The Future of Doxing in a World of Facial Recognition

Share this article

A cartoon of facial recognition on people walking down a street
A cartoon of facial recognition on people walking down a street
Doxing (also known as doxxing – a term inspired by the word documents), is commonly a first-stage tactic mobs of people (and individuals) use to intimidate and scare people by digging up personal information across the web. It’s best described as a form of digital stalking where one person researches personally identifiable information about another and then broadcasts the information across the web. Doxers don’t need to be private investigators. In most cases the tools of the trade include Google, social networking sites, reverse phone number queries, and domain WHOIS searches. It’s one of the most brutal types of identity theft and harassment on the web, yet it’s also one of the simplest to perform. Before we go on, let’s briefly touch on those different avenues and how they contribute to the threat:
  • WHOIS information: The information you use to register a domain name. It originally started out in the early days of the web as a way for webmasters to contact each other. Today however, it’s one of the first ways people are able to find addresses and phone numbers.
  • Social Networks: If you’ve ever posted photos of where you lived, addresses, or general sensitive information online – these can all be used against you in a doxing attack.
  • Third-party brokers: These databases typically contain information from courts, driving records, voter registrations, census statistics, utility companies, and more.
Doxing isn’t just a threat for celebrities and people in the public domain. Hactivism group Anonymous has been in the news quite a few times for releasing information on law enforcement agents, KKK members, and other people who didn’t necessarily agree with the mob’s views.  Anonymous isn’t the only group behind these attacks however. There also was the Ashley Madison hack, among many other data breaches, and more recently the intentional OkCupid data leak hit the headlines. Whether you know it or not, your information is out there and the threat is only getting worse.

Shazam for People

Emerging technologies like facial recognition continue to increase the number of tools doxers have in their grasp. One example of the sorts of emerging services doxing has already begun to take advantage of is a new website called FindFace. FindFace enables anyone to take virtually any photo of a person and match it to their profiles on Russian social network, VKontake. The service recently made the news because people were using photos from porn sites to find out their true identities. It turns out what originally was a proof of concept experiment, quickly got out of hand
and eventually resulted in extreme incidents of shaming and harassment. Although FindFace is currently limited to Russia, the technology probably is going to come to Facebook and other social networks fairly soon. Facebook has already researched similar technology and published papers on their systems’ inner workings. The system sports a database of over 4,000 identities built from four million facial images. By examining 120 million parameters across a nine level deep network, the algorithm is able to identify faces with a 97.35% accuracy. This has sparked such a concern that the State of Illinois recently filed a lawsuit against Facebook on the grounds of violating a biometric privacy law. The privacy conscious European Union also has been fighting the technology since around 2011.

Protecting Yourself from Doxing

Short of deleting all your profiles on the web and going off the grid, there’s a few relatively simple ways for you to make it harder for people to trace your identity.
  • In the case of WHOIS information,  you cannot legally provide false information on these records. However, you can purchase domain privacy services as a layer of protection.
  • Look into creating a Google Voice or other secondary phone number for public use
  • Use a PO box for domain registrations and general correspondence.
  • Review Facebook and social posts from years back for sensitive information which you have since forgotten about
  • Use this list of data brokers to opt out from their search services.
  • Google your name with and without quotes. Check to make sure you’ve cancelled any social accounts you no longer need.
  • Use a password manager such as LastPass so you can create hard to guess passwords for all your online accounts.

If You Are Doxed

If you happen to be the victim of doxing, there are a few steps you can take to mitigate the attack. Although the internet is filled with sites which call doxing a legal form of harassment, there are many laws on the books which provide some recourse for victims of these attacks. In general, doxing attacks are considered a type of threat, stalking, and harassment. If you find that you are the victim of doxing, you should reach out to the authorities in your region. Aside from reaching out to law enforcement, the Crash Override Network
is a crisis hotline, advocacy group, and resource center for people experiencing online abuse.

