What is doxing?
Doxing refers to the collection of a user’s private information, across multiple platforms (including social media) by an unauthorized individual, who then publishes the information in an attempt to shame or embarrass the user. Doxing may be conducted by researching public databases, hacking, or through social engineering.
Doxing often involves hackers attempting to embarrass or shame individuals by publishing confidential information, images, or videos obtained from their personal accounts. Initially, doxing was used by hackers to “out” the identities of fellow bad actors/hackers. However, more recently, it has been used to attack users with opposing viewpoints.
How can I protect myself from doxing?
- Adjust your social media settings:
- Ensure your profiles, usernames/handles are kept private
- Remove any addresses, places of work, and specific locations from your accounts
- Set your posts to “friends only”
- Avoid discussing personal information that could be used against you, as well as anything that can identify your address, workplace or contact information
- Use a Virtual Private Network (VPN) and
- If you must use public wi-fi, turn off the public network sharing functionality on your device
- Use strong passwords
- Vary usernames and passwords across platforms
- Hide domain registration information from WHOIS (a database of all registered domain names on the web)
Additional links that provide guidance on doxing prevention
- What is Doxing and How to Avoid It
- How to Protect Yourself from Doxing
- What to Do if You're Being Doxed
- I've Been Doxed: What to Do in the First 24 Hours
- How Do I Avoid Getting Doxed
- Managing Your Online Footprint and Protecting from Doxing
Guidance for campus reporting of doxing incidents
- If the information exposed is UCLA FERPA protected student data, personally identifiable information (examples include, but are not limited to Social Security Number, Drivers License Number, or home address), and/or information pertaining to physical or mental health conditions, it should be reported to the Privacy Office at privacy@compliance.ucla.edu
- If the incident involves unauthorized access to UCLA electronic accounts or resources, report to security@ucla.edu
General reporting for incidents and acts contrary to our Principles of Community.
