The Dark Side of Doxing: Unveiling the dangers of online privacy invasion....by Gurjot Singh Kaler 

Chandigarh: Securing our personal data presents an ongoing challenge and no one is immune to the threat of doxing. In the past, internet trolls targeted celebrities and public figures, but now, doxing extends to everyone. 

With the internet's increasing influence, anyone can become a victim. All it takes is someone with ill intentions to search, compile, and share your private information, potentially leading to job loss, public humiliation, or harassment.

A single innocuous interaction or misguided engagement online can trigger a chain reaction, leading to the exposure of our private information. Doxing, also known as doxxing, entails the unauthorized use of individuals' or companies' data, extracted from various corners of the internet. Doxing doesn't always involve publicizing private information. Sometimes, criminals use it to gather personal details for hacking or account breaches. Instead of sharing this data publicly, they collect it to exploit vulnerabilities in your online accounts.

Doxers often pursue varied objectives. On one hand, they may seek to extort or defraud the victim by leveraging the acquired information for monetary gain. On the other hand, they may strive to enhance their notoriety by taking credit for their actions, showcasing their prowess, and disparaging the victim in the process. To thwart this perilous form of cyber assault known as doxing, it is imperative that we arm ourselves with necessary knowledge and awareness.

The term "doxing" originates from the phrase 'Dropping Dox', with 'dox' being short for documents. Its roots lie in hacker and internet culture, gaining prominence in the 1990s when the exposure of individuals' personal information became prevalent.

 Initially, confined to online communities, doxing involved the malicious retrieval and disclosure of private data to harm the targeted individual.

In essence, doxing involves the collection and dissemination of private information about a person online without their consent. This data may encompass physical addresses, phone numbers, email addresses, employment history, and other personal details.

Doxing can occur through various means, such as inadvertently sharing personal information on social media posts, experiencing data breaches, or being subjected to surveillance through tracking devices. While there are some legitimate uses for doxing, such as aiding in risk analysis or law enforcement investigations, it's primarily employed for malicious purposes like shaming, extortion, or vigilante justice

. For instance, disgruntled individuals or jilted lovers may resort to posting personal details of their partners on inappropriate websites like escort services platforms to harass and seek revenge. Doxing not only jeopardizes internet users' privacy but also poses physical safety risks, as victims may face harassment or be targeted for dangerous pranks like swatting.

Motivations behind doxing range from mere invasion of privacy to online harassment or stalking. It constitutes a severe breach of privacy and can lead to significant legal repercussions. In today's digital landscape, fostering prevention measures and raising awareness about this practice are paramount to safeguarding oneself and one's family online.

There are four main types of doxing:

1. Celebrity Harassment: Targets celebrities for harassment, such as the case with Paris Hilton.
2.  
3. Targeted Doxing: Focuses on individuals due to personal disputes or actions, like Curt Schilling exposing online harassers of his daughter.
4.  
5. Faulty Doxing: Mistakenly links innocent people to crimes, as seen with Sunil Tripathi wrongly accused as the Boston Bomber.
6.  
7. Swatting: Involves hoax calls to police, leading to dangerous raids, such as the fatal shooting of a man following a false hostage report.

Methods of information collection through Doxing :

Doxers employ various tactics to unearth your information. They may scour your social media profiles and connections, pinpoint your IP address for location details, initiate phishing schemes, or search through public records.

1. Social Media- 

Gathering information through social media emerges as a prevalent technique in doxing. Platforms such as Facebook, Twitter, and Instagram serve as virtual platforms where users willingly share personal details. Using these platforms, doxers accumulate data like individuals' full names, residences, personal relationships, employment history, and various aspects of their daily lives.

1. Public records- 

Whether found online or within governmental archives, the public records present another avenue for data collection. These records encompass property ownership details, civil records, legal histories, and other documents available for public access. 

