Is Doxxing Illegal? What You Need to Know


Is Doxxing Illegal? What You Need to Know

Among everybody that takes advantage of the internet in our modern world today, no issue is more important than that of privacy. We have all experienced the usefulness and benefits that the internet has brought into our lives, but those benefits have come with the serious cost of our privacy being sacrificed.

All the information that you would consider confidential, like your Social Security number, for example, is very likely available online already even though you would very likely wish to keep that and all other records about yourself as private as you possibly can. That data can be sought out and found by others on the internet and broadcast to others, a process that is referred to as doxxing.


The act of doxxing is certainly not especially recent, it is at the least as old as the internet itself, although it has become more commonplace over the last several years. This is likely due to how more and more information is being stored online as data and therefore accessible through different means. You might have heard a business refer to ‘the cloud’ before. That means that they are one of the innumerable companies and corporations that are now allowing their files and records to be kept on the internet for safekeeping.

Even though that data is usually held on a private server and people outside of that particular business shouldn’t have access to it, it takes hardly any time or effort for someone with the means and motive to find their way to it, and to your most personal information as a result. From there, they can employ those details however they wish, and to dox means to publish it online (likely in the form of social media like Facebook or Twitter) so that the general public also is aware of it as a result.

You are likely thinking about how something as reprehensible as doxxing should be illegal, and actually, you are correct for considering that. Doxxing is, in fact, illegal in certain cases (that is, depending on the situation). However, since this crime is occurring on the internet and not in the streets of your local neighborhood, it is not something the police can necessarily track down and prosecute. Since that is the case, most instances of doxxing and those that dox are never brought to any sort of justice under the law.

What Is Doxxing?

What Is Doxxing

An Introduction to Doxxing

The slang term ‘dropping dox’ originally came about in the earliest years of the internet, when it was used as a tactic for revenge amongst the hacker culture that was evolving online during that time. ‘Dox’, in that context, was an intentional misspelling of ‘docs’, short for ‘documents’ which was itself, obviously, referring to whatever files it was that they were widely shared online with other hackers.

Most common information that is likely to be doxxed about a target of theirs (or on any victim of doxxing today as well) typically would be their complete legal name, the address where they reside, their place of employment (in addition to the business address there and potentially even the people they work with), means of contact with them such as their home phone number (in instances occurring today, it would be the number to your cell phone instead), their Social Security number, information on their families and loved ones, and possibly even personal photos or other media you would never want to be shared.

Today’s doxxing also usually involves posting your social media accounts and e-mail addresses you might have since those are more widely used now than ever before.

Although, as we’ve discussed here, doxxing came about during the 1990s when the internet was still hardly used by most of us, there have been exponentially more situations lately over the last decade where doxxing occurs. The reason for this upturn is because of how much easier it is currently for a hacker or even a collaborative group of hackers to discover this data than it was back when this criminal act began.

Back before we were all members of some form of social media or another (or for most of us, multiple social media platforms), hackers almost always only used doxxing against other hackers. It was a means by which they could ensure fairness within their online communities.

All it would take is for one of them to not follow through on a deal (maybe a payment arrangement or any sort of expectation held), and the other hacker would seek out whatever they could to ‘drop dox’ on the one that they felt had wronged them. This was a way to expose them, to pull back the curtain and show who was behind it. And for hackers, a group that naturally has their own anonymous status held in exceptionally high regard, this was seen as a punishment worse than anything physical.

The motive might have usually been revenge back then, but today, doxxing is often witnessed as a response to someone upset at a particular group or individual with a belief (or a set of beliefs) that is in opposition with their own. In this manner, their behavior becomes that of a vigilante, someone that is taking damaging action against another without having any legal grounds or authority to do so.

To see firsthand how the motives for those that dox have evolved over the years the internet has existed to now, we can look towards a few situations where it has happened. One of those cases (well, actually eight of them) is that ever since 1993, there have been eight different doctors murdered in cold blood that the killers reached exclusively because of the doxxing of the doctors and the leak of data that accompanied it.

Why were these doctors specifically targeted with both doxxing and their subsequent murders? Because they provided abortions to women as one of their services. The strong stances taken on such an issue caused a hacker (who assumedly was in disagreement with the doctors over providing the medical procedure) to find their clinic and home information and to share it with the world.

White supremacist groups, such as the KKK and those affiliated with Nazism, are another set of individuals often doxxed online because of their belief system. This is an example where some even side with those that are doxxing, because of the racist attitudes and even violent acts committed by such groups. It can be seen as “righting a wrong” for those that do agree with them.

An attendee of a protest taking place in San Francisco in 2017 was remembered as saying, “Dox a Nazi, all day, every day.” A woman online who operated under the nickname Fallon, and who famously (or possibly infamously, depending on your perspective) doxxed the leader of a Nazi movement in the state of Wisconsin, referred to the act of doxxing as throwing a “digital brick through a window”.


