doxxing AI & Automation

Doxxing: How to Protect Your Platform and Users

TLDR; Doxxing is like getting caught with spinach in your teeth, but way more embarrassing and potentially dangerous. Instead of food in your teeth, we’re talking about someone dug up and posted your full name, address, phone number, workplace, embarrassing photos, and even more private details.

It’s like someone sneakily took a peek at your diary and then shared it with the whole world. The result is that your privacy is violated, and you might have to deal with people harassing you or even threatening your safety.

Yikes!

Illustration of hacker seizing information from unsuspecting person with laptop.

What is doxxing?

Doxxing is a form of online harassment involving releasing personal information about an individual without their consent. This information can include details such as their full name, home address, telephone number, place of work, and other sensitive information. Doxxing is often carried out to expose, threaten, or intimidate someone and can lead to severe consequences, such as physical harm, stalking, or loss of employment.

Easy access to personal information through the internet has facilitated doxxing. Somebody can obtain this information from public sources such as social media accounts, online databases, and government records or through more nefarious means such as hacking or phishing.

Doxxing has been used to target journalists, activists, politicians, and others who hold controversial views or are engaged in high-profile activities. Individuals participating in online communities or forums, particularly those dedicated to sensitive topics such as politics, race, and gender, have been harassed and silenced by the practice of doxxing.

The consequences of doxxing can be severe and long-lasting. They can include physical harm, identity theft, privacy loss, and reputation damage. Some countries have laws that criminalize doxxing, but enforcement is often difficult. Those responsible for the act may use fake identities, hide behind anonymous online accounts, or locate in another country.

Doxxing etymology

The word “doxxing” is derived from “dropping dox,” which refers to publicly revealing or publishing private information about an individual intending to harass or intimidate them. People believe that the word “dox” is an abbreviation of “documents” or “docs,” which refers to personal information such as addresses, phone numbers, and other identifying details.

While the practice of doxxing isn’t new in society, it really blew up by internet trolls using platforms where user-generated content is used. It has been used to target individuals for their political views, personal revenge, and gaming activities, to name a few.

Is doxxing illegal?

Doxxing can be illegal, depending on the circumstances. In many countries, including the United States, doxxing may be considered a violation of privacy laws. In some cases, people may consider it harassment, stalking, or cyberbullying as well. In addition, the publication of certain types of personal information, such as Social Security numbers or financial information, may be illegal under federal or state law.

But it’s never truly straightforward, is it?

The legality of doxxing can be complex. It can depend on various factors, including the jurisdiction, the type of information published, and the intent of the person posting the information. If someone publishes your name and address online to incite violence or harassment against you, that could be considered a crime.

Examples

The United States, where doxxing is not specifically prohibited by federal law. Still, it can be illegal under state laws prohibiting stalking, harassment, or unauthorized access to someone’s computer or online accounts. Penalties can range from fines to imprisonment, depending on the severity of the offense.

In the United Kingdom, doxxing is considered a criminal offense under the Computer Misuse and Data Protection Acts. Individuals who engage in doxxing can face fines, imprisonment, or both.

In Australia, doxxing is also illegal and can be prosecuted under laws prohibiting stalking, harassment, or unauthorized access to personal information. The penalties for doxxing can include imprisonment and fines.

And in Germany, doxxing is illegal under the country’s strict privacy laws, which prohibit the unauthorized collection and dissemination of personal information. Individuals who engage in doxxing can face fines and imprisonment

On social media

Twitter has a strict policy against doxxing, defined as the “sharing other people’s private and confidential information without their consent.” The platform’s rules expressly prohibit posting information such as home addresses, phone numbers, and government-issued identification numbers, as well as content encouraging others to engage in doxxing.

In practice, Twitter takes reports of doxxing seriously and will investigate and take action against accounts that violate its rules. This can include removing offending content, temporarily suspending or permanently banning accounts, and sometimes cooperating with law enforcement to identify and prosecute doxxers.

Twitter also provides resources and tools for users to protect their personal information on the platform. Users can enable two-factor authentication to prevent unauthorized access to their accounts, and they can also choose to keep their email addresses and phone number private.

