Doxing
Doxing or doxxing is the act of publicly providing personally identifiable information about an individual or organization, usually via the Internet and without their consent. Historically, the term has been used to refer to both the aggregation of this information from public databases and social media websites, and the publication of previously private information obtained through criminal or otherwise fraudulent means.
The aggregation and provision of previously published material is generally legal, though it may be subject to laws concerning stalking and intimidation. Doxing may be carried out for reasons such as online shaming, extortion, and vigilante aid to law enforcement.
Etymology
"Doxing" is a neologism. It originates from a spelling alteration of the abbreviation "docs", for "documents", and refers to "compiling and releasing a dossier of personal information on someone". Essentially, doxing is revealing and publicizing the records of an individual, which were previously private or difficult to obtain.The term dox derives from the slang "dropping dox", which, according to Wired contributor Mat Honan, was "an old-school revenge tactic that emerged from hacker culture in 1990s". Hackers operating outside the law in that era used the breach of an opponent's anonymity as a means to expose them to harassment or legal repercussions. Consequently, doxing often carries a negative connotation because it can be a means of revenge via the violation of privacy.
History
The practice of publishing personal information about individuals as a form of vigilantism predates the Internet, via physical media such as newspapers and pamphlets. For example, in response to the Stamp Act 1765 in the Thirteen Colonies, radical groups such as the Sons of Liberty harassed tax collectors and those who did not comply with boycotts on British goods by publishing their names in pamphlets and newspaper articles.Outside of hacker communities, the first prominent examples of doxing took place on internet discussion forums on Usenet in the late 1990s, including users circulating lists of suspected neo-Nazis, later racists. Also in the late 1990s, a website called the Nuremberg Files had launched, featuring the home addresses of abortion providers and language that implied website visitors should stalk and kill the people listed.
In 2012, when then-Gawker reporter Adrian Chen revealed the identity of Reddit troll Violentacrez as Michael Brutsch, Reddit users accused Chen of doxing Brutsch and declared "war" on Gawker. In the mid-2010s, the events of the Gamergate harassment campaign brought the term into wider public use. Participants in Gamergate became known for releasing sensitive information about their targets to the public, sometimes with the intent of causing the targets in question physical harm. Caroline Sinders, a research fellow at the Center for Democracy and Technology, said that "Gamergate, for a lot of people, for mainstream culture, was the introduction to what doxxing is".
According to The Atlantic, from 2014 to 2020, "the doxxing conversation was dominated by debate around whether unmasking a pseudonymous person with a sizable following was an unnecessary and dangerous invasion of their privacy." In 2014, when Newsweek attempted to search for the pseudonymous developer of Bitcoin, the magazine was accused of doxing by cryptocurrency enthusiasts. In 2016, when an Italian journalist attempted to search for the identity of the pseudonymous Italian novelist Elena Ferrante, the journalist was accused of gendered harassment and Vox referred to the search as "the doxxing of Elena Ferrante." In 2020, when The New York Times indicated that it was planning on publishing the real name of the California psychiatrist running the Slate Star Codex blog, fans of the blog accused the Times of doxing. The person behind the blog accused the Times of threatening his safety and claimed that he started a "major scandal" that resulted in the Times losing hundreds or thousands of subscriptions.
In 2022, BuzzFeed News reporter Katie Notopoulos used public business records to identify the previously pseudonymous founders of the Bored Ape Yacht Club. Greg Solano, one of the founders of the club, claimed that he "got doxxed against will".
In April 2022, The Washington Post reporter Taylor Lorenz revealed the identity of the person behind the Twitter account Libs of TikTok as Chaya Raichik, who works in real estate. This resulted in Raichik and right-wingers accusing Lorenz of doxing.
Pro-Israel NGOs including the Israel on Campus Coalition and Canary Mission have been accused of doxing Palestinian activists by releasing public dossiers documenting their activism. The Gaza war saw a surge in doxing activities in the United States. Right wing advocacy group Accuracy in Media sent trucks to Yale University and Columbia University, displaying the names and faces of students involved in anti-Israel activism under a banner labeling them "leading antisemites" on campus. Similarly, Canary Mission published the identities and images of Harvard University students involved in the circulation of an open letter, published on October 7th, that held "the Israeli regime entirely responsible for all unfolding violence".
Doxware
Doxware is a cryptovirology attack invented by Adam Young and further developed with Moti Yung that carries out doxing extortion via malware. It was first presented at West Point in 2003. The attack is rooted in game theory and was originally dubbed "non-zero-sum games and survivable malware".The attack is summarized in the book Malicious Cryptography as follows:
The attack differs from the extortion attack in the following way. In the extortion attack, the victim is denied access to its own valuable information and has to pay to get it back, where in the attack that is presented here the victim retains access to the information but its disclosure is at the discretion of the computer virus.
Doxware is the converse of ransomware. In a ransomware attack, the malware encrypts the victim's data and demands payment to provide the needed decryption key. In the doxware cryptovirology attack, the attacker or malware steals the victim's data and threatens to publish it unless a fee is paid.
Common techniques
Once people have been exposed through doxing, they may be targeted for harassment through methods such as actual harassment in person, fake signups for mail subscriptions, food deliveries, bombarding the address with letters, or through "swatting"—the intentional dispatching of armed police teams to a person's address via falsely reported tips or through fake emergency services phone calls. The act of reporting a false tip to police—and the subsequent summoning of an emergency response team —is an illegal, punishable offense in most jurisdictions, due to ERTs being compromised and potentially unavailable for real emergencies. It is, at the very least, an infraction in most US states ; if multiple attempts are made, the charge increases to a misdemeanor. Further repercussions include fines ranging from as low as US$50 up to US$2,000, six months spent in county jail, or both the fine and imprisonment.A hacker may obtain an individual's dox without making the information public. A hacker may look for this information to extort or coerce a known or unknown target. A hacker may also harvest a victim's information to break into their Internet accounts or take over their social media accounts.
Doxing has also occurred in dating apps. In a survey conducted in 2021, 16% of respondents reported suffering doxing because of them. In a 2018 qualitative study about intimate partner violence, 28 out of 89 participants reported the exposure of the victim's private information to third parties through digital technologies as a form of humiliation, shaming or harm frequently practiced by abusers, that may include the disclosure of intimate images and impersonation of the victim.
Victims may also be shown their details as proof that they have been doxed as a form of intimidation. The perpetrator may use this fear to gain power over victims in order to extort or coerce. Doxing is therefore a standard tactic of online harassment and has been used by people associated with the Gamergate and vaccine controversies.
There are different motivations for doxing. They include doing it to reveal harmful behavior and hold the offender accountable. Others use it to embarrass, scare, threaten, or punish someone. It is also often used for cyberstalking, which could result in making someone fear for their safety. Researchers have pointed out that some instances of doxing can be justified, such as when it reveals harmful behavior, but only if the act of doxing also aligns with the public.