
Doxxing can be a terrifying experience, leaving you feeling vulnerable and exposed. Doxxing is a form of harassment where someone's personal information, such as their address, phone number, or social security number, is publicly shared without their consent.
Being a victim of doxxing can have severe consequences, including identity theft, stalking, and even physical harm. In fact, a study found that 70% of doxxing victims experienced emotional distress.
To prevent doxxing, it's essential to be mindful of your online presence. This means being cautious about sharing personal information on social media and online forums. As mentioned in the article, "even seemingly innocuous details, such as your birthdate or favorite hobbies, can be used to guess your address or other sensitive information."
If you're a victim of doxxing, the first step is to secure your online presence by changing your passwords and enabling two-factor authentication. This will make it more difficult for the perpetrator to access your accounts.
What Is Doxxing?
Doxing is a neologism that originates from a spelling alteration of the abbreviation "docs", for "documents", and refers to compiling and releasing a dossier of personal information on someone.
This information can come from private sources, but is often obtained from public records. Doxing often carries a negative connotation because it can be a means of revenge via the violation of privacy.
The term dox derives from the slang "dropping dox", which was an old-school revenge tactic that emerged from hacker culture in the 1990s. Hackers used the breach of an opponent's anonymity as a means to expose them to harassment or legal repercussions.
Doxing is essentially revealing and publicizing the records of an individual, which were previously private or difficult to obtain. This can include releasing public dossiers documenting someone's activism or other personal information.
In the context of online harassment, doxing can escalate into stalking or other criminal conduct. This has been seen in cases where individuals have been targeted for their political views or activism.
Explore further: Can You Sue Someone for Doxxing
History and Types
The practice of publishing personal information about individuals as a form of vigilantism predates the Internet, dating back to the 18th century with the Sons of Liberty publishing pamphlets and newspaper articles to harass tax collectors.
The first prominent examples of doxing outside of hacker communities took place on internet discussion forums on Usenet in the late 1990s, where users circulated lists of suspected neo-Nazis and racists.
A website called the Nuremberg Files launched in the late 1990s, featuring the home addresses of abortion providers and language that implied website visitors should stalk and kill the people listed.
In 2012, a Gawker reporter revealed the identity of Reddit troll Violentacrez as Michael Brutsch, sparking accusations of doxing and a "war" on Gawker from Reddit users.
The term doxing gained wider public use in the mid-2010s during the Gamergate harassment campaign, where participants released sensitive information about their targets to the public, sometimes with the intent of causing physical harm.
From 2014 to 2020, the doxxing conversation was dominated by debate around whether unmasking a pseudonymous person was an invasion of their privacy, as seen in the case of Newsweek attempting to search for the pseudonymous developer of Bitcoin.
The search for the identity of pseudonymous individuals has led to accusations of doxing, such as in 2016 when an Italian journalist was accused of gendered harassment for attempting to find the identity of Italian novelist Elena Ferrante.
In 2020, The New York Times was accused of doxing a California psychiatrist running the Slate Star Codex blog, leading the person behind the blog to claim that the Times threatened his safety and lost hundreds or thousands of subscriptions.
Doxxing Techniques
Doxers can use various methods to discover IP addresses, which are linked to users' physical location. They can then use social engineering tricks on the target's internet service provider (ISP) to discover more information about them.

Doxers can also run domain searches to find information about a person's online presence. All domain name owners have their information stored in a registry that's publicly available through a WHOIS search.
This information can be used to intimidate or extort the victim, with fines ranging from as low as $50 up to $2,000, six months in county jail, or both the fine and imprisonment.
Doxware
Doxware is a type of cryptovirology attack that carries out doxing extortion via malware.
It was first presented at West Point in 2003 by Adam Young and further developed with Moti Yung.
The attack is rooted in game theory, originally dubbed "non-zero-sum games and survivable malware".
In a doxware attack, the attacker or malware steals the victim's data and threatens to publish it unless a fee is paid.
This is the converse of ransomware, where the malware encrypts the victim's data and demands payment to provide the needed decryption key.
It's a clever and sinister approach to extortion, using the threat of public humiliation to get what they want.
Common Techniques
Doxing can be a terrifying experience, and it's essential to know how it's done.
Doxers may use various methods to gather information, including tracking IP addresses, which can lead to discovering a person's physical location.
They can also use social engineering tricks on the target's internet service provider (ISP) to discover more information about them.
A doxer can uncover a person's IP address by using various methods, such as tracking IP addresses or running domain searches.
