The examples and perspective in this article deal primarily with the United States, with some coverage of other countries, and do not represent a worldwide view of the subject. (April 2023)
Doxing or doxxing is the act of publicly providing personally identifiable information about an individual or organization, usually via the Internet and without their consent to do so. Historically, the term has been used interchangeably to refer to both the aggregation of this information from public databases and social media websites (like Facebook), as well as the publication of previously private information obtained through criminal or otherwise fraudulent means (such as hacking and social engineering). The aggregation and provision of previously published material is generally a legal practice, though it may be subject to laws concerning stalking and intimidation. Doxing may be carried out for reasons such as online shaming, extortion, and vigilante aid to law enforcement. It also may be associated with hacktivism.
"Doxing" is a neologism. It originates from a spelling alteration of the abbreviation "docs", for "documents", and refers to "compiling and releasing a dossier of personal information on someone". Essentially, doxing is revealing and publicizing the records of an individual, which were previously private or difficult to obtain.
The term dox derives from the slang "dropping dox", which, according to a contributor to Wired, Mat Honan, was "an old-school revenge tactic that emerged from hacker culture in 1990s". Hackers operating outside the law in that era used the breach of an opponent's anonymity as a means to expose opponents to harassment or legal repercussions.
The practice of publishing personal information about individuals as a form of vigilantism predates the Internet, via physical media such as newspapers and pamphlets. For example, in response to the Stamp Act 1765 in the Thirteen Colonies, radical groups such as the Sons of Liberty harassed tax collectors and those who did not comply with boycotts on British goods, by publishing their names in pamphlets and newspaper articles.
Outside of hacker communities, the first prominent examples of doxing took place on internet discussion forums on Usenet in the late 1990s, including users circulating lists of suspected neo-Nazis. Also in the late 1990s, a website called the Nuremberg Files launched, featuring the home addresses of abortion providers and language that implied website visitors should stalk and kill the people listed.
In 2012, when then-Gawker reporter Adrian Chen revealed the identity of Reddit troll Violentacrez as Michael Brutsch, Reddit users accused Chen of doxing Brutsch and declared "war" on Gawker. In the mid-2010s, the events of the Gamergate harassment campaign brought the term into wider public use. Participants in Gamergate became known for releasing sensitive information about their targets to the public, sometimes with the intent of causing the targets in question physical harm. Caroline Sinders, a research fellow at the Center for Democracy and Technology, said that "Gamergate, for a lot of people, for mainstream culture, was the introduction to what doxxing is".
According to The Atlantic, from 2014 to 2020, "the doxxing conversation was dominated by debate around whether unmasking a pseudonymous person with a sizable following was an unnecessary and dangerous invasion of their privacy." In 2014, when Newsweek attempted to search for the pseudonymous developer of Bitcoin, the magazine was accused of doxing by cryptocurrency enthusiasts. In 2016, when an Italian journalist attempted to search for the identity of the pseudonymous Italian novelist Elena Ferrante, the journalist was accused of gendered harassment and Vox referred to the search as "the doxxing of Elena Ferrante." In 2020, when The New York Times indicated that it was planning on publishing the real name of the California psychiatrist running the Slate Star Codex blog, fans of the blog accused the Times of doxing. The person behind the blog accused the Times of threatening his safety and claimed that he started a "major scandal" that resulted in the Times losing hundreds or thousands of subscriptions.
In 2022, BuzzFeed News reporter Katie Notopoulos used public business records to identify the previously pseudonymous founders of the Bored Ape Yacht Club. Greg Solano, one of the founders of the club, claimed that he "Got doxxed against [his] will".
In April 2022, The Washington Post reporter Taylor Lorenz revealed the identity of the person behind the Twitter account Libs of TikTok as Chaya Raichik, who works in real estate. This resulted in Raichik and right-wingers accusing Lorenz of doxing.
Doxware is a cryptovirology attack invented by Adam Young and further developed with Moti Yung that carries out doxing extortion via malware. It was first presented at West Point in 2003. The attack is rooted in game theory and was originally dubbed "non-zero-sum games and survivable malware".
The attack is summarized in the book Malicious Cryptography as follows:
The attack differs from the extortion attack in the following way. In the extortion attack, the victim is denied access to its own valuable information and has to pay to get it back, where in the attack that is presented here the victim retains access to the information but its disclosure is at the discretion of the computer virus.
Doxware is the converse of ransomware. In a ransomware attack (originally called cryptoviral extortion), the malware encrypts the victim's data and demands payment to provide the needed decryption key. In the doxware cryptovirology attack, the attacker or malware steals the victim's data and threatens to publish it unless a fee is paid.
Once people have been exposed through doxing, they may be targeted for harassment through methods such as actual harassment in person, fake signups for mail subscriptions, pizza deliveries, bombarding the address with letters, or through “swatting”—the intentional dispatching of armed police teams (S.W.A.T.) to a person's address via falsely reported tips or through fake emergency services phone calls. The act of reporting a false tip to police—and the subsequent summoning of an emergency response team (ERT)—is an illegal, punishable offense in most jurisdictions, due to ERTs being compromised and potentially unavailable for real emergencies. It is, at the very least, an infraction in most US states (for first-time offenders); if multiple attempts are made, the charge increases to a misdemeanor (especially when the intention is harassment-based). Further repercussions include fines ranging from as low as US$50 up to US$2,000, six months spent in county jail, or both the fine and imprisonment.