TikTok in Singapore

In September 2020, a Singaporean social media influencer named Ms. Koh Boon Hui (also known as SgInstaBabes) was accused of doxxing men who had allegedly harassed or sexually assaulted her or her friends. The accusations against her surfaced on social media. They included claims that she had shared personal information, such as the full names and NRIC (National Registration Identity Card) numbers, of the accused men on her Instagram account.

While some supported Ms. Koh and saw her actions as a way of calling out unacceptable behavior, others criticized her for taking the law into her own hands and potentially putting the accused men at risk.

Doxxing statistics

There is not a lot of data available on the prevalence of doxxing, as it is a difficult crime to measure and track. 

Celebrities may take the spotlight when it comes to doxxing, but it’s a real problem for the average person too. According to a study by SafeHome, by 2021, over 43 million Americans had experienced doxxing at least once in their lifetime.

It’s important to note that doxxing is a serious and often underreported crime, and many people who are doxxed may not report it or seek help.

Doxxing incidents are often sparked by online posts (52%), where doxxers, who are often virtual strangers, seek revenge for petty or philosophical disputes. While the personal nature of these attacks may seem intimate, they are more frequently aimed at shining a light on offensive opinions or harming individuals with whom the doxxer disagrees. Online gaming conflicts account for another 20% of cases, where heated exchanges can overflow into real-world damage, including “swatting”—more about that later.

Content moderation can help prevent and mitigate doxxing

As Mike Tyson once so eloquently said, “everybody has a plan until they get punched in the mouth”—so what can you do today to protect your users?

Update your privacy policy

Implement strict content moderation policies to prevent users from sharing personal information about themselves or others.

Enforce your privacy policy

Walk the walk and talk the talk. Enforce the privacy policy, which clearly outlines how user data is collected, stored, and shared. Make sure users understand what information you are collecting from them, how you are using it, and who you share it with. And make it in plain language with an option to see “legal speak” if they want to. It’s a great way to create a better experience for all your users.

How can content moderation help?

Businesses can take various steps to prevent doxxing, including educating users on protecting their personal information, monitoring online forums and social media for signs of potential attacks, and implementing content moderation policies prohibiting doxxing and other forms of online harassment. 

These are some additional ways your business can use content moderation to address doxxing:

  1. Proactive moderation: Your platform can use automated and human moderators to scan for and remove posts that contain personal information. Businesses must take proactive measures to protect user privacy and security rather than simply reacting to doxxing attacks after they occur.

    Implement strong data security measures, such as encryption and two-factor authentication, and provide users with clear guidelines on protecting their personal information.
  2. Automated content moderation: Automation and AI can make life easier with their sophisticated filters and tools. The most basic form of this is a filter that will recognize words from a list and act on predetermined rules to either emphasize, replace or reject posts or content. If you’re using this method, there is every chance that sensitive information will never see the light of day on your website or app. However, machine learning can take things further by using an algorithm to learn from data to make more intelligent decisions.

    That said, even machine learning needs regular monitoring and adjustment – so keep an open dialogue with your content moderators.
  3. Reactive moderation: This method relies on your users flagging or reporting the content on your platform. Platforms can be transparent about their content moderation policies and procedures, including how they handle doxxing. A reactive moderation process can help users understand what behavior is not allowed and how to report it. Unfortunately, chances are that the damage has already been done by the time the content is reported.

    Some platforms will also allow user reporting to encourage to report posts containing personal information. However, this feature could lead to users utilizing this as a way of harassing each other.
  4. User privacy controls: Give your users more control over their personal information, such as the ability to hide their phone number or email address. The little things can make a difference, and something like this can make it more difficult for doxxers to find and share personal information.
  5. Education: Educate your users about the risks of doxxing and how to protect their personal information online. No, really, you should. A platform can create easy-to-understand guides explaining what doxxing is, its risks, and how users can protect themselves. These guides can be posted on the platform’s website, shared via social media, or even emailed to users. Remind users to protect their personal information.

But if you only do one thing, take swift action to remove the offending content and suspend or ban doxxers.

Doxxing is about collecting bits and pieces of your private information to a full dozier.

What is swatting?

Oh boy. Swatting is online harassment taken up a notch if that is possible.

Imagine this: You’re at home, minding your own business, when suddenly a swarm of police officers burst through your front door, shouting commands and aiming their weapons at you. You’re confused and terrified, wondering what could have possibly led to this frightening situation. 

