Doxing and how to protect against it

CHOICE is looking into the increasing incidence of doxing in Australia - where people use information about you found on social media or elsewhere on the internet in a malicious way. We’re interested in hearing from people who have been targeted by doxing.


Perhaps you may want to explain what ‘doxing’ actually is. Or ‘doxxing’. In terms of what Choice is seeking input for.

Because I for one can’t get any sense out of the varied explanations of what this thing is.

This seems reasonably clear:


I normally see it with a double x, but this is apparently optional.

It commonly involves publishing a person’s private details (address, phone number) in a large online forum. This can result in people getting bomb threats and harassing phone calls. It is a common tactic of Trump supporters in the US, where judges (and their families) are facing all sorts of threats just for sitting on his criminal trials and prosecutors are increasingly needing personal security.

The Australian Government recently doxxed the person responsible for the Medibank data breach. He is Russian, and the Russian Constitution forbids extradition of its citizens, but he has now been very clearly identified. While sanctions were imposed, the real effect was to name him as someone who likely has significant resources. In Russia. With the apparent effect that he has become a ‘person of interest’ to figures in the ‘law enforcement’ community (i.e. the cops are hitting him up for some squeeze).

Doxxing is generally considered A Bad Thing… when done by someone whose interests do not align with our own.

Edit: Mr Ermakov was apparently silly enough to hack Russians.


Doxing is related to a cybersecurity discipline called Open Source Intelligence (OSINT). These days there are automated tools that help you gather, organise and coordinate an attack on a person, group or organisation. These tools would take a bit of known information of a target and search hundreds of platforms across the internet in a matter of seconds for matching profiles. From there an attacker would use this to build a profile of who you are and what your interested in and do more targeted searches.

There are websites out there that teach this skill by creating a fake profile and tasking you to get particular bits of information of this person including details like residential address, phone number.

Best way to prevent this is through education. The more people that are aware these tools exist the more empowered they are to prevent it. Happy to answer any questions if you want to know more.

Well the most obvious defence is to restrict the amount of information out there on social media about oneself.

So, my advice, Andy, is to do opposite of what you do. Do not have pictures of yourself that could be used. Do not advertise on your profile that you have Twitter or X or Linkedin, or Facebook accounts that others could then look up, accessible from posts in this Community, which is open to Internet search.

Took me just a few minutes to find a rather interesting conversation between you and a Choice manager. On Linkedin.


I feel doxing has only recently been given a definition by government and others as negative or illegal activity.

I previously associated it with the activity of LGBTQ+ communities targeted by anonymous online hate groups.

Activists referred to the activity of uncovering the identities of people posting the online hate and publishing their identities as doxing.

Another example is the former MP Andrew Laming was revealed to be the administrator of a number of Facebook Community Groups which regularly posted political views about his electorate.
I consider he was doxed by those who proved has was in control of those Facebook groups.

I am concerned about the idea of making doxing illegal as I think it is important to democracy we should be able to find out the identity of those who post things online anonymously.

Unfortunately, doxxing is usually used on people who haven’t really done anything wrong.

Just today, the ABC published a story of a convicted paedophile who knew when he left court there would be media photographers outside on the street. He got a “document” out to cover his face even though he was well known. That “document” had his victim’s name on it for all to see. The ABC digitally removed the name because its against the law in child sex abuse cases without victim’s consent. It was, really, a very basic form of doxxing.

While I agree in some respects, especially involving politics, that we need transparency, most doxxing is done to bring out the online trolls and target victims. DV victims have had threats made against them by associates of their ex who have published phone numbers and addresses alongside usually false accusation, so it brings in sometimes complete strangers who react predictably by attacking the victim. People who make a controversial statement have had their contact and address details released and have in some cases been forced into hiding because of violent threats.

If it’s an organisation operating in the public sphere, i think we should know the people behind it. But we don’t need to know their contact details and home addresses. Individuals have a right to feel they and their families are safe in their own homes. Doxxing takes away that right.

I don’t doubt that there are innocent people who have suffered harm by having details of their name, lives, address etc revealed by evil doers. This leads me to two questions.

  1. Is the problem a matter of preserving privacy or is the problem what happens after an electronic persona is revealed as a human who has a phone that can be filled with nasty or threatening messages, a letter box that can be trashed or a dog that can be poisoned? If the greater problem is the latter why are we so focussed on the former?

  2. Is part of the problem those who hide behind the cowards’ castle of the e-persona to do horrid things to their fellow man that they would not do face to face or if they were revealed themselves? How much anger, grief, deception, lies, corruption, thievery and political manipulation would be avoided if humans could not hide but were personally accountable for their online actions?

