Doxxing refers to the process of gathering fragments of personal information and posting them online – whether on a private or public page. In most of the cases, the intent is to harass the person or make others harass the target.
The process of gathering information may be illegal or legal. For example, hacking is former and using different OSINT (Open Source Intelligence) tools and techniques is later. The dangers of doxxing are manifold, but there are also several ways to protect ourselves from being doxxed.
Dangers of Doxxing:
Doxxing is typically a targeted attack. The victim may be an active member of the internet groups, and have opinion contrary to the doxxer’s. This happens particularly in case of sensitive political or religious discussions.
A doxxer may have a real life personal animosity with the victim. Other situations which may lead to doxxing include:
And the damage inflicted can be severe.
One such example is “Swatting”. In these cases, an individual calls up the Law Enforcement Authorities with a tip about a violent criminal or similar figure. This brings in police to the location, where target of the harassment has no idea of the situation. This misunderstanding can lead to severe consequences.
Depending on the level of violence and disruption in one’s life, the victim is forced to change email ID and phone number to vacate the place of living or even to leave the job. All depends on the volume of disruption and false reporting.
How does Doxxing Happen?
There are numerous ways and means to gather personal information online. An individual may not realise how many Personally Identifiable Information (PIIs) they give away while posting online about their work, life and other details. Social media profiles are goldmines of data for a doxxer. Third party collectors of data like Pipl.com have wealth of personal information about an individual, which may add to what a person already knows.
In fact, the website and user credentials are compromised on regular basis. E.g, Facebook, Yahoo, Ashley Madison or other data breaches. If a person uses the same login credentials on multiple sites, and one of those accounts gets compromised, it’s child’s play for a doxxer to get into the rest of the accounts. That’s why one should not reuse passwords, and use Multi Factor Authentication (MFA or 2FA) to additionally secure oneself.
How to Avoid Getting Doxxed:
The following are some of the ways to prevent being doxxed:
Use a VPN:
A Virtual Private Network offers excellent protection from exposing IP addresses and physical addresses of an individual. The VPN encrypts the internet traffic, and routes it through one of the VPN server’s before heading out to the public internet.
Limiting Personal Information Online:
Social media sites expose a lot of personal information. For example, Facebook Graph Search enabled a doxxer to know the groups a user had joined. Similarly, all the photos liked, photos commented, tagged photos etc. could be easily known.
Removing such information online will force a doxxer to dig much deeper for getting such information. And in most of the cases, the doxxer will move on to someone else.
Auditing Social Media Posts:
Your social media posts (photos, videos, comments etc.) might be sharing too much personal information. You should review them periodically, and delete the one’s exposing your personal details. There are automated tools like TweetDelete to delete older Tweets with ease.
Ask Google to Remove Information:
If personal information appears in Google results, you should request Google to remove it. Google makes the process simple through an online form.
Practice Good Cyber Security Practices:
Some of these include:
Follow the Best Password Practices:
You should follow the best password related practices, which has been explained in the links below: