Difference between revisions of "Doxxing"

From SI410
Jump to: navigation, search
m (Protected "Doxxing" ([Edit=Allow only administrators] (indefinite) [Move=Allow only administrators] (indefinite)))
 
(93 intermediate revisions by 21 users not shown)
Line 1: Line 1:
[[File:Doxxing_cover.jpg|350px|right]]'''Doxxing''', also spelled '''doxing''', is the releasing or publishing of an individual’s personal information (1). This is used to intentionally reveal the identity of somebody who would like to remain anonymous individual. Personal information includes but is not limited to: an individual’s real name, address, workplace, phone number or other personal information one does not wish to share (2). There are a variety of ways to acquire this information such as social media, the use of online data brokers and any other public record available. Doxxing has become more popular with the rise of technology and the increased accessibility to public information. Although it does seem like a big deal to release someone’s information since it is all available publicly online, doxxing makes the information readily available to those who wish to threaten that person (3). There are many results of doxxing such as harassment, threats, unwanted attention and a breach of privacy. This raises many ethical issues by defaming and slandering an individual with the unwanted releasing of personal information.  
+
{{Nav-Bar|Topics##}}<br>
 +
[[File:Doxxing_cover.jpg|350px|right]]'''''Doxxing''''', also spelled ''doxing'', is the act of releasing or publishing of an individual’s personal information, usually without the knowledge or consent of the victim.<ref>Stein, Joel. “How Trolls Are Ruining the Internet.” Time, 18 Aug. 2016. http://time.com/4457110/internet-trolls/</ref> The act is often done intentionally to reveal the identity of a person who usually prefers to remain anonymous - or simply does not want his/her personal information released for public consumption. Personal information includes but is not limited to: an individual’s real name, address, workplace, phone number or other personal information one does not wish to share.<ref>Synder, Peter. Fifteen Minutes of Unwanted Fame: Detecting and Characterizing Doxing. pp. 1–13, Fifteen Minutes of Unwanted Fame: Detecting and Characterizing Doxing.</ref> There are a variety of ways to acquire this information, such as social media, the use of online data brokers, and any other public records available. Doxxing has become more popular with the rise of technology and the increased accessibility to private information. While the information that is released about a victim is usually already publicly available, doxxing can make the information readily available to those who wish to threaten or harm the victim.<ref> Hoyt, Alia. “10 Forms of Online Harassment.” How Stuff Works. https://computer.howstuffworks.com/10-forms-online-harassment3.htm</ref> The various consequences of doxxing ranges from loss of anonymity and privacy to harassment and defamation, raising many ethical concerns.  
  
 
== Background ==
 
== Background ==
The word doxxing comes from the word “docs” in reference that in many cases it is documented that is released in order to remove anonymity (3). Doxxing initially started around the early 2000s when social media started to become popular and internet users started to post information our themselves online (4). Social media has played a large part in the increasing problem of this issue as well as the increased accessibility to public records. A doxxer uses a small amount of information, such as an email address or part of a name, to trace another online user to other social media accounts and platforms. Once the information is put all together it is leaked online for the public to see, taking away not only the user’s anonymity but the right to their privacy. Anonymity plays a large role in the participation of doxxing. More people feel safe participating in this form of online harassment because they, themselves are protected by anonymity.
+
Doxxing originates from the word “docs” because, in many cases, doxxing starts from the gathering of actual documents that are associated with identity of the victim. This is done to eliminate the victim's anonymity. <ref> Garber, Megan. “Doxing: An Etymology.” The Atlantic, 6 Mar. 2014. https://www.theatlantic.com/technology/archive/2014/03/doxing-an-etymology/284283/</ref> Doxxing initially started around the early 2000s when social media started to become popular and Internet users began posting information about themselves. <ref> B, Amanda. “Doxing.” Know Your Meme, 2015. https://knowyourmeme.com/memes/doxing</ref> Social media and increased accessibility to public records have both played a large part in increasing the frequency and severity of this issue. A doxxer can typically use a small amount of information, such as an email address or part of a name, to trace another online user to other social media accounts and platforms. Once the information is pieced together, it is leaked online for the public to see, taking away the user’s anonymity as well as their right to privacy. Anonymity also plays a large role in the participation of doxxing, as more people feel comfortable participating in this form of online harassment because they are protected by anonymity themselves, and therefore would be less likely to be held accountable for this harmful behavior.
  
== Ethical Implications(6) ==
+
== Types of Doxxing<ref name=doxxing>''Douglas, David M. Doxing: A Conceptual Analysis, vol. 18, no. 3, pp. 199–210. https://link.springer.com/article/10.1007/s10676-016-9406-0#Sec2</ref> ==
There are a variety of ways that doxxers get ahold of their victims’ information. No matter how it is looked at, doxxing is a breach of ethics as it forcibly removes online anonymity that society holds dear.  
+
  
=== Packet Sniffing ===
+
=== Deanonymization ===
 +
Deanonymization doxxing is the revealing of a person’s true identity that was previously anonymous. This form of doxxing deals with a loss of anonymity within the victim as they no longer have the option or choice to remain anonymous. This may cause harm to a victim because they may have chosen to remain anonymous as their work could cause danger to themselves or their loved ones. On the other hand, in this category of doxxing, the information being released could be justified if the ramifications of disclosing someone's identity were positive and with good intentions. In short, deanonymization is not inherently bad if employed by a benevolent actor.
  
=== Matching Online Information to Social Media ===
+
=== Targeting ===
 +
Targeting doxxing is when doxxers release physical personal information such as home addresses or places of work- which allows anyone to locate their victims. This form of doxxing removes the obscurity of victims by leaving them more vulnerable to various forms of harassment such as [https://en.wikipedia.org/wiki/Swatting swatting] or unwanted deliveries placed in the victim’s name. This removal of obscurity is achieved through revealing knowledge known about an individual rather than relying solely on public recorded data. Many times, deanonymizing doxxing and targeting doxxing are used together since deanonymization makes it easier to find more personal and identifiable information about a victim leading them to be more vulnerable to harassment.
  