A hacker may obtain an individual's dox without making the information public. A hacker may look for this information to extort or coerce a known or unknown target. A hacker may also harvest a victim's information to break into their Internet accounts or take over their social media accounts.
Doxing has also occurred in dating apps. In a survey conducted in 2021, 16% of respondents reported suffering doxing because of them. In a 2018 qualitative study about intimate partner violence, 28 out of 89 participants (both professionals and survivors) reported the exposure of the victim's private information to third parties through digital technologies as a form of humiliation, shaming or harm frequently practiced by abusers, that may include the disclosure of intimate images and impersonation of the victim.
Victims may also be shown their details as proof that they have been doxed as a form of intimidation. The perpetrator may use this fear to gain power over victims in order to extort or coerce. Doxing is therefore a standard tactic of online harassment and has been used by people associated with the Gamergate and vaccine controversies.
The examples and perspective in this section may not represent a worldwide view of the subject. (February 2020)
Doxing of abortion providers
In the United States, in the 1970s and 80s (paper) and the 1990s (digitally), anti-abortion activists secured abortion providers' personal information, such as home addresses, phone numbers, and photographs, and posted them as a hit list. The courts later ruled this to be an immediate incitement to violence. Between 1993 and 2016, eight abortion providers were killed by anti-abortion activists, along with at least four police officers.
Human flesh search engine
Starting in March 2006, the Chinese Internet phenomenon of the "Human flesh search engine"（人肉搜索）shares much in common with doxing. Specifically, it refers to distributed, sometimes deliberately crowdsourced searches for similar kinds of information through use of digital media.
The term "dox" entered mainstream public awareness through media attention attracted by Anonymous, the Internet-based group of hacktivists and pranksters who make frequent use of doxing, as well as related groups like AntiSec and LulzSec. The Washington Post has described the consequences for innocent people incorrectly accused of wrongdoing and doxed as "nightmarish".
In December 2011, Anonymous exposed detailed information of 7,000 law enforcement members in response to investigations into hacking activities.
In November 2014, Anonymous began releasing the identities of members of the Ku Klux Klan. This was concerning local Klan members in Ferguson, Missouri, making threats to shoot those protesting the shooting of Michael Brown. Anonymous also hijacked the group's Twitter page, causing Klan members to make veiled threats of violence against members of Anonymous. In November 2015, a major release of information about the KKK was planned. Discredited information was released prematurely, and Anonymous denied involvement. On 5 November 2015 (Guy Fawkes Night), Anonymous released an official list of supposed, but currently unverified, KKK members and sympathizers.
Following the Boston Marathon bombing on April 15, 2013, internet vigilantes on Reddit wrongly identified a number of people as suspects. Notable among misidentified bombing suspects was Sunil Tripathi, a student reported missing a month before the bombings took place. A body reported to be Tripathi's was found in Rhode Island's Providence River on April 25, 2013, as reported by the Rhode Island Health Department. The cause of death was not immediately known, but authorities said they did not suspect foul play. The family later confirmed Tripathi's death was a result of suicide. Reddit general manager Erik Martin later issued an apology for this behavior, criticizing the "online witch hunts and dangerous speculation" that took place on the website.
The Journal News
Newsweek was criticized when writer Leah McGrath Goodman claimed to have revealed the identity of the anonymous creator of Bitcoin, Satoshi Nakamoto. Although she primarily drew on the public record, users on Reddit responded negatively.
The Satoshi Nakamoto case brought doxing to greater attention on platforms such as Twitter, where users questioned the ethics of doxing in journalism. Many Twitter users argued that the practice was seemingly acceptable for professional journalists but wrong for anyone else. Other users discussed the effect the popularization that the concept of doxing could have on journalism in the public interest, raising questions over journalism concerning public and private figures in which journalists practicing doxing may blur the line between reporting information in the public's interest and releasing information about the private life of an individual without their consent.
In September 2019, The Des Moines Register published racist tweets made by a 24-year-old Iowa man whose beer sign on ESPN College GameDay resulted in over $1 million in contributions to a children's hospital. Readers retaliated by sharing social media comments previously made by the reporter, Aaron Calvin, which contained racial slurs and condemnation of law enforcement. The newspaper later announced they no longer employed Calvin.
In March 2015, former Major League Baseball (MLB) pitcher Curt Schilling used doxing to identify several people responsible for "Twitter troll" posts with obscene, sexually explicit comments about his teenage daughter. One person was suspended from his community college, and another lost a part-time job with the New York Yankees.
In December 2015, Minneapolis city council member Alondra Cano used her Twitter account to publish private cellphone numbers and e-mail addresses of critics who wrote about her involvement in a Black Lives Matter rally.
HIPAA Federal Register 6039G
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a US federal law that requires the creation of national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge. Embedded in that act, which is designed to protect the privacy of the patient, is a provision that requires the Internal Revenue Service (IRS) to publish the names of Americans who renounce or relinquish their US citizenship. The IRS will publish a Quarterly Publication of Individuals Who Have Chosen to Expatriate, as Required by Section 6039G, 81 Fed. Reg. 50058. The expatriation provisions were included as "revenue offsets ... to avoid increasing the budget deficit." The expressed intent originated in The Expatriation Tax Act of 1995 by Bill Archer to publicly shame the expatriating individuals.
