At a time when ransomware, viruses, and phishing frauds frighten computer users and capture ominous headlines, another emerging cyber threat hits even closer to home.
“Doxxing” is a growing online practice that weaponizes sensitive data to threaten personal lives, careers, and safety.
The term is tech-speak for “dropping documents”, and refers to targeting individuals by maliciously publishing their personal information. Motivated by politics, personal grudges, or profit, doxxing is often accompanied by damaging allegations calculated to generate public humiliation and condemnation.
These disputes are true products of the digital age; usually starting with online spats, followed by Internet searches to uncover identifying data and capped with social media deployed to distribute the info worldwide. Incidents often go viral and forever stain search results, detrimentally affecting lives and livelihoods.
Doxxing with publicly available information is generally legal, and many consider it vigilante justice that unmasks bullies and identifies outlaws…but detractors warn of a mob mentality that ruins reputations and inflicts irreparable harm without due process. This research highlights the reach and impact of this modern phenomenon.
Key Findings:
- Doxxing is widespread. 21% of Americans – over 43 million – have personally experienced doxxing.
- Doxxing can be personal. While more than half (52%) of doxxing attacks stem from online interactions with strangers, almost 1-in-4 perpetrators are personally known to the targets.
- Doxxing is serious. Doxxing most frequently leads to online shaming and harassment, but also often results in criminal conduct or consequences affecting employment.
- Remedies aren't trusted. With attacks usually anonymous and digital privacy largely unenforceable, doxxing targets are often left without recourse and 1/3 fail to even report attacks to authorities.
Doxxing is Widespread
Originating in the 1990s within hacker communities, doxxing spread to the mainstream via the social media explosion. The 2015 exposure of a Minnesota game-hunting dentist was among the first headline cases, but its momentum has steadily grown through the current online pursuit of 2021 Capitol trespassers.
More than two-thirds of Americans had either been doxxed themselves (21%) or personally knew someone who had (62%).
The personal nature of these attacks seems intimate – and that is sometimes the case — but more often doxxers are virtual strangers avenging petty or philosophical disputes.
Most doxxing incidents are sparked by online posts (52%), with agitated doxxers shining light on offensive opinions or simply aiming to harm someone with whom they disagree. Another 20% of cases stem from online gaming conflicts, where heated exchanges overflow to real-world damage (including a dangerous practice known as “swatting”).
That leaves almost a quarter of doxxers who are friends, family members, or former romantic partners releasing private information as personal payback.
Extreme consequences like swatting are relatively rare, but doxxing regularly brings a host of other repercussions.
Doxxing Repercussions
Publishing a name may not seem overtly threatening, but when attached to unsavory allegations and accompanied by additional info, the potential for dark results grows greater.
Doxxing attacks impacted personal lives 86% of the time, specifically involving online harassment, public shaming, lost friendships, family harassment, and online distribution of photos. For further analysis, we grouped these repercussions into three groups – personal, criminal, and professional.
Doxxing repercussions also frequently affected professional lives, with 27% reporting harassment at work, and an equal portion fired from a job after being doxxed.
Our research further revealed that doxxing damages go beyond emotions and reputations: 51% experienced criminal repercussions, including threats of violence and identity theft.
Those who defend doxxing argue that consequences are attributable to targets’ personal behavior rather than the exposure, but this justification rings hollow when identification/accusations prove inaccurate, families become collateral damage, or criminal acts ensue.
Reporting Doxxing Attacks
Despite severe consequences in many doxxing attacks, targets don’t always contact authorities.
Overall, only 2/3 of targeted parties sought to hold doxxers accountable by reporting incidents to authorities. This number fluctuated depending upon the severity and victim of the consequences.
Reporting rates were high when physical threats or identity thefts resulted, and where harassment involved family members or the workplace, but dropped off significantly when online harassment was limited to the target or personal photos were distributed.
Reasons attacks aren’t reported often include:
- Doxxing and/or harassment aren’t necessarily illegal, leaving authorities without jurisdiction;
- Most doxxers operate anonymously, leaving targets unable to name their attackers and unlikely to find resolution;
- Doxxing often involves uncomfortable accusations, embarrassing facts, and personal photos that targets don’t wish to acknowledge or further publicize.
Those who don't report incidents tend to keep quiet and change their contact info, hoping the incident simply fades.
Conclusion
Social media is a double-edged sword that can bring people together or tear them apart; tools for finding friends and swapping recipes are sometimes repurposed to shame strangers and exes.
By maliciously publishing personal details and encouraging public reprisals, doxxers use Internet accessibility to recklessly ruin digital lives in the name of righteousness or revenge. Doxxing is also on the rise and largely legal…so protection is left to individuals. Here’s what you can do to protect your data:
- Use complex, unique passwords for every online account. You should also have two-factor authentication activated.
- Check your platforms’ privacy settings to ensure personal information isn’t publicly available.
- Use Virtual Private Networks (VPNs), like NordVPN, to guard devices on public connections.
- Enlist identity monitoring services to track whether your data has already been compromised.
- Separate your online presence from personal accounts wherever possible. Avoid identifiable profile photos and names, register accounts using “burner” email accounts, and post anonymously if you can’t avoid controversy…or consider not posting at all.
Almost ¼ of Americans have already been doxxed and suffered personal/professional/ financial/physical repercussions. Don’t become the next target: guard your data, watch your step, and think twice about whether that next Tweet or gaming insult is worth it.