=== Metadata ===
+
=== Delegitimizing ===
 +
Delegitimizing doxxing reveals information about a victim's actions that contradict a well established social norm. This information could be used to personally slander or harm their reputation and, in many cases, it is used with the intent of diminishing the victim’s credibility in an online environment. The information released tends to be controversial or confidential; it is not meant for the public to see. This form of doxxing is particularly harmful when it deals with one's financial security. If a victim's livelihood is dependent upon on a stable career and interactions with coworkers and clients, and said coworkers and clients no longer trust the victim due to the divulgence of sensitive information, the victim's livelihood is at stake.
  
=== IP Hacking ===
+
=== SWATTING ===
 +
SWATTING is one form of doxxing where the instigator poses as an individual and performs a violent or otherwise harmful action under that individual's name. Examples of SWATTING include calling in a mass shooting threat, a bombing threat, and a variety of other acts of terrorism. In the process, the instigator shares the contact and location information of the victim so that a literal SWAT team arrives at the victim's place of residence. The use of SWATTING has increased drastically in recent years as a method of revenge, and goes hand in hand with doxxing. In fact, even celebrities like Tom Cruise and Taylor Swift have been victims of SWATTING. Moreover, SWATTING has been known to not only create dangerous situations but have brutal consequences as well: most notably, a man in Wichita was killed by law enforcement after a perpetrator in Los Angeles [https://www.vox.com/policy-and-politics/2018/1/13/16888710/barris-swatting-death-charges falsely claimed] the victim shot his father<ref>Stewart, Emily. “Gamer Who Made ‘Swatting’ Call over Video Game Dispute Now Facing Manslaughter Charges.” Vox, Vox, 13 Jan. 2018. https://www.vox.com/policy-and-politics/2018/1/13/16888710/barris-swatting-death-charges</ref>. The act was carried out over an argument regarding the multiplayer online first-person shooter game, Call of Duty World War II. The perpetrators, both 19 years of age, plead guilty to criminal conspiracy and obstructing justice. Consequences were also monumental for the guilty party, as the sentence carried 20 years in federal prison.
 +
 
 +
==Common Doxxing Techniques==
 +
Given Google's readily available bank of indexable information, one of the most common ways and starting points for people looking to doxx someone is a simple Google search. This step could provide perpetrators with all the information that is needed, including the name of the victim, contact information, photographs, home address, and workplace. If not all that is needed is found, it can at least indicate where to look next, whether it be their company list of employees, or other social media accounts that may contain the remaining information.
 +
 
 +
Another commonly used method for doxxing is the "reverse cellphone lookup" technique, where the attacker can gain access to personal information such as name, home address, and others by using their cellphone number, or using personal information to find someone's phone number<ref>Rao, M. Kameswara, et al. “ABOUT.” GoHacking, www.gohacking.com/what-is-doxing-and-how-it-is-done/.</ref>
 +
 
 +
Arguably the most intrusive of doxxing techniques is IP address lookup. Through this technique, the attacker could potentially identify the victim's identity, as well as their home and/or work location. Since a personal IP address is commonly attributed to a personal device, such as a laptop, it can not only act as a location beacon on the Internet but also the physical world. All of these methods are technically legal.<ref>“You'll Be Shocked to See How Your IP Address Gives Away Your Location.” WhatIsMyIPAddress.com, whatismyipaddress.com/find-me.</ref>
 +
 
 +
Data brokers are entities that collect information about consumers from various trails such as social media, online shopping, and even registering to vote. With the information they gather they often sell it at a low cost to larger companies<ref>Grauer, Yael. “What Are 'Data Brokers,' and Why Are They Scooping Up Information About You?” Motherboard, VICE, 27 Mar. 2018, [http://motherboard.vice.com/en_us/article/bjpx3w/what-are-data-brokers-and-how-to-stop-my-private-data-collection motherboard.vice.com/en_us/article/bjpx3w/what-are-data-brokers-and-how-to-stop-my-private-data-collection].</ref>. Companies are not the only entity data is sold to, the average person can pay for a trail or single file at any time with any intention. This easily accessible and bundled data on almost anyone is where doxxers frequently gather their ammunition.<ref>Arruda, Kelly. “Don't Get Doxxed: Tell Data Brokers You're Opting Out.” CAMPUS PRIVACY, 27 Feb. 2017, [http://privacy.ucla.edu/dont-get-doxxed-tell-data-brokers-youre-opting-out/ privacy.ucla.edu/dont-get-doxxed-tell-data-brokers-youre-opting-out/].</ref>
  