In 2016, Fox Business news anchor Lou Dobbs revealed the address and phone number of Jessica Leeds, one of the women who accused American presidential candidate Donald Trump of inappropriate sexual advances. Dobbs later apologized.
In July 2016, WikiLeaks released 300,000 emails called the Erdoğan emails, initially thought to be damaging to Turkish President Recep Tayyip Erdoğan. Included in the leak was Michael Best, who uploaded Turkish citizens' information databases that WikiLeaks promoted. Best came forward to say that doing so was a mistake after the site where he uploaded the information took it down. The files were removed due to privacy concerns. They included spreadsheets of private, sensitive information of what appeared to be every female voter in 79 out of 81 provinces in Turkey, including their home addresses and other private information, sometimes including their cellphone numbers.
U.S. Presidential Advisory Commission on Election Integrity
In July 2017, the United States' Presidential Advisory Commission on Election Integrity, which was established in May 2017 by U.S. President Donald Trump to investigate his controversial allegation of voter fraud, published a 112-page document of unredacted emails of public comment on its work, which included both critics and supporters of the commission. The Commission included the personal details of those critics, such as names, emails, phone numbers and home addresses. Most of the commenters who wrote to the White House expressed concern about publication of their personal information, with one person writing, "DO NOT RELEASE ANY OF MY VOTER DATA PERIOD." Despite this, that person's name and email address were published by the commission.
This act drew criticism from Theresa Lee, a staff attorney for the American Civil Liberties Union's Voting Rights Project, who stated, "This cavalier attitude toward the public's personal information is especially concerning given the commission's request for sensitive data on every registered voter in the country." The White House defended the personal information publication, noting that everyone was warned that might happen. However, former Deputy Secretary of Labor Chris Lu stated that regardless of the legality, the White House has a moral obligation to protect sensitive data, saying, "Whether or not it's legal to disclose this personal information, it's clearly improper, and no responsible White House would do this."
Federal agencies often solicit and release public comments on proposed legislation. Regulations.gov, which is designated for public comments, includes a detailed set of guidelines explaining how to submit comments, what type of personal information is collected, and how that information may be used, stating, "Some agencies may require that you include personal information, such as your name and email address, on the comment form. The Securities and Exchange Commission, for instance, warns commenters to 'submit only information that you wish to make available publicly.'" Another agency, the Federal Trade Commission, tells commenters that "published comments include the commenter's last name and state/country as well as the entire text of the comment. Please do not include any sensitive or confidential information." However, the White House does not appear to have issued any such public guidelines or warnings before many of the emails were sent. Marc Lotter, press secretary to Mike Pence, stated, "These are public comments, similar to individuals appearing before commission to make comments and providing name before making comments. The Commission’s Federal Register notice asking for public comments and its website make clear that information 'including names and contact information' sent to this email address may be released."
Democratic U.S. House of Representatives intern
On 3 October 2018, Jackson Cosko, a House fellow for the Democratic Party, was arrested by the U.S. Capitol Police (USCP). He allegedly posted private, identifying information of several senators to Wikipedia. According to the USCP, the personal information of Republican Senators Lindsey Graham, Mike Lee and Orrin Hatch was anonymously posted to Wikipedia the week before on Thursday 27 September 2018. The information included home addresses and phone numbers. All three lawmakers are with the Senate Judiciary Committee. The alleged doxing occurred during the hearing of Supreme Court nominee Judge Brett Kavanaugh. Cosko was initially charged with witness tampering, threats in interstate communications, unauthorized access of a government computer, identity theft, second degree burglary and unlawful entry. Cosko was fired after his arrest. He worked with Democratic Rep. Sheila Jackson Lee (D-TX), Sen. Dianne Feinstein (D-Calif.), Sen. Maggie Hassan (D-N.H.), and former Sen. Barbara Boxer (D-Calif.). Conviction of all six charges might have resulted in Cosko facing up to 20 years in prison. However, in June 2019, he was sentenced by Judge Thomas F. Hogan to four years in prison. An accomplice, Samantha DeForest Davis, was sentenced to two years of supervised probation and community service.
The New York Times and Slate Star Codex
In 2020, Cade Metz, a technology reporter for The New York Times, started reporting on Slate Star Codex writer Scott Alexander and his blog's influence on technology leaders in Silicon Valley, its roots within the rationalist community, and its coverage of the COVID-19 pandemic.
In June, Metz notified Alexander that he discovered the blogger's real name and planned to reveal his identify. Alexander asked Metz to not reveal his name, but Metz refused, citing Times policy to include the real identity of pseudonymous interview subjects. A week later, on June 22, Alexander shuttered the blog, writing in a final post, "If there’s no blog, there’s no story. Or at least the story will have to include some discussion of NYT’s strategy of doxxing random bloggers for clicks.".
Revelations of The Times' story and the newspaper's intention to reveal Alexander's identity drew backlash from Codex readers on social media and blogs. In September, Alexander told readers he planned to move his blog to the email newsletter platform Substack.
On January 21, 2021, Alexander launched his successor blog, Astral Codex Ten, on Substack. In his first post, "Still Alive," Alexander revealed his identify to be Scott Siskind. On February 13, The Times published its story, which confirmed Siskind's identity and his occupation as a psychiatrist in the San Francisco Bay Area.
