doxing

"Doxing" is a neologism. It originates from a spelling alteration of the abbreviation "docs", for "documents", and refers to "compiling and releasing a dossier of personal information on someone".{{cite magazine |url=https://www.wired.com/2014/03/doxing/ |title= What Is Doxing? |first=Mat |last=Honan |date=6 March 2014 |magazine=Wired |access-date=10 December 2014 }} Essentially, doxing is revealing and publicizing the records of an individual, which were previously private or difficult to obtain.

The term dox derives from the slang "dropping dox", which, according to Wired contributor Mat Honan, was "an old-school revenge tactic that emerged from hacker culture in 1990s". Hackers operating outside the law in that era used the breach of an opponent's anonymity as a means to expose them to harassment or legal repercussions. Consequently, doxing often carries a negative connotation because it can be a means of revenge via the violation of privacy.{{cite magazine |title=Doxing: An Etymology |url=https://www.theatlantic.com/technology/archive/2014/03/doxing-an-etymology/284283/ |magazine=The Atlantic |first=Megan |last=Garber |date=6 March 2014 |access-date=10 December 2014 }}

{{see also|Human flesh search engine#History}}

The practice of publishing personal information about individuals as a form of vigilantism predates the Internet, via physical media such as newspapers and pamphlets. For example, in response to the Stamp Act 1765 in the Thirteen Colonies, radical groups such as the Sons of Liberty harassed tax collectors and those who did not comply with boycotts on British goods by publishing their names in pamphlets and newspaper articles.{{cite book |title=American History: From Pre-Columbian to the New Millennium |url=https://www.ushistory.org/us/9b.asp |location=Independence Hall Association}}{{cite web |url=https://research.colonialwilliamsburg.org/foundation/journal/winter12/liberty.cfm |title=Terms of Estrangement: Who Were the Sons of Liberty? |last=Carp |first=Benjamin L. |date=2012 |website=Colonial Williamsburg |publisher=The Colonial Williamsburg Foundation |access-date=July 10, 2023}}

Outside of hacker communities, the first prominent examples of doxing took place on internet discussion forums on Usenet in the late 1990s, including users circulating lists of suspected neo-Nazis,{{Cite web |last=Tiffany |first=Kaitlyn |date=2022-04-22 |title='Doxxing' Means Whatever You Want It To |url=https://www.theatlantic.com/technology/archive/2022/04/doxxing-meaning-libs-of-tiktok/629643/ |access-date=2022-05-01 |website=The Atlantic |language=en}} later racists.{{Cite web |last=Perry |first=David M. |date=2017-08-17 |title=Why It's Important to Name the Nazis |url=https://psmag.com/social-justice/naming-and-shaming-american-nazis/ |access-date=2025-01-05 |website=Pacific Standard |language=en-US}} Also in the late 1990s, a website called the Nuremberg Files had launched, featuring the home addresses of abortion providers and language that implied website visitors should stalk and kill the people listed.

In 2012, when then-Gawker reporter Adrian Chen revealed the identity of Reddit troll Violentacrez as Michael Brutsch, Reddit users accused Chen of doxing Brutsch and declared "war" on Gawker. In the mid-2010s, the events of the Gamergate harassment campaign brought the term into wider public use. Participants in Gamergate became known for releasing sensitive information about their targets to the public, sometimes with the intent of causing the targets in question physical harm. Caroline Sinders, a research fellow at the Center for Democracy and Technology, said that "Gamergate, for a lot of people, for mainstream culture, was the introduction to what doxxing is".