 
== Examples of Doxxing ==
 
== Examples of Doxxing ==
 
=== Kyle Quinn ===
 
=== Kyle Quinn ===
In the summer of 2017, a white nationalist protest occurred in Charlottesville North Carolina. As pictures of protestors holding tiki torches and marching circulated throughout the internet, Kyle Quinn, who worked as the Engineering Research Center at Arkansas University was misidentified as one of the protestors that wore an Arkansas Engineering shirt and had similar body and facial features. Once accused of participating in the rally Quinn was doxxed, having his name, home address and phone number released to the public (12). He received countless threats and accusations claiming that he was racist while many demanded that he’d be fired from the University. Kyle Quinn had actually been enjoying a night with his wife and colleague visiting a local art gallery. Quinn was lucky enough to have his name cleared but is now known for his case of misidentify instead of his research (13).  
+
[[File:Kylequinn.png|250px|thumb|right|To the left is the white supremacist protestor wearing an Arkansas Engineering shirt and to the right is Kyle Quinn]] In the summer of 2017, a white nationalist protest occurred in Charlottesville, North Carolina. As pictures of protestors holding tiki torches and marching circulated throughout the internet, Kyle Quinn, who worked at the Engineering Research Center at Arkansas University was misidentified as one of the protestors that wore an Arkansas Engineering shirt and had similar body and facial features. Once accused of participating in the rally, Quinn was doxxed, having his name, home address and phone number released to the public.<ref> Grens, Kerry. “So You’Ve Been Mistaken as a White Nationalist.” The Scientist, 18 Aug. 2017. https://www.the-scientist.com/daily-news/so-youve-been-mistaken-as-a-white-nationalist-31058 </ref> He received countless threats and accusations claiming that he was racist while many demanded that he’d be fired from the University. In reality, Kyle Quinn had been enjoying a night with his wife and colleague visiting a local art gallery. Quinn was lucky enough to have his name cleared but is now known for his case of misidentification instead of his research.<ref> Victor, Daniel. “Amateur Sleuths Aim to Identify Charlottesville Marchers, but Sometimes Misfire.” New York Times, 14 Aug. 2017. https://www.nytimes.com/2017/08/14/us/charlottesville-doxxing.html</ref> This is an example of someone whose career and personal integrity were put at risk due to doxxing practices.  
  
 
=== Gamergate ===
 
=== Gamergate ===
Gamergate is a controversy that occurred in August 2014 after Zoe Quinn, a female video game creator, released a video game Depression Quest. She started to receive backlash after her ex-boyfriend posted screenshots of their Facebook messenger conversations stating that Quinn participated in sexual relations with the journalist who reviewed her games raising a question of journalism ethics. The campaign #gamergate started as a result of these suspicions leading to the doxxing and harassment of Quinn. Her life was threatened, and she received threats of rape once her personal information was leaked online (14).  
+
[http://si410wiki.sites.uofmhosting.net/index.php/Gamergate Gamergate] is a controversy that occurred in August 2014 after Zoe Quinn, a female video game creator, released a video game called Depression Quest. She started to receive backlash after her ex-boyfriend posted screenshots of their Facebook messenger conversations where he claimed that Quinn had sexual relations with the journalist who reviewed her games, raising a question of journalism ethics. The #gamergate campaign started as a direct result of these suspicions leading to the doxxing and harassment of Quinn. Her life was threatened, and she received threats of rape once her personal information was leaked online.<ref> Massanari, Adrienne. #Gamergate and The Fappening: How Reddit’s Algorithm, Governance, and Culture Support Toxic Technocultures, 2017. </ref> Other women who stepped up to support Quinn, or stated their own opinion regarding journalism ethics during this time were also doxxed online.
  
 
=== Anonymous ===
 
=== Anonymous ===
 +
Anonymous is an active group of [https://en.wikipedia.org/wiki/Hacktivism hacktivists] that frequently uses doxxing in order to combat censorship and promote freedom of speech.<ref> Sands, Geneva. “What to Know About the Worldwide Hacker Group ‘Anonymous.’” ABC News, 19 Mar. 2016. https://abcnews.go.com/US/worldwide-hacker-group-anonymous/story?id=37761302</ref> The group hacks personal emails, government websites or gathers personal information about their victims to release online to the public.<ref> Bergal, Jenni. “Hacktivists Launch More Cyberattacks Against Local, State Governments.” PBS News Hour, 10 Jan. 2017. https://www.pbs.org/newshour/nation/hacktivists-launch-cyberattacks-local-state-governments </ref>
  
== How to Prevent Doxxing(16) ==
+
In December 2011, Anonymous hacked Stratfor Global Intelligence Service, an American geopolitical intelligence platform, and released their confidential client list to the public. Included on the list were the clients' email addresses and credit card information. Notable clients included Bank of America, the Defense Department, Doctors without Borders and the United Nations.<ref> Perlroth, Nicole. “Hackers Breach the Web Site of Stratfor Global Intelligence.” The New York Times, 25 Dec. 2011. https://www.nytimes.com/2011/12/26/technology/hackers-breach-the-web-site-of-stratfor-global-intelligence.html</ref>
1) Be aware and limit the amount of information that you share online. Sharing even small information such as your name, birthday or email address can be used to find other, more identifiable and personal information.
+
 
2) Never shares identifiable information on public forums or to a stranger.
+
===Targeting Abortion Providers===
3) Review the privacy settings on your social media and online accounts regularly. Consistently checking your privacy settings allows you to ensure that you are not sharing more information that you do not intend to.  
+
As the general public's access to abortion has wavered and oscillated throughout the years and across state borders, medical professions who provide abortions have remained prime targets of harassment by extreme pro-life activists. Though "harassment" can range from intrusive protesting, to personal threats, to actualized attacks, a reported 8 abortion providing clinicians have been killed by pro-life extremists since 1993.<ref>"“Violence Statistics &amp; History.” Prochoice.org, National Abortion Federation, prochoice.org/education-and-advocacy/violence/violence-statistics-and-history/."</ref>  Much of this 'anti-abortion terrorism,' as many have come to consider it, was made possible by Neal Horsely's creation of the "Nuremberg Files" website in 1997. Despite initially being run by the American Coalition of Life Activists (ACLA), Horsely added personal information such as names, home addresses, phone numbers, family members, and photos of over 200 abortion providers to the site.<ref>"Silverberg, Eric, et al. “The Nuremberg Files.” The Nuremberg Files, cs.stanford.edu/people/eroberts/cs201/projects/1998-99/nuremberg-files/background.html."</ref> Further, Horsely created a 'hit-list' of sorts which listed the status of "Wanted" abortion providers. Allegedly, black font was used to signify that a particular clinician was still practicing and providing abortions, greyed-out names represented wounded abortion providers, and a strikethrough denoted a killed abortion provider. Though Horsely claimed that this consolidation of information was protected under his First Amendment rights of free speech and was all factually verifiable, in Planned Parenthood v. ACLA, the courts ruled that the hit list and collection of personal information on the Nuremberg Files website (in conjunction with various threatening "Wanted" posters which named abortion providing physicians) constituted a true threat of force under the Freedom of Access to Clinic Entrances (FACE) Act of 1994.<ref>"Cohen, David S., and Krysten Connon. “The Man Who Perfected Online Threats Against Abortion Providers Just Died.” Slate Magazine, Slate, 21 May 2015, slate.com/news-and-politics/2015/05/neal-horsley-of-nuremberg-files-died-true-threats-case-reconsidered-by-supreme-court-in-elonis.html."</ref> <ref>"Nunez-Eddy, Claudia. “The Embryo Project Encyclopedia.” Freedom of Access to Clinic Entrances Act (1994) | The Embryo Project Encyclopedia, 25 May 2017, embryo.asu.edu/pages/freedom-access-clinic-entrances-act-1994."</ref> Horsley's use of doxxing to target and threaten abortion providing physicians on the Nuremberg Files website remains a relevant example of how private information can be weaponized in an online context.
4) Use a variety of usernames. Using the same username across many different platforms makes it easier for doxxers to find your information and connect all your accounts together.  
+
 
