online crime against women
Image source:

This article is written by Vanya Verma from Alliance University, Bengaluru. This article talks about doxxing, the legality of doxxing, working of doxxing, ways to protect oneself from doxxing and what can a person do if he/she is a victim of doxxing.

Table of Contents


In 2017, Neo-Nazi white supremacists held a march on the University of Virginia’s campus. Someone on social media misidentified one of the participants as Kyle Quinn, an Arkansas professor who runs an engineering lab. Thousands of people shared his photograph and even his address on social media throughout the night. They also wrote him threatening texts and asked him to quit his academic employment. Quinn was later revealed to have had nothing to do with the Virginia demonstration and was simply a victim of faulty doxxing.

Almost anyone can become a doxxing (also known as doxxing) victim owing to the massive array of search tools and information readily available online. One’s information is publicly available if you have ever commented in an online forum, participated in a social networking site, joined an online petition, or purchased property. Furthermore, anyone who looks for data in public databases, county records, state records, search engines, and other repositories will find a vast amount of information.

Download Now

What is doxxing?

Doxxing, short for “dropping dox,” is an internet attack in which hackers gather personal information and documents, hence the “dox” portion of “dropping dox” to reveal the true identity of persons who intended to stay anonymous.

Doxxing is usually a malicious act carried out against persons with whom the hacker disagrees or dislikes. The purpose is usually to humiliate or harass the victim. For example, hackers might reveal the identity of an anonymous message board troll to disgrace that individual. They may wish for that individual to lose their job or to be shunned by coworkers or friends.

Doxxing has recently become a tool in the culture wars, with rival hackers doxxing persons with different viewpoints. By releasing information, doxers hope to extend their confrontation with targets from the internet to the real world. Doxxing includes:

  • Name.
  • Date of birth.
  • Home addresses.
  • Workplace details.
  • Personal phone numbers.
  • Email address.
  • National registration identity card number.
  • Family background.
  • Place of employment or education.
  • Passport number.
  • Signature.
  • Password.
  • Photos or videos of the person.
  • Social security numbers.
  • Bank account or credit card information.
  • Private correspondence.
  • Criminal history.
  • Embarrassing personal details.
  • Anything else that may be used to identify the person or someone related to them to damage their reputation and those of their personal and/or professional associates.

Doxxing attacks can range from the innocent, such as faked email sign-ups or pizza delivery, to the far more hazardous, such as pestering a person’s family or job, identity theft, threats, or other types of cyberbullying, or even in-person harassment.

Those who have been doxed include celebrities, politicians, and journalists, who have faced internet mobs, fear for their safety, and – in some cases – death threats.

Types of doxxing

Celebrity doxxing

It is common for journalists to obtain information about a celebrity’s personal life and post it on their media platforms. doxxing, on the other hand, isn’t typical entertainment news. The hacker discloses sensitive information about the celebrity, such as their payment card information, email address, social security number, or phone numbers.

Doxxing has affected celebrities such as Paris Hilton, Kim Kardashian, Joe Biden, Hillary Clinton, and President Donald Trump, among many others. In 2013, a group of Russian hackers doxxed 12 high-profile celebrities and politicians, according to TMZ (Thirty-Mile Zone), by revealing their Social Security Numbers (SSNs), mortgage amounts, credit card information, vehicle loans, banking, and other information on a website.

Faulty doxxing

Doxxing is sometimes carried out by online vigilantes who are too lazy to thoroughly research or examine their targets to guarantee they are dealing with the appropriate individual. Instead, they incorrectly associate persons to unrelated activities or events. Innocent people face the following consequences as a result of such “faulty” doxxing:

  • Loss of reputation,
  • loss of employment,
  • harassment,
  • physical harm, or
  • death.

Sunil Tripathi, an innocent student, was mistakenly labelled as a suspect in the Boston Marathon bombing by vigilantes on Reddit in 2013. Tripathi went missing, and his corpse was discovered in the sea near a park in Rhode Island, according to his family’s social media page. His death was ruled as suicide, with the cause of death being public shame because of faulty doxxing.

Revenge doxxing

People can use doxxing as a form of revenge. To humiliate their enemies, they post publicly identifiable information about them on the internet.

