Horrified, all I could do was count. One, two, three, four, five, six. Six. Six friends of mine who appeared on a list of doxing targets. Sick to my stomach, I started texting and emailing people - all the while hoping that the information was wrong and that they were still safe. As each friend slowly responded, affirming that the dox was only inconvenient, not harmful, I felt reassured. But I had a realization: I don't want this to happen to me. I need to fix my online life.
Doxing - the act of releasing someone’s address, date of birth, social security number, or other revealing information - used to be an obscure term for something only happened to hackers and the occasional gamer. But increasingly journalists, public figures, and normal citizens are all finding themselves targeted, for reasons as mundane as a comments section disagreement. Doxing is pernicious in more than just the act of information exposure. In real life, a person with a stalker hopes the stalker doesn’t find them. Online, you hope your stalker doesn’t find an army of fellow harassers, willing to turn your life upside down just for sport (or the lulz, depending).
The trouble is the sheer amount of information available, particularly if you’ve been online a long time like I have. I tried to use JustDeleteMe, a recommended tool for sussing out old online identities and potential breaches of identity. My JustDelete.Me link revealed 437 individual accounts I would need to attempt to remove, of which 67 were considered impossible to remove. There are many other Latoya Petersons around, of course - all these accounts may not be mine. But it’s a bit disturbing to see I can never fully remove myself from sites like Gawker, Animal Crossing Community, Bungie.net, Evernote, EdX, Hacker News, Kik, Starbucks, or YouTube. These sites didn't reveal my SSN but they did contain old usernames, comments with personal information and occasionally old credit card records.
I then decided to focus on just my physical space - perhaps I could remove all traces of where I live. But that plan was also flawed because data brokers buy and sell information constantly. Any public record I had was constantly being updated and indexed. The major dealers are listed by the Crash Override Network, an online support system for dox victims started by Zoe Quinn. At the top of the list are brokers like Spokeo, People Smart, PeekYou, Pipl, LexisNexis, WhitePages, Zabasearch, US Search. But dedicated stalkers will use dossier sites like BeenVerified - it’s only $20, after all.
I ran checks for my own name and PeopleSmart had the most chilling amount of data available for free. While not all of my data was available there - for example, I have no record of a husband or a sister - there was enough to give me pause.
I ran the search on my husband, and while clicking through his profile links we found contact information for a long-lost uncle, the product of a rarely-mentioned extramarital affair that happened in the 1960s. All of this was accomplished in the span of about seven minutes.
When I checked popular guides to doxing, attempting to reverse-engineer the process, I realized that the most successful doxers were the ones with the biggest axes to grind - they, quite simply, are willing to put in time and effort to find you. And if you aren’t in a tinfoil lined bunker preparing for the digital apocalypse - that OffGrid Magazine is looking better and better - chances are, they will succeed.
One of the best primers on doxing I found was posted to a blanked-out subreddit called "The Dox Club." The writer starts with advanced Googling strategies, listing many of the same resources I listed up top, then goes on to explain that family members and friends are normally a vulnerability point, so to spend some time combing through various social media profiles. (Sometimes the family member becomes the target.) The guide also recommended old-school methods of locating people, using the Yellow Pages and the White Pages, alumni organizations, and tax websites.
A dedicated doxer is essentially a private investigator, employing many of the same tactics to find a target. Later, the guide refers users to the Anarchist Cookbook and old CIA manuals, and if a person with that level of dedication is trying to find you, I’m not sure you can dissuade them.
As journalist Melissa Chan (a close friend of mine) explains in her Knight Fellowship talk on digital security, journalists may find themselves targeted both by individuals frustrated with their work and by the state. Chan knows what she’s talking about - her reporting got her expelled from China in 2012.
As Chan points out, this is a battle that we will most likely lose - there is no perfectly safe mode of operation in life, and if you are a person in the world, someone dedicated to watching you will find you. And, for journalists, trying to scrub our personal data from the internet and lock down our accounts may make the situation worse - who would know if we went missing?
Compounding the problem is the fact that data brokers are constantly updating their information and re-populating profiles. As Sarah Jeong writes in The Internet of Garbage:
Any anti-harassment strategy that focuses on deletion and removal is doomed to spin in circles, damned to the Sisyphean task of stamping out infinitely replicable information… [D]eletion isn’t victory, liberation, or freedom from fear. It’s just deletion.
But that doesn’t mean we have to make ourselves easy to find.
Perhaps, the best way to approach doxing isn’t a frantic deletion of our unsecured public lives. For one, the idea that we can delete away compromising information is becoming increasingly unlikely. The most chilling realization from my now eight plus hours attempting to rein in my online presence is it’s simply not possible. Even someone like me - who still maintains many different practices of semi-anonymity - has been leaking data and leaving breadcrumbs around my identity for close to two decades. Political commentator Sally Kohn, a frequent target for doxing, recommends making a quarterly data clean-up part of an online digital hygiene routine… but there has to be another way.
A shift in thinking is needed. I have no desire to live my life in hiding, as some women have done in the face of being targeted. I like using apps like Swarm; while it reveals my location, it also alerts my friends in other cities when I am nearby, which facilitates more connections and meet-ups. I want companies to continue to think about how to give me control over who gets to see that kind of information, keeping in mind the possibilities for harassment.
I don’t want to purge my online history and I don’t want to be untraceable. I want to be findable and rooted, in my community and with my friends, but not easily discoverable by those who seek to do me harm. The prospect of someone disagreeing with my opinion shouldn’t immediately call to mind pizzas and swatting.
Maybe it is time to learn to blur our identities a little more. Instead of instantly correcting old or incorrect addresses, keep them around. Begin using multiple phone numbers, or cloaking your main number with services like Google voice. If the internet is turning into a site of surveillance, most of us would be well-served by tapping into our inner James Bond.
Or perhaps the answer doesn’t lie with us at all - already, online the movement of doxing and counter doxing is growing as more and more people find themselves “outed” on the internet. “Dox not, lest thou be doxed” isn’t a current mantra, yet it probably should be.
Whatever the solution is, we will need to see strong leadership from authorities. The FCC made a raft of recommendations around consumer protection and data, but Congress has been slow to create legislation. The push that everyone online should be identifiable and easily tracked is a business imperative, not an internet value - and if the growth of doxing is a side-effect of a market hungry for personal data, we should put some of the mess at the feet of the government and corporations. Since many services don’t even allow opting out it's clear that the issues of data and privacy are too large for any individual to solve.