2. Doxxing & Cyberbullying
Defining the Problem
Researchers working open may lack sufficient understanding of digital safety. This lack of understanding may result in withdrawing from open work due to fears of being doxxed or being trolled online. For the purposes of this chapter, we use femtechnet’s definitions of doxxing and cyberbullying. Doxxing is the act of publishing someone’s personal information, for which there would normally be a reasonable expectation of privacy and which has dubious value to the conversation, in a place or way that implies or encourages intimidation or threats. Cyberbullying is defined as “bullying that is conducted in an online setting.” This can be done by sending harassing messages to the victim, blackmailing the victim, spreading rumors about or shaming the victim using social media, or manipulating the victim using fake profiles or social media accounts.
The goal of this chapter is to take a close examination of the process and impacts of cyberbullying and doxxing of researchers and to offer some tips and tools to help mitigate risk.
Case Study 1: Undoxxable
Alison Macrina is the founder of the Library Freedom Project where she offers regular trainings on topics related to digital safety and online privacy and security.
Alison was at her computer when she saw an email come in. Strangely enough, it was from an anonymous person, and its subject line caught her attention: I want to warn you of a possible harassment campaign forming against you.
She opened the email and saw that its body was almost as long as its title:
“On the /pol/ section of the image board 8chan fascists have been talking about you.”
There were also two links to “/pol/” for Alison to follow, but she did not click them immediately. She made sure to open a Tor browser in order to get to them, and once on these boards, she saw that everything had started because someone had seen a picture of her on Twitter participating in a protest event. One person took that picture and put a target over her face. Other people proclaimed they were trying to access her private online information while others egged them on, intent on causing her harm.
“You’re all just pussies. If you were good at doing something, you would follow her. Kick her. Set her on fire,” someone said.
Over the next week, Alison kept an eye on the /pol/ thread but saw that the people involved made little progress in stealing her information in order to “dox” her.
Before all this, Alison had led many trainings that focused on anti-doxing, so she had thought
carefully about her “threat model,” her strategy for protecting her privacy and security online. She had painstakingly looked up her information in data brokers and had either requested to have that information removed or substituted what they had with something false and misleading. She had also set up two-factor authentication on many of her online accounts and kept her passwords in LastPass, which she had signed up for with a secure password by using the “diceware method.” Over the years, Alison had cultivated what she describes as an “adversarial mindset” about the internet--she doesn’t have a presence on Facebook, and she carefully considers whether photos she posts on Twitter contain identifying details.
Even though Alison had taught these practices--and even though she felt confident employing them--she still wasn’t prepared for how sickening it was to see people working in such a concerted, malicious way to hurt her.
After that week, these people became bored, and they eventually gave up on their doxing and moved along to a new, easier target.
- Alison took some significant steps to reign in her digital footprint. How do you feel about the balance between being connected online vs. protecting your digital safety? How much risk is within your comfort zone?
- If you feel like this threat doesn’t apply to you, what can you do to support people who are vulnerable? Is there a way to create support networks for researchers who have been doxxed?
- Based on Alison’s story, what steps would you take to mitigate your own risk of being doxxed?
Highlighted Tools and Practices
In Alison’s story, she mentions several tools and practices that she employed to protect her privacy and security online. These tools and practices made her hard to dox, and ultimately led the doxxers from 8chan to give up and move on to other targets. Read this section to learn more about four highlighted tools and practices: using the Tor browser, removing information from data brokers, securing passwords, and maintaining an “adversarial mindset” about the internet. How and when you use these tools and practices depends on what level of risk you have personally decided is acceptable given your work, your identity, and your tolerance level for danger. This is also a process and you can gradually increase your use of privacy and security tools.
- Adversarial mindset
Having an adversarial mindset about the internet means researching different website and online services, and deciding which may put you at what you decide is an unacceptable level of risk. For Alison, this means not using Facebook and carefully considering what information she posts on other sites. Consider that personally compromising information can be extracted from even innocuous-seeming images. For example, Alison told us that the doxxers from 8chan used a picture she posted that showed bridge near her house, with graffiti, to identify her location.
- The Electronic Freedom Foundation provides this threat modeling exercise, which you can use to think further about having an adversarial mindset with the internet.
- Data brokers
- Securing passwords
- Two-factor authentication
- Diceware method
Sample syllabi, lesson plans, or assignments
Let us know if you would like to submit a syllabi, lesson plan, or assignment!
- Squadbox (in development)
- Threat Modeling
- Preventing Doxxing by Feminist Frequency
- Preparing for and Responding to Online Harassment by Pen America
- Protecting Information from Doxxing by Pen America
- Establishing Supportive Cyber Communities by Pen America