Curt Schilling, a former Major League Baseball pitcher, took revenge on those who made sexually abusive comments about his daughter on Twitter in March 2015. Schilling tracked down the real people behind the troll Twitter accounts and doxed them by revealing their true names on the internet. One bully was dismissed from his work, and another was suspended from his community college as a result of the incident. Other bullies, whose identities were not revealed, were scared by the doxxing and apologised on social media. Schilling used doxxing for online vigilante justice in this case.  

Swatting doxxing

Swatting is a method of doxxing. When someone falsely accuses someone of a crime, police (or a SWAT team, thus “swatting”) are sent to the victim’s residence to harass them. doxxing, on the other hand, can often be fatal for the victim.

Tyler Barriss was involved in a dispute between two other gamers, Casey Viner and Shane Gaskill while playing an online video game in December, 2017. According to NBC News, Viner challenged Barriss to swat Gaskill, and Gaskill accepted the challenge, disclosing his previous address, which was now occupied by the family of a man named Andrew Finch.

Barriss doxxed Gaskill by calling the cops on a prank call. Barriss pretended to be him and told the cops he’d murdered his father and was holding the rest of his family hostage. After being called outside, Finch was killed by one of the responding police officers. For the fake call, Barriss was sentenced to 20 years in jail.

Crime doxxing

While most swatting is done for entertainment, some are using doxxing to carry out severe crimes such as murder. They post personal information about their opponents on the internet and incite others to hurt them. Personal revenge or expressing disagreement or animosity toward a specific cause, religion, activity, or race could be the motive.

In the late 90s and early 2000s, Neal Horsley, an anti-abortion activist, compiled the names, photos, and addresses of abortion providers and published them on the Nuremberg Files website. That list was labelled a “hit list” by him. So far, eight doctors from the Nuremberg list have been killed. The website praised the victims of such assassinations and urged pro-life activists to keep killing doctors on the hit list.

Is doxxing legal?

If the material exposed is in the public domain and was obtained legally, doxxing is usually not considered unlawful. However, depending on your jurisdiction, doxxing may be illegal by laws intended to combat stalking, harassment, and threats.

It also depends on the exact material that has been disclosed. Giving someone’s real name, for example, is not as dangerous as disclosing their home address or phone number. Doxxing is immoral and illegal, and if you are discovered bothering individuals and disclosing their personal information, you could face serious legal consequences, including imprisonment. Detecting and prosecuting these types of crimes is often challenging for law enforcement.

On the other hand, it is not a crime if someone uses publicly available personal information ethically. Those that doxx for a more sinister objective, on the other hand, are committing a serious crime if their objectives are revealed to be unethical.

In India, there is no law specifically prohibiting or punishing doxxing, while there are laws prohibiting voyeurism (Section 354C IPC and Information Technology Act, 2000), disclosing sexually explicit or filthy content (Section 292 IPC), defamation (Section 499 IPC), and online stalking (Section 354D IPC). Doxxing infringes our Right to Privacy (a Fundamental Right) and undermines our Right to Dignity that is Article 21 of the Indian Constitution, as well as subjecting us to harassment and putting us in direct danger. The laws have been discussed further.

Laws to combat doxxing

Since doxxing is a form of cybercrime, laws on cyber harassment will apply in the case of doxxing in India. India is one of the few countries in the world with cyber harassment laws that punish offenders of cybercrime. Cyber offences like hacking, data tampering, and the publication of obscene materials are included as punishable offences, however, they are not specific to women. The following cybercrime offences are covered by the Information and Technology Act of 2000 (IT Act, 2000) and the Indian Penal Code (IPC).

Information Technology Act, 2000

Section 66 A

This Section encompasses the act of transmitting obscene messages via a computing or communication device that may cause annoyance, insult, or other negative consequences. It also covers online communication that is intended to deceive or mislead the recipient regarding the message’s origin (email spoofing). Such violations are punishable by a fine or imprisonment for up to three years.

Section 66 B

Fraudulently and intentionally accepting or retaining a stolen communication device or computer resource is punishable under Section 66B. Penalties include a fine of up to one lakh rupees or three years in prison.

Section 66 C

This Section covers attempts at identity theft by utilising the use of another person’s password, digital signature, or any other unique identifier.

Section 66 D

Cheating with a computer resource or communication device by impersonating someone is covered under Section 66D.

