Anyone entering this fascinating new industry will notice a unique culture in the crypto world – it is largely made up of people demanding change. But on social media, we see a lot of crazy avatars – from cartoon dogs to interstellar aliens.
On the surface, this may seem like harmless fun. But if we dig a little deeper, here are the individuals whose whole world is dedicated to learning about finance, regulation, and politics.
As we live our lives online, we reveal a lot about ourselves. Your favourite websites and social media networks are filled with personal information, photos, and geotags that tell the world who you are and where you are. Your footprints are all over the internet. If someone doesn’t like you and rushes to collect the crumbs, you can become a victim of doxxing.
What is doxxing?
The term “doxxing” derives from the term “dropping dox,” a retaliatory tactic used by hackers who drop malicious information about competitors.
Today, doxxing is used to shame or punish those who would instead remain anonymous because of their controversial beliefs or other types of non-mainstream activities.
Since most of us are not careful with the information we share on the internet, we tend to leave behind a series of breadcrumbs that cybercriminals can use to find out who we really are and then launch a series of malicious attacks.
Doxxing Methods and Common Techniques
Cybercriminals and trolls can be very inventive in how they attack you. They can use a clue and then follow along until they slowly unravel your online persona and reveal who you are.
The most common techniques include:
Packet sniffing is a hacking method in which a doxxer intercepts your Internet data, searching for valuable information about you such as emails, passwords, credit card details, crypto holdings etc.
Basically, the Doxxer connects to a network like Wi-Fi, breaches its security measures, and then intercepts all data going in and out of the network.
In addition, a malicious hacker can access this data in real-time, so whatever you type into the form appears on their screen simultaneously.
Analysing File Metadata
An attacker can learn a lot about you by looking at your file metadata. For example, if you go to the Details section of a Word file, you can see who created it, who edited it, when, and possibly even by which company.
Likewise, photos have EXIF
An IP logger is a tool used to spy on someone’s IP address. These loggers attach an invisible code to a message or email that, once the recipient opens the message, tracks their IP address and secretly sends it back to the IP logger.
1. Protect your IP Address with a VPN/Proxy
VPN, short for Virtual Private Network, acts as a filter for internet traffic. Traffic from your PC or other device goes into the VPN and is given its identifying properties, i.e. its IP address, location and other similar data. It even encrypts your data, making it impossible for your ISP to find your IP address.
For example, the IP logger does not show your real personal IP but the IP of the VPN.
A proxy server is a little different from a VPN, although it works similarly. A proxy server doesn’t encrypt your data as a VPN does, so the ISP always knows your real IP address. Because your internet traffic is not encrypted, it is also more vulnerable to hacking and other eavesdropping methods.
2. Don’t Use the Login with Facebook/Google Buttons
Most apps and websites that require you to sign in now use a Sign in with Facebook or Sign in with Google button.
But most importantly, you automatically provide website information associated with your Facebook/Google account, such as your current city, job, phone number, native language, family information, etc.
Of course, it’s not that convenient, but by entering your details manually, you can control the type of information a website holds about you.
It’s especially important to follow Facebook security best practices, protect all your social media accounts (including Instagram), and understand how cybercriminals crack Facebook, Instagram, and Snapchat passwords.
3. Don’t Use Your Email to Register on Forums or Other Similar Websites
Your primary email might contain your surname and first name. It’s a simple, professional combination. However, if anyone knows about it, your identity will be revealed immediately.
In most cases, forums have weak security, allowing malicious hackers to break into them and then leak the email used to register an account.
However, if the website publicly displays user emails, all an attacker needs to do is view your user profile.
4. Hide your data from a website’s WHOIS
Owning a blog or website requires registering an internet domain with some personal information. This information is then stored in a database called WHOIS.
The problem is that this database is public, which means anyone can see the information used to register for the site, including addresses, phone numbers, etc.
However, for a small fee, you can hide some of your personal information from public searches.
To edit your information, go to your domain registrar and see what options they offer you to keep your WHOIS information private.
5. Remove yourself from data broker websites
Some websites act as a kind of Yellow Pages. They scour the internet for data and collect it all in one place. This can include addresses, social media profiles, photos, phone numbers and emails.
Luckily, most of these places allow you to opt-out and delete any information they have about you. Unfortunately, it’s bad for business, so they make it as difficult and time-consuming as possible.
6. Make sure Google doesn’t have any personal information about you
This can be quite a daunting task as you have to compete against one of the biggest companies in the world.
Just google your name and see if you reveal your identity on internet forums, Reddit, niche social networks, message boards or other similar sites.
Delete any information you find, including accounts that are no longer valuable to you. If you don’t have access, ask your web administrator to do this for you.
Can you do it yourself?
You can, and you should. Doxxing yourself is the best way to see how much personal information there is on the internet. You can try to remove anything you don’t want available online.
- The best way to start is to google your name. Your social media accounts may appear first. While most of them you can’t do anything about (except changing your name to a nickname), some allow you to hide your profile from search engines. For example, you can do this on Facebook by unchecking the “Do you want search engines other than Facebook to link to your profile?”
- Next, conduct a targeted search. Google your name and other keywords like “phone number” or “address”.
- Make sure you only search your physical address, phone number, email address, and any nicknames you remember to see if your name is associated with any of them. You can find a data broker’s website that compiles your name, address, location history, phone number, and other personal information into a single file.
- Also, check the image results. If you don’t have a lot of photos online, you can do a reverse image search to see if it’s being posted where they shouldn’t be.
Of course, as an industry, we still have a long way to go. First, to expect mass adoption, we must allow ordinary people to feel comfortable about disclosing personal information while holding cryptocurrency, even if it might put them at risk. The complexity of the purchasing process and the use of digital coins must also be reduced. Digital currencies are a new form of value transfer for everyone, not just techies.
We also need to work on weeding out scammers and charlatans to make the space safer for all new and existing users. Education is also the key to security. Educate everyone you know about cryptocurrencies and how to stay safe online.