5) Using a VPN or proxy server to encrypt your data and hide your information from hackers.
+
===Justine Sacco===
 +
Communications director Justine Sacco sparked controversy on Twitter when she tweeted, "Going to Africa. Hope I don't get AIDS. Just kidding. I'm white! <ref name= "Ronson"> Ronson, Jon. "How One Stupid Tweet Blew Up Justine Sacco's Life". ''New York Times Magazine,'' February 12, 2015. https://www.nytimes.com/2015/02/15/magazine/how-one-stupid-tweet-ruined-justine-saccos-life.html</ref>" Within the duration of her flight from London to South Africa, Justine Sacco's identity was breached online almost immediately after sending her tweet. The power of social media took Justine Sacco, a Twitter user with only 170 followers, to the number one Twitter trend without her knowing it. The hashtag read "#HasJustineLandedYet" as Twitter users across the country gathered to check the updates on Sacco's employment after the company she held a management position at, IAC, informed the public of her traveling status.<ref name= "Ronson" />Angry users even showed up at the airport and tweeted a picture of her arriving to update the users following the hashtag.
 +
 
 +
===Sunil Tripathi===
 +
In the hours following the Boston Bombing, low-resolution photos of the suspected bomber surfaced to the public. While intelligence agencies and law enforcement worked towards identifying the perpetrator, communities on internet discussion board Reddit also formed theories as to who the bomber might be. One leading conjecture identified the suspect as Sunil Tripathi, a 22 year old missing student from Brown University. Within hours Tripathi's Facebook page and grieving family were bombarded with hate messages while being the subject of an online witch hunt. A day later the suspect was identified to be Dzhokhar Tsarnaev. Tripathi's body was found a month after in Providence River, his death suspected a suicide. Despite its intentions, the internet had doxxed an innocent family which only served to magnify the pain of losing their son. <ref name="Shontell"> Shontell, Alyson. “What It's Like When Reddit Wrongly Accuses Your Loved One Of Murder.” Business Insider, Business Insider, 26 July 2013, www.businessinsider.com/reddit-falsely-accuses-sunil-tripathi-of-boston-bombing-2013-7.</ref>
 +
 
 +
== Ethical Implications ==
 +
 
 +
=== Anonymity ===
 +
Anonymity is an important value of the internet that many users hold dear. Not only does it allow users to post freely without revealing who they are, it allows them to control the amount of personal information they are willing to share with others; meaning, as Ruth Gavinson claims, “the extent that they are known to others, the extent to which other has physical access to them and the extent to which they are the subject to others’ attention”.<ref> Gavison, Ruth. Privacy and the Limits of Law, 89, no. 3, Jan. 1980, pp. 421–471. </ref> Anonymity allows users to limit the extent to which they are known to others by controlling what information about themselves they choose to disclose. With doxxing, victims no longer control information that is important or private to them, reducing their ability to decide what to reveal and who to reveal it to.<ref name=doxxing /> Doxxers take away their victims’ rights to anonymity resulting in a loss of their identity.
 +
 
 +
=== Privacy ===
 +
As anonymity allows actions to be seen while maintaining a private identity, privacy controls who sees the information posted online. This means anyone can see who posts information online, but the owner of the information can control who sees it.<ref> Webb, James. “Anonymity vs Privacy vs Security.” HighSpeed Experts, 17 Jan. 2018. https://highspeedexperts.com/online-security-privacy/anonymity-vs-privacy-vs-security/</ref> Privacy means that one is entitled to the information that they post online and views it. Doxxers impinge upon their victim's right to privacy by releasing personally identifiable information they chose to privately disclose to the public. This breach of privacy raises ethical concerns since doxxers are using personal information in unlawful ways in order to prevent their victims from continuing some form of action they are opposed to.<ref> Norris, Ingrid N. “Mitigating the Effects of Doxxing.” Utica College, 2012, pp. 30–35. </ref> Additionally, Floridi discusses that one is constituted, in other words made up, of their information. This makes the act of doxxing an attack on one's personal identity, making it unethical even if no other worldly harm comes of it.<ref>Floridi (2014) "The Fourth Revolution", chapter 5 Privacy-Informational Friction </ref>
 +
 
 +
=== Autonomy ===
 +
Doxxing also raises a risk and threatens the autonomy of its subjects. Autonomy violations are closely related to privacy infringements as a breach to one's privacy often results in an attack against autonomy as well. In this case, autonomy refers to "one's ability to manage the public presentation of [their] self-identity." <ref> Shoemaker, David. "Self-exposure and exposure of the self: informational privacy and the presentation of identity." Ethics of Information Technology. 2009.</ref>. In Shoemaker's analysis of identity management and autonomy, he addresses the importance of one's ability to manage their own reputation as well as the public exposure of their information. Doxxing poses a threat to the victim's autonomy by altering their reputation in the digital field and the information available to others without consent.
 +
 
