academy
Security
Security
See all Security articles
Privacy
Privacy
See all Privacy articles
Performance
Performance
See all Performance articles
Select language
Select language
Avast Academy Security Other Threats What Is Doxing and How Can You Prevent It?

What Is Doxing and How Can You Prevent It?

Derived from the term “dropping docs,” doxing is the act of revealing someone’s sensitive information online. Hackers use doxing to harass, threaten, or get revenge on others. Learn how doxing works so you can protect yourself and keep your data private. Then, find out how dedicated data breach security software can keep you even safer.

What_is_Doxxing-Hero

What is doxing?

Doxing (also spelled doxxing) is a type of online harassment that involves uncovering someone’s personal information — such as their real name, address, job, or other identifying data — and exposing it publicly, usually on the internet. Doxing happens without a victim’s consent, with an intent to expose information meant to stay private.

Hamburguer menu icon

This article contains:

    The term “doxing” comes from the word documents. 1990s hacker culture shortened the term to “docs” and then “dox,” with “dropping dox” referring to collecting personal documents or information (like someone’s physical address) and publishing them online. The hacker collective Anonymous helped popularize the term.

    What does doxing mean?

    Today, doxing means publishing someone’s information online without their permission. It can also apply specifically to uncovering the real person behind an anonymous username, and exposing that person’s real identity online.

    Some doxing attacks are rooted in harassment or revenge, while others target people who anonymously post bigoted comments online or who are caught on film promoting such beliefs.

    While the concept is decades old, doxing is still alive and well — and it can be very dangerous, especially as it becomes more mainstream. Once someone’s physical address, job location, phone number, email, or other information is out there, they can be an easy target.

    Doxing attacks range from the relatively benign, such as fake mail sign-ups or pizza deliveries, to the far more dangerous, like harassing a person’s family or employer, swatting, identity theft, threats and other forms of cyberbullying, or even in-person harassment. 

    How does doxing work?

    Doxers collect breadcrumbs — small pieces of information about someone —  scattered across the internet, then assemble them to reveal the real person behind an alias. These breadcrumbs can include the target’s name, physical address, email address, phone number, and more. Doxers may also buy and sell personal info on the dark web.

    A doxxer can take small pieces of information and put them together to uncover the real person behind an alias.Small pieces of information can be put together to uncover a real person behind an alias.

    Traditionally, doxing started with arguments online before escalating to one person digging up information about an adversary. More recently, doxing has become a popular tool in culture wars, with activists doxing those with opposing ideologies. Many celebrities and journalists have been doxed, causing them to suffer from online mobs and even death threats.

    Tracking down private information is a big part of what doxing someone is. And while many people think of the internet as anonymous, it’s very much not. There are many ways you can be identified online.

    Types of doxing

    Doxers have a range of methods they use to collect information about their targets. They can exploit your IP address, comb through your social media profiles, buy data from data brokers, use phishing campaigns, and even intercept internet traffic.

    IP/ISP doxing

    IP doxing (or ISP doxing) is when doxers obtain your IP address, which is linked to your physical location. Then, the doxer uses social engineering techniques to trick your internet service provider (ISP) into divulging more information about you.

    Using a call spoofing app to mask their phone number behind one belonging to the ISP, the doxer calls the ISP and pretends to be a member of the tech support team. They can use your IP address to request the rest of your customer information, which may include:

    • Your full name

    • Email address

    • Phone number

    • ISP account number

    • Date of birth

    • Physical address

    • Social security number

    This requires a few steps, some manipulation, and a gullible ISP employee, but when these kinds of tech support scams work, the doxer can get a lot of private data with one phone call.

    Social media doxing

    Social media doxing involves the collection of personal information from your social media accounts. This data can include your location, place of work, your friends, your photos, your likes and dislikes, places you’ve visited, the names of your family members, the names of your pets, and more.

    Some of this information can even provide doxers with the answers to your security questions — which they can use to break into your other online accounts. That’s why you should make all your social media accounts private.

    If you use online social platforms like Reddit, 4Chan, Discord, YouTube, or others, create different usernames and passwords for each service. If you use the same username on multiple platforms, a dedicated doxer could link your accounts to compile a detailed picture of your activity. And always be careful when revealing personal information.

    Data broker doxing

    Some doxers purchase personal information about their targets from data brokers — companies that collect information about people and sell it for profit. Many data brokers sell their information to advertisers, but there are also several people-search sites that sell comprehensive personal info to anyone.

    Data brokers gather their info from publicly available records (marriage licenses, government records, voter registration logs), customer loyalty cards (your online and offline buying behavior), online search histories (everything you search, read, or download), and from other data brokers.

    Phishing

    Phishing is the use of fraudulent communications to trick victims into disclosing sensitive personal information. Doxers can use targeted spear-phishing attacks against specific people to collect information on potential victims. While many phishing attacks have identity theft as the ultimate goal, the information gained can just as easily be used in doxing attacks.

    Learn how to recognize and prevent Apple ID phishing scams and other phishing attacks, and you’ll keep doxers from fooling you. And for even better protection, use the best antivirus software you can find, which will block phishing attacks and keep you safe from malicious email attachments.

