Posted on July 1, 2021 in Cyber Security

Avoiding Doxxing


On TikTok, posting personal details and Facebook profiles of feuding personalities is becoming normal, frighteningly fast. Doxxing is becoming a real problem. How do you avoid it?


Don’t use the same username for every website.


When every website you go to uses xXxCatLover93xXx as your handle, eventually, people are going to start searching for that name. Maybe you got into an argument over whether Ragamuffins are better than Ragdoll cats – and now someone is googling your username to see what other wrong opinions you have. If your TikTok account had that username and a real picture of you, then they know what you look like. If you posted that same picture to Facebook once you migrated from MySpace, and they reverse-image search, suddenly they’ve stumbled upon your profile. Use different usernames! Don’t link anonymous and non-anonymous accounts with the same username, that defeats the purpose!  

Additionally, under those usernames, it’s a good idea to regularly purge your post history or delete the account, particularly for sites like Reddit where post history is public. People reveal more than they think they do in comments, especially if they don’t realize something’s a local landmark. Citing a particular statue or feature of a town may be just familiar enough for someone to recognize it. They then know you’re there, and by scrolling down the post history, they may be able to identify you.

Not everyone is malicious, and if people identify that you live in their town, it’s probably not going to lead to someone murdering you (although cases like that exist!). It’s just uncomfortable to spill secrets to strangers who may or may not be able to recognize you IRL. The bigger concern should be people you don’t like identifying you and learning more about you via that profile’s history!


Don’t Post Details (or post them ‘wrong’)


Birthdate, gender, and zipcode can narrow your exact identity down to one or two people within that zipcode. With your name or initials, bingo! You’re the only one who matches! Now, other people may be able to identify that you only have one dog, one roommate, and no security door via information you’ve posted in the past.

How do you prevent that? Don’t post any of those details. Post them wrong if someone asks – flip numbers around in the zipcode, and birthday. Insinuate you have several dogs. Flip your gender or refuse to disclose it. If someone is asking you for something as specific as your zipcode, you should read that as a red flag! City, state, whatever – that’s one thing. Zipcodes can get really specific, down to two or three neighborhoods. You may have overshared elsewhere, and the other side is one small step from being able to doxx you.


Non-Text Related – Don’t post your face or identifying locations


When I was growing up, it was suggested that you should never post your face online, as someone could find you off of that alone. In middle school, we were told a horror story of a little girl who went missing, because she was conversing with a ‘friend’ online. That friend was really a pedophile posing as another 10-year-old, and he asked her for a picture of herself, spotted her school’s logo on her backpack in the background of that picture, and then snatched her and murdered her based off of that. Information in the background is just as valuable as a face pic.

That still holds true! You shouldn’t post pictures of the outside of your house, because if Google Street View has seen it, it’s not impossible to reverse-search. If a malicious party knows you live in that state, then they may be able to narrow down your neighborhood just by building style. Your face, your school, your work – any unique building or feature could be used against you.

You also shouldn’t post pics of receipts, as store numbers contain a lot of information. When you do post pictures, black out information like time and place! It’s also a really good idea to check your phone’s settings. EXIF data is data the phone stores about the picture – things like time, date, and device specs are stored in each picture you take. If you don’t have it set to ‘off’, EXIF data also frequently has geotagging information attached to it. Turn that off in settings!


TikTok Crisis


TikTok is a terrifying place. Users regularly show their entire face, cons that they’ve attended, and personal stories with too much detail to their audience. Distinctive, unique tattoos get shown off to thousands of people, as well as the view from their front yard and what stores they can walk to. Some of the TikToks that came out of the pandemic were about remote learning, with the teacher visible on the screen. This is a problem because many schools post pics of their teachers on their staff page. Bad actors are using this to find the school to show them the TikTok and find the person who posted it.

The worst part? It doesn’t have to happen immediately. Kids posting a video of themselves violating school rules weeks later can still be found via that video further down in the feed. Ticked off a more anonymous user? You’ll never know how the school found out. Videos of dance trends that they wouldn’t want their parents seeing are getting sent to their parents based off of information gathered over weeks or months of posts. All of it’s online. Video is an incredibly information-rich format, and when each video is under a minute long, any one person could look through them all.

It’s no surprise people are getting their own details shoved in their face when they’re posting this much about themselves!

The easy solution? Just don’t. Don’t download the app, and don’t download videos. Of course, this isn’t going to happen, so the second-best option is to always film indoors away from windows, or in generic buildings like Targets or chain grocery stores. Don’t film yourself in a distinctive school uniform or in an identifying area of said school, because sometimes all it takes is specific colors. In Las Vegas, many of the school buildings look the same, but the colors are totally distinct to each school. Blue and orange belong to Bishop Gorman, so if a kid has posted about living in Vegas before, those colors narrow down their location dramatically.

Shia LeBeouf’s flag, and 9Gag’s ‘meme hieroglyph’


It’s dangerous to attract too much attention from certain forums. 4Chan in particular is notorious for finding the unfindable, triangulating exact locations based off of things like truck honks and light positioning. See the saga of Shia LeBeouf’s flag project, where the flag was found over and over until he was forced to put it in a featureless white room.

9Gag put a limestone pillar covered in ‘hieroglyphs’ (which were really just old memes carved into the surface) underground for future archeologists to find. 4Chan and other forums found it by cross-referencing information in the background (Spanish writing on a truck) with available limestone mines and open fields in Spanish-speaking countries and found its exact coordinates based off of that little information. They couldn’t do much about it, because it was a 24-ton piece of limestone, but they found it.




If you post things online, someone may be able to find you given time and determination. The best thing you can do to avoid that determination is fade into the background, as hard as you can, and don’t post crimes or social misconducts to TikTok or social media. Even if you’re not planning on committing crimes, you should set accounts to private, don’t overshare, and don’t do things that get you online attention for the wrong reasons. Once again, TikTok is terrifying because small accounts may think they’re only sharing with their friends, only to end up trending unintentionally!

Maskless groups of friends posting videos at the beginning of the pandemic were scolded for being maskless, and because interaction makes videos more likely to appear on the ‘For You’ page, those maskless videos were getting thousands of people’s worth of harassment. Post something dumb? Algorithm catches it juuuust right? Previously anonymous posts then get a glance from hundreds to thousands of people! Suddenly, it matters a lot if you’ve ever posted videos that looked bad with no context.


And More Crimes


If you’ve seen posts that said “help me find her!” with some sob story about a missed connection, this is one way of finding people who don’t necessarily want to be found. Sure, it might be legit. It might also be a particularly clever stalker using a sad story about ‘I was out of swipes on Tinder!’ to get unsuspecting ‘good Samaritans’ to help him chase some woman’s Facebook profile down. Missed Connections on Craigslist is one thing – that’s pretty anonymous. Posting a missed connection to thousands of people on Reddit or TikTok is an entirely different thing. It’s effectively setting a mob after that person to get them to respond to the poster. The same goes for Missing Persons posts – if the number is anything but a police department’s number, you should be wary of trying to help.