Section 66 E

The provisions of Section 66E deal with penalties for privacy violations. This section deals with the unauthorised publication or sharing of photos from a person’s private areas.

Section 67

The majority of cyber offences against women are covered by Section 67 of the Information Technology Act of 2000. The provisions of this section apply to the electronic publication or transmission of vulgar material. The IT Act was amended in 2008 to include provisions for child pornography and intermediary possession of records.

Section 72

This Section charges someone who is violating another person’s confidentiality or privacy by gaining unlawful access to an electronic record, book, register, or document.

Indian Penal Code

Section 354 C

Voyeurism is a crime under both the IPC and the IT Act. If a male takes a photograph of a woman engaged in a private act without her consent, he will be punished under Section 354C of the Indian Penal Code, which has a minimum sentence of one year in prison and a maximum sentence of three years in prison, as well as a fine. The legislation can be used in situations when a woman would not probably expect to be noticed by the offender.

The provision under the IPC further defines “private act” as an act of watching over a woman engaged in an activity that is reasonably regarded as private.

Section 354 D

This Section of the Indian Penal Code deals with stalking in all of its forms. It can entail physically stalking a lady or her connections, as well as monitoring her internet actions without her knowledge or consent.

Section 500

This Section includes printing or engraving anything about someone who knows it is derogatory or defamatory (cyber defamation). The offence is punishable under Section 500, which carries a penalty of up to two years in prison and/or a fine.

Doxxing laws in the United States

Interstate Doxxing Prevention Act, 2000

This Bill amends the federal criminal code to make it a crime to use the mail or any facility or means of interstate commerce to knowingly publish (or attempt or conspire to publish) personally identifiable information of another person with the intent to threaten, intimidate, harass, or stalk, and as a result, place that person in reasonable fear of death or serious bodily injury to that person, or to that person’s family member or intimate partner.

A violator is subject to criminal penalties—a fine, a prison term of up to five years, or both—and civil liability.

Doxing Laws in the UK

Three laws apply and protect any individual in the UK who has been unlawfully doxed and identified.

Protection from Harassment Act, 1997

Section 1 of this Act states that a person must not pursue a course of conduct that amounts to harassment of another, and which he knows or ought to know amounts to harassment of the other. To do so is an offence.


A person who pursues a course of conduct that is a breach of under Section 1 (1) of the Protection from Harassment Act (so, a course of conduct that amounts to harassment of another) and the conduct amounts to stalking. To dox, this might be ‘publishing any statement or other material relating or purporting to relate to a person; monitoring the use by a person of the internet, email or another form of electronic communication.

Malicious Communications Act, 1988

Section 1 of this Act states that a person who sends an indecent or grossly offensive letter or article of any description, electronic or otherwise, commits an offence. This has been extended to include the increasing number of incidents that are commonly called ‘revenge porn’. It is an offence for a person to disclose a private sexual photograph or film if the disclosure is made without the consent of the individual who appears in the photograph or film and with the intent of causing that individual distress.

Communications Act, 2003

Section 127 of this Act states that a person is guilty of an offence if he sends through a public electronic communications network (includes the Internet) a message or other matter that is grossly offensive or of an indecent, obscene or menacing character; or causes any such message or matter to be so sent.

Computer Misuse Act, 1990

This Act has several important sections that deal with doxxing as a cybercrime

Section 1 of the Computer Misuse Act, 1990

Unauthorised access to computer material. Causing a computer to perform any function with intent to secure access to any program or data held in any computer.

Section 2 Computer Misuse Act, 1990

Unauthorised access with intent to commit or facilitate the commission of further offences.

Section 3 Computer Misuse Act, 1990

Unauthorised acts with intent to impair, or with recklessness as to impairing, operation of a computer, etc.

Section 4 Computer Misuse Act, 1990

Unauthorised acts causing or creating a risk of serious damage. The Education Act, 2011 also provides the power of search and seizure to teachers who may look at electronic devices and delete inappropriate images or data.

The Public Order Act, 1986 and the Criminal Justice and Public Order Act, 1994 

This Act also provides offences that cover harassment, alarm and distress, which includes writing, signs or other visible representations.