According to The Atlantic, from 2014 to 2020, "the doxxing conversation was dominated by debate around whether unmasking a pseudonymous person with a sizable following was an unnecessary and dangerous invasion of their privacy."{{Cite web |last=Tiffany |first=Kaitlyn |date=2022-04-22 |title='Doxxing' Means Whatever You Want It To |url=https://www.theatlantic.com/technology/archive/2022/04/doxxing-meaning-libs-of-tiktok/629643/ |access-date=2022-10-24 |website=The Atlantic |language=en}} In 2014, when Newsweek attempted to search for the pseudonymous developer of Bitcoin, the magazine was accused of doxing by cryptocurrency enthusiasts. In 2016, when an Italian journalist attempted to search for the identity of the pseudonymous Italian novelist Elena Ferrante, the journalist was accused of gendered harassment and Vox referred to the search as "the doxxing of Elena Ferrante." In 2020, when The New York Times indicated that it was planning on publishing the real name of the California psychiatrist running the Slate Star Codex blog, fans of the blog accused the Times of doxing. The person behind the blog accused the Times of threatening his safety and claimed that he started a "major scandal" that resulted in the Times losing hundreds or thousands of subscriptions.

In 2022, BuzzFeed News reporter Katie Notopoulos used public business records to identify the previously pseudonymous founders of the Bored Ape Yacht Club. Greg Solano, one of the founders of the club, claimed that he "got doxxed against [his] will".

In April 2022, The Washington Post reporter Taylor Lorenz revealed the identity of the person behind the Twitter account Libs of TikTok as Chaya Raichik, who works in real estate. This resulted in Raichik and right-wingers accusing Lorenz of doxing.

Pro-Israel NGOs including the Israel on Campus Coalition and Canary Mission have been accused of doxing Palestinian activists by releasing public dossiers documenting their activism.{{cite magazine |last1=Bamford |first1=James |title=Israel's War on American Student Activists |url=https://www.thenation.com/article/world/israel-spying-american-student-activists/ |website=The Nation |date=November 17, 2023 |access-date=18 November 2023 |archive-date=18 November 2023 |archive-url=https://web.archive.org/web/20231118003447/https://www.thenation.com/article/world/israel-spying-american-student-activists/ |url-status=live }}{{Cite web|url=https://forward.com/news/407279/canary-missions-threat-grows-from-us-campuses-to-the-israeli-border/|title=Canary Mission's Threat Grows, From U.S. Campuses To The Israeli Border|last=Nathan-Kazis|first=Josh|date=2 August 2018|website=Forward|access-date=16 September 2018}} The Gaza war saw a surge{{cn|date=March 2025}} in doxing activities in the United States. Right wing advocacy group Accuracy in Media sent trucks to Yale University and Columbia University, displaying the names and faces of students involved in anti-Israel activism under a banner labeling them "leading antisemites" on campus.{{cite web |last1=Okutan |first1=Esma |last2=Hernandez |first2=Tristan |title='Doxxing truck' appears on Yale's campus, displays student names and photos |url=https://yaledailynews.com/blog/2023/11/17/doxxing-truck-appears-on-yales-campus-displays-student-names-and-photos/ |website=Yale Daily News |date=November 17, 2023 |access-date=18 November 2023 |archive-date=18 November 2023 |archive-url=https://web.archive.org/web/20231118020937/https://yaledailynews.com/blog/2023/11/17/doxxing-truck-appears-on-yales-campus-displays-student-names-and-photos/ |url-status=live }}{{cite web |last1=Bushard |first1=Brian |title='Doxxing Truck' Takes Columbia—Here's What To Know About The Trucks That Post Names Of Students |url=https://www.forbes.com/sites/brianbushard/2023/10/26/doxxing-truck-takes-columbia-heres-what-to-know-about-the-truck-that-posts-names-of-students/?sh=3f5cabfd1f41 |website=Forbes |access-date=18 November 2023 }} Similarly, Canary Mission published the identities and images of Harvard University students involved in the circulation of an open letter, published on October 7th, that held "the Israeli regime entirely responsible for all unfolding violence".{{Cite web |title=Harvard Student Groups Face Intense Backlash for Statement Calling Israel 'Entirely Responsible' for Hamas Attack {{!}} News {{!}} The Harvard Crimson |url=https://www.thecrimson.com/article/2023/10/10/psc-statement-backlash/ |access-date=2024-01-19 |website=www.thecrimson.com}}{{cite web |last1=Ray |first1=Owen |title=The Canary Mission's doxxing needs to stop |url=https://dailycollegian.com/2023/11/the-canary-missions-doxxing-needs-to-stop/ |website=Massachusetts Daily Collegian |access-date=18 November 2023 |archive-date=6 November 2023 |archive-url=https://web.archive.org/web/20231106034859/https://dailycollegian.com/2023/11/the-canary-missions-doxxing-needs-to-stop/ |url-status=live }}

