It’s official: doxing now translates into French as “malicious disclosure of personal information”. Here is what you need to know about this harmful practice, liable to heavy criminal prosecution in France.
We can never say it enough: you have to be extremely careful with what you publish on the Internet! Indeed, each small insignificant piece of information, associated with the many others that abound without our realizing it on the Web and with the mass of users, can have serious consequences. This is particularly the case with the practice of doxing – also spelled doxxing, the contraction of “docs” (documents) and “drop” (to drop) – a term which designates the act of revealing the sensitive information of a person, such as their real name, postal address, telephone number or place of work, publicly, including on the Internet. Malicious people usually use it to harass, threaten or get revenge.
If the term doxing dates from the 90s, it was not until February 24, 2023 that it was entitled to a French equivalent: “malicious disclosure of personal information”. Indeed, the French Language Enrichment Commission (CELF) has published in the Official Journal a new list of foreign words commonly used, particularly in the fields of computers and the Internet, such as sextortion (sexual blackmail), credential stuffing attack (cyber attack by mass sending of identifiers), smishing (phishing by text message) or even stalkware (tracking software).
Doxing: a dangerous practice with serious consequences
Now, doxing officially translates to “malicious disclosure of personal information”, also abbreviated as “malicious disclosure”, and refers to the “dissemination of personal information concerning a third party, which is carried out without their consent and exposes them to a risk” – this is the case, for example, if the postal address is disclosed or if the victim is subjected to cyberbullying. To find this famous information, the doxers can comb the Internet in search of the smallest element, in particular on the social networks, which they will assemble – which can make it possible to discover the true identity which hides behind a pseudonym for example. They can also buy them on the Dark Web, find them by hacking major platforms or through phishing campaigns. More rarely, it may be a relative who already has the information.
Malicious people can resort to doxing following an online argument, to get revenge, to harass a person and even for “fun”. These attacks can be quite benign, such as fake mail registrations or home deliveries of – many – pizzas, but they can also be very dangerous, such as cyberbullying – which can lead to suicide –, physical harassment of the victim or those close to him, identity theft, death threats, etc. Recently, the practice of swatting has grown in popularity – especially with streamers, as cybercriminals seek to disrupt live streaming. This involves calling the police to report a serious emergency, such as a bomb threat, kidnapping or hostage situation, to the address of the victim. An intervention team is then dispatched to the scene and acts accordingly. Unfortunately, some cases of swatting have already ended in the death of the victim…
Doxing: an offense liable to heavy prosecution
Even if the practice of doxing dates back several decades, it is still present and, worse, it is becoming widespread thanks to the development of the Internet and increasingly connected generations. More recently, the malicious disclosure of personal information has become a popular tool among activists, with some not shy about going after people with opposing ideologies – and it works on both sides. Many celebrities, journalists, but also influencers are regularly affected by this practice.
However, doxing is a crime in France. Until 2020, the malicious disclosure of personal information was not defined in the Penal Code and was therefore not punishable as such, even if it could fall under, depending on the operating methods used, several criminal offences, such as invasion of privacy, slanderous denunciation or breach of the secrecy of correspondence. In 2021, the legislation was updated to specifically penalize leaks of personal data aimed at harming a third party, in particular following the case of Samuel Paty, a teacher who was the target of threats from parents of students accusing him of to be a “thug” and a “sick” for showing cartoons in class, as part of a course on freedom of expression. Following the disclosure of the name and address of the school in which he worked, the man was murdered.
Also, since August 25, 2021, article 223-1-1 of the Penal Code criminally punishes the fact of revealing the identity of a person on the Internet as well as personal information concerning them with the aim of harming them, with a penalty of up to 3 years in prison and a fine of 45,000 euros. In the event of aggravating circumstances (minor, pregnant woman, handicap, journalist, elected representative, person holding public authority, etc.), the sanction can go up to 5 years in prison and a fine of 75,000 euros. If you ever think you are or are a victim of doxing, immediately change all your passwords and enable two-factor authentication. You can report the problem to the platforms that host your information, as some of them, like Facebook and Twitter, have terms of service against doxing and must suspend the accounts of the authors. You can also, if things go further, change your phone number, keep the evidence carefully and, above all, contact the competent authorities.