    Sniffing

    Sniffing is when someone intercepts internet traffic on its way from the sender to the receiver. Internet traffic travels in small bundles called data packets, and a sniffer is a software or hardware tool that can scoop up these packets and read the data they contain. A doxer can use sniffing to collect someone’s internet traffic and comb through it for personal details.

    WHOIS lookups

    WHOIS is a service that allows anyone to learn information on the person who owns a domain on the internet. You can set your WHOIS information to be private, but if you forget, your name, address, phone number, and email address will be available to anyone who looks up your domain name.

    What is swatting?

    Swatting is when someone calls the police to report a serious emergency, such as a bomb threat or hostage situation, at their victim’s address. A SWAT team responds to the location, believing the emergency to be genuine, and surprises the victim. Streamers are frequent targets of swatting, with perpetrators aiming to interrupt their livestreams.

    One tragic example of swatting involved a teenage gamer who was upset about a $1.50 bet he made over Call of Duty. He recruited a known swatter who then reported a hostage situation at the opponent’s home — but with an old address where the intended victim no longer lived. When heavily armed police arrived, they ended up shooting and killing the unarmed 28-year-old resident when he opened the door.

    Swatting is a recent phenomenon, but it’s becoming increasingly dangerous. Many cities don’t know how to protect against swatting — but Seattle, WA has developed a good tactic. They’ve started an anti-swatting registry to allow people who are worried about getting swatted to list their address in a database.

    Then, if a call comes in, police check the registry before showing up at the address. That means they can be much more cautious and potentially avoid harming or killing anyone.

    Real-world examples of doxing

    Anyone can end up a victim of doxing — all it takes is someone who dislikes or disagrees with you enough to go through the trouble of compiling and releasing your info. Doxing victims have included abortion providers, innocent people falsely suspected of heinous crimes, members of racist groups, and law enforcement officials.

    1997: anti-abortion doxing

    One of the first doxing campaigns began in 1997 when anti-abortion activitists in the US targeted abortion providers. This insidious doxing example involved a website called the Nuremberg Files, which published abortion providers’ personal information as a hit list. A 2002 court case found that the site constituted a threat to incite violence, and it was shut down.

    2013: Boston Marathon bombing dox

    After the 2013 Boston Marathon bombing, thousands of people gathered on the online community Reddit and attempted to identify the perpetrator. The Redditors ended up incorrectly identifying and doxing several suspects — none of whom turned out to be involved in the bombing in any way.

    2017: Antifascist doxing

    A few years later, in 2017, white supremacists marched in Charlottesville, VA, inspiring some counter-protestors to dox participants. Several neo-Nazis lost their jobs after doxers revealed their participation in the march. But some innocent people were incorrectly suspected of participating in the march and were flooded with hate mail and threats.

    2019 Hong Kong anti-police doxing

    During Hong Kong’s prolonged protests throughout 2019 and 2020, protestors doxed thousands of Hong Kong police officers as well as supporters of the city’s law enforcement agencies. Journalists and protesters themselves were also doxed as the city’s unrest continued.

    While the ethics of doxing can be murky — after all, most of the information is publicly available online — it can quickly turn nasty when innocent people are caught in the crossfire.

    What to do if you’ve been doxed

    If you’ve been doxed, or if you think someone may be doxing you, act quickly to stop the spread of your personal information. Here are a few simple steps you can take right away if you think you’ve been doxed:

    1. Document the evidence. Take screenshots of everything in case you need to report it to the police.

    2. Report the doxing to the platforms hosting your info. Sites like Facebook and Twitter have terms of service agreements that prohibit doxing, and they should respond to your request and suspend the account of the doxer(s).

    3. Report the cybercrime — doxing is often a cybercrime — to the appropriate authorities in your area.

    4. Lock down your accounts. Create new, strong passwords for your accounts and store them securely in one of the best password managers. Protect your accounts with multi-factor authentication, and strengthen your privacy settings on all your accounts.

    5. Ask a friend or family member for support. Doxing can be emotionally taxing. Ask someone to help you navigate the issue so you’re not dealing with it on your own.

    6. Consider changing your number. Depending on what information was exposed, you may want to consider changing your phone number, usernames, or other personally identifying info where possible. 

    7. Protect your data against leaks. Avast BreachGuard will monitor the dark web and alert you if any of your personal information gets exposed. It will also help you remove your info from data brokers’ databases, reducing the amount of information doxers can find about you online. Get Avast BreachGuard and find out if any of your personal information is at risk.

    Is doxing illegal?

    Without specific anti-doxing laws, the legality of doxing is usually determined on a case-by-case basis. While compiling or publishing publicly available information is rarely illegal, there are other crimes that doxers can be charged for, depending on the nature of the case. These include stalking, harassment, identity theft, or incitement to violence.

    Recently, governments around the world have begun to pass or propose anti-doxing laws. The US state of Kentucky passed an anti-doxing law in 2021, and Hong Kong passed an anti-doxing law the same year.

