Doxxing means publishing private information about someone online to harass or intimidate them. It has ruined reputations and caused untold distress to hundreds of people. On occasion, doxxing has resulted in injury or even death.
Being doxxed can have serious consequences for your safety and privacy. How can you prevent it?
Doxxing and cyberbullying often go hand in hand, although doxxing has also been used — controversially — by journalists in pursuit of public interest stories. It’s a relatively new phenomenon grown out of early internet subculture, but it’s gaining both popularity and efficacy, driven partly by social media.
Information obtained in doxxing attacks is generally gathered from public or semi-public sources: website logs, WHOIS records, social media profiles,and simple Google searches or directories. In some cases, it’s harvested by more sinister means like hacking or social engineering.
Who’s at Risk from Doxxing?
Anyone who has data online is theoretically at risk of doxxing. Often people are doxxed without warning,and without doing anything to trigger or provoke it.
In recent years, doxxing has ‘outed’ people who were understood to have committed crimes even though they were perfectly innocent. Perhaps the most tragic example is the suicide of Sunil Tripathi who was falsely accused of being involved in the Boston Marathon bombings by amateur researchers on Reddit.
Occasionally, journalists have been accused of doxxing people they’re investigating. Michael Hirsch was forced to quit as editor of Politico after sharing the home address of a white nationalist on Facebook.
If you have any kind of online profile, you’re also technically at risk.
The Real-World Risks of Doxxing
Leaking someone’s home address is, on the surface, a relatively minor example of doxxing. If this happens to you, you could wind up getting pizza deliveries you never asked for.
At the other end of the scale, you could have the world’s media turn up on your doorstep,or incur the wrath of thousands of social media adversaries, a few of whom could start sending you malicious packages.
In the context of doxxing, the word ‘swatting’ is sometimes used. This refers to the practice of making false police reports in the hope that armed officers — SWAT teams — will come knocking on the target’s door. A swatting attack would clearly be frightening, but it could also result in injury or property damage depending on the false report that’s filed.
How to Protect Yourself Against Doxxing
Once information is placed online, it’s practically impossible to remove it. So the first rule of doxxing prevention is to be sparing when sharing. Gone are the days when information could be siloed or assumed to be obscure.
Be Cautious on Social Media
Social networking sites are an obvious goldmine for doxxers. If you already use these kinds of sites, you might want to tighten up your privacy settings — at the very least, your profile should never be public.
Use a VPN
A VPN puts all of your internet use inside a secure, encrypted tunnel. It prevents casual eavesdroppers from picking up personal information about you including ISPs, governments and public WiFi snoopers who could otherwise capture data about you as you browse. It’s important to use a good quality VPN, ideally avoiding free services and any companies that keep logs.
Keep Software Updated
Hackers are always looking for ways to install malware, usually with the aim of capturing personal data, payment information and passwords. Older operating systems often have vulnerabilities that make malware much easier to install. That’s why installing software updates is crucial; it makes it much more less likely that malicious software will be installed on your device because each update patches known vulnerabilities in prior releases.
Remove Unwanted Apps and Extensions
Mobile apps and browser extensions are known to collect personal data, often without the full knowledge or consent of the user. Every now and again, cleanse apps or remove them entirely so you have full control over what they’re collecting. Likewise, review browser extensions frequently and remove any that you don’t need or recognize.
Use Disposable Contact Details
Many sites request contact details and personal data, and if you’re only planning to use the service temporarily, it might be wise to limit the information you disclose. Equally, you may just not trust some websites — using false data here is a good idea.
For temporary sign-ups, ‘burner’ email addresses can be used once and then be disposed of, thereby protecting your real email address from phishing attacks and spam.
Outsource Privacy Protection
Specialist third-party services can help to clean up your online profile and get personal data removed from websites or search engines. You can provide them with a list of information, or you can ask them to do the research for you. DeleteMe is a good example of a service that will get your data removed from brokers’ lists.
You may assume you have nothing to hide, but when it comes to personal data, it’s unwise to be complacent. Increasingly, modern internet users leave a ‘data trail’ across the web; pick a fight with the wrong internet user, and you might find it’s packaged up and used against you.
You’ll be more at risk if you engage in controversial discussion or active internet communities, but even a viral blog post could be enough to attract the doxxer’s attention. And as we’ve seen, cases of mistaken identity are not uncommon.
Prevention is better than cure. You can use social media anonymously, which is a good start. And when signing up for websites, it’s a good idea to avoid creating usernames that create links between your real life and your online persona.
Overall, tighten up your security, use encryption and implement sensible data safeguards to ensure you don’t let information slip.
About the Author: Susan Alexandra is a small business owner, traveler and investor of cryptocurrencies. She is just another creative writer helping to create the kind of information that young people want.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.