H8: "Doxxing" or release of personally identifying information
What is "doxxing"?
"Doxxing", or "outing", is usually described as the publication of personal information online, generally in order to intimidate or threaten. In some cases, this personal information is used to actively seek out and harass online users in real life. Even in cases where that doesn't happen, targets will be afraid it could. Real-life outcomes can involve someone unwelcome literally showing up at the victim's door, or "swatting" them – sending armed police to their address under the false pretence of a serious crime such as an active hostage situation. Doxxing has become an unfortunately common method to intimidate, harass, or punish people online.
What counts as "personally identifying information"
As previously covered, "personally identifying information" (often shorted to "PII" and sometimes expanded as "personally identifiable information") covers a fairly wide range of data that can be used to identify or trace a person in real life.
On Wikimedia projects, the category of PII includes information about a user such as phone numbers, home addresses, and workplaces, unless the user has chosen to publish that information on a Wikimedia project themselves. PII includes the real names of pseudonymous or anonymous individuals who have not made their identity public on a Wikimedia project. Private information about public individuals, such as addresses or phone numbers that the individual has not made public, are also considered PII. It also includes IP addresses and user agents of those who have not made this connection in the past.
Handling PII on-wiki
You may be asked to handle PII that is posted in a variety of locations, deliberately or otherwise. It isn't always with malicious intent. Sometimes a person will post something about themselves on a project without realising how public that page is. Or perhaps someone mentions a link between another user and their PII that they thought was known, but it wasn't. No matter the intentions of the person who posted it, PII that isn't willingly divulged generally needs to be handled with caution and removed and suppressed as necessary.
PII can be revealed on Wikimedia project noticeboards and talk pages, such as those used for mediation. This is not always done maliciously. Some examples of accidental publication of PII might include:
- Someone attempting to make a link between a user and his location, his employer, or an IP address to prove a point in a debate;
- Someone referring to another person by name (assuming the other person had not publicly linked this to their account);
- Someone uploading an image of an event that shows another user and their nametag, thus connecting a user to their real name, or that contains the user's real name in the tags or metadata.
In all of these cases, even if no action is merited against the person who made the edits, the edits themselves should be suppressed by an oversighter. Refer to the Immediate action section of this module for more information.
There is also the additional possibility of articles being used in harassment of this variety. This is of particular concern when the harassment is targeting an individual with a Wikipedia article of their own. Most of the time, such targets are fairly low-profile, if notable, individuals. Most projects' policies on biographies of living people contain information on how to treat articles on people such as this. Situations involving articles such as these might include:
- Posting street addresses or phone numbers into infoboxes or article text;
- Inserting unsourced or false material that is controversial or purports to reveal personal details (usually where those details are excessive – details of divorces, children's ages...);
- Adding links to unreliable websites or blogs that reveal previously unpublished or unverified personal details
Be wary of reacting to content-exclusive issues as harassment. Undue weight given to sourced content – such as criticisms or controversies – is a different matter and ought to be handled with on-wiki discussion.
Responding to posters of PII
There are a few ways you can respond to those who post personally identifiable information. Policies on assuming good faith vary greatly by project, but generally you will be able to use common sense to determine whether something is done on purpose or by accident.
Consider, first, if the PII was posted by accident. For example, a user may have posted their email address for further correspondence. Or they may have posted what they thought was a known connection between two online identities that had actually not been previously linked. In cases like these, treat the actual PII as serious, and try to communicate with the posting user as quietly as possible about why posting this type of information is not allowed.
If the posting of this information was obviously deliberate, or if a seemingly accidental posting is repeated, more severe action might be needed. Cases of deliberate PII release might include an attempt to "out" another editor, perhaps to link their account to a purported employer. It could also include leaking personal emails or other communication which could be compromising.
In cases of deliberate PII release, it may not be enough to have a quiet talk with the poster; you may need to block or threaten to block their account in order to make them stop posting the information. Use your judgment to decide whether a stern warning will suffice or whether a block is necessary. If you choose to use a block, be aware that you may also need to restrict the blocked user's ability to edit their talk page in order to keep them from posting the PII there.
Possibly the hardest part of dealing with the public posting of personal information is corresponding with victims.
On-wiki steps they can take
The first and most important step a victim in a case like this should take is to contact oversighters directly. If oversighters don't exist on the project in question, instead contact the Wikimedia stewards through email or on IRC. This should be done as quietly as possible to avoid drawing attention to the personal information and to prevent its spread.
Functionaries might wish to take action against the poster of this PII, assuming it was posted with malicious intent or is posted repeatedly.
Off-wiki steps to recommend they pursue
Off-wiki posting of information is much more difficult to remove than on-wiki edits. Once information is posted online, it can spread quickly and be difficult or impossible to completely remove.
It can be a good idea to contact the hosts of the website on which the leaked content has been hosted and ask them to remove it. This is especially effective when the website in question has a Trust and Safety team set up to deal with these situations.
If the victim has concerns for their safety as a result of the leak, they may contact their local law enforcement. This should ideally be done by the victim themselves, as some authorities may not accept reports by a third party. The posting of personal information online may be illegal depending on where the victim or suspect is located, especially if that information is illegally obtained.
What not to do – The "Streisand effect"
The "Streisand effect" is a term used to refer to cases where trying to hide something actually makes it more visible. It is named after American actress Barbara Streisand, who attempted to stop the media from publishing a photograph of her house with a court order. The press attention from this court order led to more people seeing and sharing the photograph.
When attempting to handle "outing" claims, it is important to keep in mind things that you shouldn't do or that could make the situation worse. Of course, the number one priority should be ensuring the information leak is contained, and doesn't spread any further.
- If you are not an oversighter, and cannot deal with this information right away, don't explicitly link to it in public. This includes on IRC and on administrative noticeboards. Doing so increases the chances of bad actors copying the information and leaking it in the future. Instead, contact an oversighter or oversighters directly, by email or on IRC. If the leak was on a wiki in which doesn't have oversighters, contact a steward instead.
- If suppressing PII will require hiding many revisions, be aware that this will look strange and can look suspicious. There is every chance that such an action will raise suspicion and that the reason for the suppression might be questioned. Be sure to clarify this risk with the reporter and ensure they are willing to take the potential extra scrutiny.