If you post pictures on Instagram, you are helping doxxers find you. Though this may sound like a small exaggeration, I assure you it is not. Even Whatsapp is not truly safe from doxxers, with photos as statuses and profile pictures. But to understand how these pictures helps doxxers, you need to think like one of them. As a grey-hat social engineer myself, I would like to tell you how to doxx and how this can help keep you safe.
A case of not-really doxxing
Imagine the following scenario: you watch a youtuber vlogging her daily life as an entrepeneur in New York City and everything seems perfectly truthful by the standards of vlogging. Nice activities and a nice rented office space, which she shows the the street of and it looks gorgeous. A neighbourhood of old brownstone houses and she says that she works in one of them. But one day you notice something: parts of her office space don’t match up with the office building she said rents a spot in. They are too new, as if she works in an office built less than one year ago. It does not look like amu house on the old city street she showed on camera. You start to notice more inconsistencies and try to look for her actual office building. It turns out easier than expected because you follow the clues, it takes you only eight hours and you find the building. You could easily tell fans where she works and shatter her illusion of privacy.
But it was never your intention to doxx her, you do it for the sport of finding information and the added good deed warning the people involved that their information is at risk. So you send her an email and tell her what you found out, how to find get that information and how to stop other people from using your method. Though you never hear back from her, that is to be expected. You told her that you do not want anything from her and that she will not hear from you again. Or maybe it got into the spam folder and was never read. It does not matter, you warned her about the risk and you promised: you will never give other people the information you found.
How not to get doxxed
Though the story in the previous paragraph might seem farfetched, I am the one who found out that information and warned the youtuber in question. All identifiable information in the case above has been changed or removed as I learned to do in my anthropology courses, so that I can share it in anonymous form as an example.
Though in the case above there were many clues leading to locating her office building, one Instagram post can reveal the neighbourhood of your new home on the day of your moving in. If you were to post a picture in a cafe and said you found a great place next door after moving, a mere logo of the cafe on a glass or menu would give away “the great place next door”. And then anyone who sees the post could look up which neighbourhood you live in. Or you could give away a clue on your whatsapp status update or profile picture.
So how do you ensure you do not get doxxed? Do you stop posting online entirely? Do you only post for people you know? These are quite the restrictive measures. My answer is to learn doxxing. Because what helps me in keeping my info safe, is that I know how to doxx and thus I can recognize clues others can pick up on. Sometimes I can even help other people. Of course, if you post 50 vlogs a year, there is a higher risk for giving clues if people cross reference. But it still is a good practice to just think of the clues we give,. So the next time you post, think like a doxxer and keep yourself safe.
Recent Comments