Definition

The act of disclosing someone’s personal, non-public information — such as a real name, home address, phone number or any other data that could be used to identify the individual — in an online forum or other public place without the person’s consent.

Related Terms

Doxing, Privacy Violation, Malicious Information Disclosure, Online Harassment, Cyberstalking, Personal Data Breach.

Background

Personally Identifiable Information, or PII, includes any data that could potentially identify a specific individual. This can range from direct information like social security numbers and email addresses to more indirect data such as an individual’s physical address or date of birth. Moderators should be vigilant for the sharing of such information without consent, particularly in a context that suggests malicious intent. However, distinguishing between harmful sharing and innocent or even self-disclosure requires careful judgement, as some users may share their own information for legitimate reasons.

Doxxing in the Fediverse refers to the act of researching and publicly broadcasting private or identifiable information about an individual or organisation without their consent. This information can include names, addresses, phone numbers, email addresses, employment details, family information, photos, or other sensitive data. The goal of doxxing is often to intimidate, harass, shame, extort, coerce, or incite harm against the target. Given the federated nature of the Fediverse, doxxing information posted on one community can rapidly spread to others, making it difficult to contain once released.

A service provider might unwittingly host a community where doxxing occurs or from which doxxing attacks are launched. Volunteer moderators often become aware of doxxing through reports from targeted individuals or by observing the malicious sharing of private information. Dealing with doxxing requires swift action due to the potential for severe harm and the speed at which information can proliferate.

The fact that some PII may be findable through public resources does not negate the act of compiling and re-sharing as being harassment. The source may similarly be posted without the person’s consent, and compiling and re-sharing this information likely constitutes harassment, unless related to a legitimate need to publish the information.

Why We Care

Dealing with doxxing matters because it is a severe breach of privacy and safety that can have devastating real-world consequences for the targeted individuals. It can lead to stalking, harassment (online and offline), identity theft, job loss, reputational damage, and intense psychological distress. Allowing doxxing to occur unchecked creates a climate of fear, silences voices, and makes your community an unsafe environment.

Upholding a strong stance against doxxing is crucial for maintaining trust and ensuring that your community is a place where members feel secure enough to express themselves without fear of such malicious attacks.

Spotting Doxxing: What to Look For

Identification of doxxing primarily involves recognizing the unauthorized public disclosure of private, identifying information.

Account Traits: The account posting the doxxing information might be a throwaway account, an account with a history of aggressive behaviour, or an account specifically created to target an individual. Sometimes, doxxing is done by accounts that were previously considered part of the community.

Content Characteristics: Look for posts that reveal specific, non-public details about an individual. This can include, but is not limited to: full real names (if not already publicly used by the member in your community), home addresses, phone numbers, email addresses (especially private ones), workplace details, financial information, private photos or videos, or compromising personal details. The context often implies malicious intent, such as calls for harassment or shaming.

Posting Patterns: The doxxing information might be posted repeatedly, spread across multiple threads, or linked to from other platforms. There might be an accompanying campaign of harassment by other accounts amplifying the doxxed information.

Behaviour: The account posting the information often shows clear intent to harm, intimidate, or expose the target. They may try to justify their actions but the core behaviour is the non-consensual release of private data for malicious purposes.

Key Questions for Assessment:

• “Is private, personally identifiable information about an account being shared publicly without consent?”
• “Does the context of the information release suggest an intent to harm, harass, or intimidate the target?”
• “Is the information something that is not already publicly and willingly shared by the individual in the context of this community?”

Before You Act: Common Pitfalls & Nuances

It’s important to act quickly on doxxing, but also to correctly identify it.

Publicly Available Information vs. Doxxing: Sharing information that an individual has already made public themselves (e.g., a link to their publicly listed professional website, their publicly displayed Fediverse handle on another known public profile) is not typically doxxing, unless it’s collated and presented in a way intended to incite harassment (malicious compilation). The key is often the non-consensual or malicious sharing of private or aggregated data.

Journalism/Whistleblowing Claims: Individuals might try to frame doxxing as legitimate journalism or whistleblowing. While these are complex areas, true journalism has ethical standards about minimizing harm and verifying information, which doxxing typically lacks. Whistleblowing usually pertains to exposing illegal or unethical actions of organisations, not private individuals’ data for harassment.

Misidentification: Ensure the information actually pertains to the alleged target and is not a case of mistaken identity, which can redirect harassment.

Common Gotchas:

• Delaying action: Doxxing needs immediate removal and response.
• Not removing the content thoroughly: Ensure it’s removed from all visible places.
• Failing to preserve evidence before removal, which might be needed by the target for law enforcement.

Key Point: Doxxing hinges on the unauthorized public release of private, identifying information with an intent to cause harm or due to reckless disregard for the harm it may cause. The lack of consent from the target is paramount.

Managing Suspected Doxxing: Key Steps

When you suspect or confirm doxxing:

• Act Immediately to Remove Content: The highest priority is to remove the doxxing information from public view on your community as quickly as possible to limit its spread.
• Preserve Evidence Securely: Before or during removal, if feasible, privately save screenshots or copies of the doxxing posts/messages. This is crucial if the target wishes to report to law enforcement. This evidence should be stored securely and confidentially.
• Ban Offending Accounts: Accounts confirmed to be posting doxxing material should typically be banned immediately and permanently from your community.
• Inform the Target (if appropriate and safe): If the target is a member of your community and might not be aware, discreetly try to inform them of the doxxing incident and the actions taken. Offer support and advise them on steps they can take (e.g., securing accounts, reporting to authorities).
• Discuss with Team (if applicable): Alert fellow moderators or your Service Administrator immediately. Coordinate efforts for removal and response.
• Consider Reporting to Other Platforms/Authorities: If the doxxing is severe or involves credible threats, the targeted individual may wish to report it to law enforcement. Your Service Administrator might also consider reporting the source of egregious doxxing to their platform provider if identifiable.

Example Community Guidance

Strike System: “Sharing personal information of others without their explicit consent will result in a warning for a first minor infraction where intent was unclear or harm minimal. However, clear doxxing often bypasses strike systems.”

General Prohibition: “The public sharing of private, personally identifiable information of any individual without their explicit consent is strictly prohibited.”

Strict Enforcement: “Releasing private personal data of others (doxxing) for any malicious purpose will result in immediate permanent account bans and removal of the content. Severe cases may be reported to relevant authorities or platform providers.”

Further Reading

• Responding to and Preventing Doxing: A TSPA Resource
• Managing Your Online Footprint and Protecting from Doxing
• Doxxing: Tips To Protect Yourself Online & How to Minimize Harm