Doxware is a cryptovirology attack invented by Adam Young and further developed with Moti Yung that carries out doxing extortion via malware. It was first presented at West Point in 2003. The attack is rooted in game theory and was originally dubbed "non-zero-sum games and survivable malware".{{Cite conference | last1 = Young | first1 = A. | title = Non-Zero Sum Games and Survivable Malware | pages = 24–29| conference = IEEE Systems, Man and Cybernetics Society Information Assurance Workshop| year = 2003 }}

The attack is summarized in the book Malicious Cryptography as follows:

The attack differs from the extortion attack in the following way. In the extortion attack, the victim is denied access to its own valuable information and has to pay to get it back, where in the attack that is presented here the victim retains access to the information but its disclosure is at the discretion of the computer virus.{{cite book|first1=Adam |last1=Young |first2=Moti |last2=Yung |author-link2=Moti Yung |title=Malicious Cryptography: Exposing Cryptovirology |location=Indianapolis |publisher=Wiley|year=2004|isbn=0-7645-4975-8}}

Doxware is the converse of ransomware. In a ransomware attack (originally called cryptoviral extortion), the malware encrypts the victim's data and demands payment to provide the needed decryption key. In the doxware cryptovirology attack, the attacker or malware steals the victim's data and threatens to publish it unless a fee is paid.{{cite journal|last=Shivale|first=Saurabh Anandrao|title=Cryptovirology: Virus Approach|journal=International Journal of Network Security & Its Applications|year=2011|volume=3|issue=4|pages=33–46|arxiv=1108.2482|doi=10.5121/ijnsa.2011.3404|s2cid=424047}}

Once people have been exposed through doxing, they may be targeted for harassment through methods such as actual harassment in person, fake signups for mail subscriptions, food deliveries, bombarding the address with letters, or through “swatting”—the intentional dispatching of armed police teams to a person's address via falsely reported tips or through fake emergency services phone calls. The act of reporting a false tip to police—and the subsequent summoning of an emergency response team (ERT)—is an illegal, punishable offense in most jurisdictions, due to ERTs being compromised and potentially unavailable for real emergencies.{{cite web|url= https://www.shouselaw.com/ca/defense/penal-code/653y |title=California Penal Code 653y PC – Misusing 911 |website=Shouse California Law Group shouselaw.com |date=22 July 2022 |accessdate=19 April 2023}} It is, at the very least, an infraction in most US states (for first-time offenders); if multiple attempts are made, the charge increases to a misdemeanor (especially when the intention is harassment-based). Further repercussions include fines ranging from as low as US$50 up to US$2,000, six months spent in county jail, or both the fine and imprisonment.{{Cite magazine|title=What to Know About Swatting|url=https://time.com/5082806/what-is-swatting-tyler-barriss-troy-livingston/|access-date=2021-09-20|magazine=Time|language=en}}

A hacker may obtain an individual's dox without making the information public. A hacker may look for this information to extort or coerce a known or unknown target. A hacker may also harvest a victim's information to break into their Internet accounts or take over their social media accounts.

Doxing has also occurred in dating apps. In a survey conducted in 2021, 16% of respondents reported suffering doxing because of them.{{Cite web |title=Love in an algorithmic age |url=https://www.kaspersky.com/blog/dating-report-2021/ |access-date=2022-08-19 |website=www.kaspersky.com |language=en-US}} In a 2018 qualitative study about intimate partner violence, 28 out of 89 participants (both professionals and survivors) reported the exposure of the victim's private information to third parties through digital technologies as a form of humiliation, shaming or harm frequently practiced by abusers, that may include the disclosure of intimate images and impersonation of the victim.{{Cite book |last1=Freed |first1=Diana |last2=Palmer |first2=Jackeline |last3=Minchala |first3=Diana |last4=Levy |first4=Karen |last5=Ristenpart |first5=Thomas |last6=Dell |first6=Nicola |title=Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems |chapter="A Stalker's Paradise" |date=2018-04-21 |chapter-url=https://doi.org/10.1145/3173574.3174241 |series=CHI '18 |location=New York, NY, USA |publisher=Association for Computing Machinery |pages=1–13 |doi=10.1145/3173574.3174241 |isbn=978-1-4503-5620-6|s2cid=5040372 }}

