In the past, public and famous figures had to worry most about doxing. Two men were arrested in New York for doxing after posting home addresses and Social Security numbers of dozens of law enforcement personnel on the internet. Last year, federal prosecutors sentenced a former Senate aide for releasing personal information online about five senators in retaliation for their role in a confirmation hearing. However, in recent years, doxing has evolved to include corporations, as well as private individuals, especially the younger generation.

What Is Doxing?

In broad terms, doxing means sharing personal and private information with the intent to cause harm to the person. The damage ranges widely and includes loss of face and employment, threat of harassment and even financial loss. The term evolved from the early days of the internet when online rivals would ‘drop docs’ into forums to reveal the legal names of rivals. While the specifics have changed as well as the sophistication of the attacks, the concept remains the same — making private information about another person public.

Doxing is usually illegal and does violate the terms of service of the majority of social media and web platforms. But prosecuting doxing can be tricky. Many states charge people with either misdemeanors or felonies for posting information that is not publicly shared about another person. Although some doxing incidents can fall under the federal stalking law, state law typically applies, and varies widely based on jurisdiction. For example, Ventura County, Calif., recently published a press release reminding residents that doxing could result in a $1,000 fine along with jail time.

Gen Z: ‘Always Online’

Generation Z, which Pew Research Center defines as being born after 1996, has grown up in the online culture and has never known a world without the internet. This generation’s ‘always online’ lifestyle and attitude create many more chances for people to dox others as well as a much larger pool of data online for doxing. Teens post videos on apps about their hobbies while young people go viral with the latest dance, which means there is a much larger amount of data online about a person that can be more easily used for doxing.

Pew also found that teens, which includes a large portion of Gen Z, spend an average of just over three hours online for leisure purposes, beyond work or school. With more than half of their leisure time spent online, which averages well over five hours a day, Gen Z’s daily habits set the stage for increased doxing. The fact that their online world and online identity receive so much of their time further contributes to their vulnerability to this kind of attack.

A Hong Kong study published in the International Journal of Environmental Research and Public Health examined doxing in secondary schools. Researchers found that girls were more likely to be doxed than boys. More than half were doxed by classmates, which resulted in high levels of negative feelings. Those feelings including depression, anxiety and stress.  

Doxing and Politics

The increased attention around doxing has made headlines, and some states have called for legislative action. National media highlighted the case of 16-year-old Nick Sandmann being doxed after media organizations posted a video of him interacting with a Native American man while wearing a “Make America Great Again” hat. After the video was posted, Sandmann was the target of many social media posts; his parents filed lawsuits against media organizations. Because of this incident, Kentucky passed a law in 2019 making doxing of minors illegal.

The permanence of the internet and social media posts means doxing has even higher stakes than other forms of bullying. It can also be more damaging than similar acts in the past. After all, potential employers and colleges now review online profiles. Doxing now has even higher impacts for nonpublic people, with lasting effects that can limit their options. Teenagers and young adults’ lives may change forever. Other people posting personal information publicly could limit their opportunities. This elevates what used to happen on a small level — among friends and at school — to a life-changing act.

How Social Media Changed Online Life

As doxing has evolved to include Gen Z, its traits have also changed. 

It now often includes video and photos. While traditionally doxing used documents, often the crime now includes video and images. Wired reported how two security researchers found explicit photos, audio and videos for specialty dating sites, including one for herpes patients, easily available online. The researchers noted that the accessibility of this damaging information meant attackers could easily use it for doxing. Based on its nature it could result in significant damage, including extortion and psychological abuse.

It may reveal political, sexual or gender preferences. Doxing has now expanded. Attackers look for posts that can be used to discriminate against the person. The Anti-Defamation League (ADL) conducted a study in June 2020 and found 35% of Americans reported being harassed online because of their racial, religious or sexual identity, a 3% increase from the prior year’s data. The survey also reports that 65% of LGBTQ+ respondents reported online harassment.

It often happens over social media. The Anti-Defamation League (ADL) survey reports that 77% of respondents who’d been harassed online said that at least some of the harassment had taken place on Facebook. During the current pandemic, yPulse found that Gen Z spent almost six hours a day on social media, which contributes to the information available to use for doxing.

How Gen Z Can Prevent Doxing

As doxing becomes more common and even more damaging, people of all ages should proactively protect themselves against it. Both limiting how much you share online and keeping track of what information you’ve already made public limit the risk of doxing. Parents, employers and professors should educate teens and young adults on risks and best practices.  

Consider every piece of data or image shared online. While a single piece of data, such as a location, may be harmless, threat actors can combine pieces of data to create a full picture that can do harm. By limiting what you share online, you can reduce the amount of information available on you. Instead of thinking how this information can be used for harm —  which often alone it cannot —  question the benefit of making it public. Only post or share things that actively benefit you, such as sharing your resume on LinkedIn while looking for a job.

Keep social media profiles private. It’s easy to post data by accident that, when looked at all together, can paint an accurate picture of who you are. By keeping all profiles private and on the tightest security settings, you can limit the number of people who can see your posts. Since social media companies often update and change their settings, it’s essential to often check your settings to make sure that they have not been reset.  

Limit app access to social media accounts. Every time you grant access to an app through social media —  often a quiz or a game —  the app can gather information about you through your accounts. Many people don’t give this a second thought. However, over time, this adds up to a significant number of companies that have access to your data. They’ll hold onto it even years after you used the app a single time.

Audit your publicly available data. Every three months, pretend that you are looking to dox yourself. Review all of the information you can find in public. Start with Google searches, but go much deeper, including reviewing data broker companies, such as Intellius, Anywho and White Pages. You can also use another social media account to view what other people can see on your profiles.

As technology continues to become even more intertwined with our lives and we continue to move to digital models for business, communication and daily tasks, doxing will remain a top concern. By understanding the issue and taking proactive steps, Gen Z can protect themselves from cyberattacks.

More from Data Protection

SpyAgent malware targets crypto wallets by stealing screenshots

4 min read - A new Android malware strain known as SpyAgent is making the rounds — and stealing screenshots as it goes. Using optical character recognition (OCR) technology, the malware is after cryptocurrency recovery phrases often stored in screenshots on user devices.Here's how to dodge the bullet.Attackers shooting their (screen) shotAttacks start — as always — with phishing efforts. Users receive text messages prompting them to download seemingly legitimate apps. If they take the bait and install the app, the SpyAgent malware gets…

Exploring DORA: How to manage ICT incidents and minimize cyber threat risks

3 min read - As cybersecurity breaches continue to rise globally, institutions handling sensitive information are particularly vulnerable. In 2024, the average cost of a data breach in the financial sector reached $6.08 million, making it the second hardest hit after healthcare, according to IBM's 2024 Cost of a Data Breach report. This underscores the need for robust IT security regulations in critical sectors.More than just a defensive measure, compliance with security regulations helps organizations reduce risk, strengthen operational resilience and enhance customer trust.…

Skills shortage directly tied to financial loss in data breaches

2 min read - The cybersecurity skills gap continues to widen, with serious consequences for organizations worldwide. According to IBM's 2024 Cost Of A Data Breach Report, more than half of breached organizations now face severe security staffing shortages, a whopping 26.2% increase from the previous year.And that's expensive. This skills deficit adds an average of $1.76 million in additional breach costs.The shortage spans both technical cybersecurity skills and adjacent competencies. Cloud security, threat intelligence analysis and incident response capabilities are in high demand. Equally…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today