What Is Doxxing, and How Do You Protect Yourself?
By Scott Anderson, Clearfront maintainer
Doxxing is when someone publishes your private information, like your home address or workplace, to harass or intimidate you. What makes it dangerous is that most of the pieces are already public. Here is how doxxing works, whether it is illegal, and how to make yourself a harder target.
What is doxxing?
Doxxing is publicly revealing someone's private or identifying information, such as their real name, home address, workplace, or phone number, without consent, usually to harass or intimidate them or to encourage others to.
The word comes from dropping documents, or dox. The disturbing part is that a doxxer rarely hacks anything. They assemble the picture from data that is already public, which is why reducing your footprint is the main defense.
How do doxxers find your information?
By aggregating public data: social media profiles, public records, domain registrations, reverse phone and username lookups, and data brokers, sometimes helped along by phishing.
- -Social media, for your name, photos, location, employer, and routine
- -Data brokers and people-search sites, for your address and relatives
- -Public records, for property, court, and business filings
- -Domain WHOIS records, if you registered a site without privacy
- -Reverse lookups, to turn a username or phone number into more
Individually, these breadcrumbs look harmless. Combined, they become a home address and a daily pattern. That is the whole mechanism, and it is why the footprint self-audit is the best way to see what a doxxer would find.
Is doxxing illegal?
There is no single law that makes doxxing a crime in general, in either the US or the UK. But when it crosses into harassment, stalking, or threats, it is prosecuted under those laws.
Aggregating already-public information is often not itself illegal. What triggers criminal liability is using it to harass, threaten, or enable stalking. In the US, doxxing is prosecuted under the federal cyberstalking statute and state harassment laws, and a narrow law protects certain officials. In the UK, it can fall under the Protection from Harassment Act and the Online Safety Act communications offences. The bottom line: the harm, not the search, is what the law targets.
How to protect yourself from doxxing
- -Opt out of data brokers, which are a doxxer easiest source for your address
- -Lock down social media privacy settings and remove identifying details
- -Use unique passwords and two-factor so accounts cannot be taken over
- -Use email aliases and separate usernames so identities do not link
- -Turn on WHOIS privacy for any domain you own
- -Avoid posting your location in real time or in photo metadata
None of this makes you invisible, but each step removes a breadcrumb. The single highest-value move is the data-broker opt-out, since that is where your home address is cheapest to buy. The removal guide covers it.
What to do if you have been doxxed
- 1.Screenshot and document everything before it disappears
- 2.Report it to the platform hosting the information
- 3.If there are threats, contact the police and give them your documentation
- 4.Lock down and monitor your accounts in case of takeover attempts
- 5.Request removal of the information from search engines and the source sites
Doxxing paired with threats is a crime worth reporting, not shrugging off. Move fast on documentation, because content gets deleted and moved.
Frequently asked questions
- Is doxxing illegal?
- There is no general law against doxxing itself in the US or UK, and compiling public information is often legal. But when doxxing involves harassment, stalking, or threats, it is prosecuted under those laws, with penalties up to several years in prison.
- What information do doxxers use?
- Mostly public data: social media, data-broker profiles, public records, domain registrations, and reverse phone or username lookups. They combine harmless-looking pieces into your address and routine.
- What should I do if I am doxxed?
- Document everything with screenshots, report it to the platform, contact police if there are threats, secure your accounts, and request removal from search engines and the source sites.
Sources and further reading
Scott Anderson believes your personal data is yours to own and protect. He built Clearfront, a free, open-source tool for scanning and scrubbing your own digital footprint from public data, and he writes about OSINT, breach exposure, and personal privacy.
Related posts
- How to Reduce Your Digital Footprint: 6 Steps That Actually Work
You cannot fully erase your digital footprint, but you can shrink it a lot. Here are the six steps that actually work, in the order that gets the most result.
- How to Find Out Which Data Brokers Have Your Information (and Remove It)
Data brokers sell your address, age, and relatives to anyone. Here is how to find which ones list you, opt out of the ones that matter, and use new laws that help.
- How Attackers Turn Your Public Footprint Into a Phishing Attack
Your public information fuels the two attacks most likely to hit you: a convincing phishing email and a password guessed from an old breach. Here is how, with the numbers.