 +
=== Harassment ===
 +
When doxxing occurs, doxxers release personal information about their victims which can include links to their social media accounts, phone numbers, addresses, email address and other ways of contacting them which in many cases, results in the harassment and ridicule of their victims. This harassment not only includes threats of personal harm, death, and harm to loved ones. As in the case of gamergate, doxxers provided enraged gamers with the means to contact Zoe Quinn resulting in death, rape threats and the public questioning of her ethical morals. Another form of harassment that is very common with doxxing is [https://en.wikipedia.org/wiki/Swatting swatting]. Swatting occurs when emergency services are called to the home of a victim with a report of a serious crime such as murder or a kidnapping.<ref> Mantilla, Karla. Gendertrolling: How Misogyny Went Viral: How Misogyny Went Viral. https://books.google.com/books?hl=en&lr=&id=kKNZCgAAQBAJ&oi=fnd&pg=PP1&ots=iNw4DXZeNp&sig=ftjmyWWDIriosTG_X0J8_A0zpZc#v=onepage&q=swatting&f=false </ref> Swatting is incredibly dangerous and has lead to several incidents resulting in serious injury and death. It is currently illegal in the US under existing federal statutes , however several states have or are in the process of enacting laws that target the practice directly. Many of these forms of harassment raise the controversy surround civils rights versus freedom of speech. It is hard to determine what are actual threats to a person’s safety or empty, annoying online comments blurring the line between imminent danger or mean comments.<ref> Poland, Bailey. Haters: Harassment, Abuse, and Violence Online. Potomac Books, 2016.</ref>
 +
 
 +
== How to Prevent Doxxing<ref> Collins, Jerri. “Doxing: What It Is and How to Fight It.” Lifewire, 3 Jan. 2019. https://www.lifewire.com/what-is-doxing-4135276</ref>==
 +
# Be aware and limit the amount of information that you share online. Sharing even small information such as your name, birthday or email address can be used to find other, more identifiable and personal information.
 +
# Never share identifiable information on public forums or to a stranger.
 +
# Review the privacy settings on your social media and online accounts regularly. Consistently checking your privacy settings allows you to ensure that you are not sharing more information that you do not intend to.  
 +
# Use a variety of usernames. Using the same username across many different platforms makes it easier for doxxers to find your information and connect all your accounts together.  
 +
# Using a VPN or proxy server to encrypt your data and hide your information from hackers.
 +
 
 +
== See Also ==
 +
{{resource|
 +
*[[Cyberstalking]]
 +
*[[Troll]]
 +
*[[Gamergate]]
 +
*[[Online Identity]]
 +
*[[Confidentiality of Online Data]]
 +
}}
  
 
== References ==
 
== References ==
 +
 +
[[Category:2019New]]
 +
[[Category:Information Ethics]]
 +
[[Category:BlueStar2019]]

Latest revision as of 07:09, 29 April 2019

Back • ↑Topics • ↑Categories

Doxxing cover.jpg
Doxxing, also spelled doxing, is the act of releasing or publishing of an individual’s personal information, usually without the knowledge or consent of the victim.[1] The act is often done intentionally to reveal the identity of a person who usually prefers to remain anonymous - or simply does not want his/her personal information released for public consumption. Personal information includes but is not limited to: an individual’s real name, address, workplace, phone number or other personal information one does not wish to share.[2] There are a variety of ways to acquire this information, such as social media, the use of online data brokers, and any other public records available. Doxxing has become more popular with the rise of technology and the increased accessibility to private information. While the information that is released about a victim is usually already publicly available, doxxing can make the information readily available to those who wish to threaten or harm the victim.[3] The various consequences of doxxing ranges from loss of anonymity and privacy to harassment and defamation, raising many ethical concerns.

Background

Doxxing originates from the word “docs” because, in many cases, doxxing starts from the gathering of actual documents that are associated with identity of the victim. This is done to eliminate the victim's anonymity. [4] Doxxing initially started around the early 2000s when social media started to become popular and Internet users began posting information about themselves. [5] Social media and increased accessibility to public records have both played a large part in increasing the frequency and severity of this issue. A doxxer can typically use a small amount of information, such as an email address or part of a name, to trace another online user to other social media accounts and platforms. Once the information is pieced together, it is leaked online for the public to see, taking away the user’s anonymity as well as their right to privacy. Anonymity also plays a large role in the participation of doxxing, as more people feel comfortable participating in this form of online harassment because they are protected by anonymity themselves, and therefore would be less likely to be held accountable for this harmful behavior.

Types of Doxxing[6]

Deanonymization

Deanonymization doxxing is the revealing of a person’s true identity that was previously anonymous. This form of doxxing deals with a loss of anonymity within the victim as they no longer have the option or choice to remain anonymous. This may cause harm to a victim because they may have chosen to remain anonymous as their work could cause danger to themselves or their loved ones. On the other hand, in this category of doxxing, the information being released could be justified if the ramifications of disclosing someone's identity were positive and with good intentions. In short, deanonymization is not inherently bad if employed by a benevolent actor.

Targeting

Targeting doxxing is when doxxers release physical personal information such as home addresses or places of work- which allows anyone to locate their victims. This form of doxxing removes the obscurity of victims by leaving them more vulnerable to various forms of harassment such as swatting or unwanted deliveries placed in the victim’s name. This removal of obscurity is achieved through revealing knowledge known about an individual rather than relying solely on public recorded data. Many times, deanonymizing doxxing and targeting doxxing are used together since deanonymization makes it easier to find more personal and identifiable information about a victim leading them to be more vulnerable to harassment.

