Summary

Doxing (also "doxxing", or "d0xing", a word derived from "documents", or "docs") consists in tracing and gathering information about someone using sources that are freely available on the internet (called OSINT, or Open Source INTelligence).

Doxing is premised on the idea that "The more you know about your target, the easier it will be to find their flaws”. A malicious actor may use this method to identify valuable information about their target. Once they have found sensitive information, they may publish this information for defamation, blackmail the target person, or use it for other goals.

This activity aims to help participants identify any unwanted personal information that may be publicly available online, and to make them aware of the risk of doxing and how to prevent it.

Considerations

    • Recommend the usage of the Tor Browser for this activity.
    • Treat threat and adversary data with the utmost security.
    • Ensure that any physical notes/drawings are erased and destroyed once digitally recorded.
    • Ensure that any digital recordings of this process are kept secure and encrypted.
    • Before targeting any individuals, do the research for the organization itself.
    • If using a staff member for the example, have a private session with them beforehand to make sure you do not expose any sensitive information to the group.
    • Ensure that you have consent from the staff members you will use as an example for this activity.

Walkthrough

    • Prepare before the activity by doing this research on a few members of the organization to identify good examples
    • Present the problem to the group:

      Harassers and stalkers use several tools and techniques to gather information about their targets, but since these tools and techniques are mostly public and easy to use, we can also use them ourselves, on ourselves, as a preventative measure. "Self-doxing" can help us make informed decisions about what we share online, and how. (Of course, these same instruments can also be used to learn more than is immediately obvious about someone we have met online before we give them our full trust - for example to decide if we want to admit them to a private mailing list or group on social networking platforms.) Methods used for doxing (and self-doxing!) include exploring archives, yellow pages, phone directories and other publicly available information; querying common search engines like Google or DuckDuckGo; looking for a person's profile in specific services; searching for information in public forums and mailing lists; or looking for images that the person has shared (and for instance may have also published in another, more personal, account). But it can also simply consist in looking up the public information on the owner of a website, through a simple "whois search".

    • Ask the group to brainstorm possible search engines and websites where information could be found on them and their communities - encourage them to think of local services or services used by their friends, including social networking platforms.
    • Give out copies of this self-doxing guide
    • While projecting to the group, conduct a research on yourself or a high-profile member of the organization who has given their consent. Perform the search on websites mentioned in the self-doxing guide and during the brainstorming activity.
    • Either have them do the same research on themselves in pairs or assign this research as homework.

      Note: If participants perform the research at home, it is important to warn the group that when practicing self-doxing, there is a risk of getting exposed to results that they may find disturbing. Tell them that if they think they may need support, they should ask a close friend to be around while they carry out their research.

      • Instruct participants to use the Tor Browser and a browser different than their usual one to perform the research, and ask them to search both on the websites and services listed in the self-doxing guide and in the ones mentioned during the brainstorming.
      • Explain that, to decide what to search for, one should try to understand what activities expose them to a higher risk of being attacked by trolls or other malicious actors. They should ask themselves: "Why would someone want to spend hours of their time to track information on you in the internet?" Add that this kind of attack often affects minorities or people who support controversial opinions online, and the attack starts from the information that the malicious actor will find immediately available - like the nickname and profile used by the target in the platform where the attack has started, or the pictures the target has published in their page. This is where they should start from.
      • Instruct the group to check the properties of the posts and media they have published, to make sure that they aren't leaking their IP address or other metadata.
      • Show the group a reverse image search on TinEyE or Google and recommend they do it on pictures of themselves they have published online.
      • Show the group how to check if their online account has been previously compromised on Have I Been Pwned?. Explain that often results are old and if they have changed their password recently, showing up on this search may not be a problem. Tell them that if they are still using that old password for the compromised account of for other accounts, they should immediately change that password.

Recommendation