A woman working on her laptop in a coffee shop.
What is Doxing?
Doxing is when someone publishes the personal information of their targets. Doxing uses personal contact information or personally identifiable information (PII) to escalate harassment against their target, which could be you.
Generally, harassers use publicly available information, such as physical address, phone number or social security numbers, credit card details (all forms of PII) to find your real identity.
Doxing is easy because so much of our information is online via data brokers, such as people finder sites.
People can acquire your personal information by searching publicly available databases, social media sites, through hacking and social engineering.
Have you been doxed?
Unfortunately, doxing is more prevalent than ever, and individuals and organizations are surprised when their information is posted across social media platforms, online forums and on the news.
If you’ve seen your information posted on social media, other than a normal tag or @ to you from a mutual or someone you know, you might have been doxed.
Other things that could indicate you’ve been doxed, an influx of emails, phone calls, text messages to your home or workplace.
Receiving negative messages on social media accounts or posts about you, is not necessarily due to doxing.
However, when one person is harassing you, or there’s many anonymous accounts sending you messages, it could be targeted harassment or stalking.
If you have been the victim of online harassment or bullying, or the victim of domestic violence, there is a good chance you’ve been doxed.
Resources if this is your situation:
- DIY Cybersecurity for Domestic Violence
- Safety Net Project
- Guide to Abortion Privacy – Digital Defense Fund
Common Signs You’ve Been Doxed
Some indicators:
- Influx of harassing messages, phone calls, text messages, social media comments & direct messages, emails, physical mail
- People showing up to your home or workplace, or calling asking questions about your affiliations, political beliefs, or your online activity.
Search for Yourself
To get ahead of trolls, see what information you can find out about you by searching for yourself.
Check if your information is publicly available using Google or one of the people finder sites. This way you can see what an attacker can find to target you.
Start making a list of things you’d like to remove from the search results, and keep in mind that some information cannot be removed.
Consider places your private information might be located, beyond Google searches. If you own a home or have property records, those are public. In some states, licensing records are public, especially if you’re a lawyer, therapist, social worker, nurse or someone with professional licenses.
Additionally, website registration records are public. You can purchase domain privacy (please do) when you buy a domain. Look up your domain privacy here: ICANN Lookup
Other records to consider that might be public, include some non-profit and business filings. For example, if you are a registered agent for a business, that information is public in business filing paperwork with both the state, you can search records here https://www.llcuniversity.com/50-secretary-of-state-sos-business-entity-search/ and with the IRS.
In some states, voter registration records are publicly available. Availability of voter registration records varies by state, you can find your state information here: https://www.ncsl.org/research/elections-and-campaigns/access-to-and-use-of-voter-registration-lists.aspx
Options for Data Removal
You can use a paid service to scrub your social media profiles and other information online, such as DeleteMe or Kanary. If you’re overwhelmed by the process, cannot do it yourself, or don’t have the time, a paid service might be a good option for you.
Please note that paid services can take weeks or months to get your information removed.
You can DIY your data opt out as well. After searching yourself online, opt out of the major data brokers that share your information and propagate and sell it to other data brokers.
Here are some resources for opting out.
Yael Grauer’s Big Ass Data Broker Opt Out List: GitHub – yaelwrites/Big-Ass-Data-Broker-Opt-Out-List
Delete Me by Abine’s Opt Out List: Opt-Out Guides – DeleteMe (joindeleteme.com)
Michael Bazzell’s Extreme Privacy Opt Out Workbook: IntelTechniques Data Removal Workbook
Some data broker sites take a few months to remove information or require a written letter to opt out your data, but many allow online removal, and it only takes minute to fill out the request.
It’s a good idea to check every few months to see if your information has been relisted on data broker sites. If this is not something you want to do yourself, and you have the means, there are paid services available to help remove your personal information from paid sites, and then monitors them for you.
You can find a full list of the data brokers and sites to opt-out here.
Final Thoughts
There are layers to security and taking steps to opt out can help a lot of the other efforts as you go forward. Keep in mind your situation and threat model might be different than others.
Take care of yourself if you’ve been doxed. Talk to your trusted friends & family to ensure you have community and emotional support as you go through this experience. It is okay to not be okay and to ask for help.
If you need immediate help and don’t want to go through this alone, let’s layer your security together.
The guidance included in this article do not constitute legal advice and is for educational purposes only. The included referral code for DeleteMe pays an affiliate fee to the referrer. Lock Down Your Life LLC is not an affiliate.