What the Future Has in Store

Although facial recognition is one of the more notable applications of these technologies, the FBI has been developing technology to identify individuals based on their tattoos. As the Electronic Frontier Foundation mentions, unlike facial recognition, tattoos often have deeper meanings. For example, they can reveal passions, ideologies, religious beliefs, and even social relationships. The EFF points out that profiling anyone based on their expression is a violation of the first amendment. All in all, there will definitely be more happening in the area of doxing as it continues to expand with emerging technology. We can only hope that emerging technology also is used for the opposite approach too – to defend against doxing, or at least reduce its effectiveness. Have you had any experiences in being doxed? Or know of any other emerging tech that’s being used in doxing? Share your knowledge in the comments below.

Frequently Asked Questions (FAQs) about Doxing and Facial Recognition

What is doxing and how is it related to facial recognition?

Doxing, short for “dropping documents,” is a form of online harassment where individuals’ personal and private information is revealed to the public, often without their consent. This can include their real name, home address, phone number, email address, or workplace. With the advent of facial recognition technology, doxing has taken a new turn. Now, a person’s face can be used to search for their information online, making it easier for doxers to find and expose their targets.

How does facial recognition technology work in doxing?

Facial recognition technology uses biometrics to map facial features from a photo or video. It then compares this information with a database of known faces to find a match. In the context of doxing, this technology can be used to identify individuals in photos or videos and link them to their online profiles or personal information.

What are the potential dangers of doxing?

The dangers of doxing are significant and can lead to serious consequences. It can result in identity theft, online harassment, stalking, and even physical harm. It can also lead to loss of privacy, as personal information once exposed cannot be taken back. In some cases, doxing can lead to job loss or damage to one’s professional reputation.

How can I protect myself from doxing?

Protecting yourself from doxing involves being cautious about the information you share online. This includes limiting the personal information you post on social media, using privacy settings to control who can see your posts, and being wary of unsolicited requests for information. It’s also important to regularly check your online presence to see what information about you is publicly available.

Is doxing illegal?

The legality of doxing varies by country and the specific circumstances. In some cases, doxing can be considered a form of harassment or stalking, both of which are illegal in many jurisdictions. However, the laws around doxing are complex and can be difficult to enforce, particularly when the doxing occurs across international borders.

How is facial recognition technology regulated?

The regulation of facial recognition technology is a complex and evolving issue. Some countries have strict laws governing its use, while others have few or no regulations. In general, there is a growing call for more oversight and regulation of this technology due to concerns about privacy and civil liberties.

Can facial recognition technology be misused?

Yes, like any technology, facial recognition can be misused. In the context of doxing, it can be used to identify and harass individuals. There are also concerns about its use by governments and corporations for surveillance and tracking, which can lead to violations of privacy and civil liberties.

What is the future of doxing in a world of facial recognition?

The future of doxing in a world of facial recognition is uncertain. On one hand, the technology could make doxing easier and more prevalent. On the other hand, increased awareness and regulation could help curb its misuse. Ultimately, the future will depend on how we manage and regulate this powerful technology.

How can facial recognition technology be used positively?

Despite its potential for misuse, facial recognition technology also has many positive applications. It can be used for security purposes, such as unlocking your phone or accessing secure areas. It can also be used in law enforcement to help identify suspects or find missing persons. In addition, it has potential uses in fields like healthcare and marketing.

What can be done to prevent the misuse of facial recognition technology?

Preventing the misuse of facial recognition technology requires a combination of regulation, education, and technological safeguards. This includes laws governing its use, public awareness campaigns about its potential for misuse, and built-in safeguards to prevent unauthorized access or use. It’s also important for individuals to be aware of their digital footprint and take steps to protect their personal information.

Charles CostaCharles Costa
View Author

Charles Costa is a content strategist and product marketer based out of Silicon Valley. Feel free to learn more at

doxingEmerging Techfacial recognitionpatrickcprivacysecurityweb security
Share this article
Read Next
Get the freshest news and resources for developers, designers and digital creators in your inbox each week
Loading form