What is ‘doxxing’ and what do we have to worry about?

We live in a connected world where our personal information, if not protected properly, is easier to access than it has ever been.

Often that access, uninvited as it might be, is harmless enough. But in some instances it crosses the line into the realm of a personal attack, which can be both emotionally and financially harmful.

Recently, the perils of ‘doxxing’ have been put under a new spotlight, after an ABC journalist wrote about his experience of being ‘trolled’ en masse.

So what exactly is doxxing and why should you be worried about it?

Doxxing defined

The term is derived from dox, which is an abbreviation of documents. Dropping dox – now transformed into doxxing – describes the internet-based practice of researching and broadcasting private or identifiable information about an individual or organisation, without permission.

The practice has been around for more than 20 years but the term has become popular over the past decade or so.

How did doxxing start?

It was originally the domain of 1990s hackers, who would breach a target’s anonymity (often during online arguments) to expose their personal information.

Since those early days it’s been used in extortion, vigilantism and even, to some extent, in journalism.

Where have I seen doxxing before?

Apart from the trolling of Osman Faruqi, you’ve likely seen it in plenty of places – close to home when animal rights group Aussie Farms published online an interactive map of Australia’s farms and abattoirs, internationally when correspondence to and from German politicians (including Chancellor Angela Merkel) was stolen and then published online, when Anonymous released what it said were the identities of Ku Klux Klan members and sympathisers in 2015,  in any number of instances where Reddit users’ real identities have been discovered and in some of the activities of Wikileaks.

Mainstream media outlets have even been accused of forms of doxxing, such as repeated attempts to uncover the true founder of bitcoin.

How does one get doxxed?

A basic web search could be enough for someone to harvest at least some of your personal details and if they are more organised than that, they could search by your domain name and location based on your individual IP address.

In some instances hackers have been known to use doxware to get hold of people’s information (whereas ransomware prevents an individual from accessing their own material without a payment, doxware often involves threatening to give those details to the world unless a hacker’s demand is met).

How afraid should I be?

Well, to start with there needs to be somebody who actually wants to dox you. That said, can anyone of us put our hands on our hearts and say we don’t have a single enemy out there? And never will? That should be enough to make you at least take some precautions.

How do I protect myself against doxxing?

You don’t necessarily have to be an egotist to Google yourself – in fact, it’s one of the recommended first steps in dox-proofing your life. You need to know what’s already out there.

Make your settings on your social media accounts as private as possible and consider whether your phone number and personal email address should be visible to anyone else. Activate two-step authentication on any platforms where it’s available and use stronger passwords paired with a password manager.

You can go as far as using VPNs to hide your IP address but don’t ignore some small and simple steps – such as ONLY EVER signing in with your Google or Facebook account on TRUSTED websites.

Try and use different email addresses and user names when using online services. This makes it harder for someone to make a link between profiles on sites.

• Purple Director of Digital Jamie Wilkinson is an expert in proactively preparing communications strategies to respond to data breaches and managing communications during a data breach crisis. Email Jamie.

You can also download our Data Breach Whitepaper

More from Jamie:

• Five takeaways from the latest Notifiable Data Breach Scheme stats
• We have the data – now what?
• Why OAIC is an acronym every business must know
• Four good reasons professional services need video marketing