History of Doxing in Timeline

Doxing is the act of revealing an individual's or organization's personally identifiable information publicly, often online, without their consent. This information can be gathered from publicly available sources like databases and social media, or from private sources through illegal means. The term encompasses both the aggregation and the unauthorized publication of this private information.

1995: Mention of Criminal Code Act of 1995

The Criminal Code Act of 1995 is referenced in December 2024 in Australia as part of the Privacy and Other Legislation Amendment Act, which introduced criminal penalties for doxing.

2003: Presentation of Doxware at West Point

In 2003, Adam Young and Moti Yung first presented the concept of Doxware, a cryptovirology attack involving doxing extortion via malware, at West Point. This attack was initially known as "non-zero-sum games and survivable malware" and is rooted in game theory.

2006: Austria passes anti-stalking law

In 2006, Austria passed its anti-stalking law, which is utilized in cases of online violence despite doxing not being a specific offense.

2012: Gawker reporter Adrian Chen reveals identity of Reddit troll Violentacrez

In 2012, Gawker reporter Adrian Chen revealed the identity of Reddit troll Violentacrez as Michael Brutsch, leading to accusations of doxing and a declaration of "war" on Gawker by Reddit users. This event marked an early instance of the term's application and the controversy surrounding it.

2014: Newsweek accused of doxing Bitcoin developer

In 2014, Newsweek faced accusations of doxing from cryptocurrency enthusiasts after attempting to identify the pseudonymous developer of Bitcoin, sparking debate about the ethics of unmasking individuals with a substantial following.

2015: Criminal Code reform addresses dissemination of private images in Spain

As established by the Criminal Code's reform in 2015 in Spain, to "disseminate, disclose or transfer to third parties images or audiovisual recordings of the one obtained with their consent in a home or in any other place out of sight of third parties, when the disclosure seriously undermines the personal privacy of that person", without the authorization of the affected person, is also punished per article 197 § 7 to three months to a year in prison and fines of six to twelve months.

2016: Cyber-mobbing becomes a criminal offense in Austria

In 2016, Austria criminalized cyber-mobbing. While doxing is not explicitly a specific offense as of 2024, these laws are applied in cases of online violence.

2016: Italian journalist accused of gendered harassment for attempting to identify Elena Ferrante

In 2016, an Italian journalist's attempt to uncover the identity of the pseudonymous Italian novelist Elena Ferrante was labeled as gendered harassment and "the doxxing of Elena Ferrante" by Vox, highlighting the ethical concerns surrounding privacy invasion in journalism.

2018: Study finds doxing as a form of intimate partner violence

In a 2018 qualitative study about intimate partner violence, 28 out of 89 participants reported that abusers frequently practiced the exposure of a victim's private information to third parties through digital technologies, which included disclosing intimate images and impersonating the victim.

March 1, 2020: Implementation of Regulations on the Ecological Governance of Online Information Content in China

On March 1, 2020, the People's Republic of China's "Regulations on the Ecological Governance of Online Information Content" were implemented, prohibiting online violence, doxing, deep forgery, data fraud, account manipulation, and other illegal activities.

2020: The New York Times accused of planning to dox Slate Star Codex blogger

In 2020, The New York Times was accused of doxing by fans of the Slate Star Codex blog after the Times indicated plans to publish the real name of the blog's California psychiatrist author. This led to accusations of threatening the blogger's safety and a "major scandal" that reportedly resulted in subscription losses for the Times.

September 2021: Doxing added to the criminal code in Germany

In September 2021, Germany added doxing to its criminal code as "endangering dissemination of personal data", punishable by imprisonment or fines, depending on the nature of the data and intent, with exceptions for acts serving civic education, art, science, or reporting on current events.

2021: Doxing criminalized in Hong Kong

As of 2021, Hong Kong criminalized doxing, defined as releasing private or non-public information with the intent to threaten, intimidate, harass, or cause psychological harm, punishable by up to 5 years imprisonment and a fine of HK$1,000,000.

2021: Proposed law against doxing in the Netherlands

In 2021, a new law against doxing was proposed in the Netherlands by then Minister of Justice and Security Ferdinand Grapperhaus due to increasing doxing incidents targeting activists, politicians, journalists, and others. The law states it is a felony to share personal data with the intent of intimidation, harassment or work-hindering and carries a maximum penalty of a two-years prison sentence or a fine of €25,750.

2021: Doxing incidents reported on dating apps

In a 2021 survey, 16% of respondents reported experiencing doxing through dating apps, illustrating the prevalence of online privacy violations within digital dating platforms.

April 2022: Taylor Lorenz reveals identity of Libs of TikTok account holder

In April 2022, The Washington Post reporter Taylor Lorenz revealed the identity of the person behind the Twitter account Libs of TikTok as Chaya Raichik, a real estate worker. This sparked accusations of doxing from Raichik and right-wing commentators.

2022: BuzzFeed News reporter identifies Bored Ape Yacht Club founders

In 2022, BuzzFeed News reporter Katie Notopoulos identified the previously pseudonymous founders of the Bored Ape Yacht Club using public business records, leading one of the founders, Greg Solano, to claim he "got doxxed against [his] will".

January 2024: New law against doxing goes into effect in the Netherlands

In January 2024, the proposed law from 2021 against doxing in the Netherlands went into effect. The law makes it a felony to share personal data with the intent of intimidation, harassment or work-hindering and carries a maximum penalty of a two-years prison sentence or a fine of €25,750.

December 2024: The Privacy and Other Legislation Amendment Act 2024 takes effect in Australia

In December 2024, specifically on December 10, the Privacy and Other Legislation Amendment Act 2024 took effect in Australia, introducing criminal penalties for doxing under the federal Criminal Code Act of 1995.

2024: Doxing is not a specific offence in Austria

As of the end of 2024 doxing is not a specific offence, in Austria. However, the anti-stalking and cyber-mobbing laws are used in cases of online violence. Austria is an EU-member state, EU law (DSGVO) applies.

2024: Doxing of Jewish academics and creatives in Australia

In 2024, pro-Palestine and anti-Zionist activists in Australia leaked the chat transcript and contact information of over 600 Australian Jewish academics and creatives, leading to death threats and prompting the Australian government to introduce new laws criminalizing doxing.

2024: Doxing encourages swatting of American politicians

In early 2024, the United States experienced a rash of swatting incidents targeting American politicians. Doxing became a prominent method for encouraging these attacks, exploiting the weak data privacy laws in the U.S. that allow easy access to citizens' personal information through various data brokers.