Victims may also be shown their details as proof that they have been doxed as a form of intimidation. The perpetrator may use this fear to gain power over victims in order to extort or coerce. Doxing is therefore a standard tactic of online harassment and has been used by people associated with the Gamergate and vaccine controversies.{{Cite news|url=https://thenextweb.com/insider/2017/10/16/doxx-dark-web-letter-bitcoin-ransom/|title=Someone is blackmailing dark web users to pay up or get doxxed|last=Mix|date=16 October 2017|work=The Next Web|access-date=6 December 2017|language=en-US}}

• {{cite web|last1=Hern|first1=Alex|title=Gamergate hits new low with attempts to send Swat teams to critics |date=13 January 2015 |url=https://www.theguardian.com/technology/2015/jan/13/gamergate-hits-new-low-with-attempts-to-send-swat-teams-to-critics|website=The Guardian|access-date=2 July 2015}}
• {{cite web |date=18 June 2015 |last1=Mulvaney|first1=Nicole|title=Recent wave of swatting nationwide fits definition of terrorism, Princeton police chief says|url=http://www.nj.com/mercer/index.ssf/2015/06/princeton_swatting_incidents_schools_malls_hoaxes.html|website=NJ.com|access-date=3 July 2015}}
• {{cite web|last1=Liebl|first1=Lance |date=28 October 2014 |title=The dangers and ramifications of doxxing and swatting|url=http://www.gamezone.com/originals/the-dangers-and-ramifications-of-doxxing-and-swatting|website=GameZone}}
• {{cite magazine |date=8 June 2015 |last1=Diresta |first1=Renee |last2=Lotan |first2=Gilad |title=Anti-Vaxxers Are Using Twitter to Manipulate a Vaccine Bill |url=https://www.wired.com/2015/06/antivaxxers-influencing-legislation/|magazine=Wired|publisher=Conde Nast|access-date=3 July 2015}}

There are different motivations for doxing. They include doing it to reveal harmful behavior and hold the offender accountable. Others use it to embarrass, scare, threaten, or punish someone. It's also often used for cyberstalking, which could result in making someone fear for their safety. Researchers have pointed out that some instances of doxing can be justified, such as when it reveals harmful behavior, but only if the act of doxing also aligns with the public.{{Cite journal |last=Douglas |first=David M. |date=2016-09-01 |title=Doxing: a conceptual analysis |journal=Ethics and Information Technology |language=en |volume=18 |issue=3 |pages=199–210 |doi=10.1007/s10676-016-9406-0 |issn=1572-8439|doi-access=free }}

Parallel to the rise of doxing has been the evolution of cybersecurity, internet privacy, the Online Privacy Alliance, and companies that provide anti-doxing services. Most recently, high-profile groups like the University of California Berkeley{{Cite web |title=Protect yourself from "Doxxing" {{!}} Office of Ethics |url=https://ethics.berkeley.edu/privacy/protect-yourself-doxxing |access-date=2022-06-02 |website=ethics.berkeley.edu}} have made online guidance for protecting its community members from doxing. Wired published an article on dealing with doxing, in which Eva Galperin, from the Electronic Frontier Foundation, advised people to "Google yourself, lock yourself down, make it harder to access information about you."{{Cite magazine |last=Newman |first=Lily Hay |title=What To Do If You've Been Doxed |language=en-US |magazine=Wired |url=https://www.wired.com/story/what-do-to-if-you-are-being-doxed/ |access-date=2022-05-01 |issn=1059-1028}}

