How Does Doxing Work?
How Does Doxing Work?
You may have heard the term “dox” or “doxxed” while browsing through the internet before. The term is often brought up in conversations around cyberbullying, extortion, blackmail, and activism. Just hearing the word itself is enough to raise an eyebrow… “so and so got doxed.”
If you’re here reading this post, then you’re either curious about the term or you’re looking for an in-depth explanation of what doxing is and how doxing works. If so, then you’re in luck!
Today, we’ll start by explaining what doxing is in the simplest terms. Then, we’ll examine the various reasons why doxing is so common, and how it can be used against you. Lastly, we’ll give you some great tips for how to prevent doxing (such as using a VPN service and setting social media profiles to private mode), and tell you what to do if you’ve been doxed.
Anybody with an online presence can be doxed, which means that everybody should give this a read. Doxing has become a serious issue in today’s society and it’s only going to get worse in the future. As you’ll see, doxing can have seriously detrimental effects on an individual’s personal life and can be quite harmful. While some doxing may be done with good intentions in mind, the majority is not.
So, with that in mind, here’s our detailed guide to how doxing works and how to prevent it!
What Exactly Is Doxing?
First things first, let’s start with a brief definition of what doxing is… According to the Oxford Dictionary:
- Dox: To search for and publish private or identifying information about (a particular individual) on the internet, typically with malicious intent.
Basically, doxing is the process of obtaining personal information on an individual and then using this information against them. The goal of doxing is typically to bully somebody, distribute private information across the internet, and/or to learn about somebody and make it easier for them to hack.
Think you’re immune to doxing? Well, think again.
If you own a single device that’s connected to the internet, then you could be doxed. Doxing can be very simple and limited in some cases; it can also be very detailed and powerful in others.
Some of the most common examples of a dox are where your personal name, social media accounts, and IP address are shared online (which is why we’ve been pushing using VPNs like Surfshark to hide your IP address). More complex doxes may involve your personal messages, pictures, family information, home addresses, employer information, etc.
The only limit to how effective a dox can be is how motivated the individual doxing you is. If they really don’t like you, then they may not stop doxing you until they’ve learned and shared every little piece of information possible about you.
How Can Doxing Be Used Against You?
Hopefully, by now, you’re starting to piece things together. Simply put, doxing can be used against you in virtually limitless ways. Your personal information is the ultimate leverage, so the more information that you’ve been doxed with, the worse things will be. The sad thing is that many victims of doxing will never even know who doxed them (unless they reveal themselves outright).
That being said, here are some of the most common ways that doxing can be used against you.
1. Cyberbullying and Revenge: Doxing is most commonly associated with cyberbullying. These days, it’s not uncommon to hear younger people talking about how people they know (or even themselves) got doxed.
One of the easiest ways to embarrass somebody is to share their personal information, private pictures, embarrassing moments, etc., online or within their friend group. Unfortunately, this part of what has contributed to the rise of cyberbullying; it’s just too easy, and the consequences are often nonexistent for cyberbullies.
In the same vein, doxing can also be used for revenge purposes. Maybe somebody feels as if you disrespected them, lied to them, or otherwise offended them and want revenge. So, they compile easily accessible private information about you and share it with the world or your friends and family.
2. Hacktivism: Doxing isn’t always done with malicious intent. In some cases, large corporations or shady criminals are doxed by so-called “hacktivists” or their victims. One such example of this was when numerous Hollywood actors and executives got exposed for pedophilia and sexual harassment throughout 2020.
The doxers would share these individuals’ private contact information along with pictures, messages, and other details to back up their claims. In some cases, innocent people had their reputations hurt; however, several really bad people also got called out publicly and had to face justice.
While we’re not promoting that you go out and start doxing people who you think are bad (this is an easy way to end up on the receiving end of a lawsuit), keep in mind that not all doxes are necessarily bad.
3. Extortion/Blackmail: Another common way that doxing can be used against you is for blackmail and extortion. Unlike cyberbullying, which typically involves your information being publicly shared, extortion and blackmail involve an exchange of sorts.
Usually, your doxer will contact you (often anonymously) and threaten to dox you and share your personal information online if you don’t comply with their requests or pay them money. They may even show you some of the information they have on you that will be leaked if you start having seconds thoughts.
Usually, we recommend that you don’t directly engage with these blackmail and extortion attempts as there’s no way to prevent them from doxing you after you pay them or give them what they want.
4. Law Enforcement: Law enforcement agencies often dox individuals by monitoring their online activity. For example, local agents or police could have certain flags set up which alert them whenever a Facebook user starts talking about illegal activities online. They can then do a deeper dig into their previous comments, posts, and other online activity.
They can then use this information as “probable cause” and get a warrant to search your property or detain you for questioning. Then, the information that they’ve obtained on you and your activities can be used against you in a court of law, often serving as the nail in the coffin and resulting in your imprisonment.