How much would be caused by the personal disclosure as well. How do we weigh the difference between protecting those who live in less free areas and those who live in more free areas. There is no truly free place in the world, the protections provided by anonymity for those subjected to abuse, violence, lies, corruption, death, imprisonment, and political manipulation (and “re-education”) are important and is the anonymity and privacy more important because of them?

The Arab Spring argument. This is brought up each time there is any effort to increase accountability.

Do you really see the need to allow anonymous and unfettered public communication in Oz so that the speakers will not be disappeared in the night? How often does that happen?

What about when the aim of those speakers is to cause trouble, riots or the overthrow of this government is that OK? We had some of that here this week. Elon says its all good - it’s just free speech. Tell that to the police who have to deal with consequences.

Here we have a rather imperfect government that is still better than many. The people and that government should be able to protect what we have and to improve. Suggesting we do nothing because somewhere in the world there are governments that treat their people very badly makes no sense to me. The comparison you are making between oppressive regimes and Oz isn’t there.

1 Like

So what level of accountability do you want even for whistleblowers?

Arab Spring, no I think more of the Neo Nazi parties, the USA Covert entities, Russia, China, India and a number of other less than benign places and organisations that see personal information as a way of establishing controls on a population. More worryingly perhaps, I see the Arab Winter as well. Do we have certainty of our continued freedoms, are we really sure before we give it all away? You seem positive that will not occur, that is your take on it and support your right to say so but I also disagree with your view.

Do we rely on anonymous communication by those who see problems and then can’t report them publicly as they then get prosecuted in secret Courts (very current if I remember correctly)… What was old becomes new again. For those that carry out malicious commentary and use of personal information and perhaps do so anonymously, not always is it anonymous, it sometimes is that Social platforms are unwilling to divulge the information. Then if or when they are caught the punishments need to be more severe than they are now, some of that might reduce doxxing and harassment, and cyber bullying. Nothing is perfect of course, certainly though an account on a social media platform can be shut down, the owners often can be identified or the RSP can be found and informed of the issues. Forging, misrepresentation of identity (imposters) have almost always been a thing even before the IT growth. I don’t think there is a place in society that shouldn’t include the right to anonymity to some lesser or greater degree that should be supported (I am not sure were the balance is yet).

1 Like

Whistle-blowers need more protection and support in this country, some kind of independent authority who will hear their evidence and evaluate it without allowing them to be victimised or to victimise others. That is a somewhat different matter to allowing anonymous persons to say whatever they want in public with no consequences.

Both extremes of state-based censorship of whatever the state feels like and free-for-all say whatever you like Muskism are wrong.

1 Like

In Oz it is not so much about a literal disappearance as a metaphorical disappearance i.e. cancellation.

The odd employee has also been sacked after being doxxed, and the employee’s posting on the internet may well have been in the public interest.

Regardless though in many cases the authorities can doxx you if you are actually committing an alleged crime. If this post contained any alleged illegal content, I am kidding myself if I think the authorities won’t arrive at my door.

The risk with any doxxing is that you get it wrong.

I didn’t see anyone suggest that doxxing is illegal or, if not, should be made illegal.

Like most things (say, a computer or the internet) whether it is “positive” or “negative” depends on

  • how it is used, and
  • the perspective of the person making the pronouncement.

Consequently, a topic on how to protect against doxxing is, oppositely, “negative” or “positive” under the same conditions.

FWIW, it is illegal to doxx an ASIO agent (and other countries have similar laws).

1 Like

I think I would quite like to be cancelled. I don’t think my opinion is so wonderful that the world absolutely must hear it. Does that mean nobody would bother me? Sounds alright.

Anyways I think we are getting off topic from what the OP wanted …

I have not been targeted by doxxing.

For the second part (of the topic title) … how to protect against it … I would endorse what @Gregr wrote: be abstemious about what information you post i.e. information that is specific to you and that could serve to identify you. The more “unique”, the higher the risk that doxxing will be successful.

Eschewing social media altogether can be a good idea. Whoever thought that having all communication either publicly accessible or at least shared with one or more third parties is a good idea?

But then also consider the risk … what will happen if you are doxxed? Are any of the following after you: the government, your crazy ex, criminals?


Some relevance: Young people share their experiences of being doxxed — from 50 food deliveries a day to being 'terrified' - ABC News

The article has some general advice about avoiding being doxxed.

One thing that it doesn’t suggest is: Avoid gaming fora. :wink:

I mention this both in connection with the above article and also this.

In respect of the above article, it is important to distinguish between the act of “doxxing” itself and any acts that anyone may carry out once your identity and/or location become public.


Thanks for all the input everyone. We’ve published an article on this.