The COVID-19 pandemic has disrupted our lifestyles, causing a massive digital shift as millions of people spend more and more time online.
But while the vast majority of Malaysians are using it for work, entertainment and sociability, this online lifestyle has also seen the rise of many new cybersecurity threats — not just in Malaysia but all across the world.
Doxxing has been one of the biggest security problems faced by internet users over the past decade.
The word itself comes from the term “dropping dox” (a slang word for “documents”). To put it simply, doxxing is about exposing someone’s private information online — things like their real name, home address, phone number, etc. — without the victim’s permission.
If you’re not familiar with it, doxxing may not seem like such a big deal. After all, how can it be worse than hacking into your computer or shutting down a website?
However, while it all starts online, doxxing can have some very severe real life effects.
In May 2020, a Singaporean woman went viral after a video was posted of her refusing to wear a mask in public.
In response, anonymous doxxers exposed her name, photographs and other personal details on social media, drawing in countless racist and xenophobic comments from outraged netizens.
“So what?” you might ask. “She deserved it, right?”
Actually, she didn’t. Because unfortunately, the doxxers had revealed the wrong person. The person who received all those threats and abusive comments wasn’t even involved in the video at all!
Meanwhile, in Malaysia…
Closer to home, we Malaysians have faced our own share of doxxing incidents, the most notorious of which happened back in January 2019, when a group of Malaysian doxxers set up a Facebook group to “defend the honour of the Malay rulers”.
They targeted people who made “disrespectful” comments about the monarchy — making a list of targets that include the person’s real names and personal details. They would share this information online, contact the target’s employers through social media and file reports to the police.
As a result, at least four people ended up losing their jobs while another three were arrested under Section 4(1) of the Sedition Act 1948, which criminalises speech that might cause “feelings of ill-will and hostility between different races”. If found guilty, first-time offenders may be fined up to RM5,000 and/or jailed for up to three years.
So What’s The Big Deal?
“What’s the problem with a group of citizens wanting to report seditious activity to the police?” one might argue.
Well, for one thing, there’s a reason why every civilized country in the world relies on the police rather than mob justice. Vigilante groups like this may start out with good intentions, but they tend to quickly spiral out of control.
Security experts have pointed out that in most cases, doxxing isn’t being used for the sake of justice. Instead, it’s more often used as a tool to harass and intimidate people (primarily women) and ruin their social (and social media) reputations.
“This is relatively easy in Malaysia because many people share personal identifiable information on social media, often on the same accounts they use to post content that make them the target of doxxing,” said Khairil Yusof, the co-ordinator of technology activist group Sinar Project.
In the case of the vigilante Facebook group above, what started out as a way to name and shame others quickly turned into a group filled with people sharing victims’ addresses and talking about how they wanted to “teach them a lesson“.
And in case that was a little too subtle for you, some of the top comments being shared included lines such as “It doesn’t matter if the police make an arrest or not. What’s important is for us to grab and wallop them, even when they are freed” and “Okay to be racist. As long as we have pride”.
The worrying part is that even with these behaviours being revealed for all to see, their page still received likes from at least 13,670 Facebook users.
Wait, Isn’t This Illegal?
After the vigilante FaceBook group appeared, the Malay Mail interviewed several lawyers and found that while doxxing on its own is NOT considered a criminal offense in Malaysia, it could be charged under Section 233 of the Communications and Multimedia Act 1998 — an act concerning the “improper use” of network facilities or services.
One of the lawyers, Foong Cheng Leong, clarified that any legal cases would depend on the nature of the doxxing.
“Invasion of privacy is also possible but the information leaked must be something of a private nature — not those in the public domain like full name, identification card number and address,” he said.
Civil liberties lawyer Syahredzan Johan agreed, pointing out that Malaysia did not have a specific law focused on issues like doxxing.
“It is an offence, for example, for someone to have come across personal data which is processed according to the Personal Data Protection Act and then reveals that data to the public,” he said. “But it does not cover instances where the information is obtained through public searches.”
7 Steps To Protect Yourself From Doxxing
When it happens to someone else, it’s easy to sit back and say things like “Oh, it’s their own fault” and “They deserved this”, but doxxing — and the mob justice linked to it — is a serious issue that every internet user needs to be aware of.
The more active you are on forums or social media, the easier it is for doxxers to uncover your personal information. However, there are still a few simple tips to protect yourselves online:
1) Keep Private Information Private
Remember that hackers can intercept your emails and view your social media. Whenever possible, avoid posting personal information such as your home address, IC number, phone number, etc.
2) Use a VPN
A virtual private network (VPN) takes your internet traffic, encrypts it and sends it through a different server before it goes out into the internet. This lets you browse the internet anonymously and protects you against many common cyber threats.
3) Keep Your Passwords Strong
A strong password should have a combination of uppercase and lowercase letters, numbers and symbols. Don’t use the same password for multiple accounts. If you have trouble remembering, try using a password manager to keep track of everything.
4) Separate Account Names For Separate Platforms
If you’re using online forums such as Reddit, Discord, YouTube, etc., make sure that you have a different username and password for each one. This will make it more difficult for people to track you across different sites.
5) Double Check Your Social Media Privacy Settings
If you’re using a platform like Facebook mostly for personal reasons, you should tighten your privacy settings. If you need to leave the settings public for work purposes, avoid sharing any sensitive personal information or images.
6) Delete Obsolete Profiles
If you’re not using your social media account anymore, just get rid of it. Leaving it hanging out in public gives doxxers another way to uncover your identity.
7) Check How Vulnerable You Are
Find out how vulnerable you are to doxxing by checking out how much incriminating information you have online. To test this, try:
Carrying out a reverse image search
Use a site like haveibeenpwned.com to check if any of your email accounts were exposed in a data breach
The Internet is a Dangerous Place
It’s easy to say “I don’t have anything to hide”, but that doesn’t mean that you should make it easy for doxxers to track you down. After all, even a poor person will lock their house door at night to stop robbers from getting in.
Modern technology has made our lives easier and more connected than ever before, but the internet is filled with trolls, hackers and other malicious people. If we want to avoid becoming a victim, we need to let go of our “don’t care” attitudes and do what is necessary to keep our information safe.