As an International Blogger, I not only write, but read endlessly. I am always interested in learning something new. In my endless quest for knowledge and insight, I read an abundant amount of books, magazines, articles, news, internet, labels, basically whatever I can get my hands on at the time.
It also means, I am deeply involved in Social Media. Point being, I belong to many many Social Media and Interest Groups, and tend to be active, to very active, in most of them (even though I do need to do a ‘Spring Cleaning’, as the topic no longer applies to my interest – I highly recommend this).
I find myself joining new groups on a very regular basis, learning new things, sharing things, and so forth. Today was no exception.
I went to join a fun, and funny group. Like most ‘Interest Groups’, they require you to agree to their ‘Rules, Regulations and Guidelines’, above and beyond the Social Media’s Platform, ‘Rules, Regulations and Guidelines’. Of which, I never have problem with, for I’m not on their platform to raise hell, belittle someone, cuss someone out, or disrespect someone. Mind you, I have been know to ‘cuss’ or ‘swear’, and try and control that. I also admit to being very fiery, passionate, and vocal, when something is on my deep radar. But, nothing malicious, dishonest, liable, and etc.
Well, in one of the groups I requested to join today, in the ‘Rules and Regulations it stated, ‘under no circumstances is “Doxxing” permitted’. So, me being me, had to Google the word. I’m a firm advocate if you don’t know the word, look it up! You can thank my Grandmama for that. 🥰
Whoa is all I have to say. First of all, I didn’t even know they invented a word for this action, due to its relevancy in today’s times. But, also the magnitude of the word. The word is ‘Dox’. The phrases are ‘to Dox’ and ‘Doxxing’, and I suppose ‘Doxxed’.
The best way to explain ‘Doxxing’ (sometimes spelled doxing) or ‘Dox’ is this article.
What is Doxxing? | U.S. News
What Is Doxxing?
To dox someone means to release their personal or private information that may prove harmful or embarrassing. This can happen in the real world, but the internet has made it easier both to find and release this information to a wide audience. Doxxing may reveal someone’s personal information like their home address or workplace, social security or phone number, private correspondence or pictures, criminal history, IP address, or other details. Some people fail to realize that information they share on social media or other sites may be “scraped” and used against them, potentially opening themselves up to unwelcome public disclosure, identity theft, cyberbullying, stalking, or threats to their personal safety.
Definition of Doxxing
The term doxxing (sometimes spelled doxing) is a longtime hacker term derived from “dropping dox” or documents about an adversary. Motivations range from personal revenge to political ends. Some doxers act with the intent of exposing criminals or perpetrators of heinous acts. However, there are plenty of examples of people who have been wrongly doxxed and harmed as a result. For example, doxxing journalists can open them up to harassment and intimidation, and some activists publish addresses or private phone numbers of lawmakers to pressure them ahead of key votes.
Is Doxxing Illegal?
It depends. Releasing personal information that’s publicly available and obtained legally is generally not a crime. But doxxers can run afoul of laws against harassment, stalking, or intimidation, and authorities have prosecuted people for doxxing based on illegally obtained documents. Doxxing can also violate the terms of service of websites; Twitter, for example, prohibits the posting of another person’s private information without permission. Doxxing has become a concern because it opens up the victim to various forms of harassment – something that 41% of U.S. web users experience in some form, according to a Pew Research Center report
What Happens in a Doxxing Attack?
Sometimes doxxing results from information that’s available to anyone who knows where to look. This can include government records, real estate transactions, news articles, and personal data that people make public themselves on social media. If you operate a website, there may be a public record in the WHOIS database. Doxers can also find a range of personal information about you from “data brokers,” commercial operators who scour online and offline sources to create profiles, sometimes offering reverse mobile phone lookup information.
A social media “friend request” from a stranger could provide a way for a doxer to obtain sensitive personal data. Malicious actors can also use various techniques such as spyware to track victims or “phishing” emails that might enable access to or hijacking of personal accounts.
Some people are targeted based on affiliations with certain groups. For example, the “hacktivist” group known as Anonymous has released names of suspected KKK members, and pro-democracy leaders in Hong Kong have been targeted by websites with links to the Chinese Communist Party.
Doxxing can take place over a day or a period of months and may combine information from public records, the dark web, and other sources. Bits of data including “metadata” such as the location where photos are taken can be used for doxxing. “These pieces of information can be put together to build a data-based profile by other people, even without our knowledge,” said Mary Atamaniuk, writing for the digital security firm Clario. “It can become risky when these personal details get into the hands of individuals who want to expose you to legal prosecution, criticism, bullying, embarrassment, or harm.”
Some malicious actors will even accuse someone of a crime and send police to their home, a practice known as “swatting,” with potentially fatal consequences. This type of doxxing is clearly illegal, but it can be difficult to find the perpetrators.
What Are Some Recent Examples of Doxxing?
Doxxing may reveal the real names of sex workers or the tax returns of billionaires. Celebrities are frequent targets, but anyone can be a victim of revenge doxxing. In addition, doxxing can be targeted against individuals or members of a group. Some recent examples of doxxing include:
- The “gamergate” incident beginning in 2014 led to a series of threats against two female game developers.
- In 2015, the hacktivist group Anonymous released what it claimed to be data on hundreds of KKK members and other hate groups.
- Members of the adult website Ashley Madison, which promotes extramarital affairs, also had leaked data published that year.
- Following the Boston Marathon bombing in 2013, doxers released the name of a Brown University student as a potential suspect, even though the student had committed suicide before the deadly attack.
- Social media users in 2017 made a similar error in seeking to expose the names of white nationalists at a rally in Charlottesville, Virginia.
- Former MLB pitcher Curt Schilling doxxed several people he called Twitter “trolls” who were making inappropriate comments about his daughter, and some of them lost their jobs or were suspended from school.
