Doxing
Doxing or doxxing is the act of publicly providing personally identifiable information about an individual or organization, usually via the Internet and without their consent.[1][2][3] Historically, the term has been used to refer to both the aggregation of this information from public databases and social media websites (like Facebook), and the publication of previously private information obtained through criminal or otherwise fraudulent means (such as hacking and social engineering). The aggregation and provision of previously published material is generally legal, though it may be subject to laws concerning stalking and intimidation.[4] Doxing may be carried out for reasons such as online shaming, extortion, and vigilante aid to law enforcement.[5][6] It also may be associated with hacktivism.
For the section of Wikipedia's harassment policy on the doxing of contributors, see WP:DOX.Etymology[edit]
"Doxing" is a neologism. It originates from a spelling alteration of the abbreviation "docs", for "documents", and refers to "compiling and releasing a dossier of personal information on someone".[7] Essentially, doxing is revealing and publicizing the records of an individual, which were previously private or difficult to obtain.
The term dox derives from the slang "dropping dox", which, according to a contributor to Wired, Mat Honan, was "an old-school revenge tactic that emerged from hacker culture in 1990s". Hackers operating outside the law in that era used the breach of an opponent's anonymity as a means to expose opponents to harassment or legal repercussions.[7]
Consequently, doxing often comes with a negative connotation because it can be a means of revenge via the violation of privacy.[8]
Common techniques[edit]
Once people have been exposed through doxing, they may be targeted for harassment through methods such as actual harassment in person, fake signups for mail subscriptions, food deliveries, bombarding the address with letters, or through “swatting”—the intentional dispatching of armed police teams (S.W.A.T.) to a person's address via falsely reported tips or through fake emergency services phone calls. The act of reporting a false tip to police—and the subsequent summoning of an emergency response team (ERT)—is an illegal, punishable offense in most jurisdictions, due to ERTs being compromised and potentially unavailable for real emergencies.[22] It is, at the very least, an infraction in most US states (for first-time offenders); if multiple attempts are made, the charge increases to a misdemeanor (especially when the intention is harassment-based). Further repercussions include fines ranging from as low as US$50 up to US$2,000, six months spent in county jail, or both the fine and imprisonment.[23]
A hacker may obtain an individual's dox without making the information public. A hacker may look for this information to extort or coerce a known or unknown target. A hacker may also harvest a victim's information to break into their Internet accounts or take over their social media accounts.[7]
Doxing has also occurred in dating apps. In a survey conducted in 2021, 16% of respondents reported suffering doxing because of them.[24] In a 2018 qualitative study about intimate partner violence, 28 out of 89 participants (both professionals and survivors) reported the exposure of the victim's private information to third parties through digital technologies as a form of humiliation, shaming or harm frequently practiced by abusers, that may include the disclosure of intimate images and impersonation of the victim.[25]
Victims may also be shown their details as proof that they have been doxed as a form of intimidation. The perpetrator may use this fear to gain power over victims in order to extort or coerce. Doxing is therefore a standard tactic of online harassment and has been used by people associated with the Gamergate and vaccine controversies.[26]
There are different motivations for doxing. They include doing it to reveal harmful behavior and hold the offender accountable. Others use it to embarrass, scare, threaten, or punish someone. It's also often used for cyberstalking, which could result in making someone fear for their safety. Researchers have pointed out that some instances of doxing can be justified, such as when it reveals harmful behavior, but only if the act of doxing also aligns with the public.[27]
Anti-doxing services[edit]
Parallel to the rise of doxing has been the evolution of cybersecurity, internet privacy, the Online Privacy Alliance, and companies that provide anti-doxing services. Most recently, high-profile groups like the University of California Berkeley[28] have made online guidance for protecting its community members from doxing. Wired published an article on dealing with doxing, in which Eva Galperin, from the Electronic Frontier Foundation, advised people to "Google yourself, lock yourself down, make it harder to access information about you."[29]
Legislation[edit]
Mainland China[edit]
From March 1, 2020, the People's Republic of China's "Regulations on the Ecological Governance of Online Information Content" has been implemented, clarifying that users and producers of online information content services and platforms must not engage in online violence, doxing, deep forgery, data fraud, account manipulation and other illegal activities.[30]
