Disclosure: Privacy Australia is community-supported. We may earn a commission when you buy a VPN through one of our links. Learn more.

What Is Doxing

By Will Ellis

Last Updated on November 16, 2023

What’s doxing? How do I know if I was doxxed? How do I protect myself from being doxxed? These are all questions you might be asking yourself on a daily basis if you’re paranoid (as you should be) about your digital privacy.

As we’ll explain in detail, the term doxing can stand for different malicious methods someone can use to get your personal data.

On the bright side, it’s entirely possible to protect yourself from doxing by following only the basic online safety advice and being smart about your personal information.

If you’re worried about the online safety of your child, you should make sure they are following the same principles and check their online activity on a daily basis.

What is Doxing?

Doxxing stands for “Dropping Dox”, which is generally the malicious intent of releasing personal information and documents (ergo the Dox part) for somebody who would otherwise not want that information released.

This information can be anything from email addresses, phone numbers, social security numbers, and even home addresses.

Generally, the idea behind doxing is to harass or even shame a specific victim for something they did. For example, they may have said something inappropriate or critical of a celebrity, and said celebrity’s fans might attempt to dox that person to make them less anonymous.

This in turn would lead to this person receiving hundreds if not thousands of harassing emails, texts, and even potential harm to their physical person.

Another potential outcome of doxing is causing somebody to lose their job for something they said or did while being anonymous. Either way, the idea is to cause harm by the very virtue of removing anonymity.

While the original meaning was about unmasking an anonymous person, modern usage has evolved to represent the release of private information without the victim’s consent.

Since we all live in a digital world and use our name in social media, we’re not that anonymous anymore, but there is other data we might not want to be released, like phone numbers or a home address.

Online Profile Stalking

Probably the easiest and most well-known way of Doxxing is by cyberstalking people online, mostly through their social media.

After all, just by quickly going through a person’s online profile they can find information such as pet names, workplace, family and friends, what your house looks like, the city you live in, or a variety of other identifiable information.

Annoyingly, this information can also lead them to guess your security questions correctly, since a lot of them tend to be things like “First dog’s name” or “Favorite teacher in high school”. This is also another great reason to never take any kind of test or quiz that asks these kinds of questions; you never know who might be behind them.

WHOIS Lookup

This one only really applies if you own a website and a domain, which to be fair, a lot of people in the modern day and age do. Essentially people can plugin your domain name into a WHOIS search and find all the identifying information that you’ve given the domain registrar.

There’s not even a way around this, the organization that administers and looks over domains and the internet at large requires a minimum amount of information. Things like full name and email address, and usually they also ask for a physical address as well. Once you plug all that is, it’s available to everybody.

The only real solution here is to use a quality web host since they’ll often include a domain in their packages, and register it on your behalf. That means that they use their information in the domain registrar, so your information is obfuscated.

Reverse Mobile Phone Lookup

If a potential doxxer has your mobile number, they can use a website, such as Whitepages to find a bevy of information related to you. While the basic service provides only the name and state associated with a number, those who are willing to pay can find out much more than that.

For example, they can find your criminal record, financial records, traffic records, and even previous addresses.

At that point, it would be relatively easy to use some social engineering and hack your account, or just outright guess security questions.

IP Logging/Tracking

IP tracking is one of the more insidious doxing techniques since all it really takes is sending you an email with a snippet of code attached that sends back your IP location. This is why you should never open an email that you aren’t expecting or aren’t familiar with.

So why does it matter if they have your IP? Well, your IP is not only tied to your physical location, they can use social engineering, like with information gleaned from the technique above, to approach your ISP and get a ton of more information on you. Or, they could even try and hack the network itself using the IP or even use some form of a DDOS attack.

Thankfully, there are ways to hide your IP so that you can somewhat protect yourself.

Phishing

Phishing scams are rather ingenious since they play on the fact that people don’t often look very closely at things. Usually, these scams work by sending you an email that looks like it’s from your telecom provider, bank, or even social media account.

They will then provide you with a link to click on sending you to a website that looks almost exactly like the one you’d expect to see, and they even have similar domains.

These fake web pages are set up so that you have to enter your account name and password to enter, which once you do, is sent to the hacker or doxer. This information can also be things like social security numbers, or even the kind of info you’d put in a security question.

Using a secure web browser can generally help avoid this issue since these browsers have an internal list of scam websites. Besides that though, the best thing is to just pay attention to what you click and when you enter information, just so you know who you are dealing with.

Is Doxing Illegal?

This question is a little bit more complicated to answer because it can vary a lot depending on where you live and what information is released.

For example, if the information is generally available through the public record, then it’s not illegal. Things like arrest records, marriage licenses, and even an address are all technically part of the public record, and therefore are not really protected.

On the other hand, things that are meant to be secret, such as bank accounts, credit card information, or say your birth certificate. Since there’s no way to get that information through public means, then it is usually considered illegal.

Also, just because information can be found through public means, that doesn’t mean its release isn’t illegal. There are a lot of new and developing laws that make harassment or stalking illegal, so the doxer could fall foul of that. Similarly, the release of private information of a government official could also fall foul of some federal/criminal laws.

Doxxing is still a relatively new phenomenon, and so laws are still somewhat playing catch-up. Thankfully, there are some open-source privacy tools you can use to somewhat mitigate these issues.