What is Doxing? How to Protect Yourself from Internet Humiliation

Doxing is the act of publishing private or identifying information about an individual or organization on the internet.

Doxing is short for Dropping Dox (documents), and it only has negative connotations. The intention of doxers is to harass victims by revealing information that's either incriminating, defamatory or just immensely embarrassing.

Doxing is sometimes spelled as Doxxing.

Though doxing primarily involves dumping confidential information on a publicly accessible website, this isn't always the case.

Because doxing is linked to the misuse of private information, social engineering techniques are still classified as doxing because the seized sensitive data is then used to launch cyberattacks.

The following information is targeted in doxxing attacks:

  • Personal photos
  • Contact information
  • Email accounts
  • Photos of family members
  • Social Security Numbers (SSN)
  • Phone numbers
  • Your full name
  • Real names
  • Embarrassing personal details
  • Home addresses
  • Credit card information
  • Bank account details
  • Criminal histories

Is Doxing Illegal?

Because doxing is accomplished through digital channels, it's a recent phenomenon and so the laws concerning it are still being established.

Doxing is unlikely to be classified as illegal if the accessed information was available within the public domain. But if this information threatens the safety of a targeted individual, the doxxing attack could cross the legal boundary.

Doxing attacks can spill over to cyberbullying territory, which could have serious legal consequences.

What Famous People Have Been Doxed?

Celebrities and politicians are at the highest risk of being doxed because they suffer the greatest negative impact from sensitive information exposure.

The following public figures have been doxed:

But doxing intentions aren't always malicious. Just as hacking includes an ethical category, white hat doxing also exists.

In 2015, hacktivist group Anonymous doxed hundreds of alleged KKK members, revealing names and social media profiles.

How to Check Your Risk of Being Doxed

Because so much of our personal information is displaced across multiple digital platforms, anyone could fall victim to a doxing attack.

The common methods used by doxers to prepare doxing attacks are outlined below. As a preliminary assessment of the level of cybersecurity you might need to protect yourself and your organization, you can use these techniques to search for your personal details.

Search Your Name in Google

You'd be surprised at the level of personal information that could be instantly available just by searching your name in Google. 

Details about your personal life you prefer to keep private could be published on University websites, social media websites, or former employer websites. 

Because a name search indicates the level of further effort required to salvage personal information, doxxers usually start with this step.

If you discover any information you'd like removed from the public domain, you can request Google to remove it by completing this form.

Search Your Domain Name in ICANN Lookup

ICANN Lookup identifies the owners of any domain name unless domain owners have organized privacy protection with their web host.

If your personal details are accessible through this search engine, ask your web host to make your registration details private.

Check the Level of Disclosure in Social Media Sccounts

Social media accounts are commonly targeted by cybercriminals because conventional cybersecurity methods haven't yet mastered this new threat landscape.

Search for your social media accounts without logging in and through a browser in incognito mode. If too much information is publicly available you should adjust your privacy settings.

Learn how to make your Facebook as private as possible.

Check If Third Parties Can Sniff Your Network Traffic

Packet sniffing is the process of analyzing network traffic. Cybercriminals could use packet sniffing techniques to access private information transfer in a network.

You can use the free packet sniffing tool Wireshark to determine the level of private network visibility available to unauthorized packet sniffers.

If you find that too much valuable network data is accessible to packet sniffers, a VPN should be implemented to block such access.

Reverse Search Your Mobile Number

Reverse mobile phone lookup services exist to help employers perform background checks on prospective employees. They can also be used to locate relatives and addresses of persons of interest.

Because of the sizable amount of private information potentially accessible, it's no surprise that phone lookup services could be used as a doxing tool.

Whitepages is the most popular reverse phone number service. To display a deeper level of information about a searched individual, beyond just the city and state linked to a phone number, Whitepages charges a fee.

These fees are worth paying to learn of the level of personal data that could be accessed when your mobile number is searched.

4 Ways to Reduce the Risk of Being Doxxed

Certain tactics could make your personal details difficult to access, increasing the difficulty of doxing attempts.

Some options are listed below.

1. Remove Your Data From Data Broker Websites

Data brokers (or information brokers) collect personal information about individuals, either from public records or through devious methods, and then sell this data to third parties.

Such data is usually purchased for advertising campaigns, but its ethical handling isn't always guaranteed. Malicious buyers could target contacts in phishing attacks which could result in data breaches.

Cybercriminals could even post data broker information on the criminal-infested dark web.

Detecting and shutting down such complex dark web data dumps requires the services of a professional data leak remediation solution.

Fortunately, most data brokers offer anyone the option of opting out of their database. By opting out, you will stop the distribution of your personal pieces of information and minimize doxing opportunities. 

Listed below are the largest data brokers in the United States. Each listing also includes a link to opt-out of its database.

Acxiom

Click here to opt-out of the Acxiom database.

Estimated wait time for record removal: 5 - 10 minutes

Epsilon Data Management

Click here to opt-out of the Epsilon Data Management database.

Estimated wait time for record removal: 5 - 10 minutes

Oracle America

Click here to opt-out of the Oracle America database.

Estimated wait time for record removal: 5 - 10  minutes

Equifax Information Services 

Click here to opt-out of Equifax Information Services credit card offers.

Click here to opt-out of Equifax Information Services marketing emails.

Estimated wait time for record removal: 10 - 45 minutes

Experian

Click here to opt-out of the Experian general database.

Click here to opt-out of the Experian pre-approved offers database.

Estimated wait time for record removal: 10 - 45 minutes

CoreLogic

Click here to opt-out of the CoreLogic database.

Estimated wait time for record removal: 10 - 15 minutes

2. Read Terms and Conditions Before Signing Up For a Service

To prevent being added to any of the above data brokers again, make sure you take the time to read the terms and conditions of every prospective service sign-up and mobile app download.

By law, every entity needs to inform its users how their personal data will be handled, this is especially a strict requirement in Europe.

You'd be surprised at the level of personal data access some of these services request, a level of access that's usually blindly approved.

3. Set Up Google Alerts for Your Personal Details

You can ask Google to alert you whenever your name, phone number, or any particular personal details, are published online.

This will help you reduce the time your personal details are publicly exposed before requesting their removal from Google search.

Learn how to set up Google alerts.

4. Use a VPN

Use a VPN to prevent your IP address from being exposed. With just this information, the following personal details can be deduced:

  • The geographical location of your device
  • The name of your Internet Service Provider (ISP)
  • Your web browsing activity

5. Make Wise Decisions Online

One of the best ways of reducing the chances of being doxed is by not posting content that could potentially be used against you.

Avoid publishing information that could facilitate identity theft or garnish your reputation. Especially avoid diatribes about sensitive issues.

What to Do If You Become a Victim of Doxing

If you or someone else you know falls victim to a doxing attack that leads to death threats or threatens personal safety, local law enforcement should be notified immediately. Screenshots of such incidents should be saved as evidence.

Ready to see
UpGuard in action?