The Washington Post and Libs of TikTok
On April 19, 2022, The Washington Post published an article by Taylor Lorenz, a technology columnist for the paper, about Libs of TikTok, an anonymous Twitter account. In her story, Lorenz revealed the account owner to be Chaya Raichik, who claimed to live in Brooklyn and work in real estate.
Lorenz defended her story, arguing that Raichik was “a powerful influencer operating a massively impactful right wing media shaping the discourse around LGBTQ+ rights.” In the article, Lorenz referenced Raichik's previous mention of her Orthodox Jewish faith in her Twitter biography, leading the latter's supporters to accuse Lorenz of antisemitism.
The story drew significant backlash from right-wing media personalities and publications. YouTuber Tim Pool and The Daily Wire CEO Jeremy Boreing purchased a billboard in Times Square to accuse Lorenz of doxxing. In response, Lorenz called the billboard "so idiotic it's hilarious".
Lisa-Maria Kellermayr, an Austrian doctor, received targeted harassment, including death threats, first online, then in person, by anti-vaccination and conspiracy theorist groups during the COVID-19 pandemic until she took her life in July 2022. The harassment she received included attacks against the clinic in Seewalchen am Attersee where she worked, and she had to close weeks before her death due to security costs.
Keffals swatting and doxing
On August 5, 2022, Canadian Twitch streamer and transgender activist Clara Sorrenti was swatted after an email impersonating her claiming intent to harm city councillors of London, Ontario. After this incident, she moved to a hotel. Her new location was posted in Kiwi Farms, a forum frequently related to harassment campaigns that included a thread disclosing personal data from her, her family members and her friends, as well as sexually explicit content, which was started in March 21 of the same year, after she started to receive prank pizza orders by trolls who used her former name, changed more than a decade before. At the time, police were also investigating a second doxing attempt. Sorrenti's Uber account was hacked days after the hotel location incident, leading to her receiving new prank orders. After that, she reported having been doxed again and announced her intention to leave Canada, given the targeted harassment she was receiving. Days later, her new location in Belfast, Northern Ireland was posted online and a new swatting attempt was made. Sorrenti campaigned for online security firm Cloudflare to terminate services for Kiwi Farms, citing life-threatening harassment originating in the site. On September 3, 2022, the firm blocked access to Kiwi Farms through its infrastructure, mentioning "an imminent and emergency threat to human life".
In December 2022 business magnate and investor Elon Musk, who was also CEO of Twitter, Inc., suspended the Twitter accounts of several journalists, whom he accused of doxing the location of his private jet, related to the social media account ElonJet. Two days later the accounts were restored.
Parallel to the rise of doxing has been the evolution of cybersecurity, internet privacy, the Online Privacy Alliance, and companies that provide anti-doxing services. Most recently, high-profile groups like the University of California Berkeley have made online guidance for protecting its community members from doxing. Wired published an article on dealing with doxing, in which Eva Galperin, from the Electronic Frontier Foundation, advised people to "Google yourself, lock yourself down, make it harder to access information about you."
From March 1, 2020, the People's Republic of China's "Regulations on the Ecological Governance of Online Information Content" has been implemented, clarifying that users and producers of online information content services and platforms must not engage in online violence, doxing, deep forgery, data fraud, account manipulation and other illegal activities.
As of 2021, it is a criminal offense in Hong Kong to dox, where doxing is defined as releasing private or non-public information on a person for the purposes of "threatening, intimidation, harassment or to cause psychological harm". Persons convicted under this statute are liable to imprisonment for up to 5 years, and a fine of HK$1,000,000 (US$128,324.40).
South Korea stands as one of few countries with a criminal statute that specifically addresses doxing. Article 49 of "Act on promotion of information and communications network utilization, and information protection" prohibits unlawful collection and dissemination of private information such as full name, birth date, address, likeliness, and any other information that is deemed sufficient to identify specific person(s) when viewed in summation, regardless of intent. In practice, however, due to the ambiguous nature of "unlawful collection" of private information in said statute, legal actions are often based upon article 44 from the same act, which prohibits insulting an individual with language derogatory or profane, and defamation of an individual through the dissemination of either misinformation or privileged factual information that may potentially damage an individual's reputation or honor (which often occurs in a doxing incident). It is important to note that this particular clause enforces harsher maximum sentences than a "traditional" defamation statute existing in the Korean criminal code and was originally enacted partially in response to the rise in celebrity suicides due to cyberbullying.
The Spanish Criminal Code regulates penalties for the discovery and revelation of secrets in articles 197 to 201. It establishes, in its article 197 § 1, that "whoever, in order to discover the secrets or violate the privacy of another, without their consent, seizes their papers, letters, e-mail messages or any other documents or personal effects, intercepts their telecommunications or uses technical devices for listening, transmission, recording or reproduction of sound or image, or any other communication signal, shall be punished with prison sentences of one to four years and a fine of twelve to twenty-four months". Per article 197 § 2, the same penalty punishes those who "seize, use or modify, to the detriment of a third party, reserved personal or family data of another that is registered in computer, electronic or telematic files or media, or in any other type of file or public or private record". Those who "disseminate, disclose or transfer" the aforementioned data to third parties face a penalty of two to five prison years (one to three years of prison and fines of twelve to twenty-four months, if not directly involved in their discovery but "with knowledge of its illicit origin"). These offenses are particularly severe if made by the person responsible of the respective files, media, records or archives or through unauthorized use of personal data, if revealing of the ideology, religion, beliefs, health, racial origin or sexual life of the victim, if the victim is underage or disabled, and if it is made for economic profit.