Doxxing laws in Singapore

Publishing personal information having the intention to cause harassment, alarm or distress

Section 3 of the amended The Protection from Harassment Act (POHA) lays down that a person will be held guilty of an offence if that person publishes any personal information of someone or of someone related to that person to cause harassment, alarm or distress and that person in fact experiences harassment, alarm or distress.

The penalties for this offence for a first conviction are a fine of up to $5,000 and/or up-to 6 months’ jail. If the offenders repeat the crime then these maximum penalties are doubled.

Publishing personal information to cause the fear of violence

Section 5 of the amended POHA lays down that a person will be held guilty of an offence if that person publishes personal information of someone or of someone who is related to that person with the intention, knowledge or having reasonable cause to believe that the person is likely to believe that there will be the use of unlawful violence against him or some other person.

The penalties for this offence in case of first conviction are a fine of up to $5,000 and/or upto 12 months’ jail. These maximum penalties are doubled for repeat offenders.

Publishing personal information to facilitate the use of violence

Section 5 of the amended POHA lays down that a person will also be guilty of an offence if he publishes the personal information of a person (or of others related to that person), with intention, knowledge or having reasonable cause to believe that it is likely, to facilitate the use of unlawful violence against that person (or any other person).

The penalties for this offence for first conviction are a fine of up to $5,000 and/or upto 12 months’ jail. These maximum penalties are doubled for repeat offenders.

How to protect oneself from doxxing in India?

Doxxing is much more common in India than meets the untrained eye, and it often gets lost in the broader category of cyberbullying. To deal with this, the Aapti Institute runs the online awareness platform “Reclaim Your Privacy (RYP),” a joint initiative backed by Omidyar Network India, conceptualised by the 21N78E to and backed by research from the Aapti Institute. The major goal of RYP is to spread awareness about cybersecurity challenges that are often segmented within the professional realms of technology policy. Their social media campaign, which aims to raise awareness and provide better methods for safer digital habits, is based on the assumption that no one is willing to drastically change their online safety behaviours in a single day.

The doxxing situations Aapti has encountered are revealing as it is common online, vulnerable, marginalised groups are disproportionately targeted. “When it comes to youngsters, Indian youngsters are the most cyberbullied around the world [as of 2018],” claims an Aapti official. In one of the cases, it was discovered that a girl in 11th grade was a victim of ‘revenge porn,’ as her boyfriend shared her private images after she told everyone they were dating. Because more students are taking classes online due to pandemic, these incidences have increased significantly.

“One in every ten children has experienced cyberbullying, and just half of them have reported it to anyone,” according to a survey performed by Child Rights and You (CRY) during the lockdown on ‘Online Safety and Internet Addiction’ among adolescents in Delhi-NCR.

Steps to file a cyber crime complaint in India

The following steps will guide you in registering an online complaint in India:

  1. The first step in filing a cybercrime complaint is to file a written complaint with the city’s cybercrime cell. A cyber offence, according to the IT Act, is subject to international jurisdiction. This means that a cybercrime complaint can be filed with any of India’s cyber cells, regardless of where the crime was first committed. Most Indian cities now have a separate cybercrime unit.
  2. When filing a cybercrime complaint, you must include your name, contact information, and mailing address. The written complaint should be addressed to the Head of the Cyber Crime Cell in the city where the cybercrime report is being filed.
  3. If you are a victim of online harassment, you can seek legal advice to help you report the incident to the police station. You may also be asked to submit specific documents with your complaint. This, however, would be contingent on the nature of the offence.
  4. If you don’t have access to any of India’s cyber cells, you can file a First Information Report (FIR) at your local police station. If your complaint is not accepted there, you can go to the Commissioner or the Judicial Magistrate for the city.
  5. The Indian Penal Code covers some cybercrime offences. To report them, you can file a cyber crime FIR with the nearest local police station. Every police officer, regardless of the jurisdiction in which the crime was committed, is required by Section 154 of the Code of Criminal Procedure to record the information/complaint of an offence.
  6. The majority of cybercrimes are recognised as cognizable offences under the Indian Penal Code. A cognizable offence does not require a warrant for an arrest or inquiry.

A police officer is required to record a Zero FIR from the complainant in this scenario. He must then deliver it to the police station in charge of the jurisdiction where the crime occurred.

