In the past, public and famous figures had to worry most about doxing. Two men were arrested in New York for doxing after posting home addresses and Social Security numbers of dozens of law enforcement personnel on the internet. Last year, federal prosecutors sentenced a former Senate aide for releasing personal information online about five senators in retaliation for their role in a confirmation hearing. However, in recent years, doxing has evolved to include corporations, as well as private individuals, especially the younger generation.

What Is Doxing?

In broad terms, doxing means sharing personal and private information with the intent to cause harm to the person. The damage ranges widely and includes loss of face and employment, threat of harassment and even financial loss. The term evolved from the early days of the internet when online rivals would ‘drop docs’ into forums to reveal the legal names of rivals. While the specifics have changed as well as the sophistication of the attacks, the concept remains the same — making private information about another person public.

Doxing is usually illegal and does violate the terms of service of the majority of social media and web platforms. But prosecuting doxing can be tricky. Many states charge people with either misdemeanors or felonies for posting information that is not publicly shared about another person. Although some doxing incidents can fall under the federal stalking law, state law typically applies, and varies widely based on jurisdiction. For example, Ventura County, Calif., recently published a press release reminding residents that doxing could result in a $1,000 fine along with jail time.

Gen Z: ‘Always Online’

Generation Z, which Pew Research Center defines as being born after 1996, has grown up in the online culture and has never known a world without the internet. This generation’s ‘always online’ lifestyle and attitude create many more chances for people to dox others as well as a much larger pool of data online for doxing. Teens post videos on apps about their hobbies while young people go viral with the latest dance, which means there is a much larger amount of data online about a person that can be more easily used for doxing.

Pew also found that teens, which includes a large portion of Gen Z, spend an average of just over three hours online for leisure purposes, beyond work or school. With more than half of their leisure time spent online, which averages well over five hours a day, Gen Z’s daily habits set the stage for increased doxing. The fact that their online world and online identity receive so much of their time further contributes to their vulnerability to this kind of attack.

A Hong Kong study published in the International Journal of Environmental Research and Public Health examined doxing in secondary schools. Researchers found that girls were more likely to be doxed than boys. More than half were doxed by classmates, which resulted in high levels of negative feelings. Those feelings including depression, anxiety and stress.  

Doxing and Politics

The increased attention around doxing has made headlines, and some states have called for legislative action. National media highlighted the case of 16-year-old Nick Sandmann being doxed after media organizations posted a video of him interacting with a Native American man while wearing a “Make America Great Again” hat. After the video was posted, Sandmann was the target of many social media posts; his parents filed lawsuits against media organizations. Because of this incident, Kentucky passed a law in 2019 making doxing of minors illegal.

The permanence of the internet and social media posts means doxing has even higher stakes than other forms of bullying. It can also be more damaging than similar acts in the past. After all, potential employers and colleges now review online profiles. Doxing now has even higher impacts for nonpublic people, with lasting effects that can limit their options. Teenagers and young adults’ lives may change forever. Other people posting personal information publicly could limit their opportunities. This elevates what used to happen on a small level — among friends and at school — to a life-changing act.

How Social Media Changed Online Life

As doxing has evolved to include Gen Z, its traits have also changed. 

It now often includes video and photos. While traditionally doxing used documents, often the crime now includes video and images. Wired reported how two security researchers found explicit photos, audio and videos for specialty dating sites, including one for herpes patients, easily available online. The researchers noted that the accessibility of this damaging information meant attackers could easily use it for doxing. Based on its nature it could result in significant damage, including extortion and psychological abuse.

It may reveal political, sexual or gender preferences. Doxing has now expanded. Attackers look for posts that can be used to discriminate against the person. The Anti-Defamation League (ADL) conducted a study in June 2020 and found 35% of Americans reported being harassed online because of their racial, religious or sexual identity, a 3% increase from the prior year’s data. The survey also reports that 65% of LGBTQ+ respondents reported online harassment.

It often happens over social media. The Anti-Defamation League (ADL) survey reports that 77% of respondents who’d been harassed online said that at least some of the harassment had taken place on Facebook. During the current pandemic, yPulse found that Gen Z spent almost six hours a day on social media, which contributes to the information available to use for doxing.

How Gen Z Can Prevent Doxing

As doxing becomes more common and even more damaging, people of all ages should proactively protect themselves against it. Both limiting how much you share online and keeping track of what information you’ve already made public limit the risk of doxing. Parents, employers and professors should educate teens and young adults on risks and best practices.  

Consider every piece of data or image shared online. While a single piece of data, such as a location, may be harmless, threat actors can combine pieces of data to create a full picture that can do harm. By limiting what you share online, you can reduce the amount of information available on you. Instead of thinking how this information can be used for harm —  which often alone it cannot —  question the benefit of making it public. Only post or share things that actively benefit you, such as sharing your resume on LinkedIn while looking for a job.

Keep social media profiles private. It’s easy to post data by accident that, when looked at all together, can paint an accurate picture of who you are. By keeping all profiles private and on the tightest security settings, you can limit the number of people who can see your posts. Since social media companies often update and change their settings, it’s essential to often check your settings to make sure that they have not been reset.  

Limit app access to social media accounts. Every time you grant access to an app through social media —  often a quiz or a game —  the app can gather information about you through your accounts. Many people don’t give this a second thought. However, over time, this adds up to a significant number of companies that have access to your data. They’ll hold onto it even years after you used the app a single time.

Audit your publicly available data. Every three months, pretend that you are looking to dox yourself. Review all of the information you can find in public. Start with Google searches, but go much deeper, including reviewing data broker companies, such as Intellius, Anywho and White Pages. You can also use another social media account to view what other people can see on your profiles.

As technology continues to become even more intertwined with our lives and we continue to move to digital models for business, communication and daily tasks, doxing will remain a top concern. By understanding the issue and taking proactive steps, Gen Z can protect themselves from cyberattacks.

More from Data Protection

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today