2.Social engineering-

It involves manipulating individuals to extract confidential information, plays a critical role in doxing. In this context, doxers employ persuasive tactics to coerce victims into revealing personal details, such as passwords or answers to security questions. Often, social engineering tactics complement online data gathering to construct a comprehensive victim profile.

3. Hacking-

The unauthorized access to computer systems to obtain information, represents a more sophisticated method utilized by skilled doxers. With technical expertise, these individuals breach private accounts, emails, or other electronic systems containing sensitive data. 

How to Avoid Doxing-

Preventing oneself from falling victim to doxing can demand considerable effort and resources, necessitating practices such as fortifying passwords, minimizing personal information shared on social networks, and employing authentication apps or security keys. 

Even the owner of Facebook, Mark Zuckerberg faced identity theft on his social media accounts when cybercriminals from OurMine breached his Twitter and Pinterest profiles. They openly claimed responsibility, revealing Zuckerberg's compromised LinkedIn password. This highlights the necessity of robust password security for online accounts, even for prominent figures like Zuckerberg.

1. Generating Strong Passwords is critical to avoid doxing. Craft passwords that are difficult to decipher by incorporating a mix of uppercase and lowercase letters, numbers, and special characters. Steer clear of using identical passwords across multiple accounts. Instead, leverage password management tools to generate and securely store unique passwords. Routinely update passwords to mitigate the potential fallout from a security breach.
2. Customized Settings: Take the time to review and customize the privacy settings on each social media platform based on your preferences. Since not all platforms offer the same features, it's essential to familiarize yourself with the specific options available on each one. Fortunately, major social media platforms have enhanced their privacy features significantly. It's recommended to review and adjust privacy settings across all profiles, ensuring personally identifiable information like phone numbers and addresses is only visible to trusted contacts.
3. Steer clear of third-party login options. These services may request information shared with other platforms, increasing the risk of your personal data being aggregated and potentially exposed in breaches. Whenever feasible, refrain from registering on websites using social network or other accounts that contain your genuine information. Connecting one account to another facilitates tracking your online activities, such as linking your comments to your real name. To address this issue, maintain at least two email accounts: one for real-name accounts and the other for anonymous usage on websites. Additionally, employ distinct nicknames across various platforms to complicate the collection of information about your online presence.
4. Minimize Information Exposure: Decrease the visibility of your personal details to prevent potential leaks. Remove the geotag from your photos and mask your IP addresses of computers through Virtual Private Networks (VPN) services. Limit access to your friend list, previous posts, and contact information to a select audience. Regularly review app permissions to monitor shared and accessible information. Apps often request personal data like your address book or location. Assess these requests thoughtfully (e.g., does a recipe app truly need your age?) and minimize permissions granted to your device's apps whenever feasible. Online quizzes may seem harmless, but they often gather personal information that can be exploited. Some quiz questions may even double as security questions for passwords. Without clarity on the quiz's source and purpose, it's best to avoid them entirely. Similarly, mobile apps can pose privacy risks. Many apps request unnecessary access permissions, such as to contacts or social media profiles. While it's not feasible to avoid all such apps, scrutinize permission requests carefully to ensure they're essential for the app's function. For example, an image editing app typically doesn't require access to your contacts. While requesting permission for the camera or photos is reasonable, asking for access to contacts, GPS location, and social media profiles raises suspicion.
5. Segment Content: Utilize tools such as friend lists or groups to categorize your contacts and regulate which groups can view specific types of content. Be cautious about your public social media activity. Protect yourself by adjusting privacy settings and considering making some accounts private. While a consistent username can enhance visibility for professional and personal branding, using distinct usernames for other accounts can hinder doxers' efforts to compile information from multiple sources. Unless you're a celebrity or social media influencer with a distinct online presence, opt for unique usernames on various platforms. This practice makes it challenging for potential doxers to piece together your identity. While managing multiple usernames and passwords can be cumbersome, password management software can help streamline the process.
6. Universal Implementation: Activate two-factor authentication across all accounts where it's available. This approach enhances security by necessitating extra verification steps. Also, choose better and secure two-factor authentication methods, such as authentication apps or security keys, to mitigate the risk of text message interception.
7. Preventing doxing necessitates ongoing vigilance over your accounts. Should you notice any suspicious activity, promptly report it to the relevant platform. Employing a robust VPN while connected to a secure Wi-Fi network serves as an effective means to conceal your location from potential doxers. Typically, every website you visit can detect your IP address, potentially exposing your location and identity. VPNs enhance online privacy by providing a fake IP address linked to a different location, thwarting attempts by doxers to trace your online activity. However, it's crucial to choose a secure VPN, as not all options offer adequate protection. In the unfortunate event of your information being compromised online, it's imperative to promptly involve law enforcement authorities.
8. Safeguard your domain registration data from WHOIS database :WHOIS holds public records of registered domain names, disclosing owner information, and contact details—data sought after by doxers. If you intend to maintain anonymity while running a website, ensure your personal information is concealed within the WHOIS database. Domain registrars offer privacy settings to shield your details—reach out to your registrar for instructions on activating this feature. Opt for pseudonyms when engaging in online forums to safeguard your identity. Avoid using identical usernames across platforms to prevent account linkage. Additionally, reach out to data brokers to request the removal of your personal information, albeit a time-consuming process, it minimizes public access to your data.
9. Do a personal data audit – Self-Doxing: To assess your privacy status, adopt the perspective of a doxer and search the internet for information about yourself. This approach allows you to identify any vulnerabilities in your social network accounts and uncover any personal data circulating online. Use the findings to locate the source of this data and explore options for its removal. For ongoing monitoring, set up Google alerts for any new search results containing your name.
10. In nutshell, to avoid becoming a victim of doxing, exercise caution when sharing personal information online, including photos and videos, even if they're temporary. Remove Personally Identifiable Information (PII) such as your address, date of birth, and phone number from your social media profiles. Review your followers and decline requests from unfamiliar individuals. Request the removal of your personal data from public records websites like BeenVerified, FastPeopleSearch, and Whitepages. Delete unnecessary apps and browser extensions to prevent the collection of your data. Limit location tracking by disabling location services for each app and platform. Activate privacy settings on social media, apps, and websites to enhance your online security and protect your personal information.