If the domain name owner didn't choose to obscure their private information, their personally identifying information would be available online for anyone to find.
Doxers can also use phishing scams to uncover sensitive emails and post them online.
If someone uses an insecure email account or falls victim to a phishing scam, a hacker can uncover sensitive emails and post them online.
To uncover more about a person, a hacker can use a reverse mobile phone lookup service, such as Whitepages, to identify who owns the number.
Many sites offer free or paid services to provide information about the number's owner, making it easy for doxers to gather information.
Data brokers gather personal information from publicly available records and sell it to advertisers, but some people-search sites offer comprehensive records about individuals for a fee.
To document a doxing attack, it's essential to take screenshots or download pages on which your information has been posted or shows the attacker's handle.
Tracking Usernames
Using the same username across multiple digital services can be a major mistake. This is because it allows potential doxers to build a picture of your interests and online activities.
Many hackers use this information for social engineering scams. It can also be used for doxing and swatting, which can be very serious.
Using the same username and password for different platforms is like putting a target on your back. Doxers can search through your comments on various platforms and use that information to compile a detailed picture of you.

This is why it's essential to use separate usernames for different platforms. It's a simple step that can make a big difference in protecting your online identity.
Documenting evidence of a doxing attack is crucial. This includes taking screenshots, downloading pages, and preserving emails, voicemails, texts, and social media posts that relate to the attack.
Prevention and Protection
Protect your online presence by using a VPN, which encrypts traffic and keeps users anonymous, protecting against exposing IP addresses.
Almost anyone can be a doxing victim, as public information is readily available online, making it essential to take precautions.
Use separate usernames for different platforms, such as online forums like Reddit, 4Chan, and Discord, to prevent doxers from compiling a detailed picture of you.
Change your passwords, use a password manager, enable multi-factor authentication where possible, and strengthen your privacy settings on every account you use to lock down your accounts.
Protect Yourself
You can't be too careful when it comes to protecting your personal info online. Almost anyone can be a doxing victim, even if you've just posted in an online forum or used a social media site.
Make sure to use a VPN to protect your IP address, as this can be easily exposed online. A VPN encrypts traffic and keeps users anonymous, making it much harder for doxers to track you down.
Using different usernames and passwords for each online service is a good idea, as this makes it harder for doxers to compile a detailed picture of you. If you're using online forums like Reddit, 4Chan, and Discord, make sure to use separate usernames and passwords for each service.
Enabling multi-factor authentication is another way to prevent doxing. This means that you'll need at least two pieces of identification to log onto your site, making it much harder for doxers to gain access.
Don't disclose sensitive information like your Social Security number, home address, driver's license number, or bank account numbers online. These are all pieces of information that can be used to dox you.
If you're setting up a business, be careful not to accidentally dox yourself. Some states require disclosure of a company owner's name and business address on the company charter, which can be a public record that anyone can look up.
Set up Google alerts for your full name, phone number, home address, or other private data you're concerned about, so you know if it suddenly appears online. This can be a good way to catch any potential doxing attempts early on.
Accessing Government Records
Government records can be a treasure trove of information for hackers and doxers.
A surprising amount of information can be uncovered from government websites, including business licenses, county records, marriage licenses, DMV records, and voter registration logs.
These records often contain sensitive personal data, such as names, addresses, and social security numbers.
Government databases are frequently not properly secured, making it easy for hackers to access and exploit this information.
County records can reveal property ownership, tax histories, and even court documents.
Marriage licenses can disclose personal details about individuals, including their relationship status and family history.
DMV records can provide information on vehicle ownership, driver's licenses, and even traffic infractions.
Voter registration logs can reveal an individual's voting history and party affiliation.
Famous Examples and Consequences
Doxing has been in the headlines for some high-profile incidents. One of the most infamous examples is the Ashley Madison hack in 2015, where a hacker group stole user data from the online dating site and released it online, doxing millions of people in the process.
The Boston Marathon bombing in 2013 also saw a case of doxxing, where a Reddit community inadvertently outed innocent people who were not involved in the crimes. This led to a misguided witch hunt.
Doxing can have serious consequences, as seen in the case of Tesla owners and dealerships in 2025. An online map published their personal details, including names, home addresses, and phone numbers, which led to vandalism and even a gun attack on a Tesla service center in Las Vegas.