In 2024, the Australian government announced they would introduce new legislation to criminalise doxing due to an incident in which the personal details of over 600 people from a WhatsApp group of Jewish Australians was leaked. Some of the people whose details were leaked received threats to harm their reputation as well as death threats.{{Cite news |last1=Hurst |first1=Daniel |last2=Taylor |first2=Josh |date=2024-02-12 |title=Albanese government to propose legislation to crack down on doxing |url=https://www.theguardian.com/australia-news/2024/feb/12/albanese-government-to-propose-legislation-to-crack-down-on-doxing |access-date=2024-02-14 |work=The Guardian |language=en-GB |issn=0261-3077}}{{Cite web |title=Anthony Albanese wants stronger doxing laws. Experts aren't so sure |url=https://www.sbs.com.au/news/article/anthony-albanese-wants-harsher-doxing-laws-experts-arent-so-sure/zxwdcyb3u |access-date=2024-02-14 |website=SBS News |date=13 February 2024 |language=en}} The proposed legislation, which includes a law that makes doxing punishable by jail time, has received bipartisan support, and support from Prime Minister Anthony Albanese.

In 2006 Austria passed its anti-stalking law, and in 2016 cyber-mobbing became a criminal offense.{{Cite web |title=Gesetzliche Lage |url=https://www.oesterreich.gv.at/themen/onlinesicherheit_internet_und_neue_medien/internet_und_handy___sicher_durch_die_digitale_welt/3/1/Seite.1720720.html |archive-url=http://web.archive.org/web/20240615174650/https://www.oesterreich.gv.at/themen/onlinesicherheit_internet_und_neue_medien/internet_und_handy___sicher_durch_die_digitale_welt/3/1/Seite.1720720.html |archive-date=2024-06-15 |access-date=2025-01-02 |website=oesterreich.gv.at - Österreichs digitales Amt |language=de-DE}} While as of the end of 2024 doxing is no specific offense, the laws mentioned are used in cases of online violence.{{Cite web |last=ingrid.brodnig |date=2022-04-27 |title=#brodnig: Ich weiß, wo du wohnst! |url=https://www.profil.at/gesellschaft/brodnig-ueber-datenschutz-auf-facebook-ich-weiss-wo-du-wohnst/401986526 |access-date=2025-01-02 |website=www.profil.at |language=de}} Since Austria is an EU-member state, EU law (DSGVO) applies.{{Cite web |title=Was ist Doxing? {{!}} Beispiele und Tipps zum Schutz |url=https://sosafe-awareness.com/de/glossar/doxing/ |access-date=2025-01-02 |website=sosafe-awareness.com |language=de-DE}}

From March 1, 2020, the People's Republic of China's "Regulations on the Ecological Governance of Online Information Content" has been implemented, clarifying that users and producers of online information content services and platforms must not engage in online violence, doxing, deep forgery, data fraud, account manipulation and other illegal activities.{{cite news |title=《网络信息内容生态治理规定》明确不得开展人肉搜索、流量造假等违法活动 |url=http://www.gov.cn/xinwen/2019-12/21/content_5462826.htm |access-date=2020-02-29 |agency=新华社 |publisher=中国政府网 |date=2019-12-21 |archive-date=2020-11-23 |archive-url=https://web.archive.org/web/20201123193205/http://www.gov.cn/xinwen/2019-12/21/content_5462826.htm |url-status=live }}

As of 2021, it is a criminal offense in Hong Kong to dox, where doxing is defined as releasing private or non-public information on a person for the purposes of "threatening, intimidation, harassment or to cause psychological harm". Persons convicted under this statute are liable to imprisonment for up to 5 years, and a fine of HK$1,000,000 (US$128,324.40).{{cite news|title = Hong Kong introduces new legal amendments to outlaw doxxing |url=https://www.scmp.com/news/hong-kong/politics/article/3133087/hong-kong-introduces-new-legal-amendments-outlaw-doxxing|website=www.scmp.com|access-date=2021-07-31}}