As established by the Criminal Code's reform in 2015, to "disseminate, disclose or transfer to third parties images or audiovisual recordings of the one obtained with their consent in a home or in any other place out of sight of third parties, when the disclosure seriously undermines the personal privacy of that person", without the authorization of the affected person, is also punished per article 197 § 7 to three months to a year in prison and fines of six to twelve months. The offense is particularly severe if the victim is linked to the offender by marriage or an "analogous affective relationship", underage, or disabled.
In 2021, due to increasing doxing incidents targeting Dutch activists, politicians, journalists and others, a new law against doxing was proposed by then Minister of Justice and Security Ferdinand Grapperhaus. The law is aimed at curtailing those who share private information with the intent of intimidation and carries a maximum penalty of a one-year prison sentence. The proposed law passed both houses of parliament and goes into effect on 1 January 2024.
In the United States, there are few legal remedies for the victims of doxing. Two federal laws exist that could potentially address the problem of doxing: the Interstate Communications Statute and the Interstate Stalking Statute. However, as one scholar has argued, "[t]hese statutes ... are woefully inadequate to prevent doxing because their terms are underinclusive and they are rarely enforced". The Interstate Communications Statute, for example, "only criminalizes explicit threats to kidnap or injure a person". But in many instances of doxing, a doxer may never convey an explicit threat to kidnap or injure, but the victim could still have good reason to be terrified. And the Interstate Stalking Statute "is rarely enforced and it serves only as a hollow protection from online harassment". According to at least one estimate, over three million people are stalked over the internet each year, yet only about three are charged under the Interstate Stalking Statute. Accordingly, "[t]his lack of federal enforcement means that the States must step in if doxing is to be reduced."
- Data re-identification
- Identity theft
- Kiwi Farms
- Opposition research
- S-W, C. (10 March 2014). "What doxxing is, and why it matters". The Economist. Retrieved 5 January 2016.
- Schneier, Bruce (29 July 2016). "The Security of Our Election Systems". Schneier on Security. Retrieved 6 August 2016.
- Wray, James; Stabe, Ulf (19 December 2011). "The FBI's warning about doxing was too little too late". The Tech Herald. Archived from the original on 31 October 2012. Retrieved 23 October 2012.
- Zurcher, Anthony (7 March 2014). "Duke freshman reveals porn identity". BBC News. Retrieved 9 April 2014.
- Levin, Sam (16 August 2018). "Anti-fascists say police post mugshots on Twitter to 'intimidate and silence'". The Guardian. Retrieved 16 August 2018.
- Goodrich, Ryan (2 April 2013). "What is Doxing?". Tech News Daily. Archived from the original on 29 October 2014. Retrieved 24 October 2013.
- Chen, Mengtong; Cheung, Anne; Chan, Ko (14 January 2019). "Doxing: What Adolescents Look for and Their Intentions". International Journal of Environmental Research and Public Health. 16 (2): 218. doi:10.3390/ijerph16020218. ISSN 1660-4601. PMC 6352099. PMID 30646551.
- Lever, Rob (16 December 2021). "What is Doxxing?". www.usnews.com.
- Bright, Peter (7 March 2012). "Doxed: how Sabu was outed by former Anons long before his arrest". Ars Technica. Retrieved 23 October 2012.
- Clark Estes, Adam (28 July 2011). "Did LulzSec Trick Police Into Arresting the Wrong Guy? – Technology". The Atlantic Wire. Archived from the original on 29 October 2013. Retrieved 23 October 2012.
- Honan, Mat (6 March 2014). "What Is Doxing?". Wired. Retrieved 10 December 2014.
- Garber, Megan (6 March 2014). "Doxing: An Etymology". The Atlantic. Retrieved 10 December 2014.
- American History: From Pre-Columbian to the New Millennium. Independence Hall Association.
- Carp, Benjamin L. (2012). "Terms of Estrangement: Who Were the Sons of Liberty?". Colonial Williamsburg. The Colonial Williamsburg Foundation. Retrieved 10 July 2023.
- Tiffany, Kaitlyn (22 April 2022). "'Doxxing' Means Whatever You Want It To". The Atlantic. Retrieved 1 May 2022.
- Tiffany, Kaitlyn (22 April 2022). "'Doxxing' Means Whatever You Want It To". The Atlantic. Retrieved 24 October 2022.
- Young, A. (2003). Non-Zero Sum Games and Survivable Malware. IEEE Systems, Man and Cybernetics Society Information Assurance Workshop. pp. 24–29.
- Young, Adam; Yung, Moti (2004). Malicious Cryptography: Exposing Cryptovirology. Indianapolis: Wiley. ISBN 0-7645-4975-8.
- Shivale, Saurabh Anandrao (2011). "Cryptovirology: Virus Approach". International Journal of Network Security & Its Applications. 3 (4): 33–46. arXiv:1108.2482. doi:10.5121/ijnsa.2011.3404. S2CID 424047.
