Redazione RHC : 16 July 2025 11:32
Doxing (short for “dropping dox,” sometimes written as Doxxing) is the act of revealing personal information about someone online, such as their real name, home address, workplace, phone number, financial information, and other personal information. This information is then released to the public, without the victim’s permission.
While the practice of revealing personal information without consent predates the Internet, the term Doxing first emerged in the world of cybercrime in the 1990s, where anonymity was considered sacred.
Feuds between rival hackers sometimes led to the “release of documents” relating to other hackers online, which previously was typically the name behind a given username or alias. The definition of doxing expanded beyond the hacker community and now refers to the exposure of personal information.
Although the term is still used to describe the identification of anonymous users, that aspect has become less relevant today when most of us use our real names on social media. In the days of bulletin board systems, this wasn’t the case, as everyone had a nickname or alias.
Recently, doxing has become a tool in the culture wars between rival criminal gangs who dox those with opposing views. Doxers aim to escalate their conflict by moving it into the real world, revealing information that includes:
Doxing attacks can range from relatively trivial, such as fake email signups or pizza deliveries, to very dangerous, such as harassing a person’s family or employer, identity theft, threats, or other forms of cyberbullying, even personal harassment.
Celebrities, politicians, and journalists are among those who have been “doxed,” in extreme cases even with death threats. Doxing first came into widespread awareness in December 2011, when the hacktivist group Anonymous disclosed the detailed information of 7,000 law enforcement officials in response to investigations into their hacking activities.
Since then, Anonymous has doxed hundreds of alleged KKK members, and their most recent targets include Q-Anon supporters.
The motivations behind doxing vary. People feel attacked or insulted by their targets and may seek revenge as a result. If someone becomes known for their controversial views, they may target those with opposing views. However, this tends to be the case when the topic is particularly polarized, rather than everyday political disagreements.
Intentionally revealing personal information online is usually done with the intention of punishing, intimidating, or humiliating the victim. That said, doxers may also see their actions as a way to right perceived wrongs, bring someone to justice in the public eye, or reveal an agenda that has not previously been publicly disclosed.
Regardless of the motivation, the primary purpose of doxing is to violate privacy and can put people in uncomfortable and dangerous situations, sometimes with disastrous consequences.
We live in the age of big data, where there is a vast ocean of personal information on the Internet, and people often have less control over it than they think. This means that anyone with the time, motivation, and interest can turn that data into a weapon. Some of the methods used are:
Many people use the same username across a wide variety of services. This allows potential doxers to build a picture of the target’s interests and how they spend their time online.
Anyone who owns a domain name has their information stored in a registry that is often publicly available via a WHOIS lookup. Let’s assume the person who purchased the domain name did not hide their private information when purchasing it. In this case, personally identifiable information (such as name, address, phone number, company, and email address) is available online for anyone to find.
If the person uses an unsecured email account, they may be the victim of a phishing attack. In this case, the attacker can easily discover sensitive data.
If your social media accounts are public, anyone can find out information about you through cyberstalking. They can find out your location, workplace, friends, photos, likes and dislikes, places you’ve visited, the names of your family members, the names of your pets, and so on. Using this information, a doxer could even work out the answers to your security questions, which would help them break into other online accounts.
While most personal records aren’t available online, a fair amount of information can be gleaned from government websites. Examples include databases of business licenses, documents, marriage licenses, DMV records, and voter registration records—all of which contain personal information.
Criminals can use various methods to discover your IP address, which is linked to your physical location. Once they know it, they can use social engineering tricks to learn more about you. For example, they may file complaints about the owner of the IP address or attempt to hack the network.
Once an attacker knows your cell phone number, they can learn more about you. For example, reverse phone lookup services like Whitepages allow you to type in a cell phone number or any phone number to discover the identity of the person who owns it. Sites like Whitepages charge fees for providing information outside the city and state associated with a cell phone number. However, those willing to pay can discover additional personal information about you from your mobile phone number, or by using open-source tools like PhoneInfoga, which we discussed on Red Hot Cyber.
The term packet sniffing is sometimes used in relation to doxing. This refers to doxers that intercept your internet data, looking for everything from your passwords, credit card numbers, and bank account information to old emails. Doxers do this by connecting to an online network, breaching its security measures, and then capturing data entering and leaving the network. One way to protect yourself from packet sniffing is to use, for example, a VPN.
There are brokers who collect information about people and resell it for profit. Data brokers gather their information from publicly available documents, loyalty cards (which track your online and offline shopping behavior), and online search histories (everything you search for, read, or download). Many data brokers sell their information to advertisers, but several search sites offer complete records on individuals for relatively small sums of money. All a doxer needs to do is pay this small fee to obtain enough information to dox someone.
The information found can be handled in a threatening manner, for example, tweeted at the victim in response to a disagreement. Doxing may be less about the availability of the information and more about how it is used to intimidate or harass a target. For example, someone with your address can locate you or your family. Someone with your cell phone number or email address can bombard you with messages that disrupt your ability to communicate with your support network. Finally, someone with your name, date of birth, and Social Security number could also hack your accounts or steal your identity.
Anyone with the determination, time, internet access, and motivation can create a complete profile of someone and publish it unknowingly online.
This is called Doxing.
Doxing can be life-threatening, as it can expose targeted individuals and their families to harassment both online and in the real world. But is it illegal?
The answer is usually no: doxing tends not to be illegal if the exposed information is publicly available and obtained through legal means. That said, depending on your jurisdiction, doxing may fall under laws designed to combat stalking, harassment, and threats.
It also depends on the specific information disclosed. For example, revealing someone’s real name is not as serious as revealing their home address or phone number. However, in the United States, doxing a government employee falls under federal conspiracy laws and is considered a federal crime. Because doxing is a relatively new phenomenon, the laws surrounding it are constantly evolving and not always clear.
Regardless of the law, doxing violates many websites’ terms of service and, therefore, can result in a ban. This is because doxing is generally considered unethical and is mostly carried out with malicious intent to intimidate, blackmail, and control others, exposing them to potential harassment, identity theft, humiliation, job loss, and rejection by family and friends.
Redazione