✨ New ✨ The Digital Services Act: A fireside chat covering all angles Watch it here → ×

What Is Doxxing and How Do You Prevent It?


    TLDR; Doxxing is like getting caught with spinach in your teeth, but way more embarrassing and potentially dangerous. Instead of food in your teeth, someone online dug up and publicly posted your full name, address, phone number, workplace, embarrassing photos, and even more private details.

    It’s like someone sneakily took a peek at your diary and then shared it with the whole world without your consent. The result is that your privacy is violated, and you might have to deal with people harassing you or even threatening your safety.

    In this article we will go into detail about what exactly doxxing is, how it is used (and abused) and what can be done to mitigate the problem for end users and the online platforms we all use.

    Illustration of hacker seizing information from unsuspecting person with laptop.

    What is doxxing?

    Doxxing is a form of online harassment involving the publication of personal information about an individual without their consent. This information can include details such as their full name, home address, telephone number, place of work, and other sensitive information.

    Doxxing is often carried out to expose, threaten, or intimidate someone and can lead to severe consequences, such as physical harm, stalking, or loss of employment.

    Easy access to personal information through the internet has facilitated doxxing. Somebody can obtain this information from public sources such as social media accounts, online databases, and government records or through more nefarious means such as hacking or phishing.

    Doxxing has been used to target journalists, activists, politicians, and others who hold controversial views or are engaged in high-profile activities. Individuals participating in online communities or forums, particularly those dedicated to sensitive topics such as politics, race, and gender, have been harassed and silenced by the practice of doxxing.

    Being doxxed can have severe and long-lasting consequences. They can include physical harm, identity theft, privacy loss, and reputational damage.

    Some countries have laws that criminalize doxxing, but enforcement is often difficult. Those responsible for the act may use fake identities, hide behind anonymous online accounts, or be located in a different country.

    Doxxing etymology

    The word “doxxing” is derived from “dropping dox,” which refers to publicly revealing or publishing private information about an individual intending to harass or intimidate them. The word “dox” is an abbreviation of “documents” or “docs,” which refers to personal information such as addresses, phone numbers, and other identifying documentation.

    While the practice of doxxing isn’t new, it really blew up with the internet and the rise of platforms with user-generated content (forums, social media, etc). Internet trolls could now easily publish and widely spread private information.

    Doxxing has been used to target individuals for their political views, personal revenge, and gaming activities, to name a few.

    Is doxxing illegal?

    Doxxing can be illegal, but it depends on the circumstances and can be difficult to enforce. It also depends where in the world you are.

    In many countries, including the United States, doxxing may be considered a violation of privacy laws. In some cases, people may consider it harassment, stalking, or cyberbullying. In addition, the publication of certain types of personal information, such as Social Security numbers or financial information, may be illegal under federal or state law.

    But it’s never truly straightforward, is it?

    The legality of doxxing can be complex. It can depend on various factors, including the jurisdiction, the type of information published, and the intent of the person posting the information. If someone publishes your name and address online to incite violence or harassment against you, that could be considered a crime.

    Examples by country

    While a complete list of countries would be a bit over the top to include in this article, here are a few examples to give you an idea of what the legal situation looks like around the world.

    • In the United States doxxing is not specifically prohibited by federal law. Still, it can be illegal under state laws prohibiting stalking, harassment, or unauthorized access to someone’s computer or online accounts. Penalties can range from fines to imprisonment, depending on the severity of the offense.
    • In the United Kingdom doxxing is considered a criminal offense under the Computer Misuse and Data Protection Acts. Individuals who engage in doxxing can face fines, imprisonment, or both.
    • In Australia doxxing is also illegal and can be prosecuted under laws prohibiting stalking, harassment, or unauthorized access to personal information. The penalties for doxxing can include imprisonment and fines.
    • In Germany doxxing is illegal under the country’s strict privacy laws, which prohibit the unauthorized collection and dissemination of personal information. Individuals who engage in doxxing can face fines and imprisonment

    On social media

    Since there are few places that have more spread than social networks and online forums, they usually have policies in their terms of use that prevent doxxing and similarly dangerous behaviors. However, enforcement is always a challenge and by the time action is taken, it may be too late; the information is already out there.

    For example, X (formerly Twitter) has a strict policy against doxxing, defined as the “sharing other people’s private and confidential information without their consent.” The platform’s rules expressly prohibit posting information such as home addresses, phone numbers, and government-issued identification numbers, as well as content encouraging others to engage in doxxing.

    In practice, Twitter takes reports of doxxing seriously and will investigate and take action against accounts that violate its rules. This can include removing offending content, temporarily suspending or permanently banning accounts, and sometimes cooperating with law enforcement to identify and prosecute doxxers.