In Germany, doxing was added to the criminal code in September 2021 as {{ill|Endangering Dissemination of Personal Data|de|Gefährdendes Verbreiten personenbezogener Daten}} ([https://www.gesetze-im-internet.de/stgb/__126a.html Section 126a] of the Criminal Code). Since then, the publication of freely accessible data is punishable by a prison sentence of up to two years or a fine, and the publication of data that is not freely accessible is punishable by a prison sentence of up to three years or a fine. The dissemination of the data and its content must be suitable and, under the circumstances, intended to expose the person concerned or persons close to them to a crime directed against them or another unlawful act against sexual self-determination, physical integrity, personal freedom or against an object of significant value. By referring to Section 86 of the Criminal Code, which criminalizes the {{ill|Dissemination of Propaganda Material of Unconstitutional and Terrorist Organizations|de|Verbreiten von Propagandamitteln verfassungswidriger und terroristischer Organisationen}}, the Endangering Dissemination of Personal Data is not punishable if it is socially appropriate and "the act serves civic education, the defense against unconstitutional efforts, art or science, research or teaching, the reporting on current events or history or similar purposes" ([https://www.gesetze-im-internet.de/stgb/__86.html Section 86 Paragraph 4] of the Criminal Code).{{cite web |first=Sören |last=Schneider |url=https://www.bundestag.de/resource/blob/867640/846f1ba0205ccdd640c5a8357e655771/strafrechtlicher-Schutz_Feindeslisten_-126a-StGB-data.pdf |title=Aktueller Begriff. Der strafrechtliche Schutz gegen sog. Feindeslisten nach § 126a StGB |website=Bundestag.de |publisher=Wissenschaftliche Dienste des Deutschen Bundestages |date=2021-11-08 |language=de |access-date=2025-01-12}}

In 2021, due to increasing doxing incidents targeting Dutch activists, politicians, journalists and others, a new law against doxing was proposed by then Minister of Justice and Security Ferdinand Grapperhaus. The law states it is a felony to share personal data with the intent of intimidation, harassment or work-hindering and carries a maximum penalty of a two-years prison sentence or a fine of €25,750 (US$28,204). The penalty shall be increased by a third when targeted at certain public figures.{{cite news |title=Strafrechtelijke aanpak intimidatie door delen persoonsgegevens |url=https://www.rijksoverheid.nl/actueel/nieuws/2021/07/12/strafrechtelijke-aanpak-intimidatie-door-delen-persoonsgegevens |website=www.rijksoverheid.nl|access-date=2022-03-22}} The proposed law passed both houses of parliament and went into effect on 1 January 2024.{{Cite news |date=2023-07-11 |title=Dutch Senate votes to make 'doxing' a crime |url=https://www.reuters.com/world/europe/dutch-senate-votes-make-doxing-crime-2023-07-11/ |access-date=2023-10-24 |work=Reuters |language=en}}{{Cite web |date=2023-07-11 |title=Doxing wordt binnenkort strafbaar, Eerste Kamer akkoord |url=https://www.rtlnieuws.nl/tech/artikel/5395711/doxing-strafbaar-nieuwe-wet-persoonlijke-gegevens |access-date=2023-10-24 |website=RTL Nieuws |language=nl}}{{Cite web |author=Ministerie van Justitie en Veiligheid|date=2023-07-28 |title=Wet van 12 juli 2023 tot wijziging van het Wetboek van Strafrecht, het Wetboek van Strafrecht BES, het Wetboek van Strafvordering en het Wetboek van Strafvordering BES in verband met de strafbaarstelling van het zich verschaffen, verspreiden of anderszins ter beschikking stellen van persoonsgegevens voor intimiderende doeleinden (strafbaarstelling gebruik persoonsgegevens voor intimiderende doeleinden) |url=https://zoek.officielebekendmakingen.nl/stb-2023-274.html |access-date=2024-01-04 |website=zoek.officielebekendmakingen.nl |language=nl}}{{Cite web |last=Eenennaam |first=Joanne van |title=Doxing is a crime ... What does that mean? |url=https://www.wisemen.nl/en/news/doxing-is-a-crime-under-dutch-criminal-law-as-of-january-1-2024-what-does-that-mean-/ |access-date=2025-01-05 |website=WiseMen Advocaten |language=en}}