5. Human Resources and Student Admissions: You may be surprised to hear, but human resources agents and student admissions officers dox applicants all the time to make sure that they’re a good fit for the job or institution. This is why many 17-year-olds delete their old social media profiles (often showcasing immature posts and inappropriate pictures) and make newer, more professional profiles before applying to colleges!
In this case, the doxing is justified because it’s not technically being used against you. Often, when you sign an employment or college application, there’s fine print where you “agree” to allow the institution to perform an online search for you and check out your social media profiles.
6. Social Engineering Scams: Some hackers may use the information they find on you to help them hack you or otherwise scam you. For instance, they could find public information online about your family and see that you have a relative in the hospital.
Then, they could perform a social engineering scam where they call you and impersonate a nurse or a doctor at the hospital. Once they’ve gained your trust, they might trick you into giving up your social security number, full name, birthdates, and other information needed to steal your identity.
Is Doxing Illegal?
In most modern countries, doxing is most definitely illegal. There are some cases (i.e., law enforcement or you signing an employment contract) where doxing is legal, but almost all of the anonymous, maliciously-driven doxing on the internet is 100% illegal.
How Does Doxing Work?
Ever since you’ve been on the internet, you’ve been leaving little public “breadcrumbs” containing your personal data. Many details are already publicly available in phone books and public records, which means that the information just needs to be compiled.
Here are the two most common ways that people are doxed.
Manual Data Scraping
In some cases, you’ll be doxed manually. A hacker (or anybody, for that matter) might manually search for your social media pages, view your activity, look for your address, screenshot comments you made online, record Snapchat videos and photos you post, etc. Then, they can compile all of this data together and use it to threaten you or bully you.
Doxbin.org is a huge online database of dox information. Users can create anonymous accounts and then upload doxing information on just about anybody. The dox posts may include images, videos, screenshots, details about their IP address or physical address, their full name, their family member’s names, employment information, etc.
The legality of the platform is on shaky ground, and the site may not be around for much longer. Until then, however, it’s a source of information for hackers and scammers to use against you for malicious purposes.
Here’s an example of a Doxbin dox post:
How To Prevent Yourself From Getting Doxed
Now that you have a better idea of what doxing is and how one gets doxed, here are some helpful tips to prevent yourself from getting doxed.
1. Limit Personal Data You Share Online: If you don’t want people to know who you are, then simply don’t tell them. If you create online social media accounts, use fake names or non-identifying usernames. Don’t include clear photos of your face, or discuss where you live and work. Pretty simple, right?
2. Limit What Content You Share Online: The same goes for content. Keep in mind that all of your pictures, videos, live streams, etc., can be screenshotted or recorded by anybody viewing them. This information can later be used against you.
3. Think Before You Comment or Send DMs: Before you make that rude comment, message that girl (or guy) you like, or crack a joke that you think isn’t offensive… think. If the message or comment is in ill taste or could be misconstrued and used against you, don’t make it. Just look at how much trouble former US President Trump got in for misusing Twitter!
4. Use A VPN To Hide Your Location and IP Address: If you’re not using a VPN while browsing, almost anybody can identify your IP address and use it to guess your general location. If you check out Doxbin or other doxing sites, then you’ll see that IP addresses are some of the most commonly shared pieces of data!
If you use a high-quality VPN while browsing, your internet data and IP address will be re-routed through an encrypted, secure, remote server. This effectively masks your IP address and prevents hackers and doxers from snooping on your online browsing activity.
5. Set Your Social Profiles To Private: One way to prevent doxers from seeing your personal information is to set your social media profiles to private. This means that only your added friends and followers will be allowed to see your personal details, posts, and images.
What To Do If You’ve Been Doxed
If you’ve been doxed, then you may be able to make a legal case out of it (especially if you’re not hiding anything illegal). That being said, the first thing you should do is take screenshots and recordings of every piece of data being used against you, along with any communication from the doxer.
The next person you should call is your lawyer (preferably one who specializes in cybercrime). They’ll be able to examine the information and tell you whether or not you have a good case. If so, take their advice and follow their instructions.
You can also report illegal doxing to your local law enforcement. They will often have cybercrime divisions that are used to handling instances like these and may be able to help catch the criminal.
What makes doxing scary is that it could literally happen to anyone. Even if you’ve never shared anything you regretted online, other personal details, such as your address, medical records, email addresses, and other information can be shared by anybody who has access to it. Often, it will be a hacker on the other side of the world who’s targeting your information.
The best way to prevent yourself from becoming a victim is to limit the information you share online, practice being kind to online users, and use VPN’s to limit how scammers, hackers, and other third parties can track you and your online activity.
We hope you enjoyed this article! As always, remember to stay safe, and stay anonymous.