As it turns out, someone online had obtained your personal information through doxxing and used it to make a false report to the police, leading to a dangerous swatting incident. This is the reality for many victims of swatting, a dangerous and potentially deadly form of online harassment. 

It’s important to take precautions to protect your personal information and report any suspicious activity to the authorities to prevent falling victim to this terrifying practice.

You should give the podcast Darknet Diaries a try. There is an excellent episode on this topic called “The Pizza Problem,” episode 97, where we hear a frightening story of a hostile Instagram account takeover.

Real-world examples of doxxing

Photo of Anita Sarkeesian
Anita Sarkeesian – Photo by Kim Newmoney

One of the most notable examples of doxxing is the case of Anita Sarkeesian. Sarkeesian is a media critic who created a web series titled “Tropes vs. Women in Video Games,” which examines the representation of women in video games. In 2012, Sarkeesian launched a Kickstarter campaign to fund her series, and some gaming community members met it with intense backlash. As a result, Sarkeesian became a target of online harassment, including doxxing.

In 2014, an individual who claimed to be affiliated with a group called “Gamergate,” which targeted Sarkeesian and other women in the gaming industry with online harassment and doxxing, made a mass shooting threat that forced Sarkeesian to cancel a speaking engagement at Utah State University.

Despite the harassment and threats she has faced, Sarkeesian has continued to speak out and advocate for greater representation of women and other marginalized groups in media. She has also been a vocal critic of the toxic and misogynistic elements within the gaming community and has worked to promote greater empathy and understanding in the industry.

The incident highlighted the severe consequences of doxxing and online harassment and the need for better measures to protect individuals from such attacks.

Sony and North Korea

Another high-profile case of doxxing involved the 2014 Sony hack, which led to the leak of sensitive information about the company and its employees. A group called the Guardians of Peace carried out the hack, claiming to protest against the release of the film “The Interview,” which depicts the assassination of North Korean leader Kim Jong-un. As part of the hack, the Guardians of Peace released personal information about Sony employees, including their home addresses, Social Security numbers, and medical records.

The consequences of the Sony hack were far-reaching, with the company facing millions of dollars in damages and lost revenue. The hack also highlighted the vulnerability of businesses and individuals to cyber attacks and the need for better cybersecurity measures.

Zoe Quinn

One of the most well-documented examples of doxxing includes the case of Zoe Quinn. It’s impossible to talk about them without mentioning Gamergate. Gamergate was a controversy in the gaming industry that began in 2014, sparked by the publication of an article by journalist and game designer Zoe Quinn that criticized the use of sexist tropes in video games. This led to a coordinated campaign of online harassment and doxxing against Quinn and women in the gaming industry who spoke out about sexism and harassment.

The harassment against Quinn began with a blog post by their ex-boyfriend that accused her of infidelity, which was subsequently amplified by rather murky and anti-feminist online communities. The resulting harassment, which included death and rape threats, doxxing, and other forms of online abuse, was directed not only at Quinn but also at their supporters and allies in the gaming industry.

Many women in the industry reported increased harassment and online abuse; some were forced to leave their jobs or abandon their careers altogether. The controversy highlighted the need for greater diversity and inclusion in the gaming industry and better measures to address online harassment and abuse.

Leslie Jones

Another example is the case of Leslie Jones, a comedian and actress targeted with racist and sexist abuse on social media in 2016. The abuse included doxxing, with Jones’ personal information and photos shared online. The incident led to a widespread outcry and a renewed focus on combatting online harassment and hate speech.

Summary and key takeaways

Doxxing is a serious threat that can have devastating consequences for both individuals and businesses. It’s your responsibility to take proactive measures to protect your users from this type of online harassment.

By educating users on the risks of doxxing, providing clear guidelines on protecting personal information, and implementing content moderation policies, we can create a safer online environment for everyone. It’s also important to remember that doxxing is not a victimless crime – the impact of a doxxing attack can be felt for years.

So let’s take doxxing seriously and do our part to prevent it from happening. By staying informed, being vigilant, and taking proactive steps to protect our users, we can create a more secure and inclusive online world for everyone. After all, it’s better to be safe than doxxed.

A complete, scalable solution for better content moderation

Form background

Contents