Protect yourself from "Doxxing"

What is Doxxing?

Doxxing refers to the collection of a user’s private information, across multiple platforms (including social media) by an unauthorized individual, who then publishes the information in an attempt to shame or embarrass the user. Doxxing may be conducted by researching public databases, hacking, or through social engineering.  The term "doxxing" is derived from the phrase "dropping dox (documents)".  

Doxxing often involves hackers attempting to embarrass or shame individuals by publishing confidential information, images or videos obtained from their personal accounts.   Initially, doxxing was used by hackers to "out" the identities of fellow bad actors/hackers.  However, more recently, it has been used to attack users with opposing viewpoints.

How can I protect myself from Doxxing?

  •  Adjust your social media settings:
    • Ensure that your profiles, usernames/handles are kept private
    • Remove any addresses, places of work, and specific locations from your accounts
    • Set your posts to “friends only"
    • Avoid discussing personal information that could be used against you, as well as anything that can identify your address, workplace or contact information
  • Use a Virtual Private Network (VPN) and a
    • If you must use public wi-fi, turn off the public network sharing functionality on your device
  • Use strong passwords
  • Vary usernames and passwords across platforms
  • Hide domain registration information from WHOIS (a database of all registered domain names on the web)

For more detailed information, consult the U.S. Department of Homeland Security's Guidance on How to Prevent Online Harassment from Doxxing

Additional links that provide guidance on Doxxing prevention:

https://heimdalsecurity.com/blog/doxxing/

https://blog.malwarebytes.com/how-tos-2/2019/10/how-to-protect-yourself-from-doxing/

https://www.wired.com/story/what-do-to-if-you-are-being-doxed/

https://medium.com/@liz_onlineSOS/ive-been-doxed-what-to-do-in-the-first-24-hours-13489360e72b

https://securitytoday.com/blogs/reaction/2019/06/how-do-i-avoid-getting-doxxed.aspx

https://onlineharassmentfieldmanual.pen.org/protecting-information-from-doxing/

Guidance for campus reporting of doxxing incidents:

  • If the information exposed is UCB FERPA protected student data, personally identifiable information (examples include, but are not limited to Social Security Number, Drivers License Number, or home address), and/or information pertaining to physical or mental health conditions, it should be reported to the Privacy Office, privacyoffice@berkeley.edu

  • If the incident involves unauthorized access to UC Berkeley electronic accounts or resources, report to security@berkeley.edu

  • Information inappropriately shared on campus network resources should also be reported to security@berkeley.edu

  • Stalking, online harassment, or hate and bias incidents may be reported to the Office for the Prevention of Harassment and Discrimination or through the UC Whistleblower Hotline