Preventing and Responding to Doxing
What is Doxing?
Doxing (or doxxing) is a dangerous form of intimidation involving the collection and public distribution of private and sensitive personal information online. Perpetrators often gather this information from various sources, including social media, public databases, and compromised accounts. Once exposed, this information can lead to harassment, identity theft, and other forms of cyberattacks.
While doxing is a form of online harassment, it poses a significant threat to privacy and security and can have real-world consequences that can even affect your physical safety and well-being. In an effort to support the campus community, ITS recommends the following practices to prevent and respond to doxing.
Protective Measures Against Doxing
While doxing can happen to anyone, the following practices can reduce the risk that you will be doxed:
- Share carefully on your social media platforms and adjust your settings:
- Ensure that your profiles, usernames/handles are kept private.
- Remove any addresses, places of work, and specific locations from your accounts.
- Refrain from sharing images or videos that inadvertently expose your location or personal details.
- Set your posts to “friends only."
- Avoid discussing personal information that could be used against you, as well as anything that can identify your address, workplace or contact information.
- Secure your network. Use eduroam for secure wireless access on campus and the campus virtual private network (VPN) whenever you use public wireless.
- Avoid geotagging, which attaches location data to photos or posts shared on social media. You can disable automatic geotagging features on your devices and social media platforms.
- Use strong passwords and Multi-factor authentication (MFA).
- Beware of unsolicited requests for personal information or attempts to extract sensitive data through phishing emails, messages, or suspicious websites. Verify the legitimacy of requests before sharing any details.
- Remove personal information from the Internet with a paid service. UCSC faculty can utilize the COR Faculty Allowance (CFA) designed to support faculty in purchasing such services.
Responding to Doxing
If you find yourself the victim of a doxing event, take the following proactive actions:
Request to Remove False, Abusive, or Threatening Content
- Consider submitting a takedown request to the platform or website, in accordance with rules and requirements. Resources for removing your online information.
Document What’s Happening
- Preserve communication: Save any emails, voicemails, text messages, or mail that you receive.
- Capture online content: Take screenshots or photos of content that could be deleted, such as social media posts or comments on posts.
- Seek support: If you feel that rereading the offensive content could be upsetting, consider asking a friend or relative to assist.
Report the Incident
- Contact the UC Santa Cruz Police Department immediately if your physical safety is threatened or if you feel a crime has been committed.
- Contact the UC Santa Cruz Privacy Office if the information exposed is FERPA protected student data, Personally Identifiable Information (PII), and/or information pertaining to physical or mental health conditions.
- Complete the Security Incident Report form if the incident involves unauthorized access to UC Santa Cruz accounts, electronic devices, the campus network, or other information technology resources.
- Complete the UC Santa Cruz Bias Response form if the doxing event involves hate speech, abusive or threatening speech, or writing that expresses prejudice on the basis of ethnicity, religion, sexual orientation.
- Contact the ITS Support Center.
Additional Resources
Helpful resources for removing your online information for everyone.
For UCSC Students
- Contact UC Santa Cruz Counseling Services if you are experiencing a wellness challenge due to a doxing event.
For UCSC Employees
- Seek counseling and support through the Employee Assistance Program.
For UCSC Faculty