Zero Fir is the mode of lodging FIR in any police station irrespective of the offense committed in that area or any other area. There is no restriction over the informant to lodge zero FIR. Zero FIR provides some relief to victims of crimes that require quick attention/investigation because it saves time by not registering the crime on police records.

Filing complaints related to social media sites

  1. In addition to the aforementioned steps, a complaint must be filed on the appropriate platform where the offence was committed. The processes for doing so are mentioned on every social media platform.
  2. The majority of social media platforms have a clear procedure for reporting any abuse or other nefarious behaviour. You must make certain that you report such acts as soon as possible when they occur. This will allow the concerned social media platform to take quick action to prevent such behaviours and defend your personal information’s privacy.
  3. To protect their users from online abuse and cybercrime, Facebook, Twitter, Instagram, Snapchat, and YouTube have established a strict and transparent redressal mechanism. Make sure you’re familiar with their reporting guidelines so you may report abuse without having to wait for one to occur.

Filing an online cybercrime complaint

The Ministry of Home Affairs is now working on developing a centralised online cybercrime registration system that will eliminate the need to go to a police station. However, the Delhi Police Cyber Crime Cell and the Indore Police have already developed an online platform to educate the public about cybercrime and take online cybercrime complaints. The following are the links to online portals where you can file a cyber crime complaint in India:


Documents required for filing a cybercrime complaint

The following is a list of items to consider before filing a cybercrime complaint:

Complaints made via email

  • A written summary of the offence;
  • a copy of the allegedly hacked email as it was received by the original recipient (forwarded emails should be avoided);
  • The suspected email’s entire header hard and soft copies of the alleged email’s header;
  • Ascertain that the soft copy is delivered on a CD-R.

Complaints about social media

  • A copy or screenshot of the purported profile/content, as well as a screenshot of the alleged content’s URL
  • Ensure that the purported content is delivered in both hard and soft copies, with the soft copy being on a CD-R.

Complaints about mobile applications

  • A screenshot of the allegedly malicious programme, as well as the URL where it was downloaded.
  • If any transactions were made after the incident, the victim’s bank statements Soft copies of all the aforementioned documents.

List of Cyber Cells in India

Visakhapatnam City Cyber Cell


Address: CCS building in the premises of II Town Police Station, Dabagardens, Visakhapatnam City – 530020

Email ID: [email protected], [email protected], [email protected]

Gujarat Cyber Crime Cell


Address: First floor, Police Bhavan, Sector 18, Gandhinagar

Email ID: [email protected], [email protected], [email protected]

Bangalore Cyber Crime Cell


Address:  Cyber Crime Police Station, CID Annexe Building, Carlton House, # 1, Palace Road, Bangalore – 560001

Email ID: [email protected]

Nagaland Police Headquarters


Address: Nagaland Police Headquarters, P. R. Hill, Kohima – 797001, Nagaland

Email ID: [email protected]/[email protected]

Rajasthan Police Department


Uttar Pradesh Cyber Crime Cell


Email ID: [email protected], [email protected]

Lucknow Cyber Crime Cell

Economic Offences Wing

Address: V-Floor, Indira Bhawan, Ashok Marg, Lucknow

Email ID: [email protected]

Noida Cyber Crime Cell


Address: Centre for Cyber Crime Investigation, Plot No: B-110 A, Sector-6, Noida

How does doxxing work?

The following are some of the ways used to dox people:

Stalking on social media

If your social media accounts are public, anyone can cyberstalk you and find out information about you. They can learn about your location, workplace, friends, photos, likes and dislikes, travel destinations, family members’ names, pet names, and so on. A doxer may use this information to figure out the answers to your security questions, allowing them to hack into additional online accounts.

Keeping track of usernames

Many people use the same login for several different services. This allows potential doxers to have a better idea of the target’s interests and how they use the internet.


If the user uses an insecure email account or falls victim to a phishing scam, the hacker can access and post crucial correspondence online.

Running a WHOIS search on a domain

Anyone who owns a domain name has their information saved in a registry, which is frequently accessible to the general public through a WHOIS search. Assume the individual who purchased the domain name did not conceal their personal information at the time of purchase. In that situation, anyone can find their personally identifiable information (such as their name, address, phone number, business, and email address) on the internet.

How to prevent doxxing?

