Our private lives are considered our own, and we only let those in who we trust. It's why home break-ins, even if nothing valuable is taken, are so upsetting; it feels like a violation. Malicious intent motivates some people to locate your details and distribute them online as a form of violation.

This alarming practice has become so widespread as a means of digital violence that it even has a name; doxxing. It is a particular problem on social networks, especially public ones. Some users target people whose views they disagree with or even for something as fundamental as their gender, background, or ethnicity.

So, what does doxxed mean, how did doxxing become so commonplace, and is there anything you can do to prevent it?

What Does It Mean to Dox Someone?

Cyberattacker using a laptop

Generally, we think of our home as a safe place. It's one of the few spaces where we can be precisely how we want to be without fear of being judged. It's also incredibly intimate and personal. That's why we protect confidential information like our address. It's a similar situation with our work and social lives, too.

Innately, we value privacy, and we approach social situations differently. For instance, how you talk and behave around work colleagues is likely different from how you might interact with your friends. We silo our lives into areas based on trust.

Our home address, full name, workplace, and other personally identifiable details are only given out when we feel comfortable. However, online the situation is different. On the whole, we don't give out personal information publicly online, but we do present ourselves for others to see.

Whether that's our LinkedIn profile for professional reasons, Instagram for lifestyle sharing, or Twitter for expressing our opinions, we are often more public in our beliefs, thoughts, and interests than in the physical world. While this fosters connections with like-minded people, it also means that you are visible to everyone, not just those who you trust.

A segment of internet users believes it is right to harass, shame, or cause harm to people with whom they disagree. It's not possible to do physical harm online, so, instead, they switch to something that can sometimes be more harmful in the long run; fear and shame.

What Is Doxxing?

Examples of doxxing and online harassment

The attackers extract identifiable information using various techniques, including Open-Source Intelligence (OSINT), searching publicly available databases, analyzing social media posts and profiles, hacking, and social engineering.

Once they have this, they will publish it publicly online, hoping that their supporters or followers will harass you. This could be in an attempt to remove you from your position, get you fired from your job, cause embarrassment, and in some extreme cases, cause you physical harm.

Exposing information like this is known as doxxing. The term initially came from the abbreviation of documents, dox. Violating someone's privacy in this way became known as doxing, although it's now more common to use the double-x variant, doxxing.

Initially, it was a tactic employed in the early hacking scene, where most users were anonymous. In retribution for perceived slights or controversial views, hackers would dox other users to bring their true identity to law enforcement's attention.

While the methods used haven't changed much over time, the frequency and severity have. The hacking community understood the situations they were getting themselves into and the associated risks. If you are unclear about doxxing, Ana Dascalescu of Heimlan Security wrote a piece sharing stories of doxxing victims and examples and tactics on how doxxing is done today.

Hand typing on spreadsheet on the computer

Not that this justifies the technique, but they could at least be prepared for the eventuality. The most significant difference now is that doxxing is often targeted at regular users, those without protection, and for a wide range of, often trivial, reasons.

Similarly, people in positions of responsibility or involved with vaccines, politics, abortions, or other controversial areas, often find themselves at the receiving end of a doxxing attack. The same is true for women and non-white users frequently doxxed for misogynistic and racist reasons.

This has the compounding effect of driving already marginalized communities away from social networks and public spaces and creating positive connections. The use of malicious social media bots allows doxxers to overwhelm their victim as well. Each doxxing incident is an attempt to cause fear and harm to the individual involved.

However, cumulatively, these targeted attacks have a broader effect. Doxxing campaigns against institutions, or people with certain beliefs or characteristics, are an attempt to silence conversations and prevent freedom of speech.

Instead of creating a constructive debate, those responsible for the dox would rather silence the opposite side to hide a view on a particular issue; this has been common on topics such as the US elections, the COVID-19 pandemic, and even the war in Ukraine.

Is Doxxing Illegal?

judge's hammer on table

Unfortunately, doxxing is not illegal as a specific offense. It is illegal to hack someone's computer or personal device without permission, regardless of whether the information is accessed and released or not. These crimes can even reach state or federal courts. Now, doxxing is not illegal because it is primarily done using OSINT, which is publicly available information.

Regardless, if getting doxxed is perceived as a violation of privacy by a court, the concept and tactics are relatively new for legislators and courts to keep up with new laws to protect individuals. Similarly, not all government officials and legislators see it as a specific problem since doxxing is also used by journalists and activists to fight hate speech and unmask trolls.

There's another critical reason that doxxing is not illegal, despite the harm that it causes. As an offense, it is complicated to specify in law without being too broad, as each doxxing must be judged on a case-by-case scenario.

The court must analyze factors like personal reasons for doxxing, the damage done to the victim, the relationship of the victim and perpetrator, how the information was spread, the intent of doxxing, and so on separately. There's a delicate balance between legislation wide-ranging enough to cover all doxxing events and not too far-reaching to have unintended consequences.

That's not to say that legislation is impossible. Still, the combined effects of time, lack of political interest, and challenges in defining the problem result in no current legal remedy for doxxing. If you have been the victim of doxxing, you should still report the incident to the authorities.

Even though doxxing itself is not illegal, it could contribute to a different offense, such as harassment, stalking, or fraud if the information is used to constitute that specific offense. It's possible that, despite being unable to prosecute as a doxxing offense, there may be other legal options available. Law enforcement might resolve the case around how the perpetrator acquired the information and how they used it.

How To Protect Yourself from Doxxing Attacks

Woman Playing With Phone

While we'd like to imagine that most people are generally good, there are people out there who act maliciously. Before the internet, someone would need to know who you were to target you. However, these days we are easily discoverable online. As more people can see your profiles, interests, and beliefs, the more likely someone with bad intentions will come across your online presence. But worry not, there are plenty of things you can do to avoid doxxing, but here are the most basic ones:

As we mentioned earlier, most doxxing attacks' intended outcome is to cause fear and silence conversations. So, while it's perfectly reasonable to feel uncertain or even fearful of the potential, many believe that you shouldn't have to feel afraid of being who you are online. It's crucial to find a balance between expressing yourself and protecting your privacy.

First, you'll want to consider whether the things you want to post about could be regarded as controversial. If so, assess how you feel about the risk of identifying yourself with those topics. You may decide it's important to stand up for your beliefs but also value your safety and privacy. Consequently, it may be worth creating alternative accounts, profiles, or email addresses for talking about those issues.

Sign saying privacy please

Anonymity is undoubtedly a problem online as it allows people to be unpleasant without any repercussions. But anonymity is also one of the essential parts of the internet. There are expectations, societal pressures, and reputations to preserve in our real lives. Pseudonymous accounts allow us to express thoughts, feelings, and views that we may not be comfortable associating with our real-world persona.

Once you've decided how to present yourself online, it's essential to adjust your privacy settings on your accounts and social networks. You should also ensure strong, unique passwords for each service and consider using a password manager to store them securely.

Similarly, before posting anything online, think about what you give away about yourself by doing so. For example, snapping a photo on your street gives away where you live. There are plenty of types of information you shouldn't post online.

Staying Safe Online

Unfortunately, by its nature, doxxing is not something you can always prevent. If someone is determined enough to violate your privacy, they may be able to glean enough information to harm you. However, there are preventive steps you can take that'll make the task harder for them.

The good news is that these privacy-protecting actions are beneficial to you more generally and can help protect your information in a data breach. One of the most significant changes you can make is to switch from a free email provider, like Gmail or Outlook, to a secure, encrypted option like ProtonMail or Tutanota.