Early in 2025 the War in Court project digitally released a list of names of nearly half a million suspected wartime Nazi collaborators.{{Cite web |date=2025-01-02 |title=Dutch online archive identifies suspected Second World War Nazi collaborators |url=https://www.ctvnews.ca/world/dutch-online-archive-identifies-suspected-second-world-war-nazi-collaborators-1.7163171 |access-date=2025-01-05 |website=CTVNews |language=en}}

Under the Article 137 "Invasion of Personal Privacy" public sharing of personal information, using mass media, Internet, even public events, is considered a crime and shall be punishable by a fine of up to eighteen months in wage, or by compulsory labor for a term of up to three hundred sixty hours, or by corrective labor for a term of up to one year, or by forced labor for a term of up to two years. with deprivation of the right to hold certain positions or engage in certain activities for a term of up to three years or without it, or arrest for a term of up to four months, or imprisonment for a term of up to two years with deprivation of the right to hold certain positions or engage in certain activities for a term of up to three years.{{Cite web |date=22 September 2023 |title="Criminal liability for disseminating personal data on the Internet" |url=https://admmozhaysk.ru/article/ugolovnaya-otvetstvennost-za-rasprostranenie-personalnyh-dannyh-v-seti-internet-491819 |access-date=2 May 2024 |website=Official website of the Administration of Mozhaisk Oblast of Russia}}

Copying the information and obtaining it illegally are separate offences as well.

South Korea is one of the few countries with a criminal statute that specifically addresses doxing. Article 49 of "Act on promotion of information and communications network utilization, and information protection" prohibits unlawful collection and dissemination of private information such as full name, birth date, address, likeliness, and any other information that is deemed sufficient to identify specific person(s) when viewed in summation, regardless of intent.{{Cite web |title=대한민국 영문법령 |url=https://elaw.klri.re.kr/kor_service/lawView.do?hseq=50484&lang=ENG |access-date=1 August 2020 |website=elaw.klri.re.kr}}

In practice, however, due to the ambiguous nature of "unlawful collection" of private information in the statute, legal actions are often based upon article 44 from the same act, which prohibits insulting an individual with derogatory or profane language, and defamation of an individual through the dissemination of either misinformation or privileged factual information that may potentially damage an individual's reputation or honor (which often occurs in a doxing incident). This particular clause enforces harsher maximum sentences than a "traditional" defamation statute existing in the Korean criminal code. It was originally enacted partially in response to the rise in celebrity suicides due to cyberbullying.

The Spanish Criminal Code regulates penalties for the discovery and revelation of secrets in articles 197 to 201. It establishes, in its article 197 § 1, that "whoever, in order to discover the secrets or violate the privacy of another, without their consent, seizes their papers, letters, e-mail messages or any other documents or personal effects, intercepts their telecommunications or uses technical devices for listening, transmission, recording or reproduction of sound or image, or any other communication signal, shall be punished with prison sentences of one to four years and a fine of twelve to twenty-four months". Per article 197 § 2, the same penalty punishes those who "seize, use or modify, to the detriment of a third party, reserved personal or family data of another that is registered in computer, electronic or telematic files or media, or in any other type of file or public or private record".

Those who "disseminate, disclose or transfer" the aforementioned data to third parties face a penalty of two to five prison years (one to three years of prison and fines of twelve to twenty-four months, if not directly involved in their discovery but "with knowledge of its illicit origin"). These offenses are particularly severe if made by the person responsible of the respective files, media, records or archives or through unauthorized use of personal data, if revealing of the ideology, religion, beliefs, health, racial origin or sexual life of the victim, if the victim is underage or disabled, and if it is made for economic profit.{{Citation |last=Jefatura del Estado |title=Ley Orgánica 10/1995, de 23 de noviembre, del Código Penal |date=1995-11-24 |url=https://www.boe.es/eli/es/lo/1995/11/23/10 |issue=Ley Orgánica 10/1995 |pages=33987–34058 |access-date=2022-08-19}}

