How to protect yourself from doxing

By October 25, 2019Blog

“Abandon hope all ye who enter.”

This ominous inscription affixed atop the gates to Hell in Dante’s Divine Comedy applies peculiarly well to describe the state of the Internet today.

It’s
hard to draw a parallel to the utility that the Internet has offered to modern
civilization—perhaps no other technological innovation has brought about
greater change. Yet, one of its many consequences is the steady erosion of
individual privacy, as cybercriminals (and even regular users) become more
creative with malicious activities perpetrated against others online.

Among the many harmful techniques of threatening a user’s online privacy is doxing. Doxing refers to the collection of a user’s private information, which is inevitably spread across multiple platforms (including social media), and publishing it publicly. Doxing may be conducted by researching public databases, hacking, or through social engineering. While there are some legitimate reasons for doxing, such as risk analysis or to aid in law enforcement investigations, it’s mostly used to shame, extort, or enact vigilante justice.

The act of doxing poses serious dangers not only to the privacy of an Internet user, but also to their physical safety. It’s not uncommon for a doxing victim to be harassed in person or be targeted for swatting spoofs. Nonetheless, you can take some effective measures to prevent becoming a potential victim of a doxing attempt.

1. Make all social media handles/usernames private

It
is a fairly simple matter for anyone stalking you online to cross-reference
your multiple online personalities (read usernames/handles) from different
social media platforms. If all your profiles are visible at a single click to
any random Tom, Dick, or Harry with a working Internet connection, you may be
leaving yourself open to doxing.

The
good news is that most popular social media platforms have considerably improved
their privacy controls. It is advisable to explore privacy settings for all
your profiles, and keep personally identifiable information, such as your phone
number, addresses, and other sensitive data invisible to anyone you don’t know.

2. Use unique usernames for each platform

The
easiest way to make yourself target practice for someone learning the art of doxing
is to use the same username for every online message board, social media, and
service you are using. Avoid this at all costs—unless you are developing an
online persona or influencer program. If so, hiding personal details associated
with those profiles becomes even more imperative.

For the rest of us, it’s wise to have a unique username for different situations and compartmentalize usernames on the basis of purpose. For instance, if you use Instagram, comment on an online gaming forum, and participate in a community for political discussions, use a different username for each of these purposes, with no obvious connection between them. For this reason, we don’t recommend using social media profiles to sign in to other services (i.e. sign in using Facebook or Twitter).

Separating online account identities makes it quite difficult for anyone that might take an interest in launching a doxing attack against you to collect all the necessary pieces to form a true identity. And while it can be frustrating to manage so many different usernames and passwords, software such as password managers can assist in the juggling act.

3. Be wary of online quizzes and app permissions

The
philosophy of maintaining online privacy is simple: limit sharing of personal
information online unless absolutely necessary. Online quizzes and needless
mobile app permissions are the antitheses to this philosophy.

Online
quizzes seem completely innocent, but they are often goldmines of personal
information that you happily provide without thinking twice. For example, some
parts of a quiz may even serve as security questions to your passwords. Since
many quizzes ask for permission to see your social media information or your
email address before showing who your spirit animal is, they can easily
associate this information with your real identity.

As we saw with Facebook’s Cambridge Analytica fiasco, those online quizzes aren’t always as innocent as they seem. Without much context on who is launching the quiz and why, it’s best to avoid taking them altogether.

Mobile
apps are also rich sources of personal data. Many apps ask for access
permissions to your data or device that shouldn’t concern the app software at
all. For instance, an image editing app has no logical use for your contacts.
If it’s asking to access your camera or photos, that makes sense. But if it
also wants to look at your contacts, GPS location, and social media profiles,
there’s definitely something fishy going on.

So
while we can’t say “avoid downloading apps that request permissions”
altogether, we do recommend you take a good look at which permissions are being
requested and consider whether they’re necessary for the app to function.

4. Use VPNs

VPNs
(virtual private network) hide your IP address from third parties on the web.
Normally, every website that you access can see your IP, which can reveal a lot
about you, such as the city you are located in and even your real identity.
VPNs boost your online privacy by giving you a fake IP address associated with
a different location, which can easily throw off a doxer trying to track your trail.

The only problem is that there are a lot of VPNs out there, and not all of them are secure. The task of choosing one that suits your needs can be made easier with VPN comparison resourcessuch as this, as well as our article on mobile VPNs.

Learn how to configure your VPN to support all devices in your home network. Read more: One VPN to rule them all

5. Hide domain registration information from WHOIS

WHOIS is a database of all registered domain names on the web. This public register can be used to find out details about the person/organization that owns a given domain, their physical address, and other contact information—all the stuff doxers would love to get their hands on.

If
you are planning to run a website (domain) anonymously without giving your real
identity away, don’t forget to make your personal information private and
hidden from the WHOIS database. Domain registrars have controls over these
privacy settings, so you’ll have to ask your domain registration company about
how to do so.

Final thoughts

Online
privacy is becoming harder and harder to preserve as our connectedness expands,
courtesy of the Internet. Organizations look for personal details of their
customers for more successful, targeted marketing opportunities. Applications
request private information to support functionality—and sometimes ask for too much.
Social media networks and search engines mine personal data for advertising
profits. At this point, simply having an online presence is enough to put your
privacy at risk.

At
the same time, remember that for a great majority of cases, taking a few extra
steps to hide, scatter, or make more difficult to access personal information online
can throw doxers off your scent and protect your privacy. This strategy is
effective in turning away all but the most persistent doxers from gathering
pieces of information about you and publishing it on the Internet. As an added
bonus, protecting your PII from doxers also makes it more difficult for
cybercriminals to scoop up your details to use in a social engineering attack. 

Perhaps we needn’t abandon all hope online after all.

The post How to protect yourself from doxing appeared first on Malwarebytes Labs.

Refer Here for Original Post and Source https://blog.malwarebytes.com/how-tos-2/2019/10/how-to-protect-yourself-from-doxing/

Robert Crossland

Author Robert Crossland

More posts by Robert Crossland