Examining government documents

While most personal records are not accessible via the internet, government websites do provide access to a significant quantity of information. Business licencing databases, county records, marriage licences, DMV records, and voter registration logs are just a few examples of databases that contain personal information.

Tracking IP addresses

Doxers can find your IP address, which is tied to your actual location, using a variety of methods. They can then employ social engineering methods on your Internet Service Provider (ISP) to learn more about you once they have that information. They could, for example, register a complaint against the IP address’s owner or try to break into the network.

Reverse mobile phone lookup

Hackers might learn more about you after they get your cell phone number. Reverse phone lookup services allow you to punch in a mobile phone number — or any telephone number — to learn who owns the number. Fees are charged by sites for information other than the city and state-linked with a mobile phone number. Those willing to pay can, however, use your mobile phone number to find out more personal information about you.

Packet sniffing

When it comes to doxxing, the term packet sniffing is occasionally used. Doxers intercept your internet data, looking for passwords, credit card numbers, bank account information, and old email messages, among other things. Doxers accomplish this by connecting to an internet network, breaking its security mechanisms, and then capturing data moving in and out of the network. Using a VPN is one approach to protect yourself against packet sniffing.

Using data brokers

Data brokers are companies that collect and sell personal information about people for a profit. Data brokers get their information from public records, loyalty cards (which track your online and offline purchasing habits), Internet search histories (anything you search, read, or download), and other data brokers. Many data brokers sell their information to advertising, but several people-search websites provide extensive records about individuals for a modest fee. To gain enough information to dox someone, all a doxer needs to do is pay this small fee.

By following breadcrumbs

Doxers can build up a picture of someone from scattered information on the internet, leading to the discovery of the true person behind an alias, including the individual’s name, physical address, email address, phone number, and more. On the dark web, doxers can also buy and trade personal information. 

What to do if you become a doxxing victim?

Here are some things you can do if you become a doxxing victim:

Report the incident

Notify the platforms where your personal information has been posted about the attack. Look up the terms of service or community standards for the relevant platform to see what their reporting mechanism is for this type of attack, and then follow it. While filling out a form for the first time, save it for future use (so you do not have to repeat yourself). This is the first step towards preventing your personal information from being shared.

Enforcement of law

Contact your local police department if a doxer makes personal threats against you. Any information pointing to your home address or financial information should be treated with extreme caution, especially if real threats are present.

Make a record of it

Take screenshots or save the pages where your information is displayed. Attempt to make the date and URL visible. This evidence is important for your records and may be useful to law enforcement or other parties involved.

Safeguard your bank accounts

If your bank account or credit card numbers have been published by doxers, notify your financial institutions right away. Your credit card company will most likely terminate your current card and give you a replacement. You’ll need to update your passwords for your online bank and credit card accounts as well.

Secure your accounts

Change your passwords, use a password manager, activate multi-factor authentication when possible, and make sure your privacy settings are strong on all of your accounts.

Enlist the help of a friend or family member

Doxxing may be draining on the emotions. So that you don’t have to deal with the problem alone, ask someone you trust to assist you.

How to protect yourself from doxxing?

Using a VPN to hide your IP address

A VPN (a virtual private network) provides exceptional protection against IP address disclosure. A VPN encrypts the user’s internet traffic and routes it through one of the service’s servers before it reaches the public internet, allowing you to surf the web anonymously. 

Good cybersecurity is a must

Doxers can’t steal information through malicious applications if they use anti-virus and malware detection software. Updating your software regularly helps to prevent security ‘holes’ that could lead to you being hacked and doxed.

Make use of strong passwords

A good password consists of a mix of uppercase and lowercase letters, as well as numbers and symbols. Avoid using the same password across several accounts and change your passwords frequently. Use a password manager if you have trouble remembering passwords.

For different platforms, use different usernames

Use different usernames and passwords for each service if you use online forums like Reddit, 4Chan, Discord, YouTube, or others. Doxers might look through your remarks on numerous platforms and construct a complete picture of you if they used the same ones. It will be more difficult for people to monitor your movements across several sites if you use different usernames for different purposes.

