In the past, public and famous figures had to worry most about doxing. Two men were arrested in New York for doxing after posting home addresses and Social Security numbers of dozens of law enforcement personnel on the internet. Last year, federal prosecutors sentenced a former Senate aide for releasing personal information online about five senators in retaliation for their role in a confirmation hearing. However, in recent years, doxing has evolved to include corporations, as well as private individuals, especially the younger generation.

What Is Doxing?

In broad terms, doxing means sharing personal and private information with the intent to cause harm to the person. The damage ranges widely and includes loss of face and employment, threat of harassment and even financial loss. The term evolved from the early days of the internet when online rivals would ‘drop docs’ into forums to reveal the legal names of rivals. While the specifics have changed as well as the sophistication of the attacks, the concept remains the same — making private information about another person public.

Doxing is usually illegal and does violate the terms of service of the majority of social media and web platforms. But prosecuting doxing can be tricky. Many states charge people with either misdemeanors or felonies for posting information that is not publicly shared about another person. Although some doxing incidents can fall under the federal stalking law, state law typically applies, and varies widely based on jurisdiction. For example, Ventura County, Calif., recently published a press release reminding residents that doxing could result in a $1,000 fine along with jail time.

Gen Z: ‘Always Online’

Generation Z, which Pew Research Center defines as being born after 1996, has grown up in the online culture and has never known a world without the internet. This generation’s ‘always online’ lifestyle and attitude create many more chances for people to dox others as well as a much larger pool of data online for doxing. Teens post videos on apps about their hobbies while young people go viral with the latest dance, which means there is a much larger amount of data online about a person that can be more easily used for doxing.

Pew also found that teens, which includes a large portion of Gen Z, spend an average of just over three hours online for leisure purposes, beyond work or school. With more than half of their leisure time spent online, which averages well over five hours a day, Gen Z’s daily habits set the stage for increased doxing. The fact that their online world and online identity receive so much of their time further contributes to their vulnerability to this kind of attack.

A Hong Kong study published in the International Journal of Environmental Research and Public Health examined doxing in secondary schools. Researchers found that girls were more likely to be doxed than boys. More than half were doxed by classmates, which resulted in high levels of negative feelings. Those feelings including depression, anxiety and stress.  

Doxing and Politics

The increased attention around doxing has made headlines, and some states have called for legislative action. National media highlighted the case of 16-year-old Nick Sandmann being doxed after media organizations posted a video of him interacting with a Native American man while wearing a “Make America Great Again” hat. After the video was posted, Sandmann was the target of many social media posts; his parents filed lawsuits against media organizations. Because of this incident, Kentucky passed a law in 2019 making doxing of minors illegal.

The permanence of the internet and social media posts means doxing has even higher stakes than other forms of bullying. It can also be more damaging than similar acts in the past. After all, potential employers and colleges now review online profiles. Doxing now has even higher impacts for nonpublic people, with lasting effects that can limit their options. Teenagers and young adults’ lives may change forever. Other people posting personal information publicly could limit their opportunities. This elevates what used to happen on a small level — among friends and at school — to a life-changing act.

How Social Media Changed Online Life

As doxing has evolved to include Gen Z, its traits have also changed. 

It now often includes video and photos. While traditionally doxing used documents, often the crime now includes video and images. Wired reported how two security researchers found explicit photos, audio and videos for specialty dating sites, including one for herpes patients, easily available online. The researchers noted that the accessibility of this damaging information meant attackers could easily use it for doxing. Based on its nature it could result in significant damage, including extortion and psychological abuse.

It may reveal political, sexual or gender preferences. Doxing has now expanded. Attackers look for posts that can be used to discriminate against the person. The Anti-Defamation League (ADL) conducted a study in June 2020 and found 35% of Americans reported being harassed online because of their racial, religious or sexual identity, a 3% increase from the prior year’s data. The survey also reports that 65% of LGBTQ+ respondents reported online harassment.

It often happens over social media. The Anti-Defamation League (ADL) survey reports that 77% of respondents who’d been harassed online said that at least some of the harassment had taken place on Facebook. During the current pandemic, yPulse found that Gen Z spent almost six hours a day on social media, which contributes to the information available to use for doxing.

How Gen Z Can Prevent Doxing

As doxing becomes more common and even more damaging, people of all ages should proactively protect themselves against it. Both limiting how much you share online and keeping track of what information you’ve already made public limit the risk of doxing. Parents, employers and professors should educate teens and young adults on risks and best practices.  

Consider every piece of data or image shared online. While a single piece of data, such as a location, may be harmless, threat actors can combine pieces of data to create a full picture that can do harm. By limiting what you share online, you can reduce the amount of information available on you. Instead of thinking how this information can be used for harm —  which often alone it cannot —  question the benefit of making it public. Only post or share things that actively benefit you, such as sharing your resume on LinkedIn while looking for a job.

Keep social media profiles private. It’s easy to post data by accident that, when looked at all together, can paint an accurate picture of who you are. By keeping all profiles private and on the tightest security settings, you can limit the number of people who can see your posts. Since social media companies often update and change their settings, it’s essential to often check your settings to make sure that they have not been reset.  

Limit app access to social media accounts. Every time you grant access to an app through social media —  often a quiz or a game —  the app can gather information about you through your accounts. Many people don’t give this a second thought. However, over time, this adds up to a significant number of companies that have access to your data. They’ll hold onto it even years after you used the app a single time.

Audit your publicly available data. Every three months, pretend that you are looking to dox yourself. Review all of the information you can find in public. Start with Google searches, but go much deeper, including reviewing data broker companies, such as Intellius, Anywho and White Pages. You can also use another social media account to view what other people can see on your profiles.

As technology continues to become even more intertwined with our lives and we continue to move to digital models for business, communication and daily tasks, doxing will remain a top concern. By understanding the issue and taking proactive steps, Gen Z can protect themselves from cyberattacks.

More from Data Protection

Cybersecurity 101: What is Attack Surface Management?

There were over 4,100 publicly disclosed data breaches in 2022, exposing about 22 billion records. Criminals can use stolen data for identity theft, financial fraud or to launch ransomware attacks. While these threats loom large on the horizon, attack surface management (ASM) seeks to combat them. ASM is a cybersecurity approach that continuously monitors an organization’s IT infrastructure to identify and remediate potential points of attack. Here’s how it can give your organization an edge. Understanding Attack Surface Management Here…

Six Ways to Secure Your Organization on a Smaller Budget

My LinkedIn feed has been filled with connections announcing they have been laid off and are looking for work. While it seems that no industry has been spared from uncertainty, my feed suggests tech has been hit the hardest. Headlines confirm my anecdotal experience. Many companies must now protect their systems from more sophisticated threats with fewer resources — both human and technical. Cobalt’s 2022 The State of Pentesting Report found that 90% of short-staffed teams are struggling to monitor…

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…