Tips for Protecting Yourself From Doxxing
Internet users have a range of tools to keep their information online private and limit the risks of doxxing.
Use an ID theft protection service
Identity theft protection services help protect your data, monitor your credit activity, and more. Subscribing to an ID theft protection service is one of the best ways to protect your personal information online. To help you choose, see our rating of the Best Identity Theft Protection Services of 2022. Using a VPN and a password manager (see below) will also help keep you safe online.
Be aware of what you share
You can open yourself up to doxxing by sharing personal information publicly on social media or other websites. “We as users willingly give up too much information,” says John Dickson, vice president for security solution architecture at Coalfire. Careless mistakes can include the public posting of your address or phone number, notes Ben Sadeghipour, head of hacker education at the ethical hacking startup HackerOne. “Once people post something on the internet, it’s hard to get it off,” he says. Security questions for your accounts should not use the name of your pet or favorite band if you have posted those on Facebook.
Use caution with Wi-Fi
Public Wi-Fi networks at coffee shops and airports may or may not be secure against hackers and snooping. Sadeghipour notes that you shouldn’t have to download any type of software to access a Wi-Fi network, as doing so can cause spyware to be installed on your device and lead to your personal information being stolen.
A quick internet search can quickly tell you what information is available with minimal effort. Do the same for other lists, groups, and social networks. The digital rights nonprofit group Access Now offers a guide to “self-doxxing” to get a handle on what’s online about you.
Adjust your privacy settings
Social networks including Facebook allow you to control who can see your data and posts with a few simple clicks. Pay attention to “default” settings that often make your data public. Venmo is a notable example, making your payments viewable to other users unless you set your transactions to private.
Watch the apps watching you
Apps on your mobile device can sometimes gather data on you, so do your research before installing these, Dickson says. “I don’t download apps willy-nilly, and I ask them not to track me,” he says. The no-tracking feature is available on Apple’s iOS operating system, assuming you have updated to the latest version.
Be aware of location tracking
While you’re checking your phone settings, pay special attention to which apps are tracking your location. For example, an Instagram or Twitter photo may be tagged with your location, which is another bit of data that can be useful to a bad actor. If you’re on a sensitive mission as a journalist, diplomat, or member of the military, consider using a “burner” phone that’s separate from your main device, Dickson says.
Protect your passwords
Every cybersecurity expert will advise against reusing passwords across multiple accounts because if one is compromised an attacker may find the others. Browsers such as Chrome and Firefox can create and store passwords, but a password manager can offer better security.
“Having a password manager that allows you to create complex and unique passwords is the way to go,” says Daniel de los Santos, a security researcher with Forescout Technologies. He also suggests enabling two-factor authentication, which sends a second alert to another device asking your permission to log into an account.
Mix up your user names
Mixing up your user names is one way to prevent someone from tracking you across multiple websites to build a profile that can be used for doxxing or other forms of harassment, according to the Department of Homeland Security. Experts also advise against logging into apps and websites with Facebook or Google, which can make it easier for bad actors to track your movements.
Check out the data brokers
Dozens of commercial data brokers have information about you that can potentially be used for doxxing. According to the World Privacy Forum, many of these allow you to “opt out” and remove yourself from their data collection and marketing. “The information they gather is often from public records and online trackers, and augmented by commercial transactional data,” according to the Electronic Frontier Foundation (EFF), a nonprofit focusing on digital privacy. With a large number of data brokers in operation, some people may want to consider paying for a service to request data deletion.
Request removal of your data
Some consumers can take steps to delete their data and stop it from being bought and sold. For example, a California privacy law that took effect in 2020 offers state residents the right to access and delete data from many services. European Union residents have a similar tool under the General Data Protection Regulation, including the so-called “right to be forgotten.” Google will consider such requests but notes that “we will balance the privacy rights of the individual concerned with the interest of the general public.”
Consider VPNs or the Tor browser
A VPN offers an extra layer of protection for your online activity and is often used for corporate networks. You can take a further step in protecting your privacy by using the Tor browser, open-source software that can protect your anonymity online by using a parallel network of relays that makes surveillance more difficult. While Tor is known for allowing cybercriminals to operate on dark web marketplaces, it is also used to protect human rights activists in authoritarian countries, notes de los Santos. “These tools came about to help people protect their privacy,” he says. The downside: Tor will make your connection a lot slower.
What to Do if You’re a Victim of a Doxxing Attack
Doxxing victims should move quickly to stem the damage, and at the same time consider whether their personal safety is at risk. If you’re doxxed on social media, you should report it to the platform to get it deleted, but take a screenshot first to preserve your legal options, according to Liz Lee, founder of Online SOS. Lee cautions victims to be aware of the risk of physical harm in addition to online harassment, and alert trusted friends or police if necessary.
Also note that the doxxed data can easily migrate over the internet. The EFF suggests keeping a record of any private data exposure and locking or deactivating any accounts where you could be targeted for harassment or bullying. You can also set a Google alert for any further exposure.
If the doxxing involves financial accounts or your social security numbers, you’ll want to change your passwords and watch for any suspicious activity suggesting identity theft. A credit freeze or fraud alert can help prevent someone from opening up an account in your name. The Federal Trade Commission can guide you through the process of alerting the major credit bureaus.
Good cybersecurity practices can help you minimize the risk of doxxing, but responding requires a different approach, especially if there are legal or criminal implications. “After the fact it’s a law enforcement issue, it’s not a computer security issue,” says de los Santos. “You can of course try to make sure it doesn’t happen again in the future.”
It is important in today’s inherently adverse and precarious times to protect yourself and your interests, as we move deeper and deeper into the cyber warfare world.
Please click in the link below to read article from US News by Rob Lever, dated December 16, 2021