How to Protect Yourself Against Doxxing 

What Is Doxxing? 

Doxxing is a form of harassment that involves publicly exposing someone's private information, such as their name, address, job, or other identifying info without their consent. 

  • Doxxing aims to shame, humiliate, embarrass, bully, harass, or otherwise harm individuals and is increasingly used to attack people with opposing viewpoints.
  • The term derives from the phrase "dropping dox (documents)" and the act typically involves gathering information, images, or videos from across multiple platforms, including social media, public databases, hacking private sources, and social engineering attacks.

Protect Your Information and Accounts 

Doxxers frequently collect information from publicly available sources, hack websites and companies that store your information for legitimate purposes, buy information from the dark web or data brokers, or compromise your accounts and networks. You can take steps that reduce your risk of being doxxed. 

Adjust your social media account settings. 

  • Keep your profiles, usernames, and handles private.
  • Avoid using your address, place of work, contact information, and specific locations in your profile and posts. 
  • Make your posts visible only to people you know.
  • Avoid sharing sensitive personal information online.

Reduce your online footprint.  

  • Close unused accounts and ask for your information to be deleted.
  • Search for yourself online to see what personal information in search results and on websites. When possible, request corrections or deletions. 
  • Take steps to remove your personal data from public data broker websites.

Be careful with public networks. 

  • If you must use public wi-fi:
    • Use a VPN.
    • Make sure you’re logging into a legitimate wireless network and not an evil twin.
    • Watch out for shoulder surfers.
    • Lock your computer or phone whenever you aren’t using it – the best way to compromise a computer is to grab it while a user is logged in.

Secure your login and domain information. 

  • Enable Multi-Factor authentication wherever possible and use an authenticator app instead of texts, phone calls, or emails.
  • Create a PIN for your SIM cards. 
  • Learn about common features of social engineering, such as phishing, and how to avoid it.
  • Use strong passwords and a password manager.
  • Vary your usernames and passwords across platforms.
  • Change your passwords periodically.
  • Hide domain registration information from WHOIS (database of all registered domain names).

Additional Resources