It’s almost a given that you have personal information available online. Beyond social media and online discussion boards, there are public records of property ownership and voter registration, as well as massive databases of financial information assembled by credit-rating agencies.
Taken individually, many of these pieces of information are benign. So you cast a ballot in the 2016 presidential election, have a child enrolled at a particular public elementary school, or once posted a comment on a local newspaper site objecting to institutional racism. A great many people know those things – even strangers. The harm doesn’t come until someone figures out how to put these pieces together and then publishes it all online.
This kind of revelation is called “doxxing,” an old internet term that comes from the idea of collecting the documents, or “docs,” on a person. The effort to discover and reveal personal information, of course, long predates the internet.
And it is not only hackers who doxx. In a recent research study I found that news organizations have doxxed commenters who posted on articles. In online communities, where people are often anonymous, violating someone’s privacy like that is considered aggressive – and for some people, what’s come after being doxxed has been downright dangerous.
A trail of breadcrumbs
It’s not surprising that information has value – particularly information related to people’s identities, interests and habits. This is, after all, the age of big data, social media and targeted advertising. The Facebook-Cambridge Analytica scandal is just one of many events in which regular people found out just how much personal information is available out on the internet.
People also found out how little power they had over their information. Generally, people want, and think they have, control over who knows what about them. Individual identity is in part performance: People decide and change who they are and how they act in different places, around different groups.
This is particularly true online, where many sites and services allow users to be anonymous or pseudonymous or to hide their information from other users’ searches. Often, of course, each site itself has some private information about users, like an email address, for delivering service-related notices. But online platforms seem to offer users a measure of control over their identity and personal information.
That control is not complete, though, and is not an accurate measure of personal privacy. Users leave digital traces behind, registering on more than one site with the same email address, posting under the same username (even if a pseudonym) on multiple forums, or even using similar phrases in different contexts. In addition, many sites track what network addresses their users connect from, which can reveal the location and other details of a person who regularly spouts particularly virulent propaganda.
When someone connects these digital traces, and shares them with other people – often strangers, or even the wider public – they take away their target’s control over private data. Those people often seek to hold the person who is doxxed accountable for their actions, whether that’s perpetuating or opposing online hate, or failed romantic relationships.
In a recent case with relatively mild consequences, a Temple University professor was revealed as involved with an online account nicknamed “truthseeker,” which had posted posted at least one anti-Muslim comment on a right-wing website and had also promoted various conservative conspiracy theories.
More severe cases have resulted in online and real-world harassment of women in the gaming industry, prank calls to summon police to a politician’s home, and even death threats against a person and her family. Doxxing, ultimately, makes data into a weapon.
Jasmine McNealy does not work for, consult, own shares in or receive funding from any company or organization that would benefit from this article, and has disclosed no relevant affiliations beyond their academic appointment.
Send in your scoops to email@example.com