Doxxing, which consists of publishing a target’s private information online without their consent, is a technique regularly used against journalists. In this last article of a three-part series on cyberharassment, Reporters Without Borders (RSF) offers preventive measures against this type of attacks.

Doxxing is a form of online harassment in which a target’s personal and sensitive information is posted publicly on the internet with the intent of causing harm, intimidating the victim and damaging their reputation. Journalists who report on critical issues are frequently the target of doxxing, which is often followed by a smear campaign or direct threats like Al Jazeera White House correspondent Kimberly Halkett experienced after being doxxed in 2020.

Adversaries get this information both from public websites and through hacking. The published information can include home addresses, phone numbers, email addresses, and content from social media. Not only are the targets themselves affected, but in some cases, their relatives, colleagues, and friends can become targets too.

Preventive measures

  • Enhance accounts security: Journalists should strongly secure all accounts that contain sensitive information, especially by using strong passwords, a variety of usernames, and by enabling two-factor authentication to make it harder for hackers to break into it.
  • Prevent data collection online: Journalists should download software like Privacy Badger or Ghostery, which enable them to use the internet without their data being tracked and collected by third parties. Journalists are also encouraged to regularly remove their personal information from data brokers like WhitePages and LexisNexis (paying service).
  • Delete past information: Everything a journalist has published in the past — on old blogs, former social media accounts etc. — could contain information that is of interest to doxxers. Journalists should ask themselves whether it is still necessary to keep this information online, and delete it if it is not.
  • Refrain from publishing personal information: The best way to prevent doxxing is to refrain from publishing new personal or identifiable information that could be used against them, such as their geolocation or email address. Another safeguard is to limit one’s audience on social media so that only a trustworthy group of people can see private content.
  • Regularly check one’s name: Journalists should regularly search their own name online and set up alerts on it to keep tabs on when and where their name shows up. This can be done on Pastebin, where a lot of hacked material is published, as well as on Google and Mention
  • Report attacks to service providers: The publication of sensitive personal data is a violation of one’s rights in most countries. Journalists should report doxxing to platforms and website operators, with the support of a lawyer if needed. The chances of having consequences on the doxxer are quite high on social networks (from deleting their account to legal actions).

← Read Part 1: Stalking and swatting
← Read Part 2: DDoS and message bombing attacks