Online space feels really comfortable: you can surf and search and express yourself online, hiding behind anonimity – noone knows who you are or how you look like! When you are anonymus you can „spare“ yourself from negative reactions and comments and feel completely safe behind a creative nickname or a funny avatar.


Doxing is the shortcut for “dropping dox”. It is an online attack in which hackers dig up personal information and documents aiming to expose the real identities of people who are hoping to remain anonymous.

The goal is often to shame or harass a victim. For instance, hackers might expose the identity of an anonymous message board troll as a way to embarrass them. They might hope that the victim loses their job or is shunned by co-workers or friends.

So…what is the lesson here? It is as simple as…be careful with what you share online! You might think that the virtual world gives you the freedom to say — or type — whatever you want. You might think that creating fake identities gives you the chance to express whatever opinions you have, no matter how controversial, without anyone ever tracing them back to you.

Sorry to bother you but…this is not the case!

Doxing attacks are REAL. And it’s hard to completely hide your identity online – unless you are some super IT expert and you can manage to minimize the chances of your online identity being revealed. As a result, the best defense against doxing is to be extra careful with what you post online, and to never share private information on forums, message boards, or social media sites – no matter how safe you feel this space is.

Doxing can be illegal if someone publishes information that isn’t in the public record, such as your bank account information, credit card numbers, or birth certificate.

Apart from illegal, doxing can also be unethical, even when the perpetrators are trafficking only in information available through the public record.

Social media stalking

Many doxers scour social media accounts to seek for private information about their targets. Unfortunately, not only do people willingly share personal information on websites such as Twitter, Facebook, and Instagram — doesn’t need to be extraordinary: just vacations, new jobs and moves —, but they also provide plenty of key facts about themselves when signing up for these websites; information that determined doxers may quite easily uncover. That’s why it’s so important to keep your personal information safe on social media.

Consider Facebook. When you sign up for the site, you have the option to provide to the company every information requiested: from your date of birth to your high school and college – fields that are usually not mandatory. Be smart when signing up on social media: Don’t fill in these fields. Leave them blank.

And when posting on social media accounts, don’t be too specific about what you are doing or where you have been. Consider making your social media accounts private so that only specific people can view your posts.

Is doxing illegal?

It is a fact that doxing can upend the lives of targets. But is this practice illegal? Well…that depends.

Doxing isn’t illegal if the information exposed is part of the public record and accessible to the general public. In some countries this might also include arrest records, marriage certificates, major traffic violations, and divorce records. If the legal system allows it and someone publishes these records, even without your consent, they are not doing anything illegal. As you can easily understand…the “limits” of legality are rather vague and blurry!

What information are usually doxers looking for?

What information do hackers look for when doxing someone? The response to that would be as general as “anything that can help them expose the identity of someone who is trying to remain anonymous”.

In a doxing attack, then, hackers might publish someone’s:

  • Real name
  • Telephone number
  • Social Security number
  • Home address
  • Employer
  • Credit card numbers
  • Bank account numbers
  • Personal photographs
  • Social media profiles

How can you avoid getting doxed?

While there is no way to guarantee that you won’t ever get doxed, there are some strategies you can follow to lessen the odds. The key is to be mindful of what you post on social media and message boards. Here are some tips to follow:

Don’t overshare: Don’t overshare on social media or online forums and message boards. Sharing personal information could easily give doxers too much to work with.

Change your privacy settings: Make your posts on social media private so that only selected people can view them.

Don’t provide personal information: When signing up for social media platforms or other websites, avoid if possible to provide personal details, such as your date of birth, hometown, high school, or employer information.

Use a VPN: Signing up with a virtual private network, or VPN, can help shield your private information from doxers. When you connect to the internet by first logging into a VPN, your real IP address will be hidden. This means that hackers won’t be able to mine this address for your location or other identifying information.

Be alert for phishing emails: Doxers might use phishing scams to trick you into disclosing your home address, Social Security number or even passwords. Be extra cautious whenever you receive a message that supposedly comes from a bank or credit card company and requests your personal information. Financial institutions will never ask for this information by email.

Certain information should never be shared: Make a vow to never post certain pieces of information online, such as your Social Security number, home address, driver’s license number, and any information regarding bank accounts or credit card numbers. Remember, hackers could intercept email messages, so you shouldn’t include private details in yours.

Take care and good luck!