The Washington PostDemocracy Dies in Darkness

‘Dox the powerful’: On @darth and the complex politics of anonymity online

A screenshot from @darth’s Twitter account on May 19. (Twitter)

For just over seven years, a little corner of Twitter has been enthralled with a mysterious entity known only as @darth. But as of this week, @darth could be a mystery no longer: Sam Biddle, the ever-inflammatory head of Gawker’s tech blog, Valleywag, has promised to out Twitter’s favorite meme-maker in a process known as “doxing.”

That odd word and its variant spellings (doxxing? d0xing?) may sound familiar, even if the exact players in this incident don’t. It’s essentially just Internet shorthand for revealing an anonymous person’s identity and personal details, ranging from home address and phone number to long-forgotten Facebook photos. But while doxing was once merely the stuff of message-board flame wars or vigilante trolling, it’s fast becoming a recourse for journalists, activists, cyberbullying victims — anyone with a nagging curiosity, an Internet connection and a couple of minutes on their hands.

In other words, just about everyone.

“Conventional media organizations know that revealing identity has power,” explained Anil Dash, a noted technologist and the repeat victim, incidentally, of several doxing attempts. “What’s new is the organized use of people’s private information for activism or harassment.”

That diverges from doxing’s early, pre-social-media origins, when outing another user’s identity served mainly as a sort of checkmate in comment-thread fights and other online disagreements. In one early incident, a combatant on an alpine skiing forum discovered an adversary’s real-life identity and employer, whom he phoned. (Both men eventually lost their jobs over the fracas.) Know Your Meme, the encyclopedia of Internet happenings, also reports a series of outings in the ’90s, when “it became a common practice to post another poster’s personal information (or PI).”

But in the mid-aughts — around the same time the Internet gave us “hacktivists” and, not coincidentally, the hacker collective Anonymous — “doxing” began to take on a slightly more altruistic overtone. Now Internet mischief-makers didn’t merely dox for personal gain; they were outing white supremacists, suspected child pornographers and government officials who criticized Wikileaks. Doxing became a favored tactic of groups like Lulzsec and Antisec, both of whom published tutorials on the subject. It helped that doxing requires only a basic level of technical skill, meaning would-be activists who hoped to jump on Anonymous’ bandwagon could help out without actually hacking anything. To quote one popular guide:

You’re probably thinking, ‘okay, so basically it’s getting information from searching someone’s email on Google right?’ In a sense yes, but there are actually easier ways to get someone’s information online …

Not surprisingly, since journalists are generally seeking people’s information — online and off it! — doxing has lately become a media pursuit, as well. Adrian Chen famously profiled Reddit master-troll violentacrez after discovering his real-life identity through an acquaintance. (Violentacrez, a.k.a. then-49-year-old Michael Brutsch, begged Chen during an interview not to reveal him.) And just last March, Leah McGrath Goodman’s Newsweek story on the identity of anonymous Bitcoin founder Satoshi Nakamoto was called doxing by some who disagreed with its tactics, including one of Goodman’s interviewees.

“Doxing has only negative connotations,” Wired’s Mat Honan wrote in a post following the Goodman controversy, “so when people use the word to describe the Newsweek story on Satoshi Nakamoto, they’re criticizing the reporter by comparing her to a criminal hacker.”

But while that certainly may have been true at one point, it isn’t necessarily anymore. For one thing, doxing’s most common tactics — Googling, reverse domain look-ups, Facebook graph-searches — are perfectly legal. (In my day, we just called that “Google stalking.”) More to the point, a vast number of practitioners clearly think they’re doxing for good, whether to promote a cause or extract vigilante justice on someone they believe has erred. Doxing outed the bullies of 15-year-old Amanda Todd, the Canadian girl who committed suicide in 2012. A pack of hacktivists also exposed the names of the teenagers involved in the Steubenville, Ohio, rape case, helping draw attention to an undercovered crime.

But even though both campaigns had good intentions, the dox was clearly a blunt tool — an instrument of power, and an imprecise one at that. At one point in the Amanda Todd case, the “hacktivists” in pursuit of Todd’s harasser published the name, home address and social media accounts of the wrong man. In the aftermath of the Steubenville case, doxers dug up the home address and Social Security number of a girl named Tashema Harris, the cousin and close friend of one of the teens found guilty in the attack. Harris’s perceived crime was tweeting an angry rap lyric, apparently in relation to the case. She was 15.

“People need to understand that there are going to [be] consequences for their actions online,” an Anonymous organizer told me at the time — insisting all the while that he remain anonymous himself.

Anonymity, after all, is a veil — a cover-up for all kinds of things, good and bad. Ripping that away is a power play. It’s saying, “you deserve to be exposed to the Internet’s interest and/or scorn.” It’s saying, “you do not have the right to your own identity.”

Perhaps that’s true, or should be true, in many cases: Trolls can be vicious and abusive, they can post morally repugnant, nonconsensual creepshots of underage girls, they can bully people who truly need defending. But in each case, there’s a judgment being made about what kind of speech and behavior is or is not okay, what kind of secrets are or are not worth keeping — and as with all such judgments, it’s important to remember who’s making them.

That brings us back to Sam Biddle and @darth, a harmless account beloved in large part for its quirky anonymity. Biddle, contacted by e-mail, did not clarify his intentions to The Post. But on Twitter, Anil Dash, the technologist, was one of many naysayers to shoot the idea down.

Dash says “dox the powerful” is basically a reformulation of that old journalism motto: “afflict the comfortable, comfort the afflicted.” But unlike old journalism, doxing has few gatekeepers, few barriers to entry, and few protections against whim or abuse.

“We’ve seen great social good come from people revealing the identity of bad actors in society, and had the ability to hold accountable those who otherwise wouldn’t have to answer for antisocial actions. But for the most part … doxxing is typically used to help bullies keep bullying,” Dash wrote. “One of the hardest parts of this issue is that the same mechanism is responsible both for holding people in power accountable and for keeping marginalized people from asserting themselves.”

Biddle, for his part, responded only: “Darth exerts more power than we might ever know.” Which, while surely a joke, may actually serve as the perfect summation of doxing’s ethical puzzle: When to deploy it, and why, and to whom, remains firmly in eye of the beholder.