I occasionally offer to dox people to show them how bad their OpSec truly is or as an example of why I don't use social media like Facebook for privacy concerns. Doxing people is often trivial since nearly anyone contributing to discussions online have large online profiles. It isn't a very difficult task - just a game of connecting the dots and knowing how to construct specific Google search queries (eg: "site:___ + 'some info'").
If a journalist can find it - any internet layman who knows how to Google can find it.
I often think about the Witness Protection Program and how much harder it must be to be a part of it in the age of social media and new forms of instant communication. While it's hard enough to cut off ties with family and friends, etc., it must be much worse when there are so many ways to keep in touch with people. Worse, I can't imagine someone in the program would be able to have any kind of online presence. It would be too easy to leak details about yourself.
the worst doxxing source are github repos. One wrong reflex to sign in as author of a new class, one insider joke - and boom, there is the way to trace - never going away.
I've been wondering if it is possible to dox my Reddit account. I like to think I've been careful not to give too much away but I wonder if it is true.
I would like to find a white hat site that prepares a report on what they can find about you.
(For the record, my reddit account has a different username than my HackerNews account)
> I would like to find a white hat site that prepares a report on what they can find about you.
To me there seems to be an inherent catch-22 involved in that. To be responsible, you have to confirm the person requesting the information is the person that wants doxxing. In providing evidence you are who you say you are, you're seeding that company with information to better find you that might not be easily found otherwise. It would take a strict separation of the sales and operations teams, to make sure this was a useful and accurate service, and with all that work it likely wouldn't be cheap.
What if the service/whitehat did an ID verification before releasing the info they uncovered? Basically ask a few things generally like what credit report agencies sometimes ask (Which of these addresses are yours? What is your username on this site? etc). Only release the info if there's a match.
Presumably you'd want to get paid up front, since you'd have done all the work in either case.
>I would like to find a white hat site that prepares a report on what they can find about you.
This would be difficult to start as it would require trust. I already do exactly this ("white hat doxing") but do you trust that that is actually what I'm doing? Maybe it would be easier as an established corporation with an explicit privacy policy.
>I've been wondering if it is possible to dox my Reddit account.
I personally run it for all posts older than 2~3 weeks (when activity/relevance of the post is nearly equivalent to "0").
Some sites still archive posts w/o updating for any future edits, there is web cache, etc. But those are far harder to search and tie together than simply browsing your comments on your profile. Note that some subreddits may ban you for using it and you'll get a bunch of AutoModerator posts asking you not to do that because of thread integrity and blah blah blah.
I hate it when people use these scripts and do have a rule against deleting posts that have replies in one subreddit I moderate. There are two kinds of things harmed by this behavior:
* In communities where people buy and sell things, or offer pay for services (e.g. /r/forhire), a glance at someone's account history provides some insight into their likely reliability. It's not much to go on, but that's inherent to doing business with strangers online.
* In many communities, previous discussions are full of useful information for future readers. Removing half of a conversation often ruins that utility.
>In communities where people buy and sell things, or offer pay for services (e.g. /r/forhire), a glance at someone's account history provides some insight into their likely reliability. It's not much to go on, but that's inherent to doing business with strangers online.
Trivially solvable with an alias used exclusively for such dealings where you don't scrub history. Also, as mentioned, it isn't necessarily that good of a rule anyway. Better than nothing but not necessarily by much.
>In many communities, previous discussions are full of useful information for future readers. Removing half of a conversation often ruins that utility.
I value my personal privacy (and time) more than any use my conversations will have for future readers. I don't have the time to selectively edit/delete hundreds of posts. One argument against this would be to "post less" but then many of those "useful posts" may not have ever been made to begin with so there isn't a net difference.
Also - quoting the most relevant bits of a post in your own post helps retain at least some context. Even if you were to edit/remove your post now - I have two pieces of it quoted that a future reader would at least have some context as to our conversation.
I'm strongly with 'Zak here; there's little I hate more in the domain of Internet conversations than people deleting things their wrote. In fact, I believe there is a strong community interest in all (not killed by moderation) comments remaining up as long as the whole discussion exists. I don't mind if someone unlinks their post by e.g. deleting account; I care less about who wrote something than about what was written. Deleting posts ruins the discussion for those who come later.
I'll grant this for that technique: while your website linked to your username here made it easy to guess your reddit username, 5 minutes of looking did not recover your deleted comments.
It's a little difficult for me to wrap my head around the mindset though: if you're concerned about privacy, why would you post anything sensitive to reddit? If you haven't posted anything sensitive, why delete it? I'll admit, I've never been the victim or perpetrator of doxxing, so I may be missing something.
>I'll admit, I've never been the victim or perpetrator of doxxing, so I may be missing something.
Most people leak information constantly and each bit or byte of information by itself is not important. However, in aggregate, people leak enough information about themselves to have it become sensitive information. What can be seen as harmless on its own can lead to more sensitive/"harmful" information being gathered.
For an example, let's say you share a photograph of yourself somewhere in London. Maybe you went on vacation, a business trip, a family visit, a honeymoon, etc. There are plenty of reasons to be in London one time! Now over the period of 10 years you've shared a few dozen photos of yourself in various places of London. What are the chances you live in London? Would you say the chances are higher than if you had only shared a single photograph?
Likewise, information that doesn't seem sensitive on its own can become incriminating when combined with other evidence. Scrubbing everything therefore is the best way to ensure you aren't leaving anything behind. It's also a lot easier to scrub everything than to read over years of post history to see if you've ever shared anything you maybe shouldn't have.
I fear we're slowly stepping into paranoia levels of privacy protection. This is my personal belief, I'm aware many people here don't think that way, but here it is: it is literally impossible to live a life in a society without radiating such information all the time. This applies both to physical and digital realms; and as most people spend more and more time with digital services, the two start to blend into one.
So I guess my opinion is: radiating that information is not really an issue, and any problems arising from it are best solved elsewhere, and not by becoming a digital hermit.
These scripts are why I'm surprised Reddit doesn't have sub specific edit permissions. I mean, on traditional forums, we avoid these issues by simply blocking the edit function after a certain time limit. Or limiting who can remove content.
Not sure I'd want to see a community where people removed useful content on a whim because they were that worried others would use it against them.
Is that going to help against checking with the Internet Archive? I've used the Internet Archive to read versions of reddit comments when they were deleted (but not to dox people).
I just used this for my reddit account... holy crap its kinda scary how accurate it is. All it takes is for you to slip up in a comment here or there, add in a detail somewhere once, and its all there. I think i need to start using temp reddit accounts, and just jump ship every few months.
How do you figure? Digging through information and finding out this sort of stuff is literally what journalists do for a living.