Doxxing is the act of seeking and publicly publishing online private or identifying information about an individual or a group with the purpose of exposing them to other online users. Doxxing is done to pressure or harass individuals or groups as they might suffer from frequent calls, emails, or even real-life harassment and violence from abusive internet users; it is also done to ruin one’s reputation. In recent years, especially with the rise of anonymous communication platforms like the dark web or Telegram groups, the act of doxxing has been directed towards Jews and other minorities to harass them. Doxxing is also carried out on typical internet platforms like social media and websites. However, since publishing personal information without consent is illegal in most countries, published data can be removed by moderators, public awareness (i.e., reporting abuse to the online platform), or through legal measures [as most websites must comply with the General Data Protection Regulation (GDPR) or the California Consumer Privacy Act (CPAA) regulations nowadays]. In contrast, anonymous platforms can dodge regulation and monitoring.
For the past few months, I have been conducting research on anonymous communications, and have come across cases of doxxing which appeared to have been made by white supremacists seeking to harass Jews, Muslims, African Americans, or Asian Americans. I have also encountered leaked information on Israeli citizens and soldiers, which was made by anti-Zionist organizations and individuals. In this short article, I aim to present the phenomenon, discuss its implications and suggest some measures which one can apply when or if doxxed. Thus, this short article is not just about antisemitism and racism but also about cybersecurity and privacy practices.
Doxxing can include various types of information; some might be completely private, some might be published but not accessible, and some might be commonly available but, cumulatively, violate one’s right to privacy. I have found significant cases of published material on less monitored platforms like Gab, but I have most frequently found material in Telegram groups, Discord servers, and on the dark web. I will not share any details since sharing just a few words from doxxed information and text can lead to more exposure and thus to more harassment to those individuals who were doxxed. The information I found included emails, phone numbers, home, and work addresses, names of family members including children, social security numbers (SSN) or even scans and photographs of identification cards (ID) or passports, credit card numbers, bank accounts, photographs of people in sensitive situations (i.e., photographs someone must have shared with their partners), and more.
Doxxing an email might seem harmless, especially in comparison to doxxing a photograph or a credit card number. Yet most, if not all acts of doxing, are harmful when private information is shared without any regulations and consent. Doxxing is thus a twofold harm. First, the one who initially searches, steals, and shares information is committing a harmful action which can be considered a crime in most countries. Second, by doxxing information, one in fact posts a “call for action”. That is, a call for other internet users to abuse the doxxed information by frequent emails, frequent calls which can be very harmful when done in the middle of the night or to one’s place of work or even by locating one’s home and work address. While emails and phone numbers can be easily changed, moving to a new living place or switching workplaces is more problematic. For instance, a British Jew leaving in London told me that he was doxxed and harassed in his workplace until his managers decided to remove him from his position.
Are you a parent? Imagine that information about your children were leaked, exposing them to the possibility of having someone, either a neo-Nazi, an extreme Islamist, or even a pedophile, stalk your children around their schoolyard. In fact, while it is possible to delete content from a typical internet platform, it is much more challenging to remove it from dark websites, or Telegram groups. Thus, even in extreme situations that result in harassment in the physical world, intervention from law enforcement agencies are quite limited. The British Jew I have interviewed told me that he had to surround his house with cameras, change his workplace, change his phone numbers and he had also made similar changes for his children and partner. He had also given a “security briefing” to his children about being aware of strangers. Even if physical damage will hopefully not occur, his children will have to remember and bear these “security briefings” throughout their entire lives. Irreversible damage has thus already been caused.
One well-known example of doxxing took place in Montana in 2016 to Tanya Gersh and her family. Gersh, a real estate agent, handled a property owned by the mother of Richard Spencer, a well-known American neo-Nazi. As a result of this business affiliation, Gersh became a target for abusive neo-Nazis and white supremacists. Andrew Anglin, another prominent neo-Nazi who operates the neo-Nazi website The Daily Stormer, promoted calls to harass Gersh and her family. After Gersh’s private information was posted online, Andrew Anglin directed his followers:
“Are y’all ready for an old-fashioned Troll Storm?”
“Just make your opinions known. Tell them you are sickened by their Jew agenda,” he wrote. “And hey – if you’re in the area, maybe you should stop by and tell her in person what you think of her actions.”
Tanya Gersh told media outlets about her fears and difficulties:
“I broke when I realized that Anglin was also urging people to direct these attacks on my kids, my son. They made an image with photographs of me and my 12-year-old son on the entrance gate to the Auschwitz concentration camp.”
As briefly demonstrated, doxxing and publicly sharing personal information can thus have devastating implications. Leaked information is available to a tremendous number of extremists both locally and globally. In most cases, law enforcement can take very limited action against doxxing, not only since it is difficult to remove content from secure and anonymous platforms, but also since the actual harassment is done by de facto proxies of the one who initially published the information. Furthermore, the “doxxer” may be from one country while perpetrators can be from other countries. This makes regulation or legal actions more complicated as well. Finally, even if no physical harm was caused, the psychological damage caused can be extremely harmful.
What to do if you were doxxed or suspect it?
- Search and record posts of your leaked information by saving webpages, links, text, record dates, take screenshots. Record any type of information that you think might help law enforcement and legal measures.
- Immediately report harassment to local law enforcement agencies and express your fear of harassment.
- Change your email address and phone numbers.
- In case sensitive personal information like Social Security Number, IDs, or passports were leaked, contact your local home office and/or Ministry of Interior, and notify them immediately. If needed, ask to change, or renew your documents. Take similar actions if your financial information was doxxed and contact your bank or credit card provider.
- Update your family members, friends, and colleagues. Ask them to be aware of suspicious actions and to report them to you or local law enforcement.
- In case your information was doxxed on regular websites, contact the website administrators and demand that information be deleted. If they refuse, you might be entitled to compensation (contact your local law firm for more legal advice). You have the right to remove your personal information. You can also request search engines like Google to delete doxxed information.
- Remember to be aware and resilient. Do not let extremism win.