"Doxxing," defined as publicly identifying the private information of someone, is often done with malicious intent as a form of punishment or revenge. While exposing someone's private information for public consumption is a practice that existed before the internet, the first known use of this term emerged in 2009, according to Merriam-Webster.
Originally a re-spelling of "docs," or shorthand for "documents," it evolved from the term "dropping documents," which carried the same meaning as what we now understand to be "doxxing." According to The Atlantic, the practice of "dropping documents" grew in the 1990s when internet users circulated lists of suspected neo-Nazis. Around the same time, the website Nuremberg Files appeared and shared home addresses of abortion providers, using language that seemed to encourage viewers to stalk and kill them. But the Gamergate harassment campaign during the 2010s, in which gamers systematically harassed, stalked, and threatened feminist women in their gaming community— some of whom were journalists—brought the term "doxxing" into popular use.
Doxxing can have dangerous consequences for many people. Even if having your home address available online seems innocuous, it could lead to stalking, threatening mail, and more when shared with people with malicious intent. In some cases it leads to "swatting," where people make prank calls to law enforcement and lure them to homes while claiming that a serious crime has occurred there, or is in progress. The result is police barging into a house, unaware that the calls were a hoax.
In 2017, 28-year-old Andrew Finch was inadvertently killed by police who entered his home, a result of a swatting prank. In this case, one gamer gave the address to another gamer to prank the former resident of the house where Finch lived.
What constitutes as doxxing has been the subject of considerable debate. Unmasking a famous pseudonymous person has often been considered a form of doxxing. In 2016, Vox described a journalist's search for the identity of novelist Elena Ferrante as "doxxing." The journalist who unmasked the author argued that her elaborate effort to remain private, and her admitting that she often lied on occasion, "relinquished her right to disappear behind her books and let them live and grow while their author remained unknown. Indeed, she and her publisher seemed to have fed public interest in her true identity."
He also argued that knowing her identity would give additional insight into her novels. Vox argued "[We didn't] seem to have gained much by dismantling the Elena Ferrante persona — and we have certainly lost one of the elements that Ferrante considered fundamental to her work."
A slippery accusation of doxxing came from Elon Musk, who tweeted in December 2022 that his son had been stalked by a driver in Los Angeles. He claimed that internet tracking of his private jet had led to this situation. Musk banned @elonjet from Twitter, based on the claim that the account violated the platform's anti-doxxing rules. He wrote, "Any account doxxing real-time location info of anyone will be suspended, as it is a physical safety violation. This includes posting links to sites with real-time location info."
Many debated whether Musk's flight information was publicly available information. Musk stated his plane was not trackable without using non-public data. The account owner for @elonjet reportedly bragged about how he could "write software" to get around the location privacy that was purportedly afforded to Musk's jet by the Federal Aviation Administration (FAA) program.
But the controversy grew when Musk subsequently suspended a number of journalists on Twitter, accusing them of doxxing by posting his "exact real-time location, basically assassination coordinates, in (obvious) direct violation of Twitter terms of service." However, these bans were roundly criticized because commentators believed he was targeting journalists who had been critical of him in the past. And some of the journalists argued they had never shared a link to the website that was tracking Musk's jet, and had shared information obtained from "publicly available, legally acquired data." Their accounts were eventually restored.
Doxxing also appears to have impacted police. In 2020, the U.S. Department of Homeland Security accused "violent anarchists" of doxxing law enforcement officers in Portland following protests in the aftermath of the murder of George Floyd at the hands of police. The agency claimed to have replaced officers' names on their tags with badge numbers to reduce any risk of their privacy being compromised.
Technology companies like Facebook and Twitter have policies against doxxing, and often delete content that reveals certain information. After children of Hong Kong police officers were reportedly victim to doxxing attacks from pro-democracy protesters, Facebook introduced a policy to remove content that identified children and risked their safety. In 2019, a Hong Kong court also banned the publishing of officers' personal details ,though many protesters criticized this for further shielding officers who clashed with protesters. Singapore also amended its anti-harassment laws to include doxxing as an offense.
Some states in the U.S. have anti-doxxing laws that allow victims to hold their doxxers accountable for exposing their information, while other states have strengthened existing "cyber stalking" laws to prevent the practice. Some laws allow victims to sue doxxers, others make doxing criminal, and some protect certain groups, like healthcare workers, from doxxing.
In order to protect yourself from doxxing, IT experts recommend keeping social media profiles private, removing any personal information like addresses, places of work, and specific locations from your accounts, avoiding discussing such information online, using strong and varying passwords and usernames, and more.