Delegitimizing

Delegitimizing doxxing reveals information about a victim's actions that contradict a well established social norm. This information could be used to personally slander or harm their reputation and, in many cases, it is used with the intent of diminishing the victim’s credibility in an online environment. The information released tends to be controversial or confidential; it is not meant for the public to see. This form of doxxing is particularly harmful when it deals with one's financial security. If a victim's livelihood is dependent upon on a stable career and interactions with coworkers and clients, and said coworkers and clients no longer trust the victim due to the divulgence of sensitive information, the victim's livelihood is at stake.

SWATTING

SWATTING is one form of doxxing where the instigator poses as an individual and performs a violent or otherwise harmful action under that individual's name. Examples of SWATTING include calling in a mass shooting threat, a bombing threat, and a variety of other acts of terrorism. In the process, the instigator shares the contact and location information of the victim so that a literal SWAT team arrives at the victim's place of residence. The use of SWATTING has increased drastically in recent years as a method of revenge, and goes hand in hand with doxxing. In fact, even celebrities like Tom Cruise and Taylor Swift have been victims of SWATTING. Moreover, SWATTING has been known to not only create dangerous situations but have brutal consequences as well: most notably, a man in Wichita was killed by law enforcement after a perpetrator in Los Angeles falsely claimed the victim shot his father[7]. The act was carried out over an argument regarding the multiplayer online first-person shooter game, Call of Duty World War II. The perpetrators, both 19 years of age, plead guilty to criminal conspiracy and obstructing justice. Consequences were also monumental for the guilty party, as the sentence carried 20 years in federal prison.

Common Doxxing Techniques

Given Google's readily available bank of indexable information, one of the most common ways and starting points for people looking to doxx someone is a simple Google search. This step could provide perpetrators with all the information that is needed, including the name of the victim, contact information, photographs, home address, and workplace. If not all that is needed is found, it can at least indicate where to look next, whether it be their company list of employees, or other social media accounts that may contain the remaining information.

Another commonly used method for doxxing is the "reverse cellphone lookup" technique, where the attacker can gain access to personal information such as name, home address, and others by using their cellphone number, or using personal information to find someone's phone number[8]

Arguably the most intrusive of doxxing techniques is IP address lookup. Through this technique, the attacker could potentially identify the victim's identity, as well as their home and/or work location. Since a personal IP address is commonly attributed to a personal device, such as a laptop, it can not only act as a location beacon on the Internet but also the physical world. All of these methods are technically legal.[9]

Data brokers are entities that collect information about consumers from various trails such as social media, online shopping, and even registering to vote. With the information they gather they often sell it at a low cost to larger companies[10]. Companies are not the only entity data is sold to, the average person can pay for a trail or single file at any time with any intention. This easily accessible and bundled data on almost anyone is where doxxers frequently gather their ammunition.[11]

Examples of Doxxing

Kyle Quinn

To the left is the white supremacist protestor wearing an Arkansas Engineering shirt and to the right is Kyle Quinn
In the summer of 2017, a white nationalist protest occurred in Charlottesville, North Carolina. As pictures of protestors holding tiki torches and marching circulated throughout the internet, Kyle Quinn, who worked at the Engineering Research Center at Arkansas University was misidentified as one of the protestors that wore an Arkansas Engineering shirt and had similar body and facial features. Once accused of participating in the rally, Quinn was doxxed, having his name, home address and phone number released to the public.[12] He received countless threats and accusations claiming that he was racist while many demanded that he’d be fired from the University. In reality, Kyle Quinn had been enjoying a night with his wife and colleague visiting a local art gallery. Quinn was lucky enough to have his name cleared but is now known for his case of misidentification instead of his research.[13] This is an example of someone whose career and personal integrity were put at risk due to doxxing practices.

Gamergate

Gamergate is a controversy that occurred in August 2014 after Zoe Quinn, a female video game creator, released a video game called Depression Quest. She started to receive backlash after her ex-boyfriend posted screenshots of their Facebook messenger conversations where he claimed that Quinn had sexual relations with the journalist who reviewed her games, raising a question of journalism ethics. The #gamergate campaign started as a direct result of these suspicions leading to the doxxing and harassment of Quinn. Her life was threatened, and she received threats of rape once her personal information was leaked online.[14] Other women who stepped up to support Quinn, or stated their own opinion regarding journalism ethics during this time were also doxxed online.

Anonymous

Anonymous is an active group of hacktivists that frequently uses doxxing in order to combat censorship and promote freedom of speech.[15] The group hacks personal emails, government websites or gathers personal information about their victims to release online to the public.[16]

In December 2011, Anonymous hacked Stratfor Global Intelligence Service, an American geopolitical intelligence platform, and released their confidential client list to the public. Included on the list were the clients' email addresses and credit card information. Notable clients included Bank of America, the Defense Department, Doctors without Borders and the United Nations.[17]

Targeting Abortion Providers

As the general public's access to abortion has wavered and oscillated throughout the years and across state borders, medical professions who provide abortions have remained prime targets of harassment by extreme pro-life activists. Though "harassment" can range from intrusive protesting, to personal threats, to actualized attacks, a reported 8 abortion providing clinicians have been killed by pro-life extremists since 1993.[18] Much of this 'anti-abortion terrorism,' as many have come to consider it, was made possible by Neal Horsely's creation of the "Nuremberg Files" website in 1997. Despite initially being run by the American Coalition of Life Activists (ACLA), Horsely added personal information such as names, home addresses, phone numbers, family members, and photos of over 200 abortion providers to the site.[19] Further, Horsely created a 'hit-list' of sorts which listed the status of "Wanted" abortion providers. Allegedly, black font was used to signify that a particular clinician was still practicing and providing abortions, greyed-out names represented wounded abortion providers, and a strikethrough denoted a killed abortion provider. Though Horsely claimed that this consolidation of information was protected under his First Amendment rights of free speech and was all factually verifiable, in Planned Parenthood v. ACLA, the courts ruled that the hit list and collection of personal information on the Nuremberg Files website (in conjunction with various threatening "Wanted" posters which named abortion providing physicians) constituted a true threat of force under the Freedom of Access to Clinic Entrances (FACE) Act of 1994.[20] [21] Horsley's use of doxxing to target and threaten abortion providing physicians on the Nuremberg Files website remains a relevant example of how private information can be weaponized in an online context.

