Doxing and protection

Overview

Doxing (or doxxing), short for dropping dox (docs - documents) is the act of searching for and publishing private or personally identifying information (PII) on the internet, typically with malicious intent.

How to Avoid

Much as with protecting one's self from identity theft, the way to combat doxing focuses on minimizing the amount of identifying information that can found and correlated. 

Data Sources

Publicly-available sources

Doxers may collect information about you from internet sources like property records, social media postings, obituaries, wedding announcements, newsletters, public conferences, and web forums.

Most, if not all, of this information is publicly available. The doxer compiles information from multiple public-facing sources to reveal sensitive information about the victim, such as the victim’s home address, family members, photos, workplace, and information about the individual’s habits, hobbies, or interests. The seemingly innocuous information we post or share can be put together to develop a detailed dossier about us.

Data Brokers

Doxers may also use data brokers or people-search sites that compile information from public and commercial sources and then sell this information to companies or the public. These brokers may obtain commercial data from retailers, catalog companies, magazines, and websites.

Limiting Available Data

Limit what you share online

  • Be careful about what you choose to share online. Some of the publicly available information (e.g., public records) may be out of your control, but remember that anything you post on the internet might be misused, including photos. Once it’s online, you cannot take it back.
  • Avoid posting information that may increase your chances of being targeted for doxing. Not all information has the same sensitivity level. For example, don’t post information about your job on social media, especially sensitive details about your job duties or your physical location. Avoid posting information that might be used to answer website security questions, such as your pet’s name, or where you were born.
  • Turn on privacy settings on social media, mobile applications, and other websites. Be careful about the connections or friends you may have on these sites.
  • Limit your use of third-party applications on social media and the use of social media accounts to log into other websites. These third-party applications receive PII from your profile when you use them.

Opt-out from data brokers

  • Unfortunately, this can be a time-consuming process, and your information may reappear when data brokers receive new or updated data sources, so everyone must weigh the potential benefit against the effort required.

Staying secure

  • Set up two-step authentication, use complex passwords, and avoid using the same password for multiple accounts to help prevent the hacking or hijacking of your accounts.
  • Use a Virtual Private Network (VPN) when connecting to a publicly accessible network or hotspot any time you transmit sensitive data.

How to Respond

Report it

  • If you feel you or someone else is in immediate danger, please call 9-1-1
  • Inform any pertinent parties, such as financial institutions, about what has happened right away.
  • If doxers publish your information on social media or other content providers, report it immediately and ask the service provider to take them down.
  • If you are a University of Oregon student, you may report a concern to the Office of the Dean of Students.
  • If the incident exposed any University of Oregon accounts or protected data, report to the Information Security Office
  • If the incident involves threats or if the information was gleaned in a potentially illegal manner, you should contact the police and let them know. The University of Oregon Police Department's non-emergency line at 541-346-2919.

Document what happened

  • Use screenshots, download web pages, and take the time to write out what happened. This information can help you keep track of what information was shared as well as help the authorities and others address the attack.

Protect financial accounts

  • Immediately contact your credit card company or bank to prevent financial information from being used to steal from you.

Secure your accounts

  • Bolster your privacy settings and change passwords and security questions for all your accounts, especially those containing information that could be used by a doxer.
  • Set up two-step authentication on your online accounts.

Get support from family or friends

  • You can reach out to someone you trust for assistance and emotional support so you do not have to deal with it on your own.

Other Resources

Print Article

Related Articles (5)

How to report phishing attempts to our Information Security Office.
Learn more about identity theft: what it is and how to avoid, detect, and handle it.
Information of how to protect your information from hackers and identity thieves.
Some tips for how to value your data — such as your location, contacts, and photos — as much as the people and companies who buy it.
Learn about UO Cybersecurity Basics, an online training available to all UO employees, and about cybersecurity awareness.