What should you be worried about? Doxing

Dox is actually slang for “Docs/Documents”. The act of doxing involves the “search for and publish of private or identifying information about a particular individual(s) on the internet, typically with malicious intent”. Typically, we see information like full name, phone number, and address. This information can then be used in a lot of malicious ways. A few severe examples can be seen below:

A warning, before we move forward

Before we dive deeper into the topic of doxing I want to take a moment to say that some of the websites, topics, and strategies could be used maliciously. However, since these are all public websites and topics that one could easily Google, rather than pretend that doxing isn’t a thing and that it will never happen, I am going to show you how to become aware of what information you are sharing online, where, and how it can be used. With this knowledge you can try to protect yourself, or know what to expect.

What Information Already Exists? A lot

The first step towards protecting your information is identifying how much of your information is already public and accessible. I myself am not shocked about how much of my information is online because I wasn’t cautious when I was young and once information goes online it generally stays online. If you are looking to protect yourself going forward it’s important to see what already exists and what can be removed. Even if you can’t find information through yourself it’s important to know that people can find information about you through relatives like your parents. You will be able to start determining what kind of information exists using the methods we begin to discuss below.

Common Methods For Doxing

Below we are going to start discussing and explaining some common methods that are used as tools to find information about others. It would not be possible to cover all the methods and tools people use for doxing since there will always be new tools and methods but we can discuss the ones most commonly used and you can use the knowledge to do a more comprehensive search.

Method 1: Targets Name

Having a targets name is often all you need. If you have their full name you can find out vital information such as their family members, address, phone numbers, and more. Chances are, depending on how old you are your full name may might return any results but if someone knows your last name they can find your family members. There are many websites someone can use to pull information about you from your name. Below i’m going to list a few of the most popular websites along with links on how to remove yourself from each of the websites listed below:

Method 2: Targets Email

Let’s pretend you’ve managed to keep your name a secret but people have access to an email of yours. Providing that email isn’t your first name and last name (johndoe@gmail.com) this next method can give you quite a bit of information. Remember that social media talk earlier? You can get a target’s Facebook with their email and it isn’t hard at all. First, head over to Facebook.com you can use this https://www.facebook.com/search.php?q=(emailhere) to find their Facebook. To find a little extra information you can select “Forgot your password” option put in the target’s email and it should give you their name, picture, and sometimes the last four digits of their number. You can now use that name and picture for further searching and the last four digits of their number to verify other information. A good guide on locking down your Facebook can be found here: http://gizmodo.com/the-complete-guide-to-locking-down-facebook-privacy-for-1630674932. Nowadays most people also have Skype which you can find with an email. You can do this within skype or with an email2skype tool. Within skype you just search an email instead of a username and if they used an email for skype it WILL popup with their skype. (which is why you should use a separate email for services like this or just don’t use skype at all).

Method 3: Targets Area Code

This really isn’t the most effective tool and I can’t say i’ve ever bothered to use this myself but it can help verify a information. Area codes are basically the first three digits of a phone number. What you can do with this information is figure out the state a number is from and if you have multiple entries for a name you can narrow that down. For example, John Doe might be from NY, MA, VI but the area code is 914 so you know it’s the John Doe in NY. Here is a good site for area code lookups http://www.allareacodes.com/area-code-lookup.

Method 4: Targets Number

Just as we did with a targets name we can do with their number using the same websites.

Method 5: Targets Website

When you register a website you are asked to fill in registration information that is publicly available without who.is protection. IF YOU HAVE A WEBSITE WITHOUT WHO.IS PROTECTION YOU SHOULD GO BUY THAT NOW. Without that protection, targets are really easy to dox if they have a website. You can use the websites below to get a who.is report:

Method 6: Targets Skype

Finally, I would assume most of you have a skype and that skype name is most likely the exact same thing as your alias. When creating your skype if your name is JohnDoe a bad skype name is JohnDoe. I will make a guide in the future about protecting your IP and go into more depth on skype. Anyways, having someone’s skype can be very useful because you can resolve their IP with Skype. With a targets IP you can get their full dox if you use it correctly. I’m not going to go into doing that but it’s fairly simple. Just protect your IP. Make a skype name that isn’t easily searchable, don’t add strangers, don’t join group chats on skype, or DON’T USE SKYPE! Try out a service like Discord. A few skype resolvers are listed below:


The internet is a scary but wonderful place if you know how to browse and use it correctly. If somebody does dox you there isn’t very much you can do as it’s not illegal. If you are worried, let the police know in these kind of situations. In all the cases i’ve been swatted the attacker was kind enough to tell me they were going to swat me and I was able to give my local police dept a warning. I can’t say most police departments know what swatting is or most forms of online harassment, but it doesn’t hurt to let them know you are worried about being a target. My local police department thought that swatting was where people send you pizza you didn’t order, but after talking for a little they understood and helped me and my family feel more secure. It’s a pain to go through and remove information and it’s a shame we can’t live on the internet and have everybody be cool about it. Nowadays, you piss somebody off in a video game and they are going to try and swat or ddos you without even understanding the legal ramifications of what they are doing. A quick legal note if you dox somebody and another user uses that information for illegal actions you are also committing a crime. I would read up on Accessory before deciding to dox somebody. Doxing is a very powerful way to gain more information on a person which you will learn how to do in this post and it should also help you learn how to protect yourself from others doing this. Please, dox at your own risk and never dox anybody but yourself.

Extra Links:

Misc. Search Sites
http://www.192.com/ (UK)
http://www.phoneebook.co.uk/ (UK)
http://exifdata.com/ (viewing information behind a picture)

Information Security 101

Written by

Do you know how much of your personal information is floating around?

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade