In an update earlier today, global tech conglomerate Meta shared news of its latest moves surrounding digital collectibles. From September 29th, subsidiaries Facebook and Instagram will now allow users to link their virtual wallets with their accounts and also share non-fungible tokens. Users Across 100 Countries Can Access New Meta Feature Everyone on @instagram and @facebook can now share their digital collectibles in the US, and on Instagram in the previously announced 100+ countries,” Meta announced in a tweet. https://twitter.com/MetaNewsroom/status/1575486040349245446?s=20&t=TpIDHfYcRCtVRMNrwYhWiA…
When experts claim “data is the new oil”, it may be hard to understand all the statement’s implications. But, in short, information and data are receiving a higher valuation on the market year after year.
A few decades ago, Wall Street saw energy-related companies among those with the highest market cap. Today, the attention has moved towards data-based companies, such as social networks.
Of course, the other side of the data-coin is that information online is becoming more sensitive. Unfortunately, not everyone on the Web has good intentions, and this is where doxxing comes to mind.
Our article will give more details on the doxxing phenomenon, summarizing several typical practices belonging to this group. But, most importantly, we will provide information on preventing doxxing and responding to it.
Today, more than ever, we all deal with documents online. Many of us frequently shorten the “documents” word into “docs”. The “doxing” (or “doxxing”) neologism derives from this usage.
A typical doxxing process consists of three steps:
- First, collecting information: websites such as social networks provide a wide range of data on users. Anyone with average technological skills can retrieve personal information from most people.
- Compiling information: once someone collects data from different sources, users can connect the various pieces of information.
- Sharing information: having collected sensitive information on somebody, users could decide to share them against standard privacy rules.
Doxxing aims at revealing sensitive information about anyone online. However, the practice can bring more damage when a user desires to remain completely anonymous online.
Since blockchain and cryptocurrencies primarily rely on an encrypted system, doxxing is a real issue in the industry. Therefore, let us introduce a few typical forms of doxxing in the following section.
Types of doxxing
Doxxers have several tricks that they can use to achieve their illicit goal. Listing the most common strategies may help users avoid falling into these traps:
- IP and ISP doxxing: it may surprise you how easy it is for hackers to retrieve IP addresses. With it, anyone can recover your physical location.
- Spoofing: even worse, hackers may contact your internet service provider (ISP) and collect sensitive data. All they need is to make an ISP worker believe they are calling from your address (using the spoofing technique).
- Social network doxxing: social networks typically allow users to make their profiles private. Doxxers take advantage of people who disregard this step.
- Beware of “data brokers”: most people find online terms and conditions too long and complex to read. Many websites deliberately sell your data to third parties without guarantees on their intentions.
- Sniffing: sniffing software can intercept online data exchange, another popular doxxing technique.
- Phishing: a seemingly ordinary email or message may push us to click on a link. Doxers typically exploit this mechanism to download sensitive data on their victims.
Is it possible to avoid doxxing?
Designing a strategy to avoid doxxing may be too optimistic. However, we can certainly reduce the risk of falling for it.
VPN services, for example, allow users to establish internet connections by using different IPS. Even better, anyone can ask these systems to rotate their IP addresses, hence avoiding a common doxxing strategy.
While platforms such as Google and Facebook have made significant steps toward data protection, no one should trust them blindly. Think carefully before using these services to log into third-parties websites. If doxxers gain access to these accounts, you may find yourself in trouble.
Social doxxing prevention starts with making our online profile private. Whenever it is possible, go for the tightest privacy settings.
You may have heard that deleting a social network account does not trigger the elimination of your data. Unfortunately, the debate on the matter is still ongoing, making it vital to avoid sharing sensitive data on social media.
The recommendation on being careful with the data you share applies to a broad set of other media. As a general rule, we should always read the online terms and conditions whenever we create an account.
Not everyone may know that many websites clearly state that they may sell your data to advertisers. Since we do not know who these advertisers are, our data may fall into the wrong hands.
Everything we have mentioned is particularly true for the encrypted world of blockchain, with a further recommendation. Those using services such as MetaMask should always be careful before connecting a wallet to a new website.
The simple connection cannot, per se, lead to a loss of tokens. However, as users report on Reddit, nothing can stop a doxxing website from retrieving your IP address.
How can doxxing victims respond to the attack?
In doxxing, as in other domains, prevention is better than cure. Unfortunately, at the moment, the tools we can use to fight doxxing are not particularly sophisticated.
First, we should note that doxxing is illegal, but the policymakers appear to be slower than doxxers. In the U.S., the matter is still in the hands of single States, with no Federal legislation.
In general, doxxing victims can and should report any related matter to the police. However, the national cybercrime authorities in the country typically handle the case.
It may be a good idea to respond by locking social media accounts. Changing any password and even creating new online profiles are also effective operations.
Doxxing is among the new problems we discovered following the digitalization of the world economy. Since new issues require innovative solutions, we are all looking for the right way to tackle the matter.
Cyber education is becoming more and more important nowadays. For example, distinguishing between a legit message and a phishing attempt is an essential skill. Furthermore, a data-driven world needs to have data-educated citizens, and we should always keep this in mind.