Doxxing: What It Is and How to Avoid It

Callum Tennent
By Callum TennentUpdated

Doxxing means publishing private information about someone online with intent to harass or intimidate. It’s ruined reputations, caused untold distress, and, on occasion, even lead to death. Here’s how to protect yourself.

An illustration of doxxing

Being doxxed can have serious consequences for your safety and privacy.

Doxxing and cyberbullying often go hand in hand, although doxxing has also been used, controversially, by journalists in pursuit of public interest stories.

A relatively new phenomenon, its popularity and frequency has only increased with the growth of social media and the storage of personal information online.

Information obtained in doxxing attacks is generally gathered from public or semi-public sources: website logs, WHOIS records, social media profiles, and simple Google searches or directories. In some cases, it’s harvested by more sinister means, like hacking or social engineering.

Read on to find out more on doxxing – plus how to stay safe from it.

Who’s at Risk From Doxxing?

If you have any identifiable data online then you are theoretically at risk of doxxing. Often people are doxxed without warning, and without doing anything to trigger it.

In recent years, doxxing has ‘outed’ people who were thought to have committed crimes, even though they were perfectly innocent. Perhaps the most tragic example is the suicide of Sunil Tripathi who was falsely accused of being involved in the Boston Marathon bombings by amateur researchers on Reddit.

Occasionally, journalists have been accused of doxxing people they’re investigating. Michael Hirsch was forced to quit as editor of Politico after sharing the home address of noted white supremacist Richard Spencer on his Facebook page.

The Real World Risks of Doxxing

Leaking someone’s home address is, perhaps on the surface at least, a relatively minor example of doxxing. You may think that the worst that could happen to you would be getting pizza deliveries you never asked for.

At the other end of the scale, though, you could have the world’s media turn up on your doorstep, or incur the wrath of thousands of social media vigilantes – a few of whom maybe start sending you malicious packages.

A doxxing could even result in a ‘swatting’. Named after the United States’ SWAT teams, it’s the practice of making false police reports in the hope that armed officers will come knocking on the target’s door.

A swatting it obviously terrifying at the very least, but has resulted in serious property damage and even death in recent years.

How to Protect Yourself Against Doxxing

An illustration of a Facebook home page

Once information is placed online, it’s practically impossible to remove it completely. That makes the first rule of doxxing prevention be sparing when sharing.

Gone are the days when information could be siloed, or assumed to be obscure. As the popular adage goes, the internet is forever.

Be Cautious on Social Media

Social networking sites are goldmines for doxxers. If you already use these kinds of sites, you should tighten up your privacy settings. At the very least, your profile should be never be public, and make sure you only accept connections and requests from other profiles you’re 100% sure you know.

Use a VPN

A VPN puts all of your internet use inside a secure, encrypted tunnel. It prevents casual eavesdroppers from picking up personal information about you, including ISPs, governments, and public WiFi snoopers who could otherwise capture data about you as you browse.

It’s important to use a good quality, reputable VPN provider while avoiding free services, companies that keep logs and services that leak personal details.

You can click the link to see our Best VPNs for 2019.

Keep Software Updated

Hackers are always looking for ways to install malware, usually with the aim of capturing personal data, payment information, and passwords.

Older operating systems often have vulnerabilities that make malware much easier to install. That’s why installing software updates is crucial; it makes it much more less likely that malicious software will be installed on your device, because each update patches known vulnerabilities in prior releases.

Remove Unwanted Apps and Extensions

Mobile apps and browser extensions are known to collect personal data, often without the full knowledge or consent of the user.

Every now and again, cleanse apps or remove them entirely so you have full control over what they’re collecting. Likewise, review browser extensions frequently and remove any that you don’t need or recognize.

Use Disposable Contact Details

An illustration of spam email

Many sites request contact details and personal data, and if you’re only planning to use the service temporarily, it might be wise to limit the information you disclose.

Equally, you may just not trust some websites – using false data is a good idea. For temporary sign-ups, disposable email addresses from sites like Guerrilla Mail or Temp Mail can be used once and then gotten rid of, protecting your real email address from phishing attacks and spam.

Outsource Privacy Protection

Specialist third party services can help to clean up your online profile and get personal data removed from websites or search.

You can provide them with a list of information, or you can ask them to do the research for you. DeleteMe is a good example of a service that will get your data removed from brokers’ lists.

Don't Take Risks

Just because you have nothing to hide doesn’t mean that your personal data can’t be weaponized – it’s unwise to be complacent.

Increasingly, modern internet users leave a data trail across the web; come to digital blows with the wrong person and you might find it’s packaged up and used against you.

You’ll be more at risk if you engage in controversial discussion or active internet communities, but even a viral blog post could be enough to attract a doxxer’s attention. And as we’ve seen, cases of mistaken identity are not uncommon.

Prevention is better than cure. You can use social media anonymously, which is a good start. And when signing up for websites it’s a good idea to avoid creating usernames that create links between your real life and your online persona.

Overall, tighten up your security; use encryption and sensible data safeguards to ensure you don’t let information slip.