    Twitter also provides resources and tools for users to protect their personal information on the platform. Users can enable two-factor authentication to prevent unauthorized access to their accounts, and they can also choose to keep their email addresses and phone numbers private.

    Doxxing statistics

    There is not a lot of data available on the prevalence of doxxing, as it is a difficult crime to measure and track. 

    Celebrities may take the spotlight when it comes to doxxing, but it’s a real problem for the average person too. According to a study by SafeHome, by 2021, over 43 million Americans had experienced doxxing at least once in their lifetime.

    It’s important to note that doxxing is a serious and often underreported crime, and many people who are doxxed may not report it or seek help.

    Doxxing incidents are often sparked by online posts (52%), where doxxers, who are often virtual strangers, seek revenge for petty or philosophical disputes. While the personal nature of these attacks may seem intimate, they are more frequently aimed at shining a light on offensive opinions or harming individuals with whom the doxxer disagrees. Online gaming conflicts account for another 20% of cases, where heated exchanges can overflow into real-world damage, including “swatting”—more about that later.

    Policy changes to prevent and mitigate doxxing

    As Mike Tyson once so eloquently said, “Everybody has a plan until they get punched in the mouth.” So, if you run a platform with user-generated content, what can you do today to protect your users?

    Update your privacy policy

    Implement strict content moderation policies to prevent users from sharing personal information about themselves or others.

    Enforce your privacy policy

    Walk the walk and talk the talk. Enforce the privacy policy, which clearly outlines how user data is collected, stored, and shared.

    Make sure users understand what information you are collecting from them, how you are using it, and who you share it with. And write it in plain language with an option to see “legal speak” if they want to. It’s a great way to create a better experience for all your users.

    How can content moderation help?

    Businesses can take various steps to prevent doxxing, including educating users on protecting their personal information, monitoring online forums and social media for signs of potential attacks, and implementing content moderation policies prohibiting doxxing and other forms of online harassment. 

    These are some additional ways your business can use content moderation to address doxxing:

    1. Proactive moderation: Your platform can use automated and human moderators to scan for and remove posts that contain personal information. Businesses must take proactive measures to protect user privacy and security rather than simply reacting to doxxing attacks after they occur.

      Implement strong data security measures, such as encryption and two-factor authentication, and provide users with clear guidelines on protecting their personal information.
    2. Automated content moderation: Automation and AI can make life easier with sophisticated content filters and tools. The most basic form of this is a filter that recognizes words from a list and acts on predetermined rules to either emphasize, replace, or reject posts or content. If you’re using this method, there is every chance that sensitive information will never see the light of day on your website or app. However, machine learning can take things further by using an algorithm to learn from data and make more intelligent decisions.

      That said, even machine learning needs regular monitoring and adjustment – so keep an open dialogue with your content moderators.
    3. Reactive moderation: This method relies on your users flagging or reporting the content on your platform. Platforms can be transparent about their content moderation policies and procedures, including how they handle doxxing. A reactive moderation process can help users understand what behavior is not allowed and how to report it. Unfortunately, chances are that the damage has already been done by the time the content is reported.

      Some platforms will also allow user reporting to encourage users to report posts containing personal information. However, this feature could lead to users harassing each other.
    4. User privacy controls: Give your users more control over their personal information, such as the ability to hide their phone number or email address. The little things can make a difference, and something like this can make it more difficult for doxxers to find and share personal information.
    5. Education: Educate your users about the risks of doxxing and how to protect their personal information online. No, really, you should. A platform can create easy-to-understand guides explaining what doxxing is, its risks, and how users can protect themselves. These guides can be posted on the platform’s website, shared via social media, or even emailed to users. Remind users to protect their personal information.

    But if you only do one thing, take swift action to remove any offending content and suspend or ban doxxers. Swift and decisive actions are important here since time is a factor.

    Doxxing is about collecting bits and pieces of your private information to a full dozier.

    What is swatting?

    Here is a little bonus for you. You didn’t think doxxing was bad enough? Let’s talk about something called swatting.

    And oh boy, swatting is online harassment taken up another notch.

    Imagine this: You’re at home, minding your own business, when suddenly a swarm of police officers burst through your front door, shouting commands and aiming their weapons at you. You’re confused and terrified, wondering what could have possibly led to this frightening situation. 

    As it turns out, someone online managed to obtain your personal information and used it to make a false report to the police, with dangerous and potentially deadly consequences.

    As you may have guessed, the term “swatting” is derived from SWAT. Having a SWAT team burst into your home sounds horrifying.

