Whether or not you’ve heard the term “doxxing” before, you’re probably familiar with the problem it names: collecting personal information about someone online to track down and reveal their real-life identity. The motivations for doxxing are many, and mostly malicious: for some doxxers, the goal in tracking someone is identity theft. For others, it’s part of a pattern of stalking or online harassment to intimidate, silence or punish their victim – and overwhelmingly, victims are youth and young adults, women, and LGBTQ+ people. The truth is, most of us have information online that we don’t realize can put us at risk, and that’s why I’ve written this series: to inform readers about how doxxing happens, and how you can protect yourself from this very real and growing problem by doxxing yourself.
THAT SOUNDS HORRIBLE! SO WHY “DOX MYSELF”?
In computer security, we talk about the idea of a “security mindset”: understanding how someone with bad intentions would cause harm, and being able to think like they would to find weak spots. In this series, you will learn by doing. By understanding the tools and methods used by those with ill intent, you’ll be better prepared to keep yourself safe and your information secure.
Your mission, should you choose to accept it, is to follow along and find out everything the internet knows about… you!
HOW DO I “DOX MYSELF”?
This series will provide simple steps for you to follow as you begin your investigation. Along the way, as you get familiar with the tools and tactics of internet sleuths, you’ll get a better idea of your current internet footprint as well as know what tracks you leave in the future. Our process will be split into three main sections:
- REVIEW: Before you can decide what to do with personal data online, you first have to take inventory of what’s out there. We’ll start analog with a brainstorm of your basic personal information and the usernames/emails you use most, and then leverage some free tools to build a more comprehensive list of lesser-used accounts you might have abandoned or forgotten.
- RESTRICT: Next, you’ll tackle the shortlist of accounts and services you use actively or rely on. Because this is where you likely store the most sensitive information and log the most activity, you’ll want to secure these first. We’ll then look at some password best practices, add strong authentication, and review permissions on social media posts.
- REMOVE: Odds are, in the process of review, you’ll find information or accounts you no longer want to share, or never intended to share in the first place. So let’s clear the clutter and delete these accounts you no longer need. In this step, we’ll also take a look at what data brokers are and how you can start the process of opting out of their databases.
Information is power. And in the case of doxxing, most people don’t realize how much of their power they’re giving up! My goal in this series is to demystify the methods used for doxxing, so in the spirit of “showing my work,” here are some of the best resources and collected checklists I referenced when planning these exercises, along with how to best use each:
Reference Resources
- NYT Social Media Security and Privacy Checklists: Journalists depend on good digital privacy not only for their own safety, but for their sources as well. This is a great resource for reviewing your presence on the most common social media platforms, as well as some best practices for keeping those accounts safe.
- Self-Doxxing Guide: Access Now is an advocacy group for digital human rights, including the right to privacy. They provide a broader guide beyond social media, covering some of the search and reverse image search engines that we’ll look at in this series.
- Intel Techniques: Personal Data Removal Guide: When it comes to locking down your private data, there’s few better qualified than Michael Bazzell. He literally wrote the book on both open-source intelligence (sometimes abbreviated as OPSEC, this is an industry term for personal information collected through publicly-accessible resources) AND the book on defending against these tactics. This workbook, which he provides as a free resource through his site, will give you a step-by-step checklist of the major brokers we’ll discuss as well as lesser-known providers.
- Gender and Tech Safety Resource: Seven out of ten LGBTQ+ people have experienced online harassment, and half have experienced severe harassment including doxxing. This detailed guide covers previously-mentioned tools, as well as secure browsers, virtual machines, and much more in-depth security hygiene than we’ll have time to review in this series.
If this looks like a whole lot of homework… don’t worry! We’ll cover most of the core tools and tips mentioned in these resources through the course of this series, and we’ll revisit these links at the end of the series when you’ve gotten more context on what they cover. In the next article, we’ll take on the review step of our process, getting a holistic inventory of what personal information is currently available online so you can prioritize the most important fixes. See you soon!
We’d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!
Cisco Secure Social Channels
Instagram
Facebook
Twitter
LinkedIn
This content would be much improved by linking out to the next post or adding a ToC for the series as a whole. I would refer more people to what is otherwise a thoughtful and useful resource but for that! Thank you for doing this work!