Create different email accounts for different purposes

Consider creating separate email accounts for professional, personal, and spam purposes. Avoid publicly revealing your email address; it should only be used for a private conversation with close friends, family, and other trusted connections. Sign up for accounts, services, and promotions using your spam email. Finally, whether you are a freelancer or linked with a certain organisation, your professional email address can be made public. Avoid incorporating too much-identifying information in your email handle, as you would with your public-facing social media accounts.

Examine and improve your social network privacy settings

Examine the privacy settings on your social media profiles to ensure that you are fine with the amount of information provided and with whom it is shared.

Consider which platforms you’ll employ for which purposes. Tighten your privacy settings if you’re utilising a platform for personal reasons like sharing images with friends and family on Facebook or Instagram. Assume you’re using a platform for business purposes such as monitoring breaking news on Twitter and tweeting links to your work. In such a situation, you might want to make some of the settings public but avoid including sensitive personal information and images.

Multi-factor authentication should be used

This means that you and anybody else attempting to log into your account will require at least two stages of identification to access your account, typically your password and phone number. It makes it more difficult for hackers to gain access to a person’s devices or online accounts since they will need access to a PIN in addition to the victim’s password.

Remove any profiles that are no longer relevant

Examine how many websites contain your data. This applies to any site where you have previously participated. If at all possible, erase obsolete and old/unused profiles.

Keep an eye out for fraudulent emails

Phishing scams may be used by doxers to deceive you into providing personal information such as your home address, Social Security number, or even passwords. When you receive a communication claiming to be from a bank or credit card business and asking for your personal information, be cautious. This information will never be requested through email by a financial institution.

Hide WHOIS information about your domain registration

WHOIS is a database of all domain names that have been registered on the internet. This public record can be used to find out who owns a certain domain, as well as their physical address and other contact details.

Make sure your personal information is secret and concealed from the WHOIS database if you want to run a website anonymously without revealing your true identity. These privacy settings are controlled by domain registrars, therefore you’ll need to contact your domain registration firm on how to change them.

Request that Google remove information from its search results

Individuals who find personal information in Google search results can ask for it to be removed from the search engine. Through an online form, Google makes this a simple process. Many data brokers make this type of information available online, mainly for background checks or criminal background checks.

Online quizzes and app permissions should be avoided

Online quizzes may appear to be harmless, but they are frequently rich sources of personal data that you willingly supply without hesitation. Some elements of a quiz can even be used as password security questions. Because many quizzes request permission to view your social media information or email address before showing you the quiz results, they can easily link this information to your real identity without providing much context as to who is launching the quiz or why it is best to avoid taking them altogether.

Personal data is also collected through mobile apps. Many apps request data or device access permissions that have nothing to do with the app software. An image editing programme, for example, has no logical use for your contacts. That makes sense if it’s demanding access to your camera or photographs. However, continue with caution if it also wants to look at your contacts, GPS position, and social media profiles.

Certain forms of information should be kept private

Avoid disclosing sensitive information in public whenever feasible, such as your social security number, home address, driver’s licence number, or any information about bank accounts or credit card details. Remember that emails might be intercepted by hackers, so don’t include personal information in yours.

Examine how simple it is to dox yourself

Making it more difficult for abusers to hunt down your personal information is the best defence. Check out what information can be gathered on you to see how simple it is to dox yourself.

For example:

  • Google yourself.
  • Carry out a reverse image search.
  • Audit your social media profiles, including privacy settings.
  • Examine your professional presence’s CVs, bios, and personal web pages to discover what personal information is conveyed. If you have PDFs of CVs online, make careful to leave out personal information like your home address, email address, and phone number (or replace them with public-facing versions of that information).

Set up Google alerts

Set up Google alerts for your full name, phone number, home address, or any other private information you’re concerned about, and you’ll be notified if it suddenly appears online.

Avoid giving hackers a reason to dox you

Always be cautious about what you publish online, and never reveal personal information on message boards, forums, or social networking sites. It’s all too tempting to believe that the internet allows people to say or type whatever they want. People may assume that creating anonymous identities allows them to voice any beliefs they choose, no matter how divisive, without fear of being identified. However, this is not the case, so be cautious about what you say online.


Doxxing is a serious issue made possible by easy access to personal information online. Staying safe in an online world is not always easy, but following cybersecurity best practices can help. 


LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join:

Follow us on Instagram and subscribe to our YouTube channel for more amazing legal content.


Please enter your comment!
Please enter your name here