Is Doxxing Illegal

Obviously, it is fair to assume that almost anybody would consider doxxing against their own held moral values. But the matter at hand is whether or not to dox someone is considered a criminal act, one that is capable of being prosecuted and punished by law enforcement. The answer to that is yes, in a sense.

While there is no exact law on the books against ‘doxxing’ (given that the term itself has only existed in popular American slang in the modern era), there are laws plenty that fit what occurs because someone chooses to dox another person or group of people. And that is how some doxxing matters are tried before a judge in court.

For example, criminal harassment involves when someone is targeted intentionally with the perpetrator’s desired effect being that they are annoyed, alarmed, terrified, or even hurt (physically or otherwise) as a result. Sound familiar? That absolutely falls under what is accomplished and intended usually when someone is doxxed.

They are targeted intentionally by the hacker that chooses to dox them as he searches out all the information he can find on them, in order to cause them harm or to allow for others to do so. Some cases of doxxing, because of that, are tried according to charges of Criminal Harassment.

But that is only in situations where it can be proven that the convicted hacker intended to cause those desired effects for the doxxed victim. But what about when that cannot be proven in a legal setting?

Sometimes a doxxer acts with such anonymity that law enforcement might not be sure enough that a jury will find them guilty for causing alarm or annoyance or terror (and therefore, fitting the legal definition of Criminal Harassment).

Rather than convict and try the suspected individual under that charge and risk losing the case, they instead charge based on HOW the suspect went about obtaining whatever information they’ve released about the victim of doxxing, and if the means employed to do so were illegal. Generally, this is when charges of Criminal Stalking would be brought against the hacker.

Sure, as we said earlier, unfortunately, there is no law specifically against doxxing in the federal courts as of writing this article (although that might change with time possible). But stalking, under the legal definition, is absolutely illegal and has been for many years now.

So how does the process of doxxing fit into what the law defines as Criminal Stalking? Let’s look for ourselves to find out, at the same source a lawyer would refer to for answers, the United States criminal code. This is how 18 U.S. Code § 2261A defines it:


(2) with the intent to kill, injure, harass, intimidate, or place under surveillance with intent to kill, injure, harass, or intimidate another person, uses the mail, any interactive computer service or electronic communication service or electronic communication system of interstate commerce, or any other facility of interstate or foreign commerce to engage in a course of conduct that—

(A) places that person in reasonable fear of the death of or serious bodily injury to a person, a pet, a service animal, an emotional support animal, or a horse described in clause (i), (ii), (iii), or (iv) of paragraph (1)(A); or

(B) causes attempt to cause, or would be reasonably expected to cause substantial emotional distress to a person described in clause (i), (ii), or (iii) of paragraph (1)(A),

shall be punished as provided in section 2261(b) of this title.

You might have noticed that in the first paragraph, it refers to using “any interactive computer service or electronic communication service or electronic communication system of interstate commerce” to cause someone to feel fear for their own safety or the safety of those around them. That is where and how exactly that doxxing falls under the legal definition for what we consider stalking in the United States.

Also, since sometimes someone is confronted and blackmailed for money or other demands under threat of being doxxed if those demands are not fulfilled, that fits what the legal system classifies as Criminal Extortion. This provides law enforcement yet another opportunity to bring those that dox to justice and ensure that their actions do not go unpunished.

So no, in one sense, doxxing itself isn’t illegal yet. But yes, in another sense, because the behavior consistently surrounding the act of doxxing is very illegal, both before and sometimes even after (in the cases of the abortion doctors) the doxxing itself occurs.



Because of how the law itself operates and how it charges doxxing under different criminal matters, the consequences of being found guilty are based on what crimes were committed during the event of the doxxing itself.

But what about when criminal charges are not filed for whatever reason? There can still be vindication for the victim of the doxxing in those circumstances, luckily. The next steps someone who has been doxxed will likely involve reaching out to a lawyer to begin taking the matter into a civil court instead.

A lawsuit taken to civil court can achieve some form of justice for the victim certainly, but before moving forward with that lawsuit, the dilemma faced by those filing it will be finding out who and where the hacker is that originally doxxed them.

Finding who the individual is and where they might be located becomes significantly easier, however, when you are a widely-known and recognized individual with some wealth to your name to aid in the search for the suspect. Those factors almost guarantee that the hacker who publicly posted your information will face civil, if not criminal, charges.

Such was the situation for a total of five different United States senators when they went through having confidential files on themselves doxxed several years ago. Initially, only three senators saw their personal information released all over the internet.

