What is Doxxing?

Doxxing is the weaponization of personal information: the deliberate publication of someone's real-world identity, location, or contacts in order to expose them to harassment, intimidation, or physical harm. It sits at the intersection of privacy, free expression, and safety.

It is also one of the few categories of user-generated content that nearly every major platform treats as an immediate, non-negotiable takedown offense regardless of the target's public profile.

Etymology and categories

The term comes from "dropping dox," 1990s hacker slang where "dox" was shorthand for "documents." Originally it described rival crews publishing each other's real names to break anonymity. Today it covers a much wider range of disclosures.

• Identity revelation: tying a pseudonymous account to a real legal name.
• Address sharing: publishing a home or family address, often a precursor to swatting or stalking.
• Employer contact: posting workplace details to drive harassment campaigns at the target's job.
• Document leaks: passports, driver's licenses, medical records, and financial documents.
• Synthetic doxxing: AI-generated deepfakes and non-consensual intimate imagery paired with real identifying data.

Real-world harms

Doxxing is rarely the final act. It is a staging step for something worse.

Swatting, calling armed police to a target's home under a false pretext, has produced multiple fatalities in the United States, most notably the 2017 killing of Andrew Finch in Wichita. The Gamergate harassment campaign that began in 2014 normalized doxxing as a mob tactic against women in the games industry and is still the reference case for coordinated online harassment.

Documented consequences include stalking, job loss, forced relocation, family threats, and, in extreme cases, suicide. Journalists, activists, abortion providers, election officials, and domestic abuse survivors face disproportionate risk.

Legal landscape

There is no single federal anti-doxxing statute in the United States, although doxxing can be prosecuted under laws covering stalking, cyberstalking (18 U.S.C. 2261A), interstate threats, and computer misuse. State coverage is patchwork. California, Illinois, Maryland, Nevada, New Jersey, Oregon, and Washington have passed targeted doxxing or personal-information laws, many enacted after 2020.

In the European Union, unauthorized publication of personal data is governed by the GDPR, and supervisory authorities have treated doxxing as an unlawful processing violation with enforcement weight. Japan amended its Penal Code in 2022 to raise penalties for online insults following the suicide of reality television star Hana Kimura, and South Korea operates some of the strictest real-name and anti-harassment frameworks in the world.

Detection and moderation

Stopping doxxing at scale is a PII problem. Effective moderation stacks combine named-entity recognition for names, addresses, phone numbers, and government ID formats with contextual classifiers that distinguish self-disclosure, journalism, and consensual public figures from targeted exposure. Image models scan for screenshots of documents, license plates, and geolocated selfies.

These PII classifiers are typically paired with behavioral signals (sudden pile-ons, brigading patterns, cross-platform coordination) to catch doxxing attempts before the target is notified, because once personal data is indexed by search engines and mirrored on archive sites, takedown becomes nearly impossible.

The problem overlaps closely with non-consensual intimate imagery and grooming workflows, and mature trust and safety teams treat all three as a single rapid-response category with victim-first escalation paths.