The internet has become the world’s first stop for accessing knowledge, exchanging ideas and sharing information with people from all over the world. Over time, our digital footprint (the things we say and do online) paints a very detailed picture of our real life identity. As we communicate across multiple platforms to learn, work, connect and play we leave a trail of identifying and personal information. There is a risk that the information and content you share, may fall into the hands of strangers.
To dox refers to the process of gathering and publicly broadcasting personal or identifying information on the internet, typically with malicious intent. This information may be collected explicitly by someone searching through a profile, where a user has voluntarily shared these details on a public or private site, or implicitly through posts, comments and imagery that our followers may find. The term “doxing” is effectively “document dropping” which means to retrieve documents/documentation about a particular person or company in order to learn more about them or build a profile of details that could be one day used against them for benefit.
How does doxing occur?
The internet is the world’s largest information repository. In its early stages, only tech savvy individuals could publish online. With social networking and publishing tools so easy to access today, many individuals turn to the internet to connect with others and curate information to those who follow them. This has opened up a space for people to share small (or large) pieces of information about themselves. We can learn a lot about an individual by collating the details which paint a full picture about someone to the point of even predicting future behaviours. Here are just a few ways your personal identifiable information may be indirectly be given away online:
- Have you posted a photo of yourself at locations you frequent regularly?
- Have you shared a photo in a school, work or club uniform?
- Do your friends wish you happy birthday on social media?
Why do people ‘dox’?
Most people perform a form of doxing out of general curiosity. We have all being guilty of Googling the name of a person, harmlessly “Facebook stalking” or scrolling through a new friend’s Instagram to see if we can learn more about them. We can start to gain insights into this person through exploring their listed interests, interpreting their posts, or observing their behaviours through photo and videos. Unfortunately, there are some individuals that use the information they collect on others online for the purpose of blackmailing or taking revenge by threatening to expose the information they have gathered about the person.
What are the consequences of doxing?
It can be embarrassing when your private data, imagery or information falls into the hands of people who are not intended to have access to such information. Things can worsen if the doxed information such as a person’s social activities, medical history, sexual preference and other private information is made public. This can have a serious threat to health, livelihood or relationships of the victim. In many cases, it is difficult for authorities to prosecute offenders of doxing because the victim themselves has shared the information or details publicly or privately.
How do people access my information?
Generally people don’t consider the implications of oversharing until it’s too late. Most information that has been accessed about you online is because you published it. The following are some of the most commonly targeted pieces of information that can be easily obtained through doxing across social networking and gaming platforms, personal websites and blogs:
- Full name
- Date of birth
- Email addresses and usernames
- Phone number
- Hobbies and interests
- Friends, family and acquaintances
- Frequented locations
- Workplaces, schools or clubs you attend
It’s always good practice to keep the above pieces of information hidden. Even though it is not possible to do this in all cases, you can still take care to protect as much information as you can from going public by thinking before you post.
Proactive strategies to protect your personal information:
It’s important for digital citizens to take control of their own privacy and security by having a personal set of protocols. Here are our top tips:
- Do not upload personal photographs on public profiles, websites or blogs. If you do, make sure that your album is hidden from public and search engines.
- Lock down your personal profiles (to private) and audit your followers to ensure that every person who follows you, you know in person.
- Carefully review what others can see about you in the ‘About Me’ sections of your profile.
- Make use of the privacy settings available to you in your social networking and gaming profiles. Whilst they will differ between platforms, look out for ways to protect individual albums, videos, posts and comments.
- Do not use the same email address for all your profiles/accounts. Instead, create separate email IDs for individual activities such as gaming and social networking, forum participation, banking accounts etc.
- Google yourself to see what information is outwardly published about you online. If there is information about you that you do not want public, request to have it removed. If your information has been shared without your consent you can report at https://www.esafety.gov.au/report
- Discuss your privacy protocols with your friends and family, such as always asking your permission to post photos of you and your family, not sharing the names of your children in public forums, or not broadcasting a happy birthday message to you to all that follow them.
- Learn more tips for protecting your families privacy and security at Privacy Awareness Week – Make privacy a priority | OAIC
- Take the time to have conversations with your children about their use of technology and what personal information they might be sharing online. You can use our conversation checklist as a starting point.
Who can help me?
Do not succumb to threats. According to Australian law, if this behaviour is used to menace, harass, or offend (using a carriage device) it may be considered unlawful, therefore you should report it to the police. If you are being Cyberbullied or someone is threatening to expose an intimate image of you (image-based abuse) you can report this behaviour to the Office of the eSafety Commissioner via https://www.esafety.gov.au/report
Cyberbullying, harassment and threatening behaviour (including doxing) is against the Terms of Service of most online platforms. You can report the user directly to the platform, they’ll usually suspend the person’s account, or force them to take the post down or delete the post in question.
The final word:
Remember, over time, the information you curate online about yourself can provide a pattern of behaviour which could be used against you in a threatening manner. The things that people could publish about you are the things that you’ve already given away about yourself, so take control and think before you post.