- "California Penal Code 653y PC – Misusing 911". Shouse California Law Group shouselaw.com. Retrieved 19 April 2023.
- "What to Know About Swatting". Time. Retrieved 20 September 2021.
- "Love in an algorithmic age". www.kaspersky.com. Retrieved 19 August 2022.
- Freed, Diana; Palmer, Jackeline; Minchala, Diana; Levy, Karen; Ristenpart, Thomas; Dell, Nicola (21 April 2018). ""A Stalker's Paradise"". Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems. CHI '18. New York, NY, USA: Association for Computing Machinery. pp. 1–13. doi:10.1145/3173574.3174241. ISBN 978-1-4503-5620-6. S2CID 5040372.
- Mix (16 October 2017). "Someone is blackmailing dark web users to pay up or get doxxed". The Next Web. Retrieved 6 December 2017.
- Hern, Alex (13 January 2015). "Gamergate hits new low with attempts to send Swat teams to critics". The Guardian. Retrieved 2 July 2015.
- Mulvaney, Nicole (18 June 2015). "Recent wave of swatting nationwide fits definition of terrorism, Princeton police chief says". NJ.com. Retrieved 3 July 2015.
- Liebl, Lance (28 October 2014). "The dangers and ramifications of doxxing and swatting". GameZone.
- Diresta, Renee; Lotan, Gilad (8 June 2015). "Anti-Vaxxers Are Using Twitter to Manipulate a Vaccine Bill". Wired. Conde Nast. Retrieved 3 July 2015.
- Murtha, Tara (18 May 2015). "How Abortion Providers Are 'Living in the Crosshairs'". Rolling Stone.
- Cohen, David S.; Connon, Krysten (21 May 2015). "Strikethrough (Fatality); The origins of online stalking of abortion providers". Slate.
- "Violence Statistics & History". National Abortion Federation.
- Fletcher, Hannah (25 June 2008). "Human flesh search engines: Chinese vigilantes that hunt victims on the web". The Times.
- Branigan, Tania (24 March 2010). "How China's internet generation broke the silence". The Guardian.
- Brancart, Brydon (6 February 2018). "After More Than a Decade, the Human Flesh Search Engine Is Still Raging Across Chinese Social Media". Retrieved 7 November 2020.
- Sheets, Connor Adams (1 January 2012). "Anonymous's Operation Hiroshima: Inside the Doxing Coup the Media Ignored". International Business Times. Retrieved 23 October 2012.
- Ohlheiser, Abby (5 November 2015). "What you need to know about Anonymous's big anti-KKK operation". The Washington Post. Retrieved 15 June 2016.
- "Hacker-activist group Anonymous seizes KKK Twitter accounts; reveals identities". Fox 2 Now. 17 November 2014. Retrieved 21 November 2014.
- "KKK Missouri Chapter Threatens Ferguson Protesters with 'Lethal Force'". www.vice.com. 13 November 2014. Retrieved 14 August 2021.
- F., Curtis (19 November 2014). "Ferguson KKK Doubles Down By Threatening To Shoot People Wearing Anonymous Guy Fawkes Masks". If Only You News. Archived from the original on 21 November 2014. Retrieved 21 November 2014.
- Woolf, Nicky; Stafford, Zach (3 November 2015). "Anonymous denies releasing incorrect Ku Klux Klan member information". The Guardian. Retrieved 15 June 2016.
- "Anonymous posts Ku Klux Klan alleged sympathisers list". BBC News. 6 November 2015. Retrieved 15 June 2016.
- Valdes, Manuel (22 April 2013). "Innocents accused in online manhunt". 3 News. Archived from the original on 15 December 2013. Retrieved 22 August 2015.
- Buncombe, Andrew (26 April 2013). "Family of Sunil Tripathi - missing student wrongly linked to Boston marathon bombing - thank well-wishers for messages of support". The Independent. Archived from the original on 3 April 2015. Retrieved 17 January 2015.
The cause of the student's death has still be determined but the medical examiner said no foul play was suspected.
- Nark, Jason (30 April 2014). "The Boston bombing's forgotten victim". Philadelphia Daily News. Archived from the original on 15 November 2014. Retrieved 31 October 2014.
Akhil spent the most time with Sunny before his suicide, weekends at Brown where he tried to help his youngest child foresee a future.
- Martin, Erik (22 April 2013). "Reflections on the Recent Boston Crisis". Reddit Blog. Retrieved 3 May 2013.
- Alfonso, Fernando (26 December 2012). "Lawyer doxes 50 journalists who doxed gun owners". The Daily Dot.
- "Newsweek, Bitcoin and the ethics of 'doxxing'". The Stream. Al Jazeera America. Retrieved 1 December 2015.
- Ingram, Mathew (6 March 2014). "Of Bitcoin and doxxing: Is revealing Satoshi Nakamoto's identity okay because it was Newsweek and not Reddit?". GigaOm. Retrieved 1 December 2015.
- Calvin, Aaron. "Meet Carson King, the 'Iowa Legend' who's raised more than $1 million for charity off of a sign asking for beer money". Des Moines Register. Retrieved 14 August 2021.
- Wulfsohn, Joseph A. (25 September 2019). "Des Moines Register hit after report digs up old, offensive tweets of local man who raised $1M for charity". Fox News.