Justine Sacco

Communications director Justine Sacco sparked controversy on Twitter when she tweeted, "Going to Africa. Hope I don't get AIDS. Just kidding. I'm white! [22]" Within the duration of her flight from London to South Africa, Justine Sacco's identity was breached online almost immediately after sending her tweet. The power of social media took Justine Sacco, a Twitter user with only 170 followers, to the number one Twitter trend without her knowing it. The hashtag read "#HasJustineLandedYet" as Twitter users across the country gathered to check the updates on Sacco's employment after the company she held a management position at, IAC, informed the public of her traveling status.[22]Angry users even showed up at the airport and tweeted a picture of her arriving to update the users following the hashtag.

Sunil Tripathi

In the hours following the Boston Bombing, low-resolution photos of the suspected bomber surfaced to the public. While intelligence agencies and law enforcement worked towards identifying the perpetrator, communities on internet discussion board Reddit also formed theories as to who the bomber might be. One leading conjecture identified the suspect as Sunil Tripathi, a 22 year old missing student from Brown University. Within hours Tripathi's Facebook page and grieving family were bombarded with hate messages while being the subject of an online witch hunt. A day later the suspect was identified to be Dzhokhar Tsarnaev. Tripathi's body was found a month after in Providence River, his death suspected a suicide. Despite its intentions, the internet had doxxed an innocent family which only served to magnify the pain of losing their son. [23]

Ethical Implications

Anonymity

Anonymity is an important value of the internet that many users hold dear. Not only does it allow users to post freely without revealing who they are, it allows them to control the amount of personal information they are willing to share with others; meaning, as Ruth Gavinson claims, “the extent that they are known to others, the extent to which other has physical access to them and the extent to which they are the subject to others’ attention”.[24] Anonymity allows users to limit the extent to which they are known to others by controlling what information about themselves they choose to disclose. With doxxing, victims no longer control information that is important or private to them, reducing their ability to decide what to reveal and who to reveal it to.[6] Doxxers take away their victims’ rights to anonymity resulting in a loss of their identity.

Privacy

As anonymity allows actions to be seen while maintaining a private identity, privacy controls who sees the information posted online. This means anyone can see who posts information online, but the owner of the information can control who sees it.[25] Privacy means that one is entitled to the information that they post online and views it. Doxxers impinge upon their victim's right to privacy by releasing personally identifiable information they chose to privately disclose to the public. This breach of privacy raises ethical concerns since doxxers are using personal information in unlawful ways in order to prevent their victims from continuing some form of action they are opposed to.[26] Additionally, Floridi discusses that one is constituted, in other words made up, of their information. This makes the act of doxxing an attack on one's personal identity, making it unethical even if no other worldly harm comes of it.[27]

Autonomy

Doxxing also raises a risk and threatens the autonomy of its subjects. Autonomy violations are closely related to privacy infringements as a breach to one's privacy often results in an attack against autonomy as well. In this case, autonomy refers to "one's ability to manage the public presentation of [their] self-identity." [28]. In Shoemaker's analysis of identity management and autonomy, he addresses the importance of one's ability to manage their own reputation as well as the public exposure of their information. Doxxing poses a threat to the victim's autonomy by altering their reputation in the digital field and the information available to others without consent.

Harassment

When doxxing occurs, doxxers release personal information about their victims which can include links to their social media accounts, phone numbers, addresses, email address and other ways of contacting them which in many cases, results in the harassment and ridicule of their victims. This harassment not only includes threats of personal harm, death, and harm to loved ones. As in the case of gamergate, doxxers provided enraged gamers with the means to contact Zoe Quinn resulting in death, rape threats and the public questioning of her ethical morals. Another form of harassment that is very common with doxxing is swatting. Swatting occurs when emergency services are called to the home of a victim with a report of a serious crime such as murder or a kidnapping.[29] Swatting is incredibly dangerous and has lead to several incidents resulting in serious injury and death. It is currently illegal in the US under existing federal statutes , however several states have or are in the process of enacting laws that target the practice directly. Many of these forms of harassment raise the controversy surround civils rights versus freedom of speech. It is hard to determine what are actual threats to a person’s safety or empty, annoying online comments blurring the line between imminent danger or mean comments.[30]

How to Prevent Doxxing[31]

  1. Be aware and limit the amount of information that you share online. Sharing even small information such as your name, birthday or email address can be used to find other, more identifiable and personal information.
  2. Never share identifiable information on public forums or to a stranger.
  3. Review the privacy settings on your social media and online accounts regularly. Consistently checking your privacy settings allows you to ensure that you are not sharing more information that you do not intend to.
  4. Use a variety of usernames. Using the same username across many different platforms makes it easier for doxxers to find your information and connect all your accounts together.
  5. Using a VPN or proxy server to encrypt your data and hide your information from hackers.

