Stop Diluting the Definition of “Dox”

The definition of doxing is the publication of a physical residential address, or information protected by law (social security numbers, medical records, and so forth).


Abusive people love claiming they’ve been doxed.

Here, I have to acknowledge that I’m pulling a similar move. The word “dox,” like “abuse,” is infused with fear and panic. A popular stance is that doxing is strictly unacceptable. It is the great taboo of the Internet. Similarly, who on earth would defend abuse?

But while we engage in some level of productive discourse on what counts as abuse and what abusive dynamics actually are (though not nearly enough!), there is very little productive discourse on what doxing actually is.

Doxing has taken on a deeply nebulous and completely unhelpful definition, mostly thanks to abusers exploiting the hell out of the word.

Screenshot 2015-07-08 12.56.17

Let’s take a look at the evolution of “doxing” or “doxxing,” starting with a textbook example of doxing. In 2007, Kathy Sierra was fully doxed—her Social Security number, her physical address, and much much more was all posted online with malicious intent. Yet the term “dox” was not commonly associated with what happened to her until many years later.

The strict “hacker” definition of “dropping dox”/“dropping docs” involves the publication of documentation, which can include addresses, phone numbers, financial information, medical records, and emails. Schneier dates the term back to 2001 (confined mostly to hacker circles, I imagine), but some people have given me anecdotal and unconfirmed accounts of it being used in the mid-to-late 1990s.

The word burst into the mainstream in 2012 (although it had been used in previous articles in 2011 in the newspaper), as documented by The New York Times’s “Words of 2012.” The NYT defines “dox” as

DOX: To find and release all available information about a person or organization, usually for the purpose of exposing their identities or secrets. “Dox” is a longstanding shortening of “documents” or “to document,” especially in technology industries. In 2012, the high-profile Reddit user Violentacrez was doxed by Adrian Chen at Gawker to expose questionable behavior.

Between 2001 to 2012, “dox” undergoes a remarkable dilution. It starts out as an information dump that includes physical addresses, social security numbers, financial information, and other information protected by law and/or acquired in ways criminalized under federal and state law. Then it comes to mean “unmasking.”

Adrian Chen did not publish Michael Brutsch’s address. He did not publish his SSN. He did not hack and publish Brutsch’s personal documents. He merely outed Michael Brutsch as Michael Brutsch.

Depending on the circumstances, outing someone can be quite dangerous and is unwarranted or immoral. But that depends on the circumstances. When an abusive anonymous individual is terrorizing individuals that go by their real names on the Internet, it is sometimes better for everyone that that person be unmasked. An unmasking can make people safe, even if the abusive anon is not arrested, reported, or even fired from his workplace. Unmasking can deter an abusive personality from serially harassing people out of a community.

For a word so infused with moral authority, “dox” should not encompass actions that are often justifiable depending on the circumstances.

Unmasking someone by their full name, identifying someone by their first name, identifying their place of work, or screencapping e-mails are not doxing. They are—once again, depending on the circumstances—possibly abusive things to do. But they are not doxing.

Do you know what is an abusive thing to do? To expand the definition of doxing in order to harness public outrage without having to actually discuss the circumstances in which you have been exposed.

While the definition of “harassment” remains nebulous, there is no reason that “dox” should be diluted.

The definition of doxing is the publication of a physical residential address, or information protected by law (social security numbers, medical records, and so forth).

A similar analysis will appear in my forthcoming Internet of Garbage, published as an ebook through Forbes.

Thomas Friedman’s Bad Trip

Archiving for posterity.

Men’s Rights, Facebook

The Good


What I Learned as a Woman at a Men’s Rights Conference

I went to the conference in suburban Detroit expecting a group of feminist-hating Internet trolls; I found much more

Jessica Roy

Still, being surrounded by men who belly-laughed at rape jokes and pinned evil elements of human nature wholesale on women was emotionally taxing at best and self-destructive at worst. Once, during a particularly upsetting segment of the program, I had to excuse myself from the auditorium to seek refuge on the bug-filled bank of Lake St. Clair. I kept wondering why I had volunteered to fly 600 miles to attend the conference alone, to surround myself not just with crass ideological opponents, but with people with violent Internet histories who believed my very existence oppressed them.


