Anti-Doxxing Field Guide: How to Protect Your Identity Before You Become a Target

You don't have to be famous to get doxxed. Researchers, journalists, activists, gamers, and ordinary people become targets every day. This guide covers practical steps to reduce your digital footprint and protect your personal information before someone decides to expose it.

Understanding the Threat

Doxxing—the practice of researching and publicly releasing someone's private information—has become a weapon of choice for online harassers. Once your data is out there, it's nearly impossible to remove. The key is prevention.

What Doxxers Look For

• Full legal name and any aliases
• Home address (current and previous)
• Phone numbers (personal, work, family)
• Email addresses
• Workplace information
• Family members' identities
• Social media accounts
• Photos (for facial recognition and location metadata)
• Vehicle information
• Financial records

Phase 1: Audit Your Digital Footprint

Google Yourself

Start by searching for your own information the way an attacker would:

1. Search your full name in quotes: "John Michael Smith"
2. Search your name + city: "John Smith" Chicago
3. Search your email addresses
4. Search your usernames across platforms
5. Search your phone number
6. Use Google Images reverse search on your profile photos

Check Data Broker Sites

Your information is likely already for sale. Check these sites and request removal:

• Spokeo – spokeo.com/optout
• WhitePages – whitepages.com/suppression-requests
• BeenVerified – beenverified.com/f/optout/search
• Intelius – intelius.com/opt-out
• PeopleFinder – peoplefinder.com/optout.php
• TruePeopleSearch – truepeoplesearch.com/removal
• FastPeopleSearch – fastpeoplesearch.com/removal

Note: Opt-out requests can take 2-4 weeks. You'll need to repeat this process periodically as your data gets re-added from public records.

Phase 2: Lock Down Social Media

Privacy Settings Checklist

Facebook:

• Set profile to Friends Only
• Disable "Public search results"
• Remove phone number and address
• Disable facial recognition tagging
• Review all tagged photos and posts
• Limit who can see your friends list

Instagram:

• Switch to Private account
• Disable "Activity Status"
• Remove location tags from existing posts
• Don't link to other social accounts

Twitter/X:

• Remove location from profile
• Disable "Discoverability" by phone/email
• Consider using a pseudonym
• Don't tweet photos with location metadata

LinkedIn:

• Limit profile visibility to connections
• Hide your connections list
• Use generic job titles if possible
• Disable "Profile viewing options"

Username Hygiene

• Never reuse usernames across platforms—this links your accounts
• Use different email addresses for different purposes
• Consider using a password manager to generate random usernames

Phase 3: Protect Your Physical Location

Address Privacy

• Use a PO Box or mail forwarding service for deliveries
• Register vehicles to an LLC if your state allows it
• Use a virtual mailbox service (Traveling Mailbox, Earth Class Mail) for a different state address
• Remove your address from voter registration if your state allows confidential registration

Photo Metadata

Photos taken with smartphones contain EXIF data including GPS coordinates. Before posting any photo:

1. Strip metadata using tools like ExifTool or ImageOptim
2. Enable "Remove location data" in your phone's camera settings
3. Be aware of background details that reveal location (street signs, landmarks, mail)

Phase 4: Communication Security

Email Strategy

• Primary email: Never shared publicly, used only for banking/critical accounts
• Secondary email: For subscriptions and services
• Burner email: For one-time signups (use SimpleLogin, AnonAddy, or Firefox Relay)

Phone Number Protection

• Get a VoIP number (Google Voice, MySudo, Hushed) for public use
• Never give your real number to websites or services that don't require it
• Use the VoIP number for two-factor authentication when possible

Phase 5: Ongoing Maintenance

Set Up Alerts

• Google Alerts for your name, address, and phone number
• Have I Been Pwned alerts for email addresses
• Credit monitoring for financial identity theft

Regular Audits

Schedule quarterly reviews:

1. Re-check data broker sites (your info gets re-added)
2. Review social media privacy settings (platforms change defaults)
3. Audit account recovery options (old phone numbers, emails)
4. Check for new accounts using your information

If You're Already Being Targeted

If you discover you're being doxxed:

1. Document everything—screenshots with timestamps
2. Report to platforms—most have policies against doxxing
3. Contact local police—file a report even if they can't act immediately
4. Alert family members—they may be contacted or targeted
5. Notify your employer—prevent social engineering attacks
6. Consider legal action—consult an attorney about harassment laws in your jurisdiction

Tools and Resources

• DeleteMe – Paid service that handles data broker removal
• Privacy Duck – Opt-out guides and monitoring
• Jumbo Privacy – App that automates privacy settings
• EFF's Surveillance Self-Defense – ssd.eff.org
• Access Now Digital Security Helpline – For activists and journalists

This advisory is provided for defensive security purposes. The goal is to help individuals protect their privacy and safety in an increasingly connected world.