- "Des Moines Register Responds to Outcry Over Carson King Article; Reporter No Longer with Paper". WHO-DT. 27 September 2019. Retrieved 27 September 2019.
- Machkovech, Sam (3 March 2015). "Former MLB pitcher, 38 Studios founder doxes his daughter's online abusers". ArsTechnica.
- Coolican, J. Patrick (24 December 2015). "Minneapolis City Council Member Alondra Cano under fire for posting phone numbers, e-mail addresses of constituents". Star Tribune. Retrieved 26 December 2015.
- Solis, Steph (13 October 2016). "Lou Dobbs apologizes for sharing Trump accuser's address, number". USA Today. Retrieved 14 October 2016.
Dobbs apologized for sharing the personal information on Thursday of a woman who alleged Donald Trump sexually assaulted her.
- Zeynep Tufekci (25 July 2016). "WikiLeaks Put Women in Turkey in Danger, for No Reason (UPDATE)". HuffPost.
- "Politico editor resigns after sharing addresses of white nationalist on Facebook". CNBC. 22 November 2016. Retrieved 23 November 2016.
- Chasmar, Jessica (22 November 2016). "Politico editor resigns after sharing home addresses of alt-right leader Richard Spencer". The Washington Times. Retrieved 23 November 2016.
- Trump, Donald (11 May 2017). "Presidential Executive Order on the Establishment of Presidential Advisory Commission on Election Integrity" (Press release). White House. Archived from the original on 11 May 2017.
- Koerth-Baker, Maggie (7 July 2017). "Trump's Voter Fraud Commission Is Facing A Tough Data Challenge". FiveThirtyEight.
- Lowry, Brian (11 May 2017). "Civil rights groups fume about Trump's choice of Kris Kobach for voter fraud panel". The Kansas City Star.
- Neuman, Scott (14 July 2017). "Vote Fraud Commission Releases Public Comments, Email Addresses And All". The Two-Way. National Public Radio.
- Politi, Daniel (15 July 2017). "White House Publishes Names, Emails, Phone Numbers, Home Addresses of Critics". Slate.
- Ingraham, Christopher (14 July 2017). "White House releases sensitive personal information of voters worried about their sensitive personal information". The Washington Post.
- Shaw, Adam (4 October 2018). "Cops probe doxxing of GOP senators, as left-wing escalates confrontational tactics". Fox News. Retrieved 4 October 2018.
- Folley, Aris (4 October 2018). "Ex-House intern charged with 'doxing' GOP senators during Kavanaugh hearing". The Hill. Retrieved 4 October 2018.
- "Former Senate staffer arrested for allegedly doxing senator". CBS News. 4 October 2018. Retrieved 4 October 2018.
- Hsu, Spencer S. (4 October 2018). "Democratic ex-staffer contests charges he posted personal data on GOP senators, threatened witness in doxing". The Washington Post. Retrieved 5 October 2018.
- "Jackson A. Cosko, Register Number: 96677-007". Inmate Locator. United States Bureau of Prisons.
- Gerstein, Josh (19 June 2019). "Ex-Hassan aide sentenced to 4 years for doxing senators". Politico. Retrieved 20 June 2019.
- "Wisconsin Woman Sentenced for Role in Office Burglary of a U.S. Senator" (Press release). Department of Justice, U.S. Attorney’s Office, District of Columbia. 28 October 2019. Retrieved 29 June 2020.
- Lewis-Kraus, Gideon (9 July 2020). "Slate Star Codex and Silicon Valley's War Against the Media". The New Yorker. ISSN 0028-792X.
- Alexander, Scott (23 June 2020). "NYT Is Threatening My Safety By Revealing My Real Name, So I Am Deleting The Blog". Slate Star Codex. Archived from the original on 3 March 2021.
- Alexander, Scott (11 September 2020). "Update On My Situation". Slate Star Codex. Archived from the original on 12 September 2020. Retrieved 26 June 2023.
- Alexander, Scott (21 January 2021). "Still Alive". Astral Codex Ten. Archived from the original on 21 January 2021.
- Metz, Cade (13 February 2021). "Silicon Valley's Safe Space". The New York Times. ISSN 0362-4331. Archived from the original on 1 March 2021.
- "Meet the woman behind Libs of TikTok, secretly fueling the right's outrage machine". The Washington Post. ISSN 0190-8286. Retrieved 15 March 2023.
- "Libs of TikTok's Unmasking Raises Tough Questions About Right to Anonymity". Newsweek. 24 July 2022. Archived from the original on 24 July 2022. Retrieved 15 March 2023.
- Desk, ALEC SCHEMMEL | The National (19 April 2022). "Reporter slammed as hypocrite for 'doxxing' Libs of TikTok Twitter account". WCIV. Retrieved 15 March 2023.
- "US Right, Left clash on orthodox Jewish activist's 'doxxing'". The Jerusalem Post | JPost.com. 21 April 2022. Retrieved 15 March 2023.
- Allsop, Jon. "Piers Morgan, Donald Trump, and the doomed transatlantic culture wars". Columbia Journalism Review. Retrieved 15 March 2023.
- Pausackl, Christina (20 February 2022). "Bedrohung durch Corona-Leugner: "Ich werde dich hinrichten"". Die Zeit. Retrieved 19 August 2022.