These three were Mike Lee (a Republican senator from the state of Utah, Lindsey Graham (another Republican senator, this time from South Carolina), and formerly elected senator Orrin Hatch (who also, like Senator Lee, was elected in Utah). It didn’t stop there, though, as two more senators would have their data leaked out before it was resolved. Those other two were Senator Mitch McConnell and Senator Rand Paul (both of them elected in Kentucky).

With five United States senators having felt damage done by the doxxing, it brought about a manhunt for the individual at fault for the crimes committed. The suspect, at long last, was found out to be Jackson Cosko (who had worked before as a congressional staffer for the Democratic party).

It was discovered later that Cosko had taken advantage of his position to hack into multiple computers within the Senate and it was how he obtained the data he doxxed. Cosko’s actions were, in his eyes, in response to the five senators have voted to confirm the most recently appointed Supreme Court Justice for the United States, Judge Brett Kavanaugh.

By the time the trial had ended and Cosko had been found guilty, a judge sentenced him and he received four years incarceration in federal prison for the crimes he had chosen to commit.


It doesn’t end after someone is doxxed, sadly. From there, other people or perhaps even groups can find the information posted and take action against the person that lost their privacy. Sometimes the situation arises where the individual doxxed isn’t even the one that the hacker intended, an error of mistaken identity on their behalf.

That doesn’t stop those that take advantage of the information made available, however, and the falsely accused party will likely face hate mail and confrontations originally meant for the hacker’s intended target. Even worse, sometimes those confrontations can become violent.

At a rally held in Charlottesville, Virginia by white supremacists, one of the many pictures taken there showed a man holding a torch and taking part in the rally. Someone apparently went searching online for the man shown in the photograph, intending to dox him and share it.

He found files for someone named Kyle Quinn, a member of the faculty employed by the University of Arkansas. As a result of the doxxing, rumors began and spread everywhere that Quinn was a neo-Nazi. He received death threats and threats of violence in the form of e-mails, online messages, and voicemails.

However, Kyle Quinn was nowhere near Charlottesville when that rally had taken place. In fact, he had an alibi that he had been at an art gallery, in attendance along with colleagues from the university. Those colleagues were the ones that were able to confirm his innocence. In that story, there is the happy ending that he was not the Nazi that so many had assumed he was due to the doxxing that had first occurred. But not all the stories involving doxxing have such happy endings.



There is an imageboard to be found on the internet called 4chan, one that has previously organized their own protests and demonstrations against different institutions. Similarly to the popular website Reddit, 4chan hosts different boards that offer discussion and content related to numerous themes.

The founder, Christopher Poole, brought the website online back in 2003 and served as administrator for over a decade, finally resigning from that position in 2015. By that time, 4chan was visited over one million times a day. The number of views in a month when Poole left 4chan came to over six hundred million.

However, there is a noteworthy difference between 4chan and most other social media like Reddit, and it is that you can post anonymously on 4chan. There are no accounts to be registered, or usernames to refer to. You aren’t even able to send private messages from one user to another.

That difference might seem small and insignificant, but it results in a website where anything can be said or shared without repercussions. 4chan might be the internet’s top example of how differently people act when you give them complete anonymity.


From an outside perspective looking inwards, 4chan resembles just another messageboard one might expect to find online. Safe as it might seem, the story of Jessi Slaughter (or, as her YouTube name, KerliGirl13) shows what hides under the surface of 4chan’s imageboard.

Jessi was mocked relentlessly on the website, with links to her YouTube channel being shared and users posting insults and put-downs. It escalated from that, tragically, when a 4chan user found her information and doxxed her on the site.

Eventually, she uploaded a video to YouTube where she cried about her constant harassment and her father even shouted at her webcam, directing his words at her anonymous menaces. Less than a month after the video went live on YouTube, more than one million people had watched it, and that caused Jessi Slaughter to become one of the more infamous cases of both doxxing and cyberbullying in internet history to date.


You might think that, based on what we have discussed, doxxing is reserved only for those that do something to theoretically “deserve it”, but nothing could be further from the observable truth. In a world where nothing is hidden if you are skilled enough to unveil it, anybody can have their data shown for all to see.

Celebrities and public figures are no exception and the list of the famous victims of doxxing efforts includes Britney Spears, Al Gore, Beyonce, Hilary Clinton, Joe Biden, Michelle Obama, Sarah Palin, Robert Mueller, and Paris Hilton amongst others.


Let’s look into several ways to ensure your own safety against a potential doxxing of your information online, one method at a time.


There are multiple companies that offer a Virtual Private Network (usually called a VPN, for short). Essentially, a VPN service conceals your IP address from the rest of the internet, hiding your identity effectively. While there are both paid VPN services as well as free ones available, the paid ones offer much higher functions such as being able to route your IP address worldwide, through your choice of country or location.

