Are you a privacy pusher? Or a serial social sharer? Privacy remains an extremely important focus for many internet users. Understandably. The level of internet education continues to rise. As such, internet users appreciate exactly how their actions are tracked, monitored, and recorded. That said, there are still a majority that either do not understand at all, or understand and choose to ignore the privacy implications.
One major implication of a disregard for privacy is finding your "real life" persona compromised online. This is known as "doxing" and can be an extremely painful experience. No-one is secure from doxing. The threads of information we leave all over the internet can, for the most part, be easily traced back to us. Phone numbers, email addresses, names, home addresses -- you name it, and someone will be able to link it back to you.
Let's take a look at this privacy violating term, and see what you can do about stopping it dead.
What's a Dox?
The Oxford Dictionary defines a dox as:
[informal]: Search for and publish private or identifying information about (a particular individual) on the internet, typically with malicious intent:
'hackers and online vigilantes routinely dox both public and private figures'
The Oxford Dictionary is spot on, as you would expect. Doxing (also written as doxxing) is the process of obtaining or deducing information about a person based upon a limited set of initial information. In other words, doxing is the process of snooping around the internet for someone's personal information.
Doxing takes several forms, but most commonly involves taking a piece of information (e.g. an email address) and matching it to someone's identity. Furthermore, doxing is used for different reasons. For instance, someone might be doxed for their political affiliation, or for an alleged wrongdoing -- rightly or wrongly. Regrettably, doxing is usually a negative experience and, in some cases, has life-changing results.
More Than Privacy
Some people contend that doxing is the process of making private information public. This is vastly over-simplified, and doesn't acknowledge the victim. Information shared online is easily dredged back-up and used against someone. It also provides ammunition to the classic doxing defence: "it was already online."
This is how doxing has evolved. It is no longer difficult to find private information online. The vast majority of internet users make use of some form of social media (some 2.3 billion social media users. There are more than 3.2 billion internet users) and as such, post identifying information. Be that their real name, their location, their phone number, or anything else, it is a potential identifier.
The problem isn't necessarily the information. It is how that information will be used. Furthermore, it is the intent behind sharing that information. Sociologist Katherine Cross explains:
Doxing elevates one record above the vast, indistinct catalogues of the internet and paints a bullseye on it. When you dox someone, you're aggregating specific data from that sea of data points and putting it right in front of a hostile audience predisposed to hate the person in question.
Even if the info is, by some liberal definition, "publicly available" it is the act of elevating and organising it before a hostile crowd that completes the gesture of doxing someone.
Doxing is a loaded, weaponized action that is used to negatively impact a victim. In terms of an attack, it is an unnerving prospect. Once unleashed, the internet masses can be relentless, unabating, and disgustingly graphic in their torment.
Doxing is about power and control.
There Ought to Be Law
Let's explore a simple question: Is doxing illegal?
In word, no. Doxing itself isn't illegal. However, this depends on the type of personal data exposed and who is doxed.
For instance, if private information is disclosed that wasn't previously available in the public sphere (private facts known by small groups of other private friends do not count), this could be considered a breach of privacy. There might be a civil case, depending on the severity of the intrusion, but it certainly wouldn't be considered criminal. At least not straight away.
If the information was previously available and incites hatred, direct threats of violence, or other abusive behaviour, then it may become criminal. Similarly, if the information results in "swatting" -- calling in a hoax situation that requires a SWAT team -- it immediately becomes a federal crime.
Penalties for the latter are understandably increasing. In May, 2015, a 17-year-old hacker pleaded guilty to 23 charges of extortion, public mischief, false police reports, and criminal harassment. The teen utilized swatting against "mostly young female gamers" who had resisted his advances, tormenting the young women and their families in premeditated revenge actions. Other swatting incidents are easy to find.
Swatting illustrates the escalation of a doxing incident, and where the line between sharing public information and law enforcement intervention lies.
Difference Defined
Swatting aside, the line of definition is narrowing. Doxing is increasingly regarded as a form of stalking in the United States. As such, law enforcement use stalking as the foundation of the legal structure and terminology in doxing cases.
Revealing a "name" per se' may, or may not be considered "Doxing" depending on the level of anticipated anonymity. However, in this law, the term "restricted personal information" means, "with respect to an individual, the Social Security number, the home address, home phone number, mobile phone number, personal email, or home fax number of, and identifiable to, that individual." This is an important distinction to remember.
The application of this law isn't about providing definition as to the source of the information. Rather, it is applied to "acts that endanger the safety of or encourage attacks against a person or a person's family."
As a final aside, legislators are using the internet to their advantage, too. Acts committed on the internet spread into all states, thereby allowing victims to choose the state of filing. Consequently, attorneys are affirming representation to the state with the strongest legal position for doxing, cyber-harassment, or cyber-stalking.
Future Face Recognition
Face recognition technology isn't utilized by many online services. That is to say, the public do not have access to services that utilize facial recognition in a meaningful way. Facebook and other services automatically detect faces in an attempt to streamline the "tagging" process, but facial recognition is usually reserved for airports, shopping malls, and "all of Japan."
Facial recognition is emerging as a doxing tool. Russian website FindFace enables anyone to upload virtually any photo of a person in an attempt to match it to their profile on Russian social media network, VKontakte.
As with most shiny new internet toys, it didn't take long to find nefarious uses for the tool. According to Global Voices, members of the 4chan-esque Russian forum Dvach were using photos from porn sites to uncover the true identities of the models. Subsequently, the proof of concept experiment spiralled into extreme incidents of shaming and harassment. The reason for outing these women was "moral outrage," followed up with juvenile remarks that women who work in the sex industries are "corrupt and deceptive."
Infantile at best, and dangerously misogynistic and vacuous at worst, this is clearly an unwelcome insight into how facial recognition technology will be used to dox people in the very near future.
Staying Out of Sight
On the internet, nobody knows you're a dog. Until you're doxed, and they realize you're actually a Karelian Bear Dog. And by then, it might be too late. Remaining out of sight online sounds difficult, but it really comes down to auditing the information you regularly disclose -- as well as where you disclose it.
And although the internet is filled with anecdotes of individuals giving law enforcement officers impromptu lessons on the workings of social media, doxing is a very serious issue that is constantly gaining recognition. If you are a victim of doxing, you should reach out to your local authorities. Furthermore, the Crash Override Network provide support for the victims of online abuse, no matter how trivial it seems.
Have you been doxed? What happened to you? Was it through old information you'd disclosed? Or were your accounts accessed? Let us know your experiences below!
Image Credits: gangis khan/Shutterstock