top of page
  • Writer's pictureESET Expert

What is doxing and how to protect yourself

Doxing can happen to anyone – here’s how you can reduce the odds that your personal information will be weaponized against you

How harmful can it be to have your social media accounts set to public? Or to tag the restaurant where you’re having that delicious meal? Almost everyone does it!

Let’s turn the questions around: Do you remember ever searching for someone you just met on social media to find out as much as possible about them? Or maybe a friend wasn’t answering your texts and you went on their Instagram to try to figure out what they were up to? You are not alone. Many of us may be doing this – that is one of social media’s goals. However, not everyone is doing it just out of curiosity. And that’s where problems start.

Doxing defined

A UK study published in June 2022 revealed that 19% of respondents were victims of doxing (also spelled doxxing), a practice where people with bad intentions publish, usually online, the personal information of their victims with the intention of embarrassing or intimidating them.

The term comes from the abbreviation “docs” for “documents”, referring to the files leaked online containing the victim’s personal information. Ultimately, the abusers seek to frighten, shame, and create enormous distress, sometimes demanding money from their victims, other times for pure revenge or a personal sense of justice.

While doxing might be perpetrated by strangers – both individuals and groups – it can also be carried out by acquaintances or even by people in their own household. Doxing is especially dangerous because its consequences can span from cyberbullying to real-world stalking and harassment, and even assaults and murder.

Nothing to hide!

As a basic rule, many of us are already cautious when it comes to protecting our basic information on social media. Details such as phone numbers or home addresses are often kept private. But what about all other information? The city where we live? Where we work? These are all details we willingly share with the public.

And you might think, “So what? I have nothing to hide!” We tend to consider that our existence is definitely less interesting than the juicy life of a celebrity. What we don’t account for is that for someone who wants to intimidate us, that’s not really the point. A quick news search reveals people being doxed after giving a bad review to a business, a woman who was identified by her car license plate in a video uploaded by someone who caught her in a moment of rage, or a woman’s phone number published on Craigslist in a fake sex ad as revenge for her professional opinion published in a local newspaper.

Image source: Google Business support forum

Everyone can be a victim

The reason why doxing is such a twisted danger is because we are all potential victims. And while it is up to us to define our audience and to tweak our privacy settings on social media, we can’t prevent all the wrongdoings of badly intentioned people, some of whom even leak others’ personal information out of boredom.

In the last years, however, doxing has acquired a new purpose. It’s become a tool of social pressure over individuals, exposing what the perpetrator believes are their victim’s wrongdoings and social harm.

In July 2022, an Austrian doctor who regularly gave interviews about the need for COVID-19 vaccinations committed suicide over continuous intimidation by individuals who believed the pandemic was a hoax. Earlier, the doctor had been met at her workplace by protestors who also messaged her death threats. The public disclosure of her personal information led to new threats even from people outside Austria.

Dox – and be doxed?

In February 2022, in a long article about “accountability in the age of crypto,” BuzzFeed News deliberately exposed the identities of the two creators of the Bored Ape Yacht Club. The news website “searched public business records to reveal the identities of the two core founders,” whose names, age, professions, location, and also old information available on the web are now available to anyone.

The journalist was threatened with doxing in retaliation for her piece. Ultimately, the article sparked an important discussion about the boundaries between investigative journalism and doxing, a relevant discussion as journalists are themselves victims of doxing and, consequently, life-threatening harassment.

Image source: Twitter

Younger generations at risk

Doxing is so widespread and deeply ingrained in the online world that it can be easily confused with other types of online harassment. Further, the longer people are online, the more vulnerable they become, this is the case for both Generation Z and Generation Alpha.

Doxing over a simple disagreement or rivalry in an online video game can be enough to create an enormous emotional burden through fear of its consequences and shame, mainly if it involves kids. Platforms such as Twitch, Steam, Discord, and Roblox can give a false sense of safety, as most interactions happen between players’ user IDs and avatars. However, small details are enough for determined doxers to dig up personal information, for example, by searching a targeted user ID on Twitter, where they may find more personal information and a list of friends.

Image source: Steam discussion board

But it is not just about gaming. Virtual school resources based on video platforms or social media can also become a danger if the proper privacy rules aren’t put in place, by both schools and parents.

Can you avoid being doxed?

There’s no easy way to answer this. Ultimately, if you don’t have any info online, it will be very hard for someone to find anything about you. But even if you are a typical internet user – and in case someone actually wants to leak your personal details for whatever reason – most likely you have already shared enough. Fortunately, there are ways you can make it hard for anyone to collect information about you:

  • Clean up your online presence.

  • Don’t share any (more) personal information online.

  • Use two-factor (or multifactor) authentication (2FA, MFA) in all your accounts.

  • Use a strong and unique password.

  • Make sure your videoconferences and calls are private and encrypted.

  • Don’t open links online before making sure they were sent intentionally and by someone you know. If in doubt, ask! If they were sent by a stranger, don’t open them at all.

What to do if you were doxed

  • First of all, don’t blame yourself for the malicious intentions of others. Keep in mind that we are all at risk.

  • Report and block the abuser through the available tools on the platform where the harassment is taking place.

  • Take screenshots of all details that might be relevant to support your case.

  • Make sure all your social media accounts are private; consider pausing them for a while.

  • Make friends or family aware of what’s going on, mainly if your home or work address has been exposed.

  • Let your bank know what is happening; make sure your credit card details are protected.

  • Consider contacting your local law enforcement. While doxing in itself might not be a crime where you are, financial fraud and physical harm resulting from it are.

The internet of the future doesn’t have to be dangerous

Doxing is serious, and it can be a life-ruining tool, especially in a world where, despite being all interconnected, we are more and more divided by opinion. Exposing people’s personal data can only turn, over time, into a ping-pong game where we will all be affected.

But this kind of awareness is also what can protect us for the future. There are already important discussions taking place to criminalize doxing, preventing its further growth and creating a framework to protect victims. Understanding that these attacks can happen to anyone and having a cautious online presence is the best we can do for now.


bottom of page