The Bad


The Bright Side of Facebook’s Social Experiments on Users

Farhad Manjoo

After the outcry against the Facebook research, we may see fewer of these studies from the company and the rest of the tech industry. That would be a shame.

But if every study showing Facebook’s power is greeted with an outcry over its power, Facebook and other sites won’t disclose any research into how they work. And isn’t it better to know their strength, and try to defend against it, than to never find out at all?

Victimhood and Title IX, Race and Executions, Net Neutrality

Note: I’m going to start doing round-ups of exceptionally good and exceptionally bad stuff I read from day to day, with short excerpts. Heds/subheds will be taken from the piece itself. These posts will appear under this category.

The Good


Even The Most Progressive University In North America Doesn’t Know How To Handle Sexual Consent

When a tiny university in Canada was rocked by sexual assault allegations, frustrated students fought back by spreading rumors. This is the story of how everyone lost.

by Katie J.M. Baker

…Since the women’s complaints were officially deemed false, they weren’t grounds for discussion — not even by the complainants themselves.

Quest first tried to control the rising issue by holding community meetings and responding to concerned parents. But as rumors spread, the school cracked down on accusers. Koenderman sent emails to the complainants reminding them that, under the Human Rights Policy’s confidentiality code, they were not allowed to “divulge any details of the complaint including the identity of the other parties.” President Helfand warned a school newspaper reporter who was investigating the issue to be wary of publishing libel, and called an outspoken student named Brendan into his office for posting incendiary comments on a private Facebook page for Quest students under a discussion about a Feministing blog post called “Don’t Be Friends With Rapists.”

“I’m tired of seeing Quest act as a safe space for serial rapists,” Brendan wrote. “We need to get these rapists out of our community ourselves or they are going to keep raping our friends.”

Brendan said he thought Helfand wanted to meet with him to discuss ways to more effectively address sexual assault on campus. Instead, Brendan said, Helfand angrily told him the school interpreted his comment as a threat against the alleged perpetrators, and said Quest could report him to the police for “inciting violence” unless he removed the post.


Race and the Execution Chamber

The national death-row population is roughly 42 percent black—nearly three times the proportion in the general population.

by Matt Ford

Unchecked by the judiciary, the death penalty’s racial discrepancy survived and thrived. Eleven years after McCleskey, Baldus studied 667 homicides in Philadelphia between 1983 and 1993 and found that black defendants there were nearly four times likelier than white defendants to receive a death sentence for the same crimes. Racial disparities in crime rates aren’t a factor in this because homicide, the predominant capital offense, is an overwhelmingly intra-racial crime. Federal statistics show that 84 percent of white victims and 93 percent of black victims between 1980 and 2008 were murdered by someone of the same race. But death-row statistics don’t reflect those rates: Although roughly half of all U.S. homicide victims are black, more than three-quarters of victims of death-row defendants executed since 1976 were white.


What Everyone Gets Wrong in the Debate over Net Neutrality

by Robert McMillan

The net neutrality debate is based on a mental model of the internet that hasn’t been accurate for more than a decade. We tend to think of the internet as a massive public network that everyone connects to in exactly the same way. We envision data traveling from Google and Yahoo and Uber and every other online company into a massive internet backbone, before moving to a vast array of ISPs that then shuttle it into our homes. That could be a neutral network, but it’s not today’s internet. It couldn’t be. Too much of the traffic is now coming from just a handful of companies.


The Bad

Rage Against the Outrage Machine

The most searing critiques of George Will’s much-maligned column on rape misrepresent his arguments, illustrating a common flaw in American public discourse.

by Conor Friedersdorf

Of course, Will was talking about “victim status,” not victim status. But the point still holds.

Who cares if the Supreme Court is bad at computers?

I wasn’t expecting my last post to pick up so much traffic. I had no idea that SCOTUS tech ignorance was news to other people, and although I do love making fun of judges at any appellate level, my write-up was more geared towards punching down that awful Mashable article. But the takeaway for most people was the ignorance of the justices — which, to be fair, is pretty astounding.

Both Brian Fung over at the Washington Post and Tim Lee at Vox have already made this point, which was perhaps buried in my original post: tech savviness is a secondary consideration when deciding cases like these. This is the Supreme Court, not the Apple Genius Bar. The important thing about Aereo is how it fits into the pre-existing universe of copyright case law, and how Supreme Court precedent will affect existing and future technologies, not how Aereo in particular actually works.

