A woman in mid-February reached out to the Mumbai Police through X (formerly Twitter) to report a man who had shared a video of her dancing at an event and compared her performance to sex work. The woman clarified that the video was re-posted without her consent and requested the man multiple times to take down the video, but he refused to do so. Many others began to share the video as well, and joined in to harass the woman, who locked her X account.

Though the video was later disabled by X on copyright grounds, the man – a verified X user with a blue tick – continued to defend the legality of his actions.

The act of digitally publicising a person’s private details is called doxxing, or doxing. Doxxers generally publicise highly personal data such as other people’s home addresses, phone numbers, private email IDs, medical conditions, government documents, social security numbers, live locations, insurance information, private employment details, etc. Such information is usually obtained through illegal methods such as hacking or theft.

However, publicising private or semi-public content that an individual did not intend to share for public consumption can also result in doxxing and harassment.

(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)

For example, an ordinary person smoking or sipping whiskey at a house party might consent to their video being shared on their friend’s Instagram account, but they may not want that same clip to be publicly re-posted on X or YouTube, with their employers tagged.

While the user who circulates an already public image or video may be legally in the clear, their intentions can be malicious and may endanger others.

“We also factor in the intent of the person sharing the information. For example, if we believe that someone is sharing information with an abusive intent, or to harass or encourage others to harass another person, we will take action,” stated X in its ‘Private information and media policy’ page.

Doxxing does not end with bringing the perpetrator to justice. These users often share details that easily allow others worldwide to launch their own attacks against the victim, making it harder for the police to take action against all those who are responsible.

Furthermore, doxxing is a direct attack on a person’s physical, digital, and emotional security. A person who has been doxxed may have to flee their physical location, remain calm for the sake of young family members, clarify the situation with their employers, secure their leaked finances, file a report with the police, upgrade their internet security, be on the lookout for stalkers, and deal with a barrage of violent threats – all at once. Doxxing can also expose the people who live or work near the victim, increasing the affected person’s chances of being evicted or fired.

Mishi Choudhary, a technology lawyer and the founder of SFLC.in, advised people who have been doxxed to keep an incident log containing evidence of what has taken place, including the relevant platforms and all those who were involved in the harassment. This can later be shown to the law enforcement authorities.

“Report the accounts to all platforms on which you have been doxxed as it’s against the policies of most social media platforms and they will be quick to take action,” Choudhary advised, adding that users should also change all their passwords and turn on two-factor authentication to ensure their security.

Security practices to follow when posting on social media

Use strong passwords that are not repeated across platforms, and set up multi-factor authentication where possible

Avoid posting photos that reveal your neighbourhood, house facade, house keys, identifiable landmarks, nearby shops, the view from your window, local gym, swimming pool, etc. even if you are only sharing these with a small number of followers, as such images can be searched on Google Maps to pinpoint your exact location

Avoid posting photos that reveal your exact workstation within your place of employment, sensitive client sites, your ID cards or badges, official signature, or eateries/shops you frequent on a regular basis

Avoid posting content such as apartment tours or live v-logs that reveal your daily commute, as your location information can be gleaned from this

Avoid posting screenshots of text conversations with others as you may inadvertently doxx your contact or reveal your own number by accident

Consider the risks of posting controversial content that may be acceptable on a semi-public platform but harmful to you if it goes viral on another channel

Be cautious when sharing media or information that could result in other people getting doxxed, as you may be hit with legal action even after deleting the content

People who have been doxxed in India can report what happened through the National Cyber Crime Reporting Portal online, Choudhary said, and stressed that one has a legal right to file an FIR. This is where the incident log comes in useful.

Platforms such as Meta are aware of the need to protect users who have been doxxed, as the company’s oversight board in February 2022 concluded that Facebook and Instagram should have stricter rules concerning incidents where data such as home addresses are leaked online.

“Once this information has been shared, the harms that can result, such as doxing, are difficult to remedy. Harms resulting from doxing disproportionately affect groups such as women, children and LGBTQIA+ people, and can include emotional distress, loss of employment and even physical harm or death,” noted Meta’s oversight board in its findings.

Google also has tools in place to assist people who have been doxxed. The company allows internet users to submit removal requests that it then reviews for further action. Remember that YouTube is owned by Google, so one can directly report any content posted there as well.

X has an in-app reporting mechanism for private information, and a grievance officer whose job is to take action based on such reports. Reddit provides a complaint forum as well.

Recently, messaging platform Discord updated its community policies by separating the doxxing and harassment guidelines. The change is set to go into effect in April.

“Previously, doxxing was combined with our harassment guideline. However, we consider these distinct harm types, so we separated them to better reflect how we organize our policies,” said the new guidelines on the platform support page.

However, since social media companies operating within the country are bound by India’s IT Rules, submitting a cybercrime complaint is one way to make sure the platform is forced to take action quickly.

That being said, victims of doxxing do not have to leave behind social media forever.

“I always tell people to be generally careful in what they are sharing so they can avoid such a situation but if you have been doxxed, once you feel mentally ready, you can go back,” Choudhary said.

At the same time, users also need to make sure that their Personally Identifiable Information (PII) has been removed and that their accounts are secure, she noted.

“Have a self care plan. Recruit friends, family and a support structure,” Choudhary suggested. “Without support, it gets harder to do it alone. Women are targeted for several reasons and we must not feel weakened or ashamed.”

Source link