Having a VPN active on your devices ensures your privacy against would-be hackers waiting online. Most monthly subscriptions to VPN services cost an average of around five dollars a month to use.


Instead of having just a junk mail folder, have a whole junk mail e-mail account. With that, you can control which businesses and websites have your real e-mail address and which don’t. Register for websites you are unsure about with your second e-mail so you aren’t revealing your first. Your real e-mail address won’t be filled with as much clutter afterwards either.


When someone registers a domain name (meaning when they start a website), all the information they provided in order to register it is widely available in the WHOIS database found online. The domain provider (or broker) maintains a copy of these records but also provides it to WHOIS, where it is obtainable by others.

If you are looking into different domain providers, many will offer an option to conceal your information from the WHOIS website, but for an additional fee attached.



Before websites like Facebook took over the internet as we know it today, most folks didn’t concern themselves thinking about how private their personal information was. Due to that indifference, it was normal to post about private matters as if you were speaking directly to a trusted family member or confidante. Find the security settings for each account you have registered at any social media platform, and check to see what is being shown to everybody, possibly without your knowledge.

For example, if you own a Twitter account, did you know that by default their profiles are set to be shown publicly unless you tell them otherwise? Many social media platforms, including LinkedIn and Facebook, offer options to avoid revealing too much to too many.

Consider talking to friends and family about them not ‘tagging’ you in social media pictures on their own accounts, and to remove tags mentioning you already posted. If you receive a Friend Request from someone you don’t know, it is wise in our world today to consider them a stranger and not accept it. In addition to that, avoid posting too many photos of yourself and your own friends or family, and limited details about your place of employment or the school your children attend. All of that will help assure your safety online.


Although widely used, communication by e-mail is very unsafe from a privacy perspective. Basically, practically all e-mail services encrypt the e-mails to keep their contents safe during their delivery but otherwise, e-mails you have in your inbox or other folders are likely not.

To stay safe in regards to your e-mail account, look into encryption services offered by outside companies that are designed to be integrated into your existing account.


Researching different options for password management online can be a valuable use of your time. You can find apps that manage passwords offering both free and paid services, so you have plenty of opportunities to find one that suits your privacy needs best for you with features fit for your needs.



One of the elements making the access and sharing of the personal data of people so much simpler than ever before are data brokers. These are individuals actively working to find as much out on as many people using the internet and social media as they possibly can.

Following that, they find “boxes” they can put people into to group them together according to some shared factor, so they can sell those “boxes” to companies and corporations that might benefit from marketing their goods or services to you.

What would a data broker be looking for? Well, your internet browser and purchasing histories, for one. Besides that, they specifically seek out social media profiles, credit information, as well as any government or hospital records they are able to find.

If you’ve been on the internet much at all (and who hasn’t?), everything from your name and birthdate all the way to your Social Security number and all the addresses you’ve ever lived is likely already being sold to a company so they can sell to you better. And they are being sold by data brokers such as Spokeo, which you can visit online for yourself.

For now, operating as a data broker is still within the law’s limitations, but there is increasing regulation since 2018 on their industry to restrict what they are able to access and how.


There is a bill set forth by the European Union called the GDPR (the General Data-Protection Regulation) which is the measurement by which other nations worldwide are regulating data brokers. It requires that a set list of criteria be satisfied before a data broker can be said to be operating legally. As useful as such an act was, these data brokers still try to make nonsensical arguments for how their research fits within the legal limits.

If you’re looking to limit the amount of data available about yourself online currently, we suggest visiting websites like, which finds everything it can the same way a data broker would but removes it instead.



Maybe you’ve played a prank on someone before, most of us have played pranks on someone at one time in our childhood or another, or had ones played on us. The classic prank we’ve all heard about is calling in an order of a ridiculous number of pizzas for delivery to someone else’s house, leaving them to sort it all out for themselves once the delivery driver arrives there.

In the worst-case scenario, such a prank would only result in the target being expected to pay for the pizza if he or she wasn’t able to talk themselves out of it. But there’s a modern version of that popular prank now that is more detrimental by far, and it is known as “swatting”.

When someone is “swatted”, that means that the prankster calls the police claiming to be the target, and tells them that he has an explosive he intends to detonate somewhere locally, or that he is about to execute a mass shooting. The desired outcome being that the victim has a SWAT team arrive and overtake their home aggressively.

It is easy to see based on everything stated here why doxxing brought about the ‘prank’ of swatting. Without one, the other wouldn’t exist at all. Tragically, some of these SWAT scenarios haven’t just caused alarm or terror, but the actual deaths of the victims as a result.

Even well-known and beloved actors and actresses have experienced these new trends, some examples being Miley Cyrus, Ashton Kutcher, Tom Cruise, and even singer Taylor Swift.