Doxing (or deanonymization) is a popular term among cybersecurity experts that appears more and more often in articles and forums these days. But what exactly does it mean? We can say that doxing is the search and publication of information about you on the Internet in order to obtain some kind of benefit or harassment. This may be information that you intended to keep private, such as your personal address or real name. However, public data is often doxed and can be easily found on the Internet with just a little digging. For example, this is your phone number or work address.
Doxing is dangerous because certain personal information is published on the Internet, and is used by criminals for such fraudulent purposes as mass online harassment, mental abuse, or playing off several people. Your political opinions or high status in society increase the likelihood that you will be subject to doxing.
Confidentiality is something that will always come in handy for you. First, it is worth understanding what kind of personal information, possibly obtained by criminals in the future, may pose a threat to you. After that, you can take specific steps to improve your online privacy.
We invite you to read the translation of the Electronic Frontier Foundation article on what precautions you should take to increase your personal safety before you are threatened by potential doxing. This article will not go into details on how to remove your data from each specific service, we will only talk about the basic rules that you should pay attention to.
First steps to protect yourself and your data
First, take a look at the information that is already publicly available about you on the Internet. It is very simple to do this: you need to open a search engine and enter your name or nickname in the search bar. Usually the result is shocking, because you begin to realize that there is much more personal information about you on the Internet than you expected, and anyone can access it. In fact, this is quite normal, especially since you are on your way to reducing the amount of this information and taking the necessary steps to better protect your data. Pay attention to any details that seem truly personal to you. Determine what kind of resource it is and how long ago this data appeared there, and delete it.
Second, decide who you can really trust with your secrets. Friends, family, select group of people? If you are afraid of becoming a victim of doxing, you will want to talk to these people first. Not only because they may be involved in the doxing incident itself, but also because there is real power in your small community of loved ones. These people can help you plan how to prevent a future incident, as well as tell you what to do if one occurs. Keep in mind that this list will change over time. This is natural for any relationship. Set yourself a reminder to check this list at least one or more times a year.
Also set ground rules among your loved ones related to the sharing of personal data, such as obtaining permission from you before publishing joint photos, not tagging these images, or using code words that only people you verify will know during correspondence. These are all examples of steps you can take to increase the safety of your loved ones and yourself.
Third, read the security policy of your online accounts. Most social networks and popular web applications have their own rules regarding this aspect, and they protect users from possible doxing. Resources will definitely notify you of any security breaches of your account as soon as they become aware of it.
Now it’s time to move on to the so-called " technical steps " you can take to properly respond to a doxing incident.
Minimizing your public data
The most obvious protective measure you can take to avoid doxing is to reduce the amount of personal information about you online.
Data brokers are companies that exist solely by collecting personal data of users and reselling this information to those who offer a high price for it. The data they collect is often taken from public records and online trackers and supplemented with commercial transactional information. It’s a parasitic, rotten industry that survives by invading the privacy of ordinary people online. Due to public pressure, many of these companies are offering ways for users to opt out of having their data collected. We recommend you check out the following firms White Pages, Instant Check Mate, Acxiom, Intelius and Spokeo. It’s also worth reading this helpful guide on how to protect yourself from online personal data collection.
There are also several professional (but paid) services such as DeleteMe or Privacy Duck that claim to help minimize the amount of data available about you online. Keep in mind that data brokers are on the alert: they are constantly updating records about you, re-filling the same lines with information about a person. Thus, you will need to subscribe to keep your personal data safe at all times. Services also do not promise complete minimization of data in all possible sources.
Users will have to do their own research to see if the above resources can really help them and improve their privacy.
Safe browsing on the Internet
Sometimes sites and resources don’t behave as they should, and our secrets become public. For example, suggested friend lists can sometimes give you away to people, even though you may have multiple accounts to keep your private life separate from your public life.
Another common example is web user tracking. If this is a problem that really worries you, below are a few steps that can solve it.
Check how much information sites collect about you with the Cover Your Tracks tool. This will give you an idea of how trackers on the Internet are able to identify you as the same person when you visit different sites. We also recommend using the tracker blocking tool, Privacy Badger, which is designed to block any online tracking.
Do you use strong and unique passwords, multi-factor authentication for each of your accounts to protect your data? Think about this as you read the next paragraph of the article.
Since we’re talking about all the accounts you use online, we strongly encourage you to take the time to review each of them to see what information you’re sharing with the public. Do you share the barest amount of data with them, or do you post more information than is necessary?
Instead of entering your mother’s maiden name, graduation date, or pet’s name in response to security questions, consider entering a random passphrase and saving it in your password manager.
Instead of giving out your phone number, which could lead to your account being compromised, think twice. Use something a little more distant (be it VK, Instagram or some other popular resource): if you can replace your mobile phone number with something less personal, for example, a virtual number, which will greatly increase your security. By being mindful of what information you share online, and when and where you do it, you can definitely better protect your data.
Incident Response Plan
In case doxing has already happened, the last thing you want to do is last minute puzzle over how to respond to the incident. Here you will need a ready plan. Below are some tips on how to write it well.
Determine which accounts should be banned or temporarily deactivated if you are exposed to doxing. Make a list of all resources. This will help you quickly complete the process of deactivating and blocking accounts, because you will understand exactly what needs to be done.
You should also keep a spreadsheet to record all incidents as they occur. Record the time when the doxing occurred, who probably did it and how, and all other details of the incident. Creating such a log will be an incredibly helpful step as it can help you identify where the weak spot in the security of your personal data is.
Take care of yourself and others
Knowing that you have friends who will support you if you are doxed will not only ease stress, but it can also prevent the incident itself, as your loved ones will be alerted to the possible danger. We recommend taking all the steps to improve your online security together with a friend or loved one. Knowing that they can take responsibility for implementing the incident response plan will be a real relief for you. So, in fact, trusting relationships are built between people.
" Data hygiene " is a certain form of looking after your data (when excess personal information is not published on the Internet). Setting standards for your "data hygiene" never hurts. After all, an incident on one resource can lead to doxing of your other accounts. Taking care of your own data hygiene will strengthen your confidence that you are truly protected from external threats.