Doxing, from "dox", abbreviation of documents, (also spelled ‘doxxing’ or ‘docxing’) is the practice of researching and broadcasting private or identifiable information (especially personally identifiable information) about an individual. This information may include names, addresses, telephone numbers, family information, financial information, vehicle descriptions, and more.
The Fordham Law Review has an interesting discussion of the law as it relates to doxing: "The Doxing Dilemma: Seeking a Remedy for the Malicious Publication of Personal Information"
Once this personal information is published on-line it can be accessed by anyone. Doxing is, in and of itself, not necessarily illegal, but it may spur illegal activity such as stalking, harassment, identity theft, physical confrontations, and threats of violence.
In many cases, information used in doxing is already available through public sources. Voter registration, property records, and information from data brokers, such as Pipl, Spokeo, and ZabaSearch can reveal a lot of detail about a person. Freedom of Information Act (FOIA) / Public Records Requests can reveal information that may not be readily available on-line. Social media (i.e. Facebook, Twitter, and Instagram) can reveal more personal information if privacy settings are not strongly configured or if you are careless about the type of information that you post.
Doxing is a technique used by both left-wing and right-wing activists, as well as by others who believe that they have been wronged by the person being doxed. Law enforcement personnel are increasing being targeted for doxing, both by activists who believe that police officers acted unlawfully, or as a means of retaliation by individuals that were arrested by the police for come crime. Doxing can be especially dangerous for undercover officers, where doxing can jeopardize police operations and put officers at risk of attack from violent criminals.
Preventing Doxing
Doxing is best mitigated through good personal OPSEC. An adversary can’t disclose information that he or she can’t find. Personal threat modeling is an important part of your OPSEC plan. What information do you want to protect? What information is already available to others? It is not generally possible to protect every piece of information, so it is important to focus on protecting the information that you consider most personal or sensitive. Whenever possible, have information about you removed from publicly accessible databases and records. Request that web-site owners and data brokers not display your personal information on-line.
Also, look at your public profile. Do you have a job or hold an office that is likely to generate controversy? If so, limit to the extent possible the amount of personal information that you disclose. Use organization / office identifiers and contact information - avoid personal signature blocks in any general distribution. Keep your "official presence" separate from your personal activities on-line. Always act professionally when doing your job. While you can be targeted for no good reason, it is much more likely that you will become a target if you act like a jerk and think that your official position will shield you from public response. According to an article on MakeUseOf "The people who are most likely to dox you in a malicious way are those who have something against you. Common sense, I know, but it’s easy to think that you can hide behind Internet anonymity [or your official position] and get away with being a jerk. Don’t be a jerk, don’t be a troll, don’t do or say anything you wouldn’t do or say in person. Basically, don’t give anyone a reason to dox you in the first place."
There are several resources that may help you protect yourself against doxing. A few guides are listed below, but all practices intended to increase your personal privacy help to protect you against doxing.
Following the advice in the above guides, and in other privacy related guides, such as my Individual OPSEC & Personal Security Guide, can help protect you against doxing, and mitigate the effect if you are targeted. Even if you are not concerned about being doxed, the information in these guides can help protect you against other threats such as identity theft, or loss of your personal information during a data breach.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.