Privacy on the internet: the danger of doxing

Privacy on the internet: the danger of doxing

The term doxing derives from the slang “dropping mix” or “dropping docs”, which was a revenge tactic used in hacker culture in the 1990s. Doxing is a type of cyber attack which aims to reveal and publicize the records of an individual, which were previously private or difficult to obtain. The process is simple: the conflict is moved from the internet to the real world by sharing personal information such as name, home address, employers, criminal record and other sensitive information that can put the victim at risk of losing their job or in immediate danger. The term doxing was heard for the first time when, during a feud between hackers, one of the two decided to publish documents revealing the secret identity of his rival who until then had only been known by an alias.

The practice soon came out of the hacker circuit, especially with the spread of the use of the internet all over the world. With the advent of social media doxxing increased, often targeting famous people: politicians, journalists, social media influencers and youtube celebrities. Normally, the “doxer” monitors the victim’s social media account in the search for information and in order to trace sensitive content. Other times the information is bought, often from the dark web. Sometimes doxing is confused for an extortion attack, but the two differ. In an extortion attack, the victim is denied access to valuable information and can only solve it by paying, whereas in doxing the victim retains access to their private information, but not control over their circulation.

But if doxing is a matter of sharing information without consent, this should be illegal, right? Well, yes and no. As most data are published on the internet by users themselves, their circulation is allowed when the person concerned opts for publication. Doxing is therefore potentially a danger to anyone with an online presence. Therefore, despite its anti-ethical thrust, doxing is not illegal to the extent that the information collected is normally already present on the web. Despite that, there are some cases where doxing is prosecutor, depending on the geographical area in which the person is. For example, if doxing is performed for cases of the stalk, harassment, identity theft, financial gain, this can be prosecuted in some States.

So what are some good practices to avoid doxing? First of all, if you are using social media, follow strict social media privacy practices. One good practice is making sure you know the person you add on Facebook. Use VPN when navigating on the internet. VPNs stands for “virtual private network” and give you the possibility to establish a protected network connection when using the internet. They make you anonymous on the internet by hiding your isp (internet service provider), location, and online services you interact with. Try to use separate credentials (passwords and usernames) for different websites and online services. Only share files with metadata with trusted people. Metadata are sets of data that describe and give information about other data. For instance, Google Docs contain names of other editors and editing time.

Most cases of doxing involve personal reasons and have the specific objective of ruining the victim’s reputation, causing loss of work or affections. It may also happen that one decides to reveal the identity of a person who posts illegal content anonymously. Sometimes doxing is an action against a government or an extremist group carried out by hackers. This last practice is called hacktivism. 

What is hacktivism? It is essentially the practice of gaining unauthorized access to systems to carry out disruptive actions in order to undermine a government, a corporation or a political and religious group. The goal is to pursue social or political justice through these methods. One of the most famous groups affiliated with hacktivism practices is Anonymous: an international and decentralized group of hacktivists widely known for their various cyberattacks. They have been active since 2003. In 2015 they carried out a major attack to the white supremacist group Ku Klux Klan.

Operation KKK was one of the few cases of doxing carried out by the group. The collective had access to a Klan associated Twitter account and decided to leak information about hundreds of members affiliated with the Ku Klux Klan, including members of government and police officers. They stated it was a form of resistance against racial violence.

“We hope Operation KKK will, in part, spark a bit of constructive dialogue about race, racism, racial terror and freedom of expression, across group lines […] The reality is that racism usually does not wear a hood but it does permeate our culture on every level. Part of the reason we have taken the hoods off of these individuals is not because of their identities, but because of what their hoods symbolize to us in our broader society,” Anonymous wrote in Pastebin.

Ethical questions; the question that now arises is, therefore: can this form of doxing be considered legitimate if it allows revealing the names of extremist groups that put human rights at risk?. The answer to this question probably depends on the perspective we take. From a point of view that concerns perceived social justice, it gives a sense of liberation to be aware of those who carry out practices that violate human rights. 

What happens from a rehabilitation point of view?. From Tony McAleer’s point of view doxing is one “passive-aggressive violence”. McAleer is a former white supremacist leader who later founded Life After Hate, a rehabilitation program for neo-Nazis. Except for the solace that publicizing the names of white supremacists may give to those who were damaged by them, the KKK doxing operation made his work more difficult. In an interview with the New York Times, he states: “For us, it slows things down. We try to integrate people back to humanity,” Mr McAleer said. “If isolation and shame is the driver for people joining these types of groups, doxing certainly isn’t the answer”. In short, once someone is labelled a Nazi on the internet, that person stays a Nazi on the internet. Online shame and opposition may make the process of detaching oneself from an extremist group a lot more difficult.

Carlotta Sofia Grassi

Leave a Reply

Your email address will not be published.