With its roots in hacker communities of the 1990s, today, doxxing remains a widespread cybersecurity issue. If anything, the problem is growing. 21% of Americans (more than 43 million individuals) report having personally experienced doxxing. An even greater number, 62%, personally knew someone who had been the victim of a doxxing attack.
Damaging and deeply distressing, doxxing is an issue that everyone—businesses and individuals alike—should be aware of and prepared for. In this article, we’ll explore the problem in detail, and suggest a few helpful measures and tools which can protect from the impact of doxxing, or even help to prevent an attack in the first instance.
What Is Doxxing?
What, exactly, is meant by the term doxxing? The name itself is a portmanteau, drawn from the act of “dropping documents.” This reference to documents cites the earliest days of doxxing, where digital files relating to the victim would be published, with the intention of causing inconvenience, upset, loss of anonymity, or attracting wider condemnation.
Today, the act of doxxing remains largely unchanged. With so much personal information shared online, it’s perhaps unsurprising that this data is still being weaponized to attack individuals. Most commonly, doxxing is used as a way to “unmask” the author of opinions or content that the doxxer finds objectionable.
Generally, the idea is to shame and expose. Often, the victim of a doxxing attack will have previously shared or publicly posted the information obtained by the doxxer – for example, as a post made on a forum, or in a reply to a social media post. But doxxing acts as a dog whistle, pulling content out of context, summoning a digital mob and often bridging the digital divide, by revealing details such as home addresses and phone numbers, or highlighting controversial opinions or activities.
What Are the Dangers of Doxxing?
What impact can doxxing have? In the most serious cases, these attacks can result in real physical danger and even death. In the 1990s, anti-abortion activists publically revealed the home addresses, phone numbers, and photographs of medical staff involved in the provision of abortion services. Framed as a “hit list,” the website sharing these details actively incited violence towards the victims it exposed. Eight abortion providers were murdered by anti-abortion terrorists.
More commonly, doxxing encourages targeted online harassment or “real life” consequences of controversial actions shared online. A prime example of this comes in the form of the American dentist Walter Palmer, who sparked global outrage when he posted photos of himself with a dead lion, which he had paid to be lured away from a protected area so that he could track and kill it. Palmer’s place of work was quickly revealed and had to close as a result of sustained protest and barrage of negative online reviews. Details of a holiday home discovered to be owned by him were also published and this was vandalized.
As the above examples demonstrate, it’s important to note that although the act of doxxing occurs online, physical repercussions—whether threatened or actualized—can be a very real outcome. Another common practice linked to doxxing attacks that reveal the home address of a victim is the placing of prank calls to send third parties to the address with the intention of causing confusion, distress and inconvenience. On one end of the spectrum, this might involve the placing of repeated pizza delivery orders, or the delivery of excessive junk mail. More concerning is the practise of “swatting” whereby hoax calls reporting hostage or firearms-related emergencies lead to an armed response unit descending upon the address of the victim.
Is Doxxing Illegal?
As we hope this article has illustrated, the impact of doxxing can be devastating, causing untold distress and even physical harm to those involved. Is the act of doxxing illegal? Surprisingly, doxxing is not always considered a crime.
As the information exposed is generally already publicly available, having been shared by the victim of the attack, the act of reposting this data is not illegal. Of course, this doesn’t mean that doxxing (even of information which was previously consensually shared within the public sphere) cannot be highly damaging to an individual.
The act of doxxing crosses the line of legality once private information has been shared (for example, credit card information. The intention of the perpetrator, and the impact upon the victim can also be considered. No specific legislation stands against doxing in US federal law, but California’s Penal Code § 653.2 PC – Electronic Cyber Harassment is commonly applied to the act of doxxing, and 18 U.S. Code § 2261A (2015) – Stalking also contains wording which is increasingly applicable to doxxing.
Can you be arrested for doxxing? Yes, you absolutely can. More commonly however, you may be sued. Although it can be difficult to unmask doxxers, civil lawsuits are increasingly common as victims seek compensation from those who’ve exposed them.
Different Forms Of Doxxing
Having focused on the impact and legality of doxxing, it’s important to recognize the breadth of circumstances in which doxxing may occur online. Although the basis of doxxing remains similar, the motivations and methods behind each occurrence can differ quite considerably.
This kind of doxxing is perhaps the form most commonly linked to the term. It is based on a desire to cause harm or distress, often as a perceived “punishment” to those involved.
