Tuesday, January 21, 2014

What is Doxxing?

You may have never heard the word doxxing, but doxxing is something that has been done, in one form or another, since the first person on the planet learned that someone else is here with them.  There are various definitions on the internet of precisely what this term means, but in summary it means to 'document' what you can find on the internet about someone and build a dossier on them.  Some people take this a step further and publicly reveal what they have learned as part of the doxxing process.  What used to take a private investigator weeks of visiting courthouses and libraries, can be done in minutes using the internet.

In its simplest form, a doxxer might learn of your email address from an innocuous post and trace your email to your real name and address.  In more complex cases, they may be able to dox your family members, learn your medical history, criminal record, education levels and even salaries.  None of this is against the law.  Even publishing this information is legal if all of it was obtained from legal sources (ie - not obtained from stealing someone's password and getting into their Facebook account or hacking into their credit card account, email accounts, etc).  Try using these sites to dox yourself by typing in your name and city or your username (any site will do) or email address and learn what anyone can find out about you.

There are multiple websites you can use to dox someone using various bits and pieces of information you may have obtained about someone and all of them are free:

If someone has sent you an email, you can find out their IP address (Internet protocol address) using helpful information from this site:
http://aruljohn.com/info/howtofindipaddress/.  IP addresses are helpful when performing a dox because you can learn the general area where the person you are doxxing lives (Click here to learn your IP address and associated location data or to search the IP address of someone you know).  An IP address, which works much like a street address used by the postal service, is simply the address of your computer on the internet.  Having an IP address of the person you are doxxing can eliminate 99.99% of the geographical area of the world, though it will not reveal the exact location of the person.  Also, having the ability to decipher an IP address is a great tool if you are receiving emails from multiple accounts claiming to be different people.  You can check their email IP's to know if they are being sent from the same IP, and are thus the same person.

If you don't have an email from the person you are trying to dox, but you are in contact with them in a chat room, forum or IRC, you can use this site if you are clever enough to get the person you are doxxing to click on the link the site provides.  After they click on the link, their IP address is emailed to you (it's free, but your email address is required).

Perhaps one of the best ways to dox someone is through the social media site Facebook.  There is an enormous amount of information on Facebook and Facebook's default settings tend to make everything a user posts public unless a user takes action to increase their privacy.  So even if you aren't friends with someone, you may still be able to glean a significant amount of information from what is available 'publicly' without being friends.

Linkedin.com is another great one for finding people's career history and professional credentials.  It can also be used to determine if you and the person you are doxxing know some of the same people (up to 3 degrees of separation).  Both Facebook and LinkedIn will require you to set up an account in order to access any information.

Pipl.com has accumulated significant amounts of information on millions of people.  When doxxing people, if you have usernames, email addresses or real names, try this site first as they will present multiple options to you as to who you might be looking for.  Often, the person you are looking for is on the pipl.com list.

You can also try typing any information you have about someone into google.com, which can yield surprisingly detailed results.  Another good one is people.yahoo.com.

Spokeo.com gathers similar information to the ones above and even includes some ancestry information.  They say they have more information if you buy a subscription, though I have not tried this.

Zabasearch.com is good for verifying information you have about a specific person to know you are on target during your dox work.  Let's say you are looking for the phone number of John Smith in Anyplace, CA and you know Mr. Smith was born in November of 1982.  If Zabasearch returns a hit, you have added assurance that this is the right John Smith because it includes his city, state and birthday.  The additional data Zabasearch returns, namely the phone and address, is almost surely his current or previous address and phone number.

Some other internet sites you can use for doxxing:

Another site to assist with doxxing is tineye.com.  This site searches an image you upload or a url location you provide and searches it against the trillions of images on the internet.  If the picture you have is anywhere else on the internet, tineye will find it.  Maybe it is in a blog or on Facebook or at reunion.com which can assist you with your doxxing work.

Google also has a powerful image search engine located here: http://www.google.com/imghp
This site can be used to read exif data from photos: http://regex.info/exif.cgi.  Exif data is simply information that your camera stored inside your photo.  It often includes things like where you were when the photo was taken as well as the time and date and potentially other information.  I will have a future post on removing exif data from photos you upload to the internet.

Other great sources of information are county property appraisal websites (Google <county name> property appraiser) and state business registration websites (Google <state name> division of corporations) run by the county and state governments.  With states involved in so many aspects of business these days, many millions of people are in publicly available state licensing websites (Google <state name> professional licensing website).  Everyone from doctors to dentists to hairstylists to dog groomers are in state licensing databases.  These websites and free and are available to the public for browsing.  Also, official records from the courthouse provide pdf copies of things like mortgage documents and can be used to verify things like handwriting and signatures and include information about debts, judgments, liens, divorces and other personal matters (Google <county name> official records).

My next post will be how to best protect yourself from doxxing.

No comments:

Post a Comment