    You should give the podcast Darknet Diaries a try. There is an excellent episode on this topic called “The Pizza Problem,” episode 97, where we hear a frightening story of a hostile Instagram account takeover.

    Real-world examples of doxxing

    Sadly, there are too many examples of doxxing out there. Here are a few that have stood out, but they are far from the only ones.

    Anita Sarkeesian

    Photo of Anita Sarkeesian
    Anita Sarkeesian – Photo by Kim Newmoney

    One of the most notable examples of doxxing is the case of Anita Sarkeesian, a media critic who created a web series titled “Tropes vs. Women in Video Games,” which examines the representation of women in video games.

    In 2012, Sarkeesian launched a Kickstarter campaign to fund her series, and some gaming community members met it with intense backlash. As a result, Sarkeesian became a target of online harassment, including doxxing.

    In 2014, an individual who claimed to be affiliated with Gamergate (more about this a bit further down), a “movement” which targeted Sarkeesian and other women in the gaming industry with online harassment and doxxing, made a mass shooting threat that forced Sarkeesian to cancel a speaking engagement at Utah State University.

    Despite the harassment and threats she has faced, Sarkeesian has continued to speak out and advocate for greater representation of women and other marginalized groups in media. She has also been a vocal critic of the toxic and misogynistic elements within the gaming community and has worked to promote greater empathy and understanding in the industry.

    The incident highlighted the severe consequences of doxxing and online harassment and the need for better measures to protect individuals from such attacks.

    Sony and North Korea

    Another high-profile case of doxxing involved the 2014 Sony hack, which led to the leak of sensitive information about the company and its employees.

    A group called the Guardians of Peace carried out the hack, claiming to protest against the release of the film “The Interview,” which depicts the assassination of North Korean leader Kim Jong-un. As part of the hack, the Guardians of Peace released personal information about Sony employees, including their home addresses, Social Security numbers, and medical records.

    The consequences of the Sony hack were far-reaching, with the company facing millions of dollars in damages and lost revenue. The hack also highlighted the vulnerability of businesses and individuals to cyber attacks and the need for better cybersecurity measures.

    Zoe Quinn

    One of the most well-documented examples of doxxing includes the case of Zoe Quinn. It’s impossible to talk about them without mentioning Gamergate.

    Gamergate was a controversy in the gaming industry that began in 2014, sparked by the publication of an article by journalist and game designer Zoe Quinn that criticized the use of sexist tropes in video games. This led to a coordinated campaign of online harassment and doxxing against Quinn and other women in the gaming industry who spoke out about sexism and harassment.

    The harassment against Quinn began with a blog post by their ex-boyfriend that accused them of infidelity, which was subsequently amplified by rather murky and anti-feminist online communities. The resulting harassment, which included death and rape threats, doxxing, and other forms of online abuse, was directed not only at Quinn but also at their supporters and allies in the gaming industry.

    Many women in the industry reported increased harassment and online abuse; some were forced to leave their jobs or abandon their careers altogether. The controversy highlighted the need for greater diversity and inclusion in the gaming industry and better measures to address online harassment and abuse.

    Leslie Jones

    Another example is the case of Leslie Jones, a comedian and actress targeted with racist and sexist abuse on social media in 2016. The abuse included doxxing, with Jones’ personal information and photos shared online. The incident led to a widespread outcry and a renewed focus on combatting online harassment and hate speech.

    TikTok in Singapore

    In September 2020, a Singaporean social media influencer named Ms. Koh Boon Hui (also known as SgInstaBabes) was accused of doxxing men who had allegedly harassed or sexually assaulted her or her friends. The accusations against her surfaced on social media. They included claims that she had shared personal information, such as the full names and NRIC (National Registration Identity Card) numbers, of the accused men on her Instagram account.

    While some supported Ms. Koh and saw her actions as a way of calling out unacceptable behavior, others criticized her for taking the law into her own hands and potentially putting the accused men at risk.

    Summary and key takeaways

    Doxxing is a serious threat that can have devastating consequences for both individuals and businesses. If you run a business online it’s your responsibility to take proactive measures to protect your users from this type of online harassment. The impact of a doxxing attack can be felt for years.

    By educating users on the risks of doxxing, providing clear guidelines on protecting personal information, and implementing effective content moderation policies, we can create a safer online environment for everyone. (If you want help, please feel free to reach out. Content moderation services are our specialty.)

    So let’s take doxxing seriously and do our part to prevent it from happening. By staying informed, being vigilant, and taking proactive steps to protect our users, we can create a more secure and inclusive online world for everyone. After all, it’s better to be safe than doxxed.