Doxing Self-Defense 101
Google (and Bing, and DuckDuckGo…) yourself
- What comes up when you use search engines to search for your name, your name in quotes, and any unique handles/usernames you use?
- What happens if you add the city you live to the query?
- How many of the links that come up are in your control (e.g. social media profiles, homepage, etc.) and how many are not (e.g. data brokers, news articles)?
- How easy is it to associate friends or family members with you?
- If you’re US based, you can find additional places your data may have been posted online using Yael Grauer’s extremely comprehensive Big Ass Data Broker Opt-Out List. Start with the data brokers marked “high priority.”
Review your social media history
Adversaries will often go digging through your social media history to find content to harass you with. Do some searching through your history with two things in mind:
- If someone was mad at me, would this content be used against me?
- Does this content still align with my values? (If the answer is “no”, consider deleting the content) Some tips for searching social media history:
- Audit your content on Twitter/X by searching from:yourusername combined with sensitive keywords, e.g. “election” or related keywords. Also look for information about your children, places you visit regularly (e.g. coffee shops), family associations, etc.
- Scan through your Twitter/X media tab, as this is often used by adversaries to quickly skim far back into someone’s history.
- On Facebook, filter a keyword search to “Posts from: You” to quickly review your history.
- Other social media sites have similar filters, ask us if you’re stuck!
Protect those around you
Attackers often go after their targets’ friends and family as well. Once you understand your own online footprint, consider having a conversation about these issues with loved ones. With their permission, you could also walk them through some of the online footprint tips on this page.
You may want to recommend tools like Security Planner or other resources from the other side of the page to them. If that’s too overwhelming for them, focus on basic security practices like setting up a password manager to create strong, unique passwords, as well as enabling 2FA where possible.