67
TechnologyHow to Avoid Being Doxxed
In accordance with the rules of this site I've had to edit pieces to make it usable as per the rules. This content is in my mind completely in line with this as it shows how the process is done from an attack perspective and what you can do as an ordinary user to avoid this.
The full unedited post is currently on Spinster with more information related to the tools used to dox, I feel as though this is worth mentioning as it is easier to combat something when you know the capabilities of the attackers tools.
https://spinster.xyz/@error/posts/A2sjnAZgcRss9XCr8i
"No posting personal information (doxing) It is prohibited to expose a person’s personal information when that information should reasonably be considered private.
This includes exposing the name of a person who was using an alias or username when they didn’t expose the connection between their real name and alias publicly themselves. It also includes exposing the general location, address, phone number, familial information, or place of employment of a person if that information is not clearly public information.
Screenshots from social media sites should have people’s actual full names blacked-out so they cannot be identified, unless those people are public figures or are speaking in a professional capacity. Twitter users with “verified” accounts also don’t need to have their names concealed. Usernames do not need to be concealed."
Tools (Most will be related to the US and CA due to less than adequate protections of personal information with future posts relating to other regions in the future)
For names, emails, phone numbers, addresses: https://www.truepeoplesearch.com/ https://www.fastpeoplesearch.com/ https://www.zabasearch.com/
Phone number check: https://www.spydialer.com/ (best) https://calleridtest.com/ https://opencnam.com/
Check if a username is used across multiple platforms: https://www.namechk.com/
For info on Twitter profiles: https://tinfoleak.com/
For vehicle information: https://www.progressive.com/auto/
For Drivers License for certain States (US) https://highprogrammer.com/cgi-bin/uniqueid/dl_il
If you have the license plate number there are sites that will give you a free VIN lookup.
Google Dorks (advanced search queries) Intext: Inbody: Intitle: Site: Filetype: Use '''' for more precise results.
Utilize Public Records like: https://public.courts.in.gov/mycase/#/vw/Search https://gateway.ifionline.org/report_builder/Default2.aspx?rttType-employComp
Crime watch mapping can be used to see who lives in a house and the houses around them.
Don't forget to check voter registration status to a county which can reveal a middle name which can reveal other information you will need name, DOB, and sometimes address.
For images Tineye and google reverse image search
For image metadata: http://metapicz.com
Mitigation:
DO NOT USE YOUR REAL NAME USE AN ALIAS
Look into services and tools that are build with the intention of protecting your privacy this can be an email provider, a notes app (NOTES APPS DO LEAK DATA) or even your internet service provider but that will be covered in a more advanced post later. Clearnet site: https://privacytools.io
Onion site: http://privacy2zbidut4m4jyj3ksdqidzkw3uoip2vhvhbvwxbqux5xy5obyd.onion
DO NOT CLICK RANDOM LINKS OR OPEN RANDOM FILES instead use a virtual machine or sandbox to isolate any potential nasty crapware that may try to grab information from your machine.
https://firejailtools.wordpress.com/downloads/
Take a look at the information that is already publicly available about you online utilizing the tools above.
Identify who you can trust with your secrets. Correct answer is no one.
If you have to communicate with another party or associates make sure to use encryption prefferably end to end but in the absense of this PGP will work
https://privacytools.io/software/real-time-communication/
Read up on the policies your online accounts have, your favorite service may have willingly given up your information
Minimizing Your Publicly Available Data using services like White Pages, Instant Check Mate, Acxiom, Intelius, and Spokeo
Check how “fingerprintable” your browser is with the EFFs cover your tracks tool
https://coveryourtracks.eff.org/
Protect your accounts using a password manager and a strong passphrase NOT PASSWORD and most importantly 2FA or two factor authentication DO NOT RELY ON SMS.
https://privacytools.io/software/passwords/
Make an incident response plan. Decide which accounts to lock or temporarily deactivate if you’re being doxxed. Have a spreadsheet template handy to record incidents as they happen or be edgy like me and make sure everything about your online activities is anmesiac (advanced stuff coming soon)
Clean your metadata using one of these tools
https://apps.apple.com/us/app/exif-metadata/id1455197364
https://f-droid.org/en/packages/com.jarsilio.android.scrambledeggsif/
Have multiple identities compartmentalized from each other, that way if one is burned or attacked it can be quickly forgotten without leading back to you or your other accounts. Plus it is fun to misdirect attackers XD.
Hide your personal data from a website’s WHOIS. Owning a blog or website requires that you register the Internet domain with some personal information. This information is then stored in a database called WHOIS.
The problem is that this database is public, meaning everyone can see the information used to register a website, including addresses, phone numbers and so on. Below you can find the WHOIS information for facebook.com:
However, by paying a small fee, you can hide some of your personal information from the public search.
To edit your information, simply go to your domain registrar and see what options they provide for you to make your WHOIS information private.
And finally know your rights and governing laws applicable to you.
For those of you that are better at watching videos or want a medium of information that is pausable this video should prove insightful.