As established by the Criminal Code's reform in 2015,{{Cite web |last=Jurídicas |first=Noticias |title=El Tribunal Supremo considera delito difundir imágenes obtenidas con el permiso de la víctima que afectan gravemente a su intimidad · Noticias Jurídicas |url=https://noticias.juridicas.com/actualidad/noticias/14915-el-tribunal-supremo-considera-delito-difundir-imagenes-obtenidas-con-el-permiso-de-la-victima-que-afectan-gravemente-a-su-intimidad/ |access-date=2022-08-19 |website=Noticias Jurídicas |language=es}} to "disseminate, disclose or transfer to third parties images or audiovisual recordings of the one obtained with their consent in a home or in any other place out of sight of third parties, when the disclosure seriously undermines the personal privacy of that person", without the authorization of the affected person, is also punished per article 197 § 7 to three months to a year in prison and fines of six to twelve months. The offense is particularly severe if the victim is linked to the offender by marriage or an "analogous affective relationship", underage, or disabled.

In the United States, there are few legal remedies for the victims of doxing.{{harvnb|Lindvall|2019|pages=3, 12}} Two federal laws exist that could potentially address the problem of doxing: the Interstate Communications Statute and the Interstate Stalking Statute.{{sfn|Lindvall|2019|page=8}} However, as one scholar has argued, "[t]hese statutes ... are woefully inadequate to prevent doxing because their terms are underinclusive and they are rarely enforced".{{sfn|Lindvall|2019|page=8}} The Interstate Communications Statute, for example, "only criminalizes explicit threats to kidnap or injure a person".{{sfn|Lindvall|2019|page=9}} But in many instances of doxing, a doxer may never convey an explicit threat to kidnap or injure, but the victim could still have good reason to be terrified.{{sfn|Lindvall|2019|page=9}} And the Interstate Stalking Statute "is rarely enforced and it serves only as a hollow protection from online harassment".{{sfn|Lindvall|2019|page=10}} Several states, notably California and Colorado, make doxing illegal under state law.{{Cite web |date=December 2021 |title=50-state Survey: Doxing - Legal Protections for Public Health Officials: Doxing |url=https://www.networkforphl.org/wp-content/uploads/2022/03/Doxing-50-State-Survey-December-Final.pdf |access-date=April 24, 2025 |website=The Network For Public Health Law |page=2}}

According to at least one estimate, over three million people are stalked over the internet each year, yet only about three are charged under the Interstate Stalking Statute.{{sfn|Lindvall|2019|page=10}} Accordingly, "[t]his lack of federal enforcement means that the States must step in if doxing is to be reduced."{{sfn|Lindvall|2019|page=10}}

In late 2023 and early 2024, during a rash of swatting of American politicians, it became widely used as a way of encouraging attacks, as the United States possesses weak laws surrounding data privacy, with its citizens' personal information often easily accessible online due to various data brokers.{{Cite news |last=Lee |first=Dave |date=2024-01-04 |title=US Must Stop 'Swatting' From Becoming an Election Weapon |url=https://www.bloomberg.com/opinion/articles/2024-01-04/us-must-stop-swatting-from-becoming-a-deadly-election-weapon |access-date=2024-01-05 |work=Bloomberg News}}

{{div col}}

• Data re-identification
• Doomscrolling
• Doxbin
• Escrache
• Identity theft
• Opposition research
• Outing
• Skiptrace

{{div col end}}

{{reflist|30em}}

{{Refbegin|indent=yes}}

• {{Cite journal |last=Lindvall |first=Alexander J. |title=Political Hacktivism: Doxing & the First Amendment |pages=1–15 |journal=Creighton Law Review |date=2019 |volume=53 |issue=1 |url=https://dspace2.creighton.edu/xmlui/bitstream/handle/10504/125944/CLR_53-1.pdf |publisher=Creighton University School of Law |location=Omaha, Nebraska |hdl=10504/125944}}

{{Refend}}

• {{wiktionary-inline|dox}}

{{Abuse}}

{{Bullying}}

{{Internet slang}}

{{Authority control}}

{{DEFAULTSORT:Doxing}}

Category:Cyberbullying

Category:Cybercrime

Category:Cyberstalking

Category:Data security

Category:Hacking (computer security)

Category:Internet privacy

Category:Internet terminology

Category:Internet vigilantism

Category:Identity documents

Category:Privacy controversies