Definition: Divulging someone's personal information, like location, in order to harass them.
Legal Status:
Can be illegal
Platform ToS:
Violates Policy
Victim Visibility:
Contextually Sensitive
TSPA Abuse Type:
User Safety: Harassment and Bullying

Doxxing refers to the deliberate public disclosure of someone's private or personal information (typically their location or address) without their consent. Doxxing is typically maliciously, to harass, humiliate, or intimidate the victim. The release of location information is itself a violation because it can then lead to various severe outcomes, including credible threats of violence, stalking, and swatting. It is a thorny problem for trust and safety teams because it tends to be easily structured to avoid their protections:

  • Differentiating between legitimate and malicious uses of location sharing is challenging, given that location sharing and discovery is integral to many apps. Even human review in this context is of limited use, since a wide review of context and prior interactions and surrounding context may be necessary to ascertain the true intent of sharing of a location.
  • Doxxing is often done cross-platform, posting a threat to a user in one space, and publishing their location data in another. Even posts that link to external sources of location data (like maps) can be a significant confounding variable in building automations to prevent doxxing.
  • Lastly, the real-time nature of doxxing-related harm necessitates quick response mechanisms. 

The nature of the abuse does point toward some mechanisms for redress. Doxxing is often carried out by a small subset of users who engage in the activity repeatedly, so sharply escalating penalties on users who violate this policy can be an effective mitigation strategy. Additionally, platforms may benefit from systems that allow users to request immediate content takedown, with expedited review processes to mitigate harm as quickly as possible.

What features facilitate Doxxing?

A user self-representing their true identity (or being compelled to do so by a platform) is a prerequisite to doxxing.
Individuals' ability to represent themselves in a digital space.

How can platform design prevent Doxxing?

In many online contexts, sharing a location is never expected, so blocking it prevents unexpected platform uses.
Don't allow posting of Location
Use content filters to prevent users from posting addresses, latitude/longitude coordinates, or other location data.
If an address is found to be used in doxxing, it's probably prudent to not allow posting it in most contexts going forward.
Label/Detect Identical Content
For some features, duplicate data suggests misuse.
Allowing users narrow censorship over location data can minimize the efficacy of doxxing, and dissuade users from doing it.
Allow immediate location takedown
Enable any user to immediately censor a physical address from public content.
When a platform retains location data, it becomes possible to accidentally share or expose that data for misuses like doxxing.
Don't collect location data
Limit storage, retention, and sharing of location information including IP address.
Bulk Location Takedown Tools
Allow a user to scrub their profile of location data while leaving other data intact.
Is something missing, or could it be better?