If GamerGate and Wiki Harassment have taught us one thing, it’s that third-party trolls (who just like to see things get fucked up in general) will release the private information of anyone on any side of any public debate, just to watch the chaos that ensues. One way trollz facilitate this is through d0xxing, or worse, SWATing. Doxxing is the practice of releasing the private information of a person – home addresses, phone number, place of employment, and contact information of immediate relatives – on a site like pastebin, and then directing people there to harass the person. In its early days, the worst results of Doxxing included $1,000 pizza deliveries. It has since escalated to SWATing. Using your Doxxed info, people place a fake threatening call of mass violence to your local police so that they show up with SWAT and violently occupy your residence.
This guide is intended to help you clean up and clear up as much personal information as possible before or after d0xxing. I’ve broken it down into locations of information that should be cleared/examined. Consider it a checklist of sorts if you’re concerned with getting d0xxxed.
Step 1: Contact the Authorities
Contact your local and state police departments and let them know your information has been released on the internet, that you worry about identity theft, and that there is a history of people using this information to file fake police reports and/or threats of violence. Here is a good outline for explaining this to your local and state PD (halfway down, with the first half focused on talking to your family). Depending on whether you’ve been d0xed or not, and to what degree, you may also want to file an FBI report, which you can find here.
Step 2: TwoStep Authenticate EVERYTHING
Jon Jones has a guide for you here.
Now its time to go through your internet information…
Facebook, Myspace, Friendster – you should have all of these accounts set to the highest possible privacy setting if you’re worried you’ll be d0xxxed. You should also go through and clear out friends who are not really friends, including old classmates and co-workers that you don’t necessarily trust. If you are a Twitter user, consider shutting down your account for a few days/weeks – everything from phone GPS metadata to text message enabled tweets (anyone still use that?!) can give away a lot of information about you.
You may also want to email/contact these social media sites and let them know that you may or have been doxxed, and to monitor any strange login locations. Tell them where you are, where you will be, and ask them to block any strange logins from anywhere else.
Your Web Domain
Do you own your own domain? Every domain registered must have publicly listed contact information. Unfortunately, the only solution to this will cost you some money from your hosting service. You will be purchasing Domain Privacy service, otherwise everything else you do is for wont.
The Phonebook of the Internet
There are multiple companies that scrape the internet for contact information. 18 big ones to be precise. These have everything from your name to your relatives, and can even include your DOB and drivers license number. You can go to this Reddit forum for links to all of the opt-out links. It takes a while, but it will keep you out of the limelight.
You should also remove yourself from the corporate version of these services by using the FTC’s Do Not Call Registry. When people put your number into 400 web applets for appraisal estimates on a 1995 Ford 150, you won’t get a million calls because you’re on the registry.
Online Accounts – Credit Cards + Work + Utilities + Papa Johns
As with your social media accounts, you should contact all of your financial accounts and utilities accounts about your potential or suspected d0xing. This takes a while sometimes, as you must define and explain what d0xing is to most places, although cybersecurity teams are becoming much more common place at major online account institutions.
For your financials, you want to request a credit security freeze from the big three (Equifax. Experian, TransUnion). These will remove the ability of haxers to request new credit cards, car loans, mortgages for you. This is important: remember that one determining factor of your credit score is how many times your credit is checked – the more times, the lower your score (but the more credit the higher your score, it’s a BS contradiction, but we’ll save America’s f-ed up financial system for another post). This is a consistent route taken by haxers to ruin peoples’ lives.
You should also notify your employer and/or your school, and any immediate relatives employers/schools of the d0xing. Email addresses are easily spoofed, so when someone pretending to be you sends an email with a bunch of porn from what seems to be your organization’s email account, everyone will know it wasn’t you. Also, back when I was in college at the dawn of online enrollment systems, it was not uncommon to try and hack peoples’ accounts and un-enroll them in classes, and re-enroll them in 24 sections of nude modeling for the art department.
Similarly, you will want to contact all of your utility providers. There have been d0xings where peoples’ water has been turned off, where the power company turns off the power, and/or trash service arrives with a 45 foot trailer to haul away your giant tree. Elec, water, and trash are the big three to contact here. You might also want to contact your internet and cable service provider as well.
Sharing your story
The typical reaction to harassment is to shut it out, be quiet, and hope it goes away. Yet, as the first Fembot Toolkit essay discusses, this is counterproductive and often hurts more than it protects. Discuss your d0xing with your friends. Ask for their help should you need anything. And, if you feel brave, contact your local newspaper or station and ask that they run a story on d0xing – perhaps you’d be willing to share your story anonymously. If you do, be sure to share the information from this post with people.