What Is Doxxing? How It Works + How to Protect Yourself

Every device has an IP address that details where the device is being used. Doxxers can use an IP logger (a piece of code you can’t see) to trace a victim’s online activities and determine where they’re located.

The IP logger is typically added to an email or a message to find out your IP address. Once a user has opened the message, the IP logger tracks you and exposes your identity by searching for accounts in your name on certain websites. It then sends your IP address back to the doxxer.

Your information is dispersed throughout the web, especially if you have social media accounts or post public content. However, your information is also out there for people to find because of data brokers. Data brokers buy customer lists from other businesses, such as airlines, magazine subscription services and surveys or “enter to win” type sites. For example, you may have given one website your phone number, but now you receive dozens of calls a day from spammy or unknown callers.

The companies entice you to give your information for a reward and in their fine print or terms and conditions they state that they may sell your information. The data brokers then have the information readily available for doxxers and hackers to purchase. The good news is that some doxxers/hackers do not want to pay for the information, but to stay safe it’s important to remove yourself from data broker sites.

If you have created your own website, or use a website for your business, the registration information you used to receive the domain name becomes public to anyone using the WHOIS database. The data you have entered is accessible directly from the WHOIS website or through a domain sales broker. To ensure that you keep your data private, you can actually choose to obscure the information through your domain broker. You can also use an email that you use for subscriptions or an unimportant email address with a fake telephone number and fake information. It keeps you and your business safe and does not show up on the front end of your site.

Data you send over a Wi-Fi network can be intercepted by a doxxer if they break into the Wi-Fi’s security measures. The doxxer can then access valuable information such as emails, passwords and bank account details.

Doxxers use reverse cell phone lookup to find personal information about individuals. They enter a target’s phone number into online databases or specialised software to reveal details like the victim’s name, email, age and additional information by using their cell phone number.

The majority of internet users have social media accounts. Doxxers will comb through public profiles, posts and comments for any fragments of data that they can piece together to form a comprehensive profile of a person.

This might include information such as names of relatives, birthdays, locations and more. Once they gain this initial information, they might resort to cross-referencing data from multiple sources, like exploiting gaps in privacy settings, using reverse image searches or engaging in phishing scams to obtain further sensitive data.

Shortly after the Boston Marathon bombing in 2013, the Reddit community wrongly identified a few people as suspects. Even though the intent was to give law enforcement information on who to arrest, it ended up outing people who weren’t involved in the crime. This led to harsh consequences for the individuals who were wrongly accused, such as harassment on and offline.

Ashley Madison is a well-known Canadian online dating service that’s targeted toward people in committed relationships. In 2015, a group known as The Impact Team stole Ashley Madison’s user data. They copied personal information about the site’s users and threatened to release the information if the site wasn’t immediately taken down. Because the site wasn’t shut down, the group leaked over 25 gigabytes of company data. This caused public humiliation and shaming, along with a few unconfirmed suicides due to stress and hate crimes.

In 2011, detailed information of over 6,000 law enforcement officials was exposed by Anonymous as a response to investigations into hacking activities. This incident brought doxxing into the public eye through media coverage, online message boards and social media platforms. In 2015, Anonymous struck again and released an official list of supposed members and supporters of the Ku Klux Klan.

It’s important to keep personal information to a minimum on social media. Make sure you know each person you’re friends with on social media platforms. Only allow friends you know very well, and be wary of adding colleagues from work as competition could turn you into rivals.

Set your accounts to private and remove any addresses, places of work and specific locations from your accounts. Avoid discussing personal information that could be used against you. If you have children, never write where they go to school and avoid sharing images of them.

Every internet connection has an IP address that can be tracked back to your location. Installing a VPN eliminates this problem by keeping you anonymous online. Be wary of public Wi-Fi networks, as they could be fake hotspots put up by hackers to intercept your internet activity.

Doxware is malware or spyware, which can steal your personal information and passwords for online services. Because doxware is malware, it’s important to keep your computer up-to-date and secure. Install an antivirus and check for updates frequently to keep doxware from intercepting your device.

Phishing emails disguise themselves as legitimate messages to trick you into revealing sensitive information. Exercise caution when opening emails from unfamiliar senders. Never click on suspicious links or download emails unless they’re from a legitimate sender. Falling for a phishing email can give hackers access to your computer to download malware that can collect your personal information.

Doxxers will try to find anything they can to use against you and intercept your accounts. Prevent doxxing by creating strong passwords. They should be at least 14 characters, a variety of letters, numbers and special characters, and have no tie to personal information, like a birthdate or Social Security number. Use a password manager like LastPass or 1Password to create secure, strong passwords for each account.

Create a separate, “fun” email for all of those sites that require an email address for registration. This includes any kind of subscription service or email blast that you want to be a part of, but don’t in your primary inbox. It’s a good idea to give away this email when you feel the site or service may not be very secure. Some of these websites may be doxxing harvesting sites, and if you use an unimportant email you are able to delete your account and information without a scratch. Be sure to make the email address unrelated to your name or your hobbies.

Create unique usernames for each individual website you hold an account with. If you are signed up for a controversial website or forum, make sure your username is anonymous and cannot be traced back to you. For social media, avoid using your first and last name in your handles.

In order to find out if you’re susceptible to doxxing, it’s important to know what information about you is online. The process of protecting yourself from information leakage is known as “self-doxxing.” This involves researching information about you that is publicly available on the web.

Check out We Leak Info to find out where hackers can find you online. You can also check out the following list of data brokers and ask them to remove your data. Some require payment, and some require you to mail in information. However, once you’ve exhausted this list, you can feel more confident that your personal and private information is secure.

Because we have so much freedom online, it’s crucial that you’re thoughtful with everything we share online. While it might seem like a good idea to voice your opinion on a public forum, try to avoid it. Posting controversial views on any internet database can be threatening to you and to your friends and family. If you still intend to share your strong views, be sure to take extra precautions to stay anonymous online. Use pseudonyms when posting comments online and never share your location or full name.