Crash Override: a guide for handling a doxing

In online jargon, it's called "doxing": posting personal information about someone online, such as their name, photos and home addresses. Victims can expect death threats, harassing phone calls, and online sabotage. Harassers also use information posted online to send police officers pounding on your door, by reporting a fake threat - a practice known as "swatting". This week a new support network launched, for people who have been doxed or swatted. It's called the Crash Override Network.  Brent spoke with its co-creator, Zoe Quinn. Quinn is a game developer and the primary target in the fierce online dispute known as "Gamergate."  

Is there anything you can do to prevent doxing, to make yourself less doxable?

Sure. A good preventative step is to, if you run a website, make sure you're not putting your personal information out there via Whois. Almost all registrars and domain names have some sort of privacy service that you can choose when registering. Some won't let you do it, but usually they'll charge a fee and you can Google for a coupon code to make it cheaper and easier if that's an issue. 

Beyond that, third-party information brokers, like Spokeo, might have your information hosted without you even noticing or knowing about it, or even consenting to it. So it's important to find lists of third party information sites like that and find their opt-out policies. Sometimes they can be quite restrictive, like requiring you to fax a copy of your ID to them to verify your identity. Some of them don't have opt-out procedures at all, it's actually quite difficult because it's a new area of regulation and it hasn't been properly dealt with.

Beyond that, just make sure you've general good safety protocols, like not posting your information blatantly. If you're worried about being targeted, lock down your social media to only people that you know, don't just add people. Basic advice of just not putting stuff out there that you don't need to. 

Once you've been doxed, and all of your personal information has been released online, what's the first thing you should do? 

I think the first thing you should do is make sure all of your passwords are secure and you make two-factor authentication enabled, because usually doxing just means that they're really trying to find every avenue that they can to try and make your life hard.  It's good to make sure that you're using different passwords for everything, that you've got two-factor authentication on all sites that will let you do it. If you Google two-factor authentication, there's a site that shows you a list and gives you good links, it's pretty fantastic. 

Another thing you should do is let friends and family know, because it's likely that if you're being targeted it's likely that they'll look into who you're friends with on social media and who your family is. If you have privacy settings on Facebook that show where you've worked or who you're friends with, people can use that to try and social engineer more data to dig up on you. The good thing is to go private on social networks, at least until you can start basically doing triage and start getting some of the control back.