What is doxing, and how can you protect yourself?
The Australian government has brought forward plans to criminalise doxing, bringing nationwide attention to the harms of releasing people’s private information to the wider public.
The government response comes after the public release of almost 600 names and private chat logs of a WhatsApp group of Australian Jewish creative artists discussing the Israel-Hamas war.
As a result, some of the people whose details were leaked claim they were harassed, received death threats and even had to go into hiding.
While we wait for new penalties for doxers under the federal Privacy Act review, understanding doxing and its harms can help. And there are also steps we can all take to minimise the risk.
What is doxing?
Doxing (or doxxing) is releasing private information — or “docs”, short for documents — online to the wider public without the user’s consent. This includes information that may put users at risk of harm, especially names, addresses, employment details, medical or financial records, and names of family members.
The Australian government currently defines doxing as the “malicious release” of people’s private information without their consent.
Doxing began as a form of unmasking anonymous users, trolls and those using hate speech while hiding behind a pseudonym. Recently, it has become a weapon for online abuse, harassment, hate speech and adversarial politics. It is often the outcome of online arguments or polarised public views.
It is also becoming more common. Although there is no data for Australia yet, according to media company SafeHome.org, about 4% of Americans report having been doxed, with about half saying their private emails or home addresses have been made public.
Doxing is a crime in some countries such as the Netherlands and South Korea. In other places, including Australia, privacy laws haven’t yet caught up.
Why is doxing harmful?
In the context of the Israel-Hamas war, doxing has affected both Jewish and pro-Palestinian communities and activists in Australia and abroad.
Doxing is harmful because it treats a user as an object and takes away their agency to decide what, and how much, personal information they want shared with the wider public.
This puts people at very real risk of physical threats and violence, particularly when public disagreement becomes heated. From a broader perspective, doxing also damages the digital ecology, reducing people’s ability to freely participate in public or even private debate through social media.
Read more:
Online safety: what young people really think about social media, big tech regulation and adults ‘overreacting’
Although doxing is sometimes just inconvenient, it is often used to publicly shame or humiliate someone for their private views. This can take a toll on a person’s mental health and wellbeing.
It can also affect a person’s employment, especially for people whose employers require them to keep their attitudes, politics, affiliations and views to themselves.
Studies have shown doxing particularly impacts women, including those using dating apps or experiencing family violence. In some cases, children and family members have been threatened because a high-profile relative has been doxed.
Doxing is also harmful because it oversimplifies a person’s affiliations or attitudes. For example, releasing the names of people who have joined a private online community to navigate complex views can represent them as only like-minded stereotypes or as participants in a group conspiracy.
Engin Akyurt/Pexels
What can you do to protect yourself from doxing?
Stronger laws and better platform intervention are necessary to reduce doxing. Some experts believe that the fear of punishment can help shape better online behaviours.
These punishments may include criminal penalties for perpetrators and deactivating social media accounts for repeat offenders. But better education about the risks and harms is often the best treatment.
And you can also protect yourself without needing to entirely withdraw from social media:
never share a home or workplace address, phone number or location, including among a private online group or forum with trusted people
restrict your geo-location settings
avoid giving details of workplaces, roles or employment on public sites not related to your work
avoid adding friends or connections on social media services of people you do not know
if you suspect you risk being doxed due to a heated online argument, temporarily shut down or lock any public profiles
avoid becoming a target by pursuing haters when it reaches a certain point. Professional and courteous engagement can help avoid the anger of those who might disagree and try to harm you.
Additionally, hosts of private online groups must be very vigilant about who joins a group. They should avoid the trap of accepting members just to increase the group’s size, and appropriately check new members (for example, with a short survey or key questions that keep out people who may be there to gather information for malicious purposes).
Employers who require their staff to have online profiles or engage with the public should provide information and strategies for doing so safely. They should also provide immediate support for staff who have been doxed.
Read more:
As use of digital platforms surges, we’ll need stronger global efforts to protect human rights online
Rob Cover receives funding from the Australian Research Council.