Doxing is an abbreviation of the word documents. It is an Internet-based practice of researching and publicly broadcasting private or identifying information about an individual or organization.
As a web literate individual, it is your responsibility to try to understand the tools and practices used online. This includes some of the sinister components, not just posting cat gifs on Instagram.
Doxing yourself is a practice of actively searching online for information about yourself and trying to address or delete this content. At the very least, be aware that this threat vector is out there. Put yourself in the position of a malicious actor trying to mine your personal information to attack you.
Please Note: I am not a cybersecurity expert. I am a researcher and educator in technology, literacy, and education. I teach youth and adults how to engage in digital literacy practices.
Think Like A Doxer
In this post I am sharing some guidance I’ve learned from enrolling in the Digital Investigations for Journalists MOOC. This resource from the NY Times is also a great resource as you engage in these activities.
This post will share my experiences doxing myself…and suggest that you should do the same as you create and curate your digital identity.
Let’s get started.
Search for yourself
Start off by Googling yourself. You might also try and use your name and a city, state, or region where you live. You might also try and search for a username that you use (or have used in the past. You might also use some of these tips to turbocharge your examination.
Here’s what I found as I searched online.
Look Across Platforms
Once you have a name, or a profile that you may use across tools, you can then start searching for yourself across other spaces.
One of the coolest tools I tried is Namech_k. You can enter your username and see where it has been used online. Here’s what I found.
In the past, I have written and talked about the need to create one canonical URL (address) for yourself online. The need to connect the dots to link together these disparate parts of your digital identity. I’ve been wondering over the last year or so whether that guidance was misguided.
Examine Social Media Networks
Log out of your social network feeds. If possible, use a computer or browser that you never use. If this is not an option, you can open a tab in private or incognito mode. Use the native search features to search the different social media sites for your name, username, phone number, photos, etc.
What do you find when you search Facebook, Twitter, LinkedIN, or other social spaces?
This is also an opportunity to review and reinforce your digital hygiene. Log in to your networks and check the settings on your account. See what you give them the permissions to share. Last year (following Cambridge Analytica) I removed all of the photos and information Facebook had about me or my family. They don’t deserve it.
Monitor Data Breaches
Systems have been breached. Your information (accounts, log-ins, passwords) has hacked. As a digitally literate citizen, it is your responsibility to understand how to manage your passwords and credentials. It is also your responsibility to understand how to see if/when a breach has occurred, and address the situation. IMHO, It is the responsibility of the corporations and developers that offer these tools and platforms to privilege transparency and user data in these interactions.
To see if you have anything to clear up, check out Haveibeenpwned.com. Here’s what I found…yikes! I have some homework. 🙂
Clean up your resumes, CV, & bios
Years ago, when I was first working on the Mozilla Web Literacy framework, Doug Belshaw indicated that we should never put our home address or phone number on resumes, CVs, or contact info on our website or elsewhere. I honestly didn’t see the need, but as usual Doug was absolutely correct in this guidance. Thankfully I didn’t even question it, I immediately starting teaching my students, and colleagues to remove your address and phone numbers from your resume, CV, bio, website, and social media profiles.
Yes, you will make it a bit harder for people to locate you. Yes, your social media accounts will bother harass you to add it. They don’t need it.
If you do want to share a phone number for contacts, I advise my students to use Google Voice to create a virtual cell number.
Reverse Image Search
Lastly, you may want to do some reverse image searches to see where else some of your photos…perhaps profile photos have been used online. Tools like Yandex or TinEye are great ways to identify some new places that you’ve been. Here’s some of what I found.
Keep Searching and Stay Vigilant
Keep in mind this is just the beginning of the routine checks you should conduct as you work, learn, and socialize online. You should not expect that someone else will take care of this for you. You should not expect that everyone will take your best interests into account.
I would recommend identifying one time a year where you spring clean your digital identity. You could also set up Google alerts to see if your full name, phone number, home address, or other private data suddenly pops up online.
Lastly, please take the time to explore other resources and guides. I used this resource from the NY Times and some initial lessons learned from the Digital Investigations for Journalists MOOC. This post also shares a deeper dive for more advanced users.