What Is Doxxing, And Why Is It So Dangerous?

On December 15, 2022, Twitter owner Elon Musk announced that he banned various journalists and accounts from the popular social media platform (via Reuters). Per CNN, the billionaire alleged that these individuals were doxxing him by disclosing his "exact real-time" location. In a tweet, Musk explained Twitter's new doxxing policy and noted that anyone involved in this activity would be "suspended" over safety concerns. According to Avast, the term "doxxing" first emerged in the 1990s. It originated from the word "documents," which was later shortened to "dox" by online hackers. From there, the saying "dropping dox" and later "doxxing" was born.

By definition, doxxing refers to the release of private information about an individual without their knowledge or consent (via Kaspersky). The U.S. News & World Report writes that this can include their address, work, phone number, photos, social security number, and much more. Avast notes that social media has made doxxing relatively easy and has destroyed any concept of anonymity one might believe they have. Doxxers can ultimately use the information someone posts to uncover even more details about them.

In addition, doxxers can track IP addresses, use phishing scams, and buy information from data brokers in order to doxx an individual (per Kaspersky). Websites like Whitepages and WHOIS can make this process a breeze. Packet sniffing, or intercepting internet data to uncover passwords, emails, and credit cards can also be used for doxxing (per Avast).

Doxxing is considered cyberbullying

In its early years, doxxing was innoxious and involved only hackers (via The New York Times). Now, doxxing has become weaponized and is believed to cause harm than good. Gabriella Coleman from McGill University told the publication, "Originally it was little black-hat hacker crews who were at war with each other — they would take docs, like documents, from a competing group and then claim they had 'dox' on them." She added, "There was this idea that you were veiled and then uncovered." These days, Internet Matters classifies doxxing as a form of cyberbullying while Avast refers to it as harassment.

Kaspersky explains that the intentions behind doxxing are malicious. An individual is usually targeted as a form of revenge for having contrasting political views or beliefs. Thus, doxxing can almost be seen as an expression of vigilante justice. The goal is to shame and terrorize a victim by publishing private details about them, such as their emails, photos, or humiliating information, amongst other things. Avast writes this can subject an individual to death threats and intimidation. Per the U.S. News & World Report, doxxing can also lead to swatting. This is when a false report is made to the authorities to endanger an unsuspecting victim. 

The legal consequences of doxxing

According to Kaspersky, doxxing is not usually considered illegal. However, it truly depends on every situation and case as the laws surrounding doxxing vary. If the information that was published and gathered was already in the public domain, it is not considered a crime. The U.S. News & World Report writes that individuals can face prosecution if they distribute documents that were accessed illegally. Legal issues can also arise from the type of information that was publicized and the identity of the victim. For example, if a government employee falls victim to doxxing, the doxxer can face federal charges and jail time.

Avast adds that doxxers can also be charged with stalking, harassment, identity theft, and more. The publication notes that a doxxer is usually charged with more than one of these crimes. However, legislation has been passed in certain places to ensure that there is legal fallout for doxxing. According to WDRB, the state of Kentucky passed Senate Bill 267 in 2021. This made doxxing illegal and provides compensation to victims (via attorneys Frost Brown Todd). Furthermore, Reuters reported that Hong Kong also passed a law that made doxxing a crime. Violators can face a hefty fine or up to five years in prison.

It can target children

Perhaps what's most alarming is that doxxing does not discriminate. Internet Matters writes that children can also be subjected to this act. Moreover, their use of social media can make them prime targets. According to The Cyber Resilience Centre, most children are unaware of the dangers that the internet and social media pose. As a result, they could possibly provide strangers with information about themselves including their name and the school that they attend. Kaspersky reports that in some cases, the doxxing is done by classmates as a form of cyberbullying or as a prank without understanding the consequences of their actions.

Doxxing can also be triggered by something a child uploads on social media such as their political views or even a viral post (via Kaspersky). However, this is not a problem that occurs only in the United States. Per the BBC, a study in the U.K. found that 47% of teenagers have witnessed doxxing. Another study from The Hong Kong Polytechnic University concluded that doxxing led children to feel anxious and depressed.

The Cyber Resilience Centre explains that parents should have a discussion about doxxing with their children to inform them of the repercussions and to discuss safety measures. In addition, Kaspersky advises parents to check their children's online profiles and their internet activity. If a child has become the victim of doxxing, Internet Matters suggests for parents to keep a record of the doxxing post and to delete the child's social media.

This is how to prevent doxxing

To prevent becoming a victim of doxxing, Avast notes that the best thing someone can do is to limit the amount of information they release online. It's also discouraged to use third-party logins or have public social media profiles. The University of California, Berkeley suggests erasing any revealing information one might have on social media profiles including the name and location of their work. Having strong passwords and usernames is also encouraged. Furthermore, downloading a VPN, otherwise known as a virtual party network is highly advised. Forbes explains that this allows a user to become anonymous on the internet and hides IP addresses and more from hackers.

Kaspersky adds that individuals can ask Google to remove certain information from their search engine. But all in all, one should be wary of the type of information they post online that could potentially be used against them. When it comes to children and doxxing, Internet Matters writes that they too should have strong passwords for their social media profiles. Moreover, it's recommended to disable the location services of certain apps like Snapchat. Per Avast, an individual will know that they have fallen victim to doxxing if they receive various messages, phone calls, and threats. If this does occur, Kaspersky notes that documenting the released information and calling the police may be the best course of action.

Notable doxxing cases

Per The New York Times, doxxing has popularized the exposure of individuals deemed as a threat to society, including white supremacists. In 2015, VICE reported that the hacker group Anonymous doxxed the names of alleged KKK members. These names, however, were unable to be verified. Even so, Anonymous noted, "We hope Operation KKK will, in part, spark a bit of constructive dialogue about race, racism, racial terror and freedom of expression, across group lines." Although many applauded the group's efforts, former white supremacist Tony McAleer told The New York Times that situations like this are "passive-aggressive violence." He added that it hinders the rehabilitation of former white supremacists. 

In the aftermath of the 2013 Boston Marathon bombings, doxxers on Reddit accused 22-year-old Sunil Tripathi as a suspect (via the BBC). According to Insider, Tripathi went missing before the bombings. However, Reddit users falsely claimed that Tripathi was one of the men seen in the released video footage that showed the bombing suspects. Needless to say, this wreaked havoc on Tripathi's family.

His sister, Sangeeta Tripathi, told the BBC, "Our entire neighborhood and our house were surrounded by media trucks. On my personal cellphone, I got 72 phone calls between 3 a.m. and 4:30 in the morning." It was later discovered that Tripathi had not been involved in the bombing and had killed himself before the attack occurred (via The New York Times). This prompted Reddit to apologize for their role in his misidentification.