Doxing: Why should you care?

This post is part of a series of Safety and Advocacy posts by the Community Resilience and Sustainability team. This post was authored by staff from the Human Rights team.

For most people, being online is just part of daily life. Some don’t even recognize a separation between online and offline life because the Internet is ingrained into society. As people today, we do a lot online: share photos and stories, manage finances, attend classes, and contribute to the world’s knowledge. All of this can feel very private, but can actually be very public. Have you ever thought about how public your information is? Sometimes your personal information is more accessible than you think. That might open you up to doxing. There will be more details about doxing later in this post. First, let’s ask some questions. Answer honestly.

How cautious are you when sharing personal details online?

Immediately you might think of your government identification details, your address, or your birthdate. Personal details can be anything from your school name to the train you take to work each day or even where you prefer to get your morning coffee.

Do you use your real name? 

Your real name could be any part of your name or an abbreviation or even a nickname you often use. 

Is your username repeated across different platforms? 

Everyone may have done this at some point. It is easy to get attached to a username as it becomes part of a person’s identity.

Do you have identifiable images of yourself on your Wikipedia userpage or pages you link to?

What’s more, what do those descriptions say on those photos? Do they hint at locations, organizations, or activities?

Is your email address published openly?

Collaboration is in our nature as Wikimedians. An email address might feel like a comfortable way for someone to reach us. If that email address is used on other sites, people may be able to link more information together about you.

What do your social media privacy settings look like?

Do you allow anyone to find you using your email address, name or phone number? Do you share those details on your profile page to anyone, even if you are not connected?

How easy is it to connect your online self to your offline self?

If someone did a quick internet search of what they can find on your Wikipedia userpage, could you find information about your home, work and family?

If you haven’t already thought about some of these questions, there is no better time to start than now. Contributing to Wikimedia projects can be a radical act in this world, an act that can get you into trouble through doxing. 

Since the beginning of the Russian invasion of Ukraine more than half a dozen community members have been doxed on various pro-Putin Telegram channels. Doxing, however, is nothing new to the community. In 2021, Wikimedians from mainland China had doxed and threatened to share information with the police of community members in Hong Kong for resisting pro-Beijing narratives. In the UK, as Brexit was underway, there were a number of doxing attempts of editors. Indeed, there is even a detailed blog post highlighting tactics to dox Wikimedians specifically available online. Protection is important!

So, what is “doxing”?

Doxing is something that you want to avoid if at all possible. Doxing is a severe breach of privacy, a form of digital abuse wherein someone collects and publishes personally identifying information about a person with the intent to cause harm. The information published includes, but is not limited to, real name, phone number, email address, social media handles, images, date of birth and home and work addresses. Doxers use a whole range of interconnected methods, from simple Google searches to combing social media to using the services of data brokers, with one clue often leading to the next, to create a dossier that identifies who you are, where you work, how you look, where you live and how to contact you. 

How could doxing affect your life?

While the consequences of doxing depend on a whole range of factors including what information was shared, how widely it was shared, what the intent was, in what context and so on, personal information in the hands of strangers is bad, regardless of their intent. The main problem with doxing is how easy it is to do. There is a whole lot of personal information available online. It is easy to find. Doxing is an easy no-consequence way of hurting someone with a lack of legal recourse for publishing information that is already publicly available. As such, remember anyone, including you, can be doxed.

Why should you care?

Wikimedia is both a platform and a movement wherein transparency and openness are part of its ethos. As unique and wonderful as that is to collaborate in the curation of the world’s knowledge, it also makes Wikimedians especially susceptible and vulnerable to doxing. While the Foundation has a strict privacy policy and takes privacy very seriously, Wikimedia projects are by design not privacy oriented. There is a meticulous record of every action you take across the platform, visible to anyone looking. This record is important for a collaborative project, but it also opens up various risks, especially if someone is trying to identify who you are. Indeed, there are three privacy features that are controllable by you alone. Firstly, the decision to make an account with a username (not your real name) of your choosing in order to hide your IP address, secondly to think carefully before you press that “publish” button, and third to ensure that your userpage does not contain information which reveals your offline identity.

As a movement, we work closely together, not only online but in person, with individuals holding widely different values, perspectives and opinions to develop the world’s largest encyclopedia. As one of the most visited websites on the internet, with knowledge accessible through voice assistants and use of the Wikimedia API, Wikimedia projects are at the center of how many people form their thoughts on many topics. This automatically places Wikimedians in a vulnerable position. These vulnerabilities can be from community members with whom you are in regular contact, and larger forces uncomfortable with the dissemination of neutral and verifiable knowledge. 

Conclusion

Ultimately, the best defense against doxing is first, to accept that it indeed can happen to you. Second, being aware of and taking steps to mitigate your personal information online. Doxing, after all, often leads to further digital attacks and even the possibility of physical harm.

See additional posts in this series. Look for the second part of this post to learn how you can dox yourself to prevent it from happening to you.