Digital security

“What’s up Doxx?” (Part 1):
Define the perimeter of your online privacy

05/03/2025
3 min read
IMAGE: PIXTA.
Print Friendly, PDF & Email

Reporters Without Borders (RSF) designed this series of exercises aimed at preventing doxxing, which consists of exposing someone’s private information for harassment purposes. The first exercise aims to make journalists aware of the range of personal information a doxxer might find.

What is doxxing? It’s a form of online harassment in which a target’s personal and sensitive information is posted publicly on the internet with the intent of causing harm. Digital footprints can reveal far more than a person is originally willing to disclose, all it takes is a malicious actor to hunt through it. A name can lead to a phone number, an address, a location, and information in the wrong hands can pose a threat to journalists and their loved ones. It is vital that journalists concerned with privacy understand their digital trail.

Objective: To become aware of the different types of sensitive information that we voluntarily (or involuntarily) put online and that a doxxer may target; and to narrow down what needs to be prioritised for protection based on the level of harm the leakage of information could cause.

Time: 15 mins

Process: Go through the list below and ask yourself: “Would leakage of this information cause important harm to me?” Tick the box when applicable. 

THE CHECKLIST

1. Basic personal data
 Real name, surname
Birthdate, place of birth
Phone number(s)
Email address(es)
Home address(es)

2. Sensitive personal data
Sexual orientation or relationships
Religious or cultural practices
Past or present substance abuse

3. Professional information
Employment history, resumes, or CVs
Place of current employment
Colleagues’ or employers’ names and contacts

4. Social and relationship details
Significant others (e.g., name(s), social media profile(s))
Friends or acquaintances in the same social circles
Divorce or custody battle details
Dating app profiles or messages
Clubs, hobbies, or recreational activities

5. Online activity
Social media handles and profile names
Past usernames or aliases used online
Forum or community posts, especially controversial ones
Browsing history
IP addresses tied to devices or accounts
Device serial numbers
Frequently used Wi-Fi networks
Leaked database entries (from breached websites or apps)

6. Communication details
 Private messages from social media or forums
Call logs or texting history
Messaging app handles (e.g., Signal, Telegram, Skype)

7. Geolocation and travel
Real-time location tracked through apps or social media posts
Frequently visited places, such as gyms, coffee shops, or libraries
Travel history or upcoming travel plans
Flight or train tickets and itineraries

8. Medical information
Health conditions or diagnoses
Medical history from forums or leaked records
Medications or prescriptions
Doctor or hospital names

9. Financial information
 Bank account details (e.g., account numbers)
Credit card numbers or billing addresses
Loan information or payment records
Tax records, tax identification number
Cryptocurrency wallet addresses

Result: After going through the list, you should have a better idea about what kind of personal information a malicious actor would likely use to inflict harm. This exercise is foundational to the next exercise in this series that helps you check personal data from search engines.

Read Part 2: How much of your private life can be found on Google?
→ Read Part 3: How much of your private life can be found on social media?
→ Read Part 4: How to protect yourself from doxxing

You may also like