mojatu.com
22 Business & Finance
HOW TO DOX YOURSELF ON THE INTERNET by Kristen Kozinski and Neena Kapur
No one wants their home address on the internet. That is personal information we typically only give out to friends, family and maybe our favorite online stores. Yet, for many of us, that information is available and accessible to anyone with an internet connection. And increasingly for journalists, public figures and activists, this kind of information is dug up and posted to online forums as a form of harassment, or doxxing. Doxxing (also sometimes called “doxing”) is a lowlevel tactic with a high-impact outcome: it often does not require much time or many resources, but it can cause significant damage to the person targeted. Once sensitive information — such as home address, phone number, names of family members or email addresses — about a targeted individual is posted to public forums, it can be used by others for further targeting. The tactic is typically used to intimidate and silence, to prove a point or to discredit someone’s work. In 2019, a far-right group that disagreed with news coverage posted the personal information for three dozen journalists from news organizations in the United States, including The New York Times, on a site run by the group. After Christine Blasey Ford testified before the Senate Judiciary Committee in 2018, her personal phone number, home address and more were posted on Twitter and she soon started receiving death threats and harassment. During the Hong Kong protests in 2019, doxxing was a tactic used by both sides to expose personal information of protestors, police officers, journalists and social workers. These attacks demonstrate that people dox — and are doxxed — for a variety of reasons. But regardless of the motive, an attack can be dangerous. With that in mind, it is particularly important to take proactive digital security measures. Protecting personal information is more than just securing data, it guards against further digital attacks or event the possibility of physical harm. Think like a doxxer In 2017, the New York Times Information Security team began exploring the numerous ways personal information spreads through the internet. We wanted to understand how this information surfaces and how to clean up an online footprint — which includes everything from personal information like phone numbers, to what you like and who you follow on social media — in order to decrease the threat and impact of doxxing.
Doxxing itself relies on open-source data as well as data that may be circulating in spaces like the dark web. While we cannot control all the information about ourselves on the internet, we can take steps to make data more difficult to find. When our team begins looking into the personal information that is available online for a colleague, we think like doxxers and use some of the same readily available online resources that doxxers may use to surface personal information: Search engines: This is where we start. A search with a journalist’s name and the words, “phone number” or “address” might bring up a people-search site or the journalist’s social media accounts. Targeted searches can lead to sites that reveal a lot of information about someone and their behavior online. Data broker and people-search sites: Targeted searches on search engines often lead to data broker or people-search sites, which provide holistic profiles of individuals and package sensitive information into a single report that is usually available for free or for a minimal cost. These sites collect the personal and behavioral information of consumers from public records, open-source information and other data brokers, and sell that information to other companies and individuals. Social media: A doxxer might scroll through a journalist’s social media sites to gather more intimate details about their life, such as insights into their relationships, habits, personal photos, emotional state, and their likes and dislikes. While doxxers use these tools to do harm, journalists can use them to control the amount of personal information that is available online. From locking down social media profiles to opting out of major data broker websites, there are concrete mitigation strategies that anyone with an internet connection can do. It just takes a little time. It’s impossible to control all the personal information that is out there, but we can take steps to make it more difficult to find. If a doxxer can’t find a journalist’s information in a few hours, then that may discourage them from pursuing the journalist as a target for doxxing. You can do it, too To help our Times colleagues think like doxxers, we developed a formal program that consists of a series of repeatable steps that can be taken to clean up an online footprint. Our goal with this program is to empower people to control the information they