Famous Examples
Doxing is a serious issue that can have severe consequences. The Boston Marathon bombing in 2013 is a prime example of how doxing can go wrong. Thousands of Reddit users collectively scoured news and information about the event and subsequent investigation, but in the process, they inadvertently doxxed innocent people who were not involved in the crimes.
This led to a misguided witch hunt, highlighting the dangers of doxing. Doxing can be damaging to a person's reputation and those of their associates. In the case of the Boston Marathon bombing, the doxxing was not intended to cause harm, but it still had devastating consequences.

An online map published personal details of several Tesla owners and dealerships in 2025. The map included names, home addresses, and phone numbers, and encouraged viewers to vandalize Teslas. This led to a Tesla service center in Las Vegas being attacked by someone wielding a gun and Molotov cocktail.
The doxxing of Tesla owners and dealerships was an attempt to stir backlash against Elon Musk. It's a stark reminder that doxing can have real-world consequences, including physical harm and damage to property.
Ashley Madison
Ashley Madison was a website that allowed people to date outside of committed relationships and marriages.
The website was hacked in 2015, resulting in millions of users having their sensitive data stolen and released online.
The hacker group made demands of the website's management, but when those demands weren't met, they released the stolen data anyway.
This incident is a prime example of the consequences of not taking data security seriously.
Legality and Response
Doxing can be a serious issue, and it's good to know the laws surrounding it. Doxing tends not to be illegal if the information exposed exists in the public domain and was obtained using legal methods.
However, in the US, doxing a government employee falls under federal conspiracy laws and is seen as a federal offense. In Scotland, there are no laws that explicitly ban doxing, but it could be considered a criminal offense in cases where it's seen as abusive behavior, stalking, or improper use of public electronic communications networks.
If you're a victim of doxing, it's essential to report it to the platform where the personal information was posted. Most social media platforms and community sites have their own online forms and reporting procedures, which can usually be found in their terms of service or community guidelines.
To report doxing, you'll need to fill out a form with details such as your account information, contact details, the doxer's account, and details of the doxing. The good news is that most platforms will act on doxing reports by suspending the doxer's account or making them remove the post.
Here are some common platforms where you can report doxing, along with their reporting procedures:
- TikTok
- Snapchat
- YouTube
- Substack
Is It Illegal?

Doxing can be a serious issue, but the laws surrounding it are often unclear. The US considers doxing a government employee a federal offense, punishable under federal conspiracy laws.
In many cases, doxing is not illegal if the information exposed is already in the public domain and obtained using legal methods. However, revealing sensitive information like home addresses or phone numbers is a different story.
In Scotland, there are no explicit laws banning doxing, but it can be considered a criminal offense if it's seen as abusive behavior, stalking, or improper use of public electronic communications networks.
Doxing laws are constantly evolving, and different countries have different approaches. Australia is introducing targeted doxing laws that may include jail time, but there are exemptions for public interest journalism and other specific situations.
Seek Legal Advice
If you're unsure about the legal implications of a doxing attack, it's best to seek advice from a lawyer. You'll need to outline and prove the full context of the attack, including who the attacker is and what the doxing entailed.
Documentation will be crucial in this process, so make sure to save any relevant evidence. This can include screenshots, emails, and other records of the doxing attack.
To find a good lawyer, you can ask your network for a recommendation or look for a local legal aid offer. Many schools, universities, and big companies also have legal services that can help.
You'll need to provide your lawyer with as much information as possible about the doxing attack, including the details of the report you filed with the platform it occurred on and any interactions you've had with law enforcement.
Here are some government channels you can report the doxing attack to, depending on your jurisdiction:
- UK Police
- EU Cybercrime
- Australia Esafety Commissioner
- Hong Kong Office of the Privacy Commissioner for Personal Data
Keep in mind that each jurisdiction will treat doxing differently, depending on the severity of the attack and the laws in place. Your lawyer can help you navigate these complexities and determine the best course of action.
Recovery and Safety
If you become a doxing victim, fear and panic are natural responses, but they can also lead to rash decisions. Doxing is intentionally designed to make you feel this way.
Take a deep breath and try to remain calm. It's essential to understand that doxing is not a reflection of your worth or identity.
Doxing is a violation of your sense of security, and it's crucial to prioritize your safety. Here are some steps you can take.
First, change your passwords and enable two-factor authentication on all your accounts to prevent further breaches.
Document all the incidents and evidence, including screenshots and emails, to have a record of what happened.
Reach out to trusted friends, family, or a support group for emotional support and guidance.
Featured Images: pexels.com