See Also

References

  1. Stein, Joel. “How Trolls Are Ruining the Internet.” Time, 18 Aug. 2016. http://time.com/4457110/internet-trolls/
  2. Synder, Peter. Fifteen Minutes of Unwanted Fame: Detecting and Characterizing Doxing. pp. 1–13, Fifteen Minutes of Unwanted Fame: Detecting and Characterizing Doxing.
  3. Hoyt, Alia. “10 Forms of Online Harassment.” How Stuff Works. https://computer.howstuffworks.com/10-forms-online-harassment3.htm
  4. Garber, Megan. “Doxing: An Etymology.” The Atlantic, 6 Mar. 2014. https://www.theatlantic.com/technology/archive/2014/03/doxing-an-etymology/284283/
  5. B, Amanda. “Doxing.” Know Your Meme, 2015. https://knowyourmeme.com/memes/doxing
  6. 6.0 6.1 Douglas, David M. Doxing: A Conceptual Analysis, vol. 18, no. 3, pp. 199–210. https://link.springer.com/article/10.1007/s10676-016-9406-0#Sec2
  7. Stewart, Emily. “Gamer Who Made ‘Swatting’ Call over Video Game Dispute Now Facing Manslaughter Charges.” Vox, Vox, 13 Jan. 2018. https://www.vox.com/policy-and-politics/2018/1/13/16888710/barris-swatting-death-charges
  8. Rao, M. Kameswara, et al. “ABOUT.” GoHacking, www.gohacking.com/what-is-doxing-and-how-it-is-done/.
  9. “You'll Be Shocked to See How Your IP Address Gives Away Your Location.” WhatIsMyIPAddress.com, whatismyipaddress.com/find-me.
  10. Grauer, Yael. “What Are 'Data Brokers,' and Why Are They Scooping Up Information About You?” Motherboard, VICE, 27 Mar. 2018, motherboard.vice.com/en_us/article/bjpx3w/what-are-data-brokers-and-how-to-stop-my-private-data-collection.
  11. Arruda, Kelly. “Don't Get Doxxed: Tell Data Brokers You're Opting Out.” CAMPUS PRIVACY, 27 Feb. 2017, privacy.ucla.edu/dont-get-doxxed-tell-data-brokers-youre-opting-out/.
  12. Grens, Kerry. “So You’Ve Been Mistaken as a White Nationalist.” The Scientist, 18 Aug. 2017. https://www.the-scientist.com/daily-news/so-youve-been-mistaken-as-a-white-nationalist-31058
  13. Victor, Daniel. “Amateur Sleuths Aim to Identify Charlottesville Marchers, but Sometimes Misfire.” New York Times, 14 Aug. 2017. https://www.nytimes.com/2017/08/14/us/charlottesville-doxxing.html
  14. Massanari, Adrienne. #Gamergate and The Fappening: How Reddit’s Algorithm, Governance, and Culture Support Toxic Technocultures, 2017.
  15. Sands, Geneva. “What to Know About the Worldwide Hacker Group ‘Anonymous.’” ABC News, 19 Mar. 2016. https://abcnews.go.com/US/worldwide-hacker-group-anonymous/story?id=37761302
  16. Bergal, Jenni. “Hacktivists Launch More Cyberattacks Against Local, State Governments.” PBS News Hour, 10 Jan. 2017. https://www.pbs.org/newshour/nation/hacktivists-launch-cyberattacks-local-state-governments
  17. Perlroth, Nicole. “Hackers Breach the Web Site of Stratfor Global Intelligence.” The New York Times, 25 Dec. 2011. https://www.nytimes.com/2011/12/26/technology/hackers-breach-the-web-site-of-stratfor-global-intelligence.html
  18. "“Violence Statistics & History.” Prochoice.org, National Abortion Federation, prochoice.org/education-and-advocacy/violence/violence-statistics-and-history/."
  19. "Silverberg, Eric, et al. “The Nuremberg Files.” The Nuremberg Files, cs.stanford.edu/people/eroberts/cs201/projects/1998-99/nuremberg-files/background.html."
  20. "Cohen, David S., and Krysten Connon. “The Man Who Perfected Online Threats Against Abortion Providers Just Died.” Slate Magazine, Slate, 21 May 2015, slate.com/news-and-politics/2015/05/neal-horsley-of-nuremberg-files-died-true-threats-case-reconsidered-by-supreme-court-in-elonis.html."
  21. "Nunez-Eddy, Claudia. “The Embryo Project Encyclopedia.” Freedom of Access to Clinic Entrances Act (1994) | The Embryo Project Encyclopedia, 25 May 2017, embryo.asu.edu/pages/freedom-access-clinic-entrances-act-1994."
  22. 22.0 22.1 Ronson, Jon. "How One Stupid Tweet Blew Up Justine Sacco's Life". New York Times Magazine, February 12, 2015. https://www.nytimes.com/2015/02/15/magazine/how-one-stupid-tweet-ruined-justine-saccos-life.html
  23. Shontell, Alyson. “What It's Like When Reddit Wrongly Accuses Your Loved One Of Murder.” Business Insider, Business Insider, 26 July 2013, www.businessinsider.com/reddit-falsely-accuses-sunil-tripathi-of-boston-bombing-2013-7.
  24. Gavison, Ruth. Privacy and the Limits of Law, 89, no. 3, Jan. 1980, pp. 421–471.
  25. Webb, James. “Anonymity vs Privacy vs Security.” HighSpeed Experts, 17 Jan. 2018. https://highspeedexperts.com/online-security-privacy/anonymity-vs-privacy-vs-security/
  26. Norris, Ingrid N. “Mitigating the Effects of Doxxing.” Utica College, 2012, pp. 30–35.
  27. Floridi (2014) "The Fourth Revolution", chapter 5 Privacy-Informational Friction
  28. Shoemaker, David. "Self-exposure and exposure of the self: informational privacy and the presentation of identity." Ethics of Information Technology. 2009.
  29. Mantilla, Karla. Gendertrolling: How Misogyny Went Viral: How Misogyny Went Viral. https://books.google.com/books?hl=en&lr=&id=kKNZCgAAQBAJ&oi=fnd&pg=PP1&ots=iNw4DXZeNp&sig=ftjmyWWDIriosTG_X0J8_A0zpZc#v=onepage&q=swatting&f=false
  30. Poland, Bailey. Haters: Harassment, Abuse, and Violence Online. Potomac Books, 2016.
  31. Collins, Jerri. “Doxing: What It Is and How to Fight It.” Lifewire, 3 Jan. 2019. https://www.lifewire.com/what-is-doxing-4135276