Doxing, also spelled “doxxing” is a cyber-harassment practice of discovering a person’s sensitive personal information and posting it online. Hackers use doxxing to harass, threaten, or get revenge on someone online.
As personal data becomes more and more easily accessible, malicious people can collect information about you with the aim of harming you.
Table of Contents
- What is doxing on the internet?
- What are the objectives of doxing against victims?
- What are the legal rules surrounding the practice of doxing?
- What are the consequences for online reputation?
How can a doxing victim protect themselves?
- Limit the information you share online
- Beware of the metadata of your files
- Use double identification
- Use disposable emails and phone numbers
- Think before commenting on social networks
- Using nicknames on social networks
- Avoid fast sign-up processes via Facebook or Google account
- Use strong passwords
- Use a virtual private network (VPN)
- Take care of the confidentiality of your social networks
- Monitor your presence on Google
What is doxing on the internet?
The name doxing is of English-speaking origin: a contraction of “dropping” and “words docx documents”. It is a cyberattack that involves discovering the true identity of an Internet user and an online threat to your privacy. This fashion, present in the hacker community since the 90s, has become a major threat for any Internet user who has an activity on the internet and social networks.
The methods used to acquire this information include searching public databases and social media sites (like Facebook, Twitter…), hacking and social engineering.
The priority information sought is as follows:
- last name and first name
- phone number
- social profiles
- personal photos
- social Security number
What are the objectives of doxing against victims?
Doxing can be performed for various reasons by their perpetrators. In the majority of cases, it is mainly used as a method of attack.
- Business analysis
- Journalistic investigations
- Extortion and video blackmail
- Community justice aid
- Revenge and revenge porn
Doxxing is used most often in a negative way and often fueled by the need for revenge. It is not necessary to have committed criminal or immoral acts to be a victim. The pack effect and the human predisposition for gratuitous lynching do the rest to lead to dramatic situations.
Although in some cases victims may have committed morally reprehensible acts, the disproportionate lynching and the consequences on them and their entourage can in no way be justified. Internet users cannot take the place of justice when necessary, and even less arbitrarily attack anyone by setting themselves up as a people’s court.
On social networks, examples of doxing are legion in recent years:
- A journalist falsely reveals the identity of an Internet user in an article by mistaking the owner of a Twitter account.
- Managers of a supermarket dismissed following a safari.
- The bad buzz of a clothing manufacturer following the irresponsible behavior of an employee in the private sector.
- A company sanctions the employee who held racist comments on Twitter.
- The bad buzz about the lifestyle of a student following his statements in a report on student precariousness.
- The tax authorities who will use social networks to track down fraudsters.
What are the legal rules surrounding the practice of doxing?
Case law is different from one country to another. In France, the legal arsenal can, depending on the case, condemn the perpetrators of this type of attack to penalties that may range to 5 years’ imprisonment and a fine of 300,000 euros.
In law, depending on the acts performed and its use, doxing can fall under the Penal Code and be considered as:
- An invasion of privacy.
- A slanderous denunciation.
- Violation of the secrecy of correspondence.
- Collection, processing and disclosure of personal data without the consent or legal authorization of the victim.
What are the consequences for online reputation?
Some victims have gone through very difficult times, in the most serious cases, it has pushed them to suicide. The lives of victims are turned upside down for a long time, in many cases, their identity remains associated with events in search engines.
Some attacks lead to a media campaign in the media and the national press. The effects of this unsolicited media coverage can cause victims to lose their jobs, their families and their privacy.
The targets of these attacks were forced to go into hiding, to delete all their online accounts, to move, to change employers …
The main dangers for victims are:
- Harm to personal or professional reputation.
- Humiliation of the victim and his entourage.
- Cause serious hoaxes and attacks on homes.
- Bad buzz for employer or brand by ricocheting.
- To provoke an aggressive social reaction.
- Lead to identity theft.
- Lead to cyber attacks.
- Invite harassment and death threats.
- Wide coverage in the press and Streisand effect phenomenon for the victim.