If you've been doxed, take these steps to safeguard your personal information:

1. Report it: Inform the platforms where your information was shared by the doxer.
2. Involve law enforcement: If you've been threatened, contact local authorities and provide them with details of the incident.
3. Document: Keep records and screenshots of the attack for law enforcement purposes.
4. Secure accounts: If financial information was exposed, notify your bank and credit card companies immediately. Change passwords for online accounts.
5. Update privacy settings: Adjust social media privacy settings to the most secure options to prevent future attacks. Revise passwords, activate multi-factor authentication, and assess privacy configurations.
6. Seek assistance: Doxing can be emotionally challenging. Rely on friends or family members for support during this time.

Cybersecurity Education is essential to evade falling prey to this form of cyber threat. Being aware of the risks and potential repercussions is paramount, as is adhering to educational guidelines.

Here are four crucial points to remember:

1. Keep abreast of the latest doxing threats and tactics.
2. Educate your peers and family members on the dangers of doxing and share best practices for online safety.
3. Develop the ability to recognize potential manipulation efforts, such as misleading messages or requests for personal data.
4. Establish a routine of regularly reviewing and updating the privacy settings across all your online accounts, tailoring them to your preferences and evolving circumstances.
5.  

By integrating personalized privacy settings, secure password practices, two-factor authentication, and comprehensive cybersecurity education, you can adopt a holistic approach to thwarting doxing and safeguarding your online presence.

 Awareness and proactive measures are paramount in fortifying defenses against potential threats. Together, let us strive to navigate the digital landscape with awareness, resilience, and a commitment to protecting our digital identities.

March 27, 2024