What is doxxing, and why is it so scary?

It’s almost a given that you have personal information available online. Beyond social media and online discussion boards, there are public records of property ownership^[1] and voter registration^[2], as well as massive databases of financial information^[3] assembled by credit-rating agencies.

Taken individually, many of these pieces of information are benign. So you cast a ballot in the 2016 presidential election, have a child enrolled at a particular public elementary school, or once posted a comment on a local newspaper site objecting to institutional racism. A great many people know those things – even strangers. The harm doesn’t come until someone figures out how to put these pieces together and then publishes it all online.

This kind of revelation is called “doxxing^[4],” an old internet term that comes from the idea of collecting the documents, or “docs,” on a person. The effort to discover and reveal personal information, of course, long predates the internet^[5].

And it is not only hackers who doxx. In a recent research study I found that news organizations have doxxed commenters who posted on articles^[6]. In online communities, where people are often anonymous, violating someone’s privacy like that is considered aggressive – and for some people, what’s come after being doxxed has been downright dangerous^[7].

A trail of breadcrumbs

It’s not surprising that information has value – particularly information related to people’s identities, interests and habits. This is, after all, the age of big data, social media and targeted advertising^[8]. The Facebook-Cambridge Analytica scandal^[9] is just one of many events in which regular people found out just how much personal information is available^[10] out on the internet.

People also found out how little power they had over their information. Generally, people want, and think they have, control over who knows what about them. Individual identity is in part performance^[11]: People decide and change who they are and how they act^[12] in different places, around different groups.

This is particularly true online, where many sites and services allow users to be anonymous or pseudonymous^[13] or to hide their information^[14] from other users’ searches. Often, of course, each site itself has some private information about users, like an email address, for delivering service-related notices. But online platforms seem to offer users a measure of control over their identity and personal information.

Losing control

That control is not complete, though, and is not an accurate measure of personal privacy. Users leave digital traces behind, registering on more than one site with the same email address^[15], posting under the same username^[16] (even if a pseudonym) on multiple forums, or even using similar phrases in different contexts. In addition, many sites track what network addresses their users connect from, which can reveal the location and other details^[17] of a person who regularly spouts particularly virulent propaganda.

When someone connects these digital traces, and shares them with other people – often strangers, or even the wider public – they take away their target’s control over private data. Those people often seek to hold the person who is doxxed accountable for their actions, whether that’s perpetuating or opposing online hate, or failed romantic relationships.

In a recent case with relatively mild consequences, a Temple University professor was revealed^[18] as involved with an online account nicknamed “truthseeker,” which had posted at least one anti-Muslim comment on a right-wing website and had also promoted various conservative conspiracy theories.

More severe cases have resulted in online and real-world harassment^[19] of women in the gaming industry, prank calls to summon police^[20] to a politician’s home, and even death threats^[21] against a person and her family. Doxxing, ultimately, makes data into a weapon.

References

1. ^{^} property ownership (www.co.warren.oh.us)
2. ^{^} voter registration (www.forbes.com)
3. ^{^} massive databases of financial information (arstechnica.com)
4. ^{^} doxxing (www.nytimes.com)
5. ^{^} long predates the internet (limn.it)
6. ^{^} news organizations have doxxed commenters who posted on articles (doi.org)
7. ^{^} downright dangerous (www.wired.com)
8. ^{^} targeted advertising (theconversation.com)
9. ^{^} Facebook-Cambridge Analytica scandal (theconversation.com)
10. ^{^} just how much personal information is available (www.vox.com)
11. ^{^} identity is in part performance (www.theatlantic.com)
12. ^{^} decide and change who they are and how they act (firstmonday.org)
13. ^{^} allow users to be anonymous or pseudonymous (money.cnn.com)
14. ^{^} hide their information (fieldguide.gizmodo.com)
15. ^{^} same email address (www.thedailybeast.com)
16. ^{^} same username (www.thedailybeast.com)
17. ^{^} reveal the location and other details (www.vice.com)
18. ^{^} Temple University professor was revealed (www.philly.com)
19. ^{^} online and real-world harassment (lawstreetmedia.com)
20. ^{^} prank calls to summon police (losangeles.cbslocal.com)
21. ^{^} death threats (www.theguardian.com)