    In the US, the Interstate Communications Statute and the Interstate Stalking Statute may be applied to doxing, depending on the details of a particular case. There are also no laws explicitly prohibiting swatting, although perpetrators can be charged under other laws.

    Can you go to jail for doxing someone?

    Yes, you can go to jail for doxing or swatting someone. The Call of Duty swatter mentioned above was caught, charged with 52 criminal counts related to fake calls and threats (including an earlier fake bomb threat at the FBI), and sentenced to 20 years in prison.

    How to prevent doxing

    Getting doxed can be traumatizing. The key to preventing doxing is to minimize the information available about you online. Learn how to hide your IP address, secure your social media accounts, and stay anonymous online.

    • icon_01Protect your IP address with a VPN or proxy

      You can easily hide your IP address by using either a VPN or a proxy to access the web. These tools let you connect to a protected server before connecting to the public internet. That means anyone trying to discover your IP address will see only the IP address of the VPN or proxy server, while yours remains hidden.

      Browser-based web proxies are often free, but only protect your browser traffic. A VPN like Avast SecureLine VPN encrypts your entire internet connection. That blocks anyone from seeing your online activity, which is especially important if you’re using unsecured public Wi-Fi.

      Avast SecureLine VPN also allows you to change your virtual location at any time, giving you increased anonymity and robust protection. Try Avast SecureLine VPN for free and enjoy a safe and secure online experience.


    • icon_02Avoid third-party login options

      Many sites and apps encourage you to sign in with Facebook, Google, LinkedIn, or another third-party service. But if you do, those websites can request more info about you. And the more sites you connect with your accounts, the easier it is for someone to compile your personal info.

      Signing into many different sites using just your Facebook or Google account can make you vulnerable to a data breach. If your account password is leaked, a hacker could then gain access to all the sites you’ve linked together. That makes it very easy for a hacker to get all your personal info, and much harder for you to lock down your accounts.

    • icon_03Keep social media profiles private

      Our social media profiles include a wealth of information about us: our general location (sometimes even our full address), our work history, birthdate, friends, family members, photos, interests, and so on. Having that much information publicly available makes doxing a breeze.

      Even if you don’t think you have any enemies, you should lock down your social media accounts. Learn how to make your Facebook profile private and make sure to de-index your profile from search engines. You should also tighten up your privacy settings on Instagram and any other social media services you use.

    • icon_04Use pseudonyms on online forums

      If you use Reddit or other online forums, use a pseudonym to stay anonymous while browsing. Never use your real name as your username, and don’t use any personally identifying information in your handle.

      When creating new accounts, choose a unique username for every service you use. If you reuse handles between sites, a doxer could connect your accounts and mine them for clues to your identity.

    • icon_05Request removal of your information online

      Data brokers compile and sell huge amounts of personal data. These data broker companies hold extensive files that can include your browsing history, online and offline buying habits, medical histories, financial histories, criminal histories, and much more.

      And when data breaches inevitably happen, like the Equifax breach, your information can be leaked for all the world to see. If your details ever find their way to the dark web, they’ll likely remain there forever.

      You can contact data brokers individually to request they remove you from their database — but though they’re legally obligated to comply, they can make it a very time-consuming process. And it’s nearly impossible to identify every data broker who has your data.

    Avast BreachGuard will contact data brokers directly on your behalf and handle the information removal process for you, before your personal info can be exposed. It’ll also monitor the dark web for leaks and alert you right away should one occur.

    How do you know if you’ve been doxed?

    If you’ve been doxed, you’ll find out as soon as your information is made public. If you don’t see the data dump yourself, people you know will likely inform you of the dox. In the meantime, you may be harassed via social media, email, phone calls, or even in person, depending on the information that was released in the dox.

    If you start receiving threatening messages, lock down all of your accounts. Check if your Facebook account has been hacked and verify that your Gmail account is secure. And though it’s also good to know if your personal information is for sale on the dark web, it’s not easy to get there without special software, like Tor. And even then, where do you look?

    That’s where dark web monitoring software comes in. Avast BreachGuard scans the dark web 24/7, alerting you the moment the exposure of your personal information has been detected, then helping you work quickly to secure your privacy.

    Avast BreachGuard monitors your level of privacy to assess the risk to your personal information.Avast BreachGuard will assess the risk of exposure of your personal information.

    Protect your information with Avast BreachGuard

    Avast BreachGuard protects your information in three distinct ways:

    1. 24/7 risk monitoring: Avast BreachGuard monitors the dark web and scans for data breaches. If your information gets leaked, we’ll alert you immediately so you can take steps to protect your information.

    2. Personal info removal: Avast BreachGuard identifies the data brokers that have profiles on you and sends requests on your behalf to get your information removed.

    3. Password protection: Avast BreachGuard scans your browser for weak or reused passwords to make sure you’re not using any that may have already leaked.

    Doxers won’t stand a chance if you have Avast on your side. Download Avast BreachGuard today to bolster your defenses, protect your privacy, and ensure your personal information isn’t exposed or weaponized against you.

    Keep your personal data private with Avast SecureLine VPN for Android

    FREE TRIAL

    Keep your personal data private with Avast SecureLine VPN for iPhone

    FREE TRIAL