Let’s admit it: these days our level of self-disclosure is sky-high. Websites, discussion forums, social media profiles filled up with personal details, photos, geotags – all telling the world about who and where you are.
We leave our footprints all over the Internet. And if there happens to be someone who is eager enough to collect all that info and share it publicly, you are likely to become a victim of doxing.
Searching, collecting and sharing personally identifiable information publicly against the target’s will is called doxing. The word ‘doxing’ comes from ‘dropping docs’ – a technique old-school hackers used as a revenge tactic back in the IRC times. What it meant was stripping away one’s anonymity to intimidate, harass, or even to draw the attention of law enforcement agencies. Of course, hackers, who strive to stay anonymous by any means, considered doxing a cruel attack.
Fast-forward to these days, doxing is a privacy-invading tactic that cyberbullies employ. You don’t even have to be a public figure – absolutely anyone can become a victim if they get on the radar of a bad character.
Just imagine: you leave a comment on an Instagram post. The owner of the page doesn’t like your opinion and decides to teach you a lesson by doxing you – publicly revealing your real identity, email address, telephone number, the company you work for and other details he or she can find on the Internet.
Motives for doxing always come from a negative place – to humiliate, cause public embarrassment or harm reputation, either personal or professional. Attackers may seek to bring their target to justice in the public eye, causing a potential nightmare of social backlash.
Again, doxing involves only the info that already exists somewhere on the Internet and can be dug out one way or another. The essence is putting it all together, piece by piece, and making it easily accessible to anyone. Doxing material can be a mix of personal details, financial documents, network data, embarrassing photos and other private files, signed petitions, as well as publicly shared opinions on social networks and discussion forums. Regardless of its extent, doxing is a serious privacy violation.
Methods for collecting information range from easy-as-pie info harvesting to advanced hacking.
Sometimes all it takes is compiling publicly available data. Combine a high level of self-disclosure with a low level of security – and voilà! An attacker can learn a surprising amount about a target by just grasping info that is publicly available online.
Here are other common techniques:
Public Wi-Fi networks are extremely vulnerable to hacking. A doxer can intercept your Internet connection without great effort and see real-time data going through the network. This means that your sensitive data, such as passwords and credit card data, is at high risk to be compromised.
By simply looking at your file metadata, an attacker can learn a great deal about you. For example, if you go to the ‘Details’ section of an MS Office file, you will see who created and who edited the file, as well as when and from what company any edits were made. Similarly, photos have the so-called EXIF data. It shows the model of a smartphone or camera, its resolution and the time when the photo was taken. Moreover, it can also reveal the location if GPS was enabled at the time of taking the photo.
Hackers can slip an IP logger – an invisible piece of code – into your device through an email or a message so they can sniff out your IP address.
Of course, the most persistent doxers can go far beyond than the mentioned, so it’s important to know what prevention steps you can take to avoid unpleasant consequences of doxing.
The good thing is, there are steps you can take to avoid doxing or at least to minimize its harm.
Follow these tips without delay to get peace of mind:
Search engines are likely the first place trolls go to collect info about a target. You can do the same to see what the Internet has to tell about you – simply run a search with your name on DuckDuckGo in the incognito mode.Why not Google? The great thing about the DuckDuckGo search tool is that it doesn’t do profiling and deliberately shows the same results to all users. This way, you can get the same view as a potential doxer.
Once you know what info about you is out there, try to take as much content off as possible. However, it can be challenging.
For trolls, breaking into your online accounts is like opening Pandora’s box. This is why you should protect all your accounts by enabling two-factor authentication if there’s an option to do so. Even if an attacker happens to know your password, they will bump into a wall at the next authentication step.
Although any kind of 2FA is better than nothing, it is recommended to avoid choosing SMS as a method of verification, as messages still can be intercepted. It is better to use trusted authentication apps, such as Google Authenticator.
If you haven’t changed your passwords for a while or, even worse, you’re using the same one for several accounts, wait no longer and create strong, unique passwords for each online service you’re signed up to.
What makes a password strong? Using at least 10 unique characters and making use of passphrases. Nevertheless, lengthy passwords are difficult to remember, so it is recommended to use a password manager, such as LastPass. Not only will it generate unique, lengthy passwords, but also keep them secure without you having to remember them all – just a single master password.
People tend to share a lot of personal details on social networks, both intentionally and accidentally. However, to avoid potential harm of doxing, the less info you reveal to strangers the better.
Your Facebook profile can be a goldmine for doxers if you don’t pay attention with whom you share your info. Make your profile, photos and status updates visible to friends only. Also, go through your ‘friends list’ regularly to eliminate those who you don’t know or don’t have to be in contact anymore.
Facebook lets you customize your privacy settings so you can stay in control of what you share and with whom. Dedicate some time to review your profile settings and adjust them for the sake of privacy.
A virtual private network is like a secure tunnel for your Internet traffic. Connecting to VPN encrypts your online data and hides your real IP address, so no snoopers could sniff your private information. With VPN, you can feel secure even on public Wi-Fi networks.
When choosing a VPN service, pick the one that follows a strict no-logs policy, like NordVPN. Extra security features, such as protection against malware and an ad blocker also comes in handy when cutting the ways doxers might try to access your private data.