Die Ärztin Lisa-Maria Kellermayr wird wie viele ihrer Kollegen immer öfter bedroht – und fühlt sich damit alleingelassen.[Like many of her colleagues, doctor Lisa-Maria Kellermayr is increasingly threatened - and feels left alone.]
- "Austrians mourn doctor who took her own life after death threats from anti-vaccination campaigners". The Irish Times. Retrieved 19 August 2022.
- "Landärztin schließt nach Morddrohungen aus Impfgegnerszene Ordination". DER STANDARD (in Austrian German). Retrieved 19 August 2022.
- "Austrian doctors speak out after suicide of GP following Covid threats". The Guardian. 2 August 2022. Retrieved 19 August 2022.
- "Tod von Impfärztin: Machtlos gegen den Hass?". BR24 (in German). 2 August 2022. Retrieved 19 August 2022.
- "Lisa-Maria Kellermayr 1985–2022". DER STANDARD (in Austrian German). Retrieved 19 August 2022.
- "Trans woman, Twitch streamer Keffals doxxed, arrested at gunpoint by London, Ont. police | Globalnews.ca". Global News. Retrieved 19 August 2022.
- "Harcèlement d'une streameuse : l'hébergeur CloudFlare sous pression". Le Monde.fr (in French). 30 August 2022. Retrieved 30 August 2022.
- "As Twitch Streamer Flees, Pressure Mounts On Cloudflare To Stop Protecting Controversial Kiwi Farms Site". Kotaku Australia. 24 August 2022. Retrieved 30 August 2022.
- Pless, Margaret (19 July 2016). "Kiwi Farms, the Web's Biggest Community of Stalkers". Intelligencer. Retrieved 30 August 2022.
- "'Immediate threat to human life' - controversial Kiwifarms forum blocked by Cloudflare". NZ Herald. Retrieved 5 September 2022.
- "First 'swatting' and now 'doxing': online harassment of trans activist continues". lfpress. Retrieved 19 August 2022.
- "Twitch streamer and trans woman, Clara Sorrenti allegedly doxxed again | Globalnews.ca". Global News. Retrieved 19 August 2022.
- "Doxxed transgender activist, Twitch streamer leaving Canada due to ongoing threats". London. 22 August 2022. Retrieved 25 August 2022.
- "Twitch streamer and transgender activist doxxed in Northern Ireland after leaving Canada | Globalnews.ca". 980 CFPL. Retrieved 31 August 2022.
- "Inside Keffals' Battle to Bring Down Kiwi Farms". www.vice.com. 7 September 2022. Retrieved 7 September 2022.
- "A notorious fringe message board is facing calls for its shutdown after life-threatening harassment". NBC News. 2 September 2022. Retrieved 4 September 2022.
- "Internet services company Cloudflare blocks Kiwi Farms citing 'targeted threats'". NBC News. 3 September 2022. Retrieved 4 September 2022.
- Darcy, Oliver (16 December 2022). "Elon Musk bans several prominent journalists from Twitter, calling into question his commitment to free speech". CNN Business. CNN. Retrieved 17 December 2022.
- "Twitter suspends several journalists, Musk cites 'doxxing' of his jet". .reuters.com. 16 December 2022. Retrieved 17 December 2022.
- Darcy, Oliver (17 December 2022). "Elon Musk offers journalists he banned from Twitter ability to return under certain condition". CNN Business. CNN. Retrieved 17 December 2022.
- "Protect yourself from "Doxxing" | Office of Ethics". ethics.berkeley.edu. Retrieved 2 June 2022.
- Newman, Lily Hay. "What To Do If You've Been Doxed". Wired. ISSN 1059-1028. Retrieved 1 May 2022.
- "《网络信息内容生态治理规定》明确不得开展人肉搜索、流量造假等违法活动". 中国政府网. 新华社. 21 December 2019. Archived from the original on 23 November 2020. Retrieved 29 February 2020.
- "Hong Kong introduces new legal amendments to outlaw doxxing". Retrieved 31 July 2021.
- "대한민국 영문법령". elaw.klri.re.kr. Retrieved 1 August 2020.
- Jefatura del Estado (24 November 1995), Ley Orgánica 10/1995, de 23 de noviembre, del Código Penal, pp. 33987–34058, retrieved 19 August 2022
- Jurídicas, Noticias. "El Tribunal Supremo considera delito difundir imágenes obtenidas con el permiso de la víctima que afectan gravemente a su intimidad · Noticias Jurídicas". Noticias Jurídicas (in Spanish). Retrieved 19 August 2022.
- "Strafrechtelijke aanpak intimidatie door delen persoonsgegevens". Retrieved 22 March 2022.
- "Dutch Senate votes to make 'doxing' a crime". Reuters. 11 July 2023. Retrieved 24 October 2023.
- "Doxing wordt binnenkort strafbaar, Eerste Kamer akkoord". RTL Nieuws (in Dutch). 11 July 2023. Retrieved 24 October 2023.
- Lindvall 2019, pp. 3, 12
- Lindvall 2019, p. 8.
- Lindvall 2019, p. 9.
- Lindvall 2019, p. 10.
- Lindvall, Alexander J. (2019). "Political Hacktivism: Doxing & the First Amendment" (PDF). Creighton Law Review. Omaha, Nebraska: Creighton University School of Law. 53 (1): 1–15. hdl:10504/125944.
- The dictionary definition of dox at Wiktionary