you can enjoy safe online gaming. With VPN, you can even make public Wi-Fi secure.
When choosing a VPN service, pick one like NordVPN. With Threat Protection included, you’re protected against suspicious websites that host malware while our ad blocker can also prevent doxxers from accessing your private data.
Check out our video on preventing doxxing below.