How can a doxing victim protect themselves?
In order to protect your personal data and prevent it from being misused, here is a list of recommendations to follow.
Limit the information you share online
In general, the less information you make available to the public, the more you limit the risk of it being used fraudulently or with malicious intent.
So limit the information you post online. Remove information you find illegitimate search engines and the various sites on which they are placed.
Beware of the metadata of your files
By simply looking at the metadata of your files, it is possible to learn a lot about you. If you go for example in the “Details” of a Word file, you will see who created it, who edited it, on what date, by which company…
The photos have EXIF data which gives the model of the smartphone, its resolution and the time the photo was taken. Moreover, it can also reveal your location if the GPS was activated while taking the photo.
Use double identification
Use multi-factor authorization for essential services and social media. Two-factor authentication should be enabled whenever it is available.
Use disposable emails and phone numbers
Use a different email than your main email when signing up for forums or social media. E-mail addresses are used as a login for creating accounts on most sites (professional tools, e-commerce, institutional sites, etc.).
Many sites regularly have their databases hacked. Emails and passwords can be downloaded freely from dark web sites.
Use different e-mail addresses for each use and separate strictly:
- Professional e-mail: only used for professional uses and exchanges.
- Nominative or personal e-mail: only used for personal exchanges and accounts on authority sites (telephone subscription, taxes, EDF, social security, etc.).
- Non-nominative disposable e-mail: used for all other uses (social networks, dating sites, e-commerce, newsletters, etc.).
Think before commenting on social networks
Review all the text of your tweets, Facebook posts, Instagram posts before posting. Is there any information that can personally identify your location? Your contact details? Your relatives? Your real identity? Your business?
The internet gives you the freedom to express yourself, but it also gives others the freedom to access all the information you post. If you think you may be vulnerable to identity theft or profiling, be careful about what you write and the reactions it can cause.
If you intend to be controversial and provocative, you need to take extra steps to prevent your identity from being discovered. Make sure you only use pseudonyms when posting comments online, and try not to show identifying details if you post a video, like the location and your face. Beware also of political activists of all stripes for whom the tolerated freedom of expression stops at their ideas.
Using nicknames on social networks
Consider using a pseudonym. Keep in mind that your family and friends may also be at risk of doxing.. If you think you are in danger of becoming a target, it can be helpful to have a conversation with those close to you about their internet use and the information they provide online.
Avoid fast sign-up processes via Facebook or Google account
Most apps and websites that require registration use the “Login with Facebook” or “Login with Google” buttons.
These login methods register you with the website using the email address you used to create your Facebook or Google account.
You will automatically give the site access to information attached to your Facebook or Google account, such as:
- phone number
- mother tongue
- family information
- and more
Use strong passwords
Faced with the proliferation of online accounts, it is common to use the same passwords on multiple sites. Since the e-mail / password association is identical on many accounts, hacking one of them gives access to the others.
For your safety :
- Use complex passwords (upper case, numbers, special characters).
- Use different passwords on all sites.
- Do not write down passwords on or off your PC.
Software can simplify the management of passwords and generate complex ones for different accounts.
Use a virtual private network (VPN)
Forums or news sites that allow you to post anonymous or pseudo-anonymous comments always collect data about you such as your IP address,
VPN is the abbreviation for Virtual Private Network. It acts as a filter for Internet traffic and allows you to remain anonymous while browsing, avoiding tracking your online activity through your IP.
Take care of the confidentiality of your social networks
Take a close look at all the privacy options available by the social platforms you use.
The majority of users give too much personal information on social media sites. You need to make sure that you only allow close friends to access your personal information.
Also turn off geolocation settings.
Monitor your presence on Google
Google is your business card on the Internet. In the personal and professional context, it is common for third parties to seek information about you.
- Regularly check your online presence on Google.
- Arbitrate what should or should not appear on Google.
- Clean up superfluous information.
Try Googling your name, phone number, home address, and other private data and see what stands out. Set up Google Alerts for this private data so that you can be notified if it appears online.