Because we live our lives online, we reveal tons of information about ourselves. Your favorite websites and social media networks are all filled with personal information, photos, and geotags telling the world who and where you are. Your footprints are all over the internet. If someone doesn’t like you and is eager to collect the breadcrumbs, you may become a victim of doxxing.
What is doxxing?
Searching, collecting and publicly sharing personally identifiable information against the target’s will is called doxxing. The word ‘doxxing’ comes from the term ‘dropping dox’ – a technique old-school hackers used as a revenge tactic back when IRC was popular. This was done to strip away one’s anonymity and intimidate or harass them, or even draw the attention of law enforcement agencies. For hackers, who strive to stay anonymous, doxxing was and still is a serious threat.
Nowadays, doxxing is mostly employed by cyberbullies and online gamers. Someone might doxx you because they didn’t like the content you posted on social media or forums, or maybe they disliked you because you beat them at an online game. You don’t need to be a public figure – anyone can become a victim if information about them is available.
How harmful can doxxing be?
Doxxing might not seem harmful. What could someone do with your data if it already exists somewhere on the internet? Your personal details, like your home address, phone numbers, email addresses, and social security numbers, could be scattered across many platforms. But what if someone adds network data, financial documents, embarrassing photos, signed petitions, and publicly shared opinions to the mix? Small, cherry-picked pieces of information can form a negative portrait of anyone. This is more than just a violation of your privacy. It can also:
- Harm your personal or professional reputation;
- Humiliate and embarrass you;
- Cause a potentially nightmarish social backlash;
- Lead to identity theft;
- Lead to future cyber attacks;
- Invite ongoing harassment and death threats;
- Lead to prank calls and swatting (false reporting of incidents such as hostage situations at your home address).
How does doxxing work?
Information collection methods range from easy-as-pie info harvesting to advanced hacking. Combine a high level of self-disclosure with a low level of security – and voilà! An attacker can learn a surprising amount about you.
Most common techniques include:
- Wi-Fi (packet) sniffing
Public Wi-Fi networks are extremely vulnerable to hacking. A doxxer can intercept your internet connection without too much effort and see real-time data, like the websites you are visiting. This means that your sensitive data, such as login details and passwords, are at high risk of being compromised.
- Analyzing file metadata
By simply looking at your file metadata, an attacker can learn a great deal about you. For example, if you go to the ‘Details’ section of a Word file, you will see who created, who edited it, when and possibly even from what company.
Similarly, photos have EXIF data. This shows the model of the smartphone or camera used to take the photo, its resolution, and the time when the photo was taken. Moreover, it can also reveal your location if GPS was enabled when the photo was taken.
- IP logging
Hackers can also slip an IP logger – an invisible piece of code – into your device through an email or a message so they can sniff out your IP address.
Is doxxing legal?
Doxxing legality (or illegality) depends on the country you live in. However, if you reside in the US, there are federal and state laws that consider doxxing illegal, especially when it intentionally damages someone’s reputation or puts them in danger. Many EU countries also consider doxxing illegal, especially if the information was private or difficult to obtain and it violated the target’s privacy and security.
How to prevent doxxing
The good thing is, there are steps you can take to avoid doxxing or at least minimize the risks.
#1: Limit information you share online
Have you ever tried entering your name into a search engine? Give it a try because it’s the first place cyberbullies will go to collect information about you. Try using a privacy-oriented search engine. Why? Because Google provides search results based on your ‘user profile’ and your preferences, meaning you may not see the same information a hacker would.
Once you know what info about you is out there, try stripping as much of that content as possible. This can be challenging! A good chunk of it will most likely reside on Google’s platforms and your social media profiles. Use these guides to make your social media more private and to de-Googlify your life.
#2: Think before you comment
Forums or news websites that allow you to post anonymous or pseudo-anonymous comments still collect data about you like your IP address, which can reveal your location and your identity. If you feel the need to leave comments on websites, never enter your personal details that could reveal your identity, don’t log in with your social media accounts, and use a VPN to change your IP address.
#3: Remove yourself from data broker websites
These websites scrape the internet, gather your data in one place, and sell it to businesses. You can opt out, but because they make money from your data, they can make the process lengthy and frustrating. If you are not sure whether your data is on any such websites, you can check www.peoplefinder.com or www.whitepages.com.
#4: Protect your passwords
Breaking into your online accounts is a golden grail for hackers. Make sure that you protect your accounts with strong and unique passwords. You can also use the NordPass random password generator. Don’t reuse your passwords and keep them safe. Password managers like NordPass can protect your data by storing it in an encrypted vault and remember them for you.
In addition, enable two-factor authentication wherever you can. Even if an attacker gets his hands on your password, they will bump into a wall at the next authentication step. Although any kind of 2FA is better than nothing, we recommend avoiding SMS as a method of verification, as they are vulnerable to sim swapping attacks.
#5: Use a virtual private network (VPN)
Connecting to VPN encrypts your online data and hides your real IP address, so snoopers can’t sniff your private information. With VPN, you can even feel secure on public Wi-Fi.
When choosing a VPN service, pick the one that follows a strict no-logs policy, like NordVPN. Extra security features, such as protection against malware and an ad blocker can also prevent doxxers from accessing your private data.