I Got Doxxed So You Don’t Have To

What you need to do if you don’t want all your secrets blasted around the Internet.

06.29.15 9:25 AM ET

Recently, I got doxxed. That means some troll found my personal information and posted it online, presumably so his fellow trolls could harass me offline like they already do on.

Now, if you’re really, really lucky, maybe you’ll never have to know more about doxxing than that. But the whole episode got me thinking about “digital hygiene”—what should be posted online, what shouldn’t be, and what sort of regular check-ups one should do to ensure basic privacy and safety. All of which led me to the guy I’m convinced is the digital equivalent of Olivia Pope, Darius M. Fisher.

Fisher is the president of Status Labs, which is sort of an Olivia Pope & Associates for the Internet. Fisher and his team make a business of handling online crises and fixing digital reputations—inoculating clients where possible in advance or else repairing damage after the fact. I spent a few hours with Fisher one morning and he walked me through all the possible aspects of digital hygiene. His checklist includes basic things everyone online should be thinking about plus some extra tips for anyone with a slightly higher profile, whether in business or media or some other field.


As far as Fisher’s concerned, whether you’re a public figure or not you don’t want things like your phone number or home address accessible online. In practical terms, what that means is that you have to get your information removed from “data brokers” like PeopleSmart, Spokeo, Pipl, Intelius, Zoominfo, and Whitepages. Those are the main ones (though there are dozens of others) and each has a specific process whereby you can opt out of their database, which in turn sells your personal information to anyone who pays for it (yes, these companies are making money off your identity). But since their databases repopulate throughout the year, you’ll have to do this frequently. It should be part of your seasonal digital hygiene, performed every quarter.

In addition if you own a website that can be linked to your name (for instance, you want to make sure you register the domain name privately. And incidentally, everyone should own their own domain name or closely related domain names but especially if you’re at risk of imposters (see, e.g., what Michael Bloomberg did here). Either way, you can pay extra to make sure your address and personal information can’t be found on the ICANN WHOIS database. And yes, you have to pay extra. As Fisher jokes, “Privacy isn’t free.”


Fisher is very aggressive about social media privacy; unless you’re a public figure or someone with a business case for making posts public, Fisher argues your Twitter, Facebook and Instagram accounts should all be private. If you’re even on them at all. Personally, I take a different though equally dim view—I assume there is no privacy, whatever the settings say, so I won’t post anything on social media that I’m not 100 percent comfortable with being 100 percent public. Because you never know when a friend is going to take something and repost it for everyone to see, I protect myself by never presuming privacy.

Either way, the key thing is to think about social media’s potential ramifications. If you’re a high net worth individual, don’t tweet details about your family vacation on a lazy island somewhere so that kidnappers can come steal you for ransom. If you have a violent ex who you don’t want to find you, don’t post your run routes on Facebook no matter how private you think your settings are. Use common sense. Make sure your privacy settings match your needs. And if you wouldn’t want the whole world to see something, don’t post it.


Also at least four times a year, Fisher advises changing your passwords on social media and other key accounts like online banking. And you’ve heard this a million times, but use a very different password for each login and don’t use passwords that can be easily guessed.

How the hell are you supposed to remember all these new, mutli-number and symbol complex passwords you’re constantly changing? I asked Fisher about the programs out there that supposedly save your passwords, or even generate them for you and save them, under digital lock and key. He pointed out one such company that had just been hacked. “Just write them on a piece of paper and put them in a drawer at home,” Fisher advised. Which, I’m embarrassed to say, I’d never thought of before. I’m always forgetting my passwords and then forgetting how to decipher the cryptic messages I’ve written to myself on my computer to remind me what the passwords are because I can’t actually put the password anywhere on my computer because that would be dumb. A pen and a piece of paper and a drawer. Genius!


Okay, this is where we move from preventative to proactive. In a digital world, it’s important to know what people see when they Google you—whether they’re considering hiring you for a job or checking you out before a first date. So you want to Google yourself, regularly, to see what they see. The key thing is to do so from a logged out browser (Chrome, for instance, has a log-in feature — so you want to be logged-out) and also not signed into Google or Gmail or anything else that customizes your search. Then you want to clear your browser history. Then do a search and you’ll see what other people see when they search you.

Another pro tip from Fisher—if you live in one place but are, say, applying for a job somewhere else, you can customize your Google search by location. Under the Google search bar, click “Search Tools” and you can change the location for anywhere in the world. It didn’t change the results much for me, but if there was a local news story about someone with your name that comes up in Dubuque, Iowa, but not when you search at home in Idaho, you’d wanna know about it.

Get The Beast In Your Inbox!
By clicking "Subscribe," you agree to have read the Terms of Use and Privacy Policy
Thank You!
You are now subscribed to the Daily Digest and Cheat Sheet. We will not share your email with anyone for any reason

Don’t like your results? There’s something you can do about it. First, if you don’t own it already, buy your own domain name and create a website—at the very least, a simple placeholder page with a digital version of your resume. Fisher says Google’s search algorithms recognize personal domain name websites and prioritize those in search results. It’s why, for instance, my own website comes up first in searches for my name and Wikipedia comes second.

In addition, you can try to push up other pages in your search by linking to them on your own website, asking friends to do so, posting links on social media and more. Beyond that, though, this is where a firm like Status Labs can help—offering professional services on search engine optimization to make sure that the links you want are coming up higher in the search and pushing down the others.


Before you’re in a position for someone to even want to exploit your online photos or personal information, you should do a thorough housecleaning. In fact, even if you’re just applying for a new job in the mailroom it’s good to go back through your recent social media posts and delete any that may be less-than-flattering. Better yet, don’t post them in the first place.

But if you are hacked or doxxed or such, rule No. 1 is stay calm. “They want you to panic and overreact,” says Fisher. “That’s their goal.” So don’t let them win by freaking out and potentially drawing even more attention to their bad acts.

Then make sure you take screenshots of everything and if there are any security threats (death threats, threats of violence, etc.) report them to police and the FBI immediately. If your personal data has been posted on Twitter or Reddit, you can file complaints to have those users suspended. Women Action and the Media has great resources here.

And then change every single password in your network. Plus, if your home phone number was made public and you start getting annoying calls or, worse, harassing calls, Fisher says change your number, immediately. There are new troll tactics of using someone’s phone number to inundate them with pizza deliveries or, worse, dispatch SWAT teams. You don’t want that.

In fact, changing your number may be the least of it. Fisher predicts that over the next few decades we’ll see more and more people changing their entire names as Millennials who were far too lax with social media in their teens and 20s realizes those histories can’t entirely be erased in their 30s and 40s.

In general, having more and more of our information and lives accessible online is mostly wonderful but fraught with potential perils and pitfalls. All the more reason for all of us to get our digital house in order right now.