Gamergate was a notorious example of this “mob mentality” descending, as a right-wing component targeted game developers Zoë Quinn and Brianna Wu, and the feminist critic Anita Sarkeesian. A coordinated campaign of sustained harassment ensued, with private details being shared, and threats of physical violence being made.
This form of doxxing takes a more moral stance, often being framed as a kind of virtuous act of “Robin Hood” doxxing, sharing information for “public good” and increased transparency. Although not without their own brushes with controversy, the hacktivist group Anonymous offers one of the best examples of this form of doxxing—famous for acts such as the exposing of alleged Klu Klux Klan members.
This form of doxxing aims to expose someone’s previously anonymous online behaviour by proving their true identity. A recent example of this came when a popular Instagram influencer was found to be posting bullying content on an online gossip forum under a pseudonym. By matching posting locations, her identity was exposed.
This relates to the practice of IDing people within images shared online, typically with the intention of revealing controversial political leanings or linking them to criminal activity. Often “crowdsourced”—these quests to discover and share identities can be problematic, especially with regard to mistaken identities and acts of vigilantism.
How Can You Avoid Being Doxxed?
In the modern world, it’s unrealistic to expect to leave no digital footprint when it comes to our data, opinions, and activities. Accepting this, how can you minimize the risk of becoming a victim of doxxing?
- Limit information you share online, especially within public forums.
- Think before you comment i.e. how would this look taken out of context?
- Remain aware of content being posted online that relates to you (and proactively respond to defamatory comments.)
- Leverage a VPN to encrypt your online data and mask your IP address.
- Observed good password security practices, keeping chosen passwords unique and complex.
- Be wary of data brokers—be aware and proactively opt out.
- Within your professional life, take measures to ensure strong policies on exposing sensitive business information on collaborative platforms or on social media. Pagefreezer can help minimize data leakage of this kind via active keyword monitoring and alerts.
Doxxing And The Issue Of Evidence
Doxxing can have a big impact on the lives of its targets, and in many instances, civil or criminal cases will be raised as a result. In these circumstances, you may wish to collect evidence from digital sources to demonstrate the act of doxxing and to prove any wider campaign of online intimidation or harassment.
Collecting this evidence is not always as straightforward as might be hoped. The digital nature of the evidence brings up a few issues that require careful navigation. The first is a need to act quickly. Social media posts can be altered or deleted in a matter of seconds, so capturing evidence as soon as it is observed is essential.
Additionally, you may find yourself needing to collect information at scale. We all know how quickly information can spread online, and as posts are shared across multiple channels or platforms, you’ll need to ensure you’re capturing the complete picture, giving the widest possible context. Comment chains and replies will need to be expanded, and this can be a laborious process if conducted manually.
Screenshotting online evidence may appear to present an obvious solution to the need for rapid, contextual collection of evidence, but this has its shortcomings. It’s difficult to capture the full picture, and in order to collect the necessary information, multiple screenshots are likely to be required, which are difficult to organize and present in a valid, secure manner.
How Can WebPreserver Help?
When it comes to capturing online evidence, WebPreserver offers a means to instant “rapid response.” This secure Chrome plug-in offers the ability to collect evidence from any online source within seconds—meaning that as soon as a problem is observed, action can be taken quickly.
The issue of the time-consuming process of manually expanding comment threads and responses is eliminated, as WebPreserver performs this task automatically. This guarantees you’ll capture the evidence you require in its original form and context, making it harder for a defense team to challenge.
WebPreserver also ensures that all evidence captured is fully authenticated, captured in a way that renders it fully admissible in a legal setting. A 256-bit digital signature and timestamp is placed on all captured files using a certified Stratum-1 atomic clock. This means full compliance with the eSign act is guaranteed.
Another considerable benefit of evidence captured by WebPreserver is the ability to easily filter, search and explore by keyword to find the exact examples and instances you require to support your case. Easily capture entire forum threads or Twitter feeds, and then zero in on the exact evidence you require.
Doxxing: Counter the Risk with Effective Online Evidence Capture
As more of our lives are lived online and a greater amount of data is shared, the risk of doxxing is only set to increase. Taking the sensible measures outlined in this article can help reduce your risk of being doxxed, but in order to be fully prepared to defend yourself in the event of an attack, WebPreserver’s simple Chrome plugin helps you enjoy greater peace of mind – safe in the knowledge that you’re ready to collect evidence of any wrongdoing instantly, in just a couple of clicks.
Want to learn how you can collect online evidence of doxxing, or any other online attack? Have a look at our Online Investigation Guide.