> For the complete documentation index, see [llms.txt](https://jieyab89-osint.gitbook.io/jieyab89-osint-cheat-sheet-wiki-tips/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://jieyab89-osint.gitbook.io/jieyab89-osint-cheat-sheet-wiki-tips/intelligence-base/all-about-doxing.md).

# All About Doxing

## What is doxing?

Doxing (also called doxing or doxxing) is the act of publicly disseminating someone's personal information, including private data, over the internet without their permission. This information can be collected from public sources such as social media or databases, or obtained through illegal means such as hacking. Doxing is often used for purposes such as threatening, intimidating, or pursuing someone personally

### Why you should know

Many people have shared their experiences with me and from social media, many people have been doxed, many critical people have been targeted by doxing. There are also people who are emotional like not accepting your arguments or things that give your interlocutor defeat then you will be doxed. This is very disturbing. So where is the data come from? Why they can do this? There are many ways to do this but I won't go into them further but I will outline them

Please maintain online etiquette—don’t dox someone just because you lost an argument, out of hatred, or because that person is innocent and not a criminal. Honestly, this is a stupid thing to do. Do you think doxing someone makes you look cool? Impressive? Not to me. If you dox an innocent person just because you lost an argument in a debate, or out of hatred for someone, that’s a stupid thing to do. If you want to dox someone, do it to people who are actually guilty and evil—that will be more helpful to others—but report it ethically and don’t spread it all over the internet. I do not support doxing, remember. If you want to report someone, report them to the authorities, such as the police or law enforcement

1. Public Profile

Public information such as you use your full name, include an email address, location or region and link other social media as well as additional documents such as profile photos, your status and friends of your friends. And this data has been indexed by search engines such as Google, Bing and others. As for public profiles from third parties such as brokerage data sites, archives, government sites, documents indexed by search engines and other patterns that I cannot mention in detail

2. Social Media

This is the same as a public profile, but I will explain in this social media, social media is a necessity for everyone in this era, but some users forget about privacy such as privacy security settings on each social media, your posts are too flashy and make posts of personal things, include addresses, include family members and others. This can be a loophole for search leads to find who you are

3. Data Breach

As we all know, data leaks are terrible and scary things. Once data has been leaked, it is difficult to delete because many people or platforms have already downloaded or stored it, and this leaked data is often used by irresponsible individuals to dox you. This is different from legal OSINT platforms or tools. Legal OSINT tools do not display raw data or clear text, and most purchases or ownership of these tools need to be verified through KYC, legal access, or companies with specific purposes (not just anyone), but there are some tools that display a small portion of the data and have censorship. There are also tools that do not censor data. Each tool has its own characteristics. Legal tools have strict EULAs or ToS, for example, data cannot be distributed to the public or other parties, and they comply with rules and regulations

4. Malware and Log Stealers

As we know, many people are affected by malware and stealers, from professionals to the general public. Many irresponsible people use these data dump stealers to hack and dox you, while others intimidate and steal from you depending on their motives. Regardless, strengthen your passwords, change them, and use a mobile 2FA application and recovery code

There is also other information, but I cannot explain it in detail. Even though this is for a good purpose, there is still the potential for misuse by irresponsible parties

5. Insiders (Whistleblower)

Be careful of insiders e.g friends, organization also individual. There are many out there who might hate you they’ll do anything to get you into trouble. These insiders can provide information such as your name, school, address, and who you are either explicitly or just the basics. Doxers and these insiders are very disruptive and annoying. I think that even if they can’t dox you for example, if they can’t find your data here are times when these insiders will leak your information e.g your friend leak your information

6. Data Broker&#x20;

Data brokers are individuals, groups, or companies that collect, manage, enrich, archive, and distribute data from various sources for sale, exchange, or transfer to other parties. The data they hold may be obtained through techniques such as web scraping, automated data collection (crawling), aggregation from open sources, purchasing data from commercial providers, partnerships with information providers, or the maintenance of continuously compiled data archives. Consequently, data brokers often possess historical databases containing information that is no longer available on the internet but remains stored in their internal archives

Data brokers generally have the ability to link disparate pieces of information from various sources to generate comprehensive profiles or insights regarding individuals, organizations, digital assets, or events. In addition to periodic data collection via scraping and crawling, they perform data normalization, deduplication, correlation, and archiving to build and maintain up-to-date repositories

### How to prevent

1. Reduce public sharing of your personal information

Reduce sharing personal information about you, such as your problems, romantic relationships, your background, your family as in the real world, especially on social media

2. Watch out for your friends

Friends can become weapons to attack you, we don't know but it will happen. Like your friends leaking information, storing information about you and even scrapping in your social media, so it's worth knowing is likely whistleblower also insider

3. Understanding OPSEC

OPSEC. You should apply this for example. Don't use your real name, address, or phone number on public accounts, use different usernames and emails for each platform, use VPN, separate your email address for personal and social media, apply 2FA on every social media account, always be aware of social engineering (Social E). You must understand how their attacks, there is a lot of OPSEC that you can apply, but I can't explain in detail, OPSEC is a secret thing that is done to everyone

4. Delete digital footprints

Delete some of your digital footprints such as photos, links and other things

5. Use your own device

If you are traveling or in public, try to use your own devices such as the internet, cellphones, chargers and so on, this is to reduce wiretapping and access from the public that you do not know, use the right device and always be vigilant, don't forget to set your cellphone security and turn off bluetooth if not in use, turn off the wifi auto connect, turn off the gsm network temporarily

6. Change password and add 2FA (MFA)

If your credentials are compromised, change your password immediately, always use 2FA or MFA, and monitor your login information and activity while your account is compromised or has been hacked. If possible, delete all activity logs, change all old configurations, and enable MFA or 2FA

7. Canary Trap

This concept is known as a canary trap or seeded information, a technique in which unique variations are embedded into the information distributed to each recipient in order to identify the source of a leak if the information is disclosed to unauthorized parties. Example, create a scenario or set up a specific condition regarding the dissemination of your data. For instance, share information with multiple people but introduce slight variations—such as claiming to be a member of "Hacker Team ABC" that breached "Company ABC" using "Technique ABCD." By using these variations as unique identifiers (or "keys") for each recipient, you can track the source of the leak should the confidential information be exposed; in short, this functions like a canary token

#### Take a notes

I am not here to teach or doxing, it should be noted that everyone does not want to be disturbed by their privacy so respect everyone's privacy, why is there or happens doxing? From my knowledge and existing data, doxing is often done by irresponsible people with backgrounds such as envy (crab mentality), not liking you (haters), you are a scammer or cheater, you are a noisy or troublemaker who can cause racial and religious, social and disturbing things and there are ignorant people. Of the existing data there are also such as journalists or opinion makers exposed to doxing despite using scientific data and existing evidence. So don't invade people's privacy, don't use doxing on anyone
