What is doxing, and how to avoid getting doxxed

Tips & tricks
7 mins
A monitor with windows showing different personal details in a doxing campaign.

Your home address, phone number, passport number, and credit card numbers are all highly sensitive and private information that you use and share with people and institutions when you need to. When someone else dumps all that information about you, in public, with clear malintent, that’s doxing.

Cyberbullying and stalking are unfortunately prevalent online, with doxing becoming a popular tool to harass, intimidate, and even put people’s lives in jeopardy. It is an unenviable position, and even though there are precautions you can take on social media platforms to mitigate this, it is not sufficient.

Understanding how doxing works and identifying the most common forms of doxing will help you protect yourself from online harassment and having your private information leaked on the internet.

Because unless you’ve taken the time to tighten up your online privacy and security settings, a lot of your personal information is available online.

Jump to…
What is doxing, and how does it work?
Why would someone dox someone else?
What are some examples of doxing?
How do doxers obtain your information?
Is doxing illegal?
How to defend against doxing

What is doxing, and how does it work?

Doxing (or “doxxing”) is short for “dropping documents” and the act of revealing identifying information about someone online—specifically without consent.

When your personal data is exposed online, it can be used against you in several ways. Someone with your mobile number or email address could harass you with messages, a physical address could bring that harassment to your doorstep, and if sensitive information about your past were revealed against your will, you could suffer reputational damage among family, friends, or colleagues, and even the loss of employment or business. 

Doxing can result in identity theft, cyberbullying, harassment, online threats, or even physical threats. 

Why would someone dox someone else?

We often see doxing used as a method of retaliation. People often choose to dox someone if they believe they themselves have been attacked or insulted, or simply disagree with their opinions. It is sometimes seen as an exercise in vigilante justice—something that anyone can do to harm someone else that is not overtly illegal and not easily stopped.

Public figures such as politicians, celebrities, and influencers are more at risk of being targets for such harassment, but this could unfortunately happen to anyone.

What are some examples of doxing? 

Doxing is often a malicious act to intimidate or embarrass someone—for example, a journalist who’s written a controversial piece that certain people disagree with. But you don’t have to be in a high-profile position to suffer this fate.

Common examples of personal, private information about you that can be doxed include: 

  • Your real name 
  • Your home address
  • Your workplace
  • Your contact information like phone number and email address
  • Important information like your social security or passport number
  • Your credit card numbers or bank accounts
  • Criminal records
  • Personal photos or private correspondence
  • Embarrassing personal history

How do doxers obtain your information?

You’d be surprised what you can learn about a person through public records armed with just their legal name. In many places, voting registration information is public and vehicle ownership information can be obtained through government departments or insurance companies. Court records are often easily searchable, as are professional licenses.

Be very careful about what you share online—especially your location. Think twice about posting that Starbucks selfie if your social media profile is publicly accessible and you’ve opted in to location tags; or what information you share on public forums like Reddit. Posting about local elections or your children’s school bus route (“First day of school! #proudparent”), for example, can give doxers clues about you and your family’s location. 

Doxers or online stalkers may be able to use an IP logger to trace your online activities and gain personal information. Even though your IP address is owned by your internet service provider, it can still reveal details about you (here’s where a VPN comes in handy). 

Is doxing illegal? 

Doxing isn’t always illegal, but it is highly unethical. Doxing often exposes information readily available in public records and obtainable through legal methods. 

So even if your previous criminal record, marriage certificate, or address is posted online without your consent, it’s not illegal in some jurisdictions—even if it’s immoral and a violation of your right to privacy. 

Doxing information that isn’t in the public record, such as your credit card details or bank account, is illegal.

Beyond psychological harm and the feeling of helplessness doxing and online stalking causes, in extreme cases, it can translate to a physical threat if your real-world location is doxed.

How to protect yourself from doxing

There are ways to protect against online harassment and ensure doxing or stalking doesn’t become a physical threat to you or your family. 

Our guide on tech safety for survivors of domestic violence serves as help for those seeking to protect themselves using technological means.

Beyond technology, legal deterrents have proven to be largely insufficient in preventing online harassment. Unfortunately, and unfairly, this means we have to take action to protect ourselves and those close to us. There is still hope: Precautions against online harassment do not require advanced knowledge of technology. Solutions are cheap and easy to learn, so read on for ways to defend yourself against doxing.

 

1. Don’t use your real name online

Your best protection against harassment and being doxed by online stalkers is to separate your legal identity from your internet handle.

If your online pseudonym isn’t connected to your legal identity, it’s much harder to be doxed and therefore fewer resources are required to defend your physical space and protect those around you.

If you need help creating one that isn’t personalized to you, use a random username generator to make one.

 

2. Find out what information is out there

Knowing what information is publicly available can help you anticipate and prevent being doxed. Regularly search for your own name online, or even hire a private investigator to compile the information they find about you.

You can legally hide private records with lawyers and shell companies. Similarly, vehicle registration or homeownership can be registered to companies in privacy-friendly jurisdictions.

Stay anonymous on the internet whenever you can and be wary of de-anonymization methods. Revealing your legal name should be a conscious action and not something someone else controls. Separating your online activity between anonymous browsing, pseudonyms, and legal name is a good practice to avoid danger and frustration.

 

3. Use Google? Delete your Google Activity frequently

Google Activity knows every link you’ve followed, every image you’ve clicked on, and every website you’ve visited—even if you’ve cleared your search history. Disabling or deleting your Google Activity history is therefore a good way to minimize the chances of this data being maliciously accessed and used against you. 

It’s also a smart move to turn off your phone’s GPS and delete your Google Maps Timeline, which keeps a record of routes you may have taken and places you may have visited based on your location history.

 

4. Secure your social media presence

Many social media platforms set your privacy settings to “public” by default. Changing this setting is a simple but effective way to prevent unwanted attention via social media.

Also pay attention to other information you may include in your posts, images can reveal a lot about where you are.

Infographic: How to post privately on social media

 

5. Tighten up your password security

Don’t use easy to guess passwords containing common words like “password,” simple sequences like “1234,” or ones that include the names or dates of birth of your partner, children, or pets. 

Re-using passwords across different sites and apps is also a bad idea: If one account is compromised, then all your accounts are liable to be compromised. If you struggle to remember several long, complex passwords, consider using a secure password manager across your devices.

Use two-factor authentication wherever possible. This extra level of security means that once you enter your password, you’ll be sent a code to input (usually via SMS, email, or via an authenticator app on your device) before you can access your account.

 

6. Use a VPN when you’re online

Using a VPN is an excellent way to be more anonymous online as your device traffic is redirected through a secure and encrypted VPN tunnel. VPNs also make your location private by masking your real IP address, so no third parties snooping around can gain clues to your real-world location. 

If you’re connecting to public Wi-Fi networks, such as in cafes, hotels, or airports, it’s advisable to encrypt your traffic with a VPN—especially if you’re accessing your social media profiles or internet banking. 

If you’ve been affected by or are concerned about doxing, online stalking, or the potential for it to escalate into physical threats, read the full tech safety for survivors of domestic violence guide here.

Phone protected by ExpressVPN.
Mask your IP address with a VPN

30-day money-back guarantee

A phone with a padlock.
Enjoy a safer online experience with powerful privacy protection
What is a VPN?
Lexie is the blog's resident tech expert and gets excited about empowerment through technology, space travel, and pancakes with blueberries.