Of course, it could be pretty bad if the justices literally did not understand how Aereo works. I don’t think this is the case. After all, the briefs made it as clear as possible, and Clement and Frederick both spent time talking about Aereo’s technology during oral argument.

In fact, Clement (counsel for the broadcasters) went through this drawn out analogy about valet parking that kind of went nowhere and landed very poorly — but part of why it landed poorly was that the analogy didn’t say anything about whether Aereo should or shouldn’t be legal. All it did was elaborate how Aereo is different from other kinds of services. I think Clement might have been braced for endless and painful explanations of technology, and thought this was what oral arguments would focus on. I’d bet that Clement himself had a rough time understanding Aereo’s technology, and this very analogy might have been the one that made it clear to him. But the justices didn’t really care — they had read the briefs and they understood the tech well enough to move onto the actual legal issues that matter.

And that’s all that’s needed. A justice doesn’t need to know how to code, or the names of every cloud service in existence in April 2014, or whether or not HBO is a distant signal. There are certain technical details that can make or break a correct legal understanding, but as long as the judge and the attorneys are careful, no one is going to make a stupid mistake.

That is, of course, a HUGE caveat. If it were better known in the federal judiciary that “incrementing a URL” is incredibly common and simple to do, Weev would not have spent time in prison.

In the copyright context, one might worry about details like the role and frequency of temporary copies in streaming. If you don’t know jack shit about how streaming works, you might make the terrible error of penalizing a service for hosting temporary copies. (Fortunately, provisions giving temporary copies slack are codified in several relevant portions of the law, but this issue pops up way too often for my personal comfort).

Another thing I often think about is how § 1201 isn’t meant to cover technological protection measures (aka DRM) that are not “effective.” So what do we say about 7 lines of code that can circumvent DRM? Is that DRM still “effective” under the statute? And how is a tech-ignorant layperson supposed to judge whether a mechanism that can be broken with 7 lines of code is ineffective or not? When each side trots out its experts — one side saying that 7 lines is nothing and the DRM is clearly ineffective; the other side saying that the number of lines is no indication of how easy the solution is — what frame of reference are you supposed to lean on to figure out who to believe?

I disagree with Tim when he says that cluelessness is good. I do get his broader point: the Supreme Court is a court of generalists, and we don’t necessarily want specialists to be calibrating huge general legal systems for the entire population. Indeed, just look at the Federal Circuit and what they’ve done to patent law. (E.g., it is now a shitshow). That’s what can happen when you give people who “aren’t clueless” broad power over a legal system. The judges on the Federal Circuit come from a bubble of specialists, and their sensitivity towards broad public interest considerations is going to be different than if they came from a larger pool of generalists.

But when it comes down to it, I think tech-savvinness can’t hurt. Having a little background knowledge about the new digital reality of people’s day-to-day lives helps fill in the gaps without having to pore over the briefs, helps one’s intuition to go off with that gut feeling of “Hey, this would be weird” a lot faster.

I do worry that SCOTUS tech-unsavviness is going to be a problem. But in the case of Aereo, I think the attorneys and the justices did their due diligence. My feeling from oral arguments is that they got it. They understand where Aereo fits in the copyright universe, they understand the preceding cases that have given rise to this particular case, they understand that this case could have broad unintended consequences. Yesterday I was most impressed with something Breyer said — he talked about the first sale doctrine in oral arguments. First sale! In a case that has nothing to do with first sale! Breyer knows that as our media consumption shifts to streaming and the cloud, consumer rights as embodied in ownership of physical copies are being degraded. Breyer is on the money and I have my fingers crossed that he’ll write the opinion for this one.

But you know what? I still don’t think that Breyer knows shit about computers.

I’m just not super bothered by that.

errata for the post that went unexpectedly viralish

So I never expected that post about Mashable and the Supreme Court to be widely read. I wrote it very late at night (I think I made the last edits around 1 am?) after a very long day that began with me waking up at 4 am on a sidewalk in front of the Supreme Court. So 1) the writing isn’t that great and I really could have used a copy-editor; 2) I made some quasi-mistakes — really I think they’re just points that are unclear and could use some longer commentary:

Continue reading