Disclaimer - I am not a lawyer; be sure to seek legal advice from a legal professional if you need help.
In support of Montoya being the great leader he is. I do not want to take away from his doxxing discussion but you need to know this is illegal activity and there are laws for it. Some are by country, state, or local. When someone doxxes someone online, the legal requirements may be in your favor as a victim.
The laws have changed significantly over the years, with people being targeted online. As many of you know, I am in the cyber security field and have been for over 15 years. Corporations take PII (personally identifiable information) very seriously, and they are liable for any PII leaks/mishandled information/etc. This is where Doxxing comes in... we all know there are websites (brokers) that sell information about people. Most of the brokers are legit and operate professionally. Sometimes, bad people get this information and use it maliciously. If that happens, there are laws on the books for the United States, and I know that the EU also takes PII very seriously with GDPR (General Data Collection Protection Regulation).
What is PII
In 2016, the Interstate Doxxing Prevention Act was introduced into Congress. Unfortunately, the sponsor passed a year later, and the bill was never fully adopted. Fortunately, some of the contents of the bills were moved to other legislation.
This article helps address some of it.
www.digitaltrends.com
Aside from the PII issue, doxxing can be a form of stalking - which is a federal crime. So, if you're interested in learning more "google" away... there is a ton of documentation out there.
My lessons learned over the years hunting APTs align with all the other recommendations, but I would say go one step further and try to remove your data from the "data brokers." I pay about $100 a year for this service, and I have noticed the number of those distracting spam phone calls go down since I have done it.
References - simple searches
www.digitaltrends.com
www.csoonline.com
www.csoonline.com
https://https://www.csoonline.com/article/562599/how-to-protect-pii-under-gdpr.htmlgdpr-info.eu
www.aclu.org
In support of Montoya being the great leader he is. I do not want to take away from his doxxing discussion but you need to know this is illegal activity and there are laws for it. Some are by country, state, or local. When someone doxxes someone online, the legal requirements may be in your favor as a victim.
The laws have changed significantly over the years, with people being targeted online. As many of you know, I am in the cyber security field and have been for over 15 years. Corporations take PII (personally identifiable information) very seriously, and they are liable for any PII leaks/mishandled information/etc. This is where Doxxing comes in... we all know there are websites (brokers) that sell information about people. Most of the brokers are legit and operate professionally. Sometimes, bad people get this information and use it maliciously. If that happens, there are laws on the books for the United States, and I know that the EU also takes PII very seriously with GDPR (General Data Collection Protection Regulation).
What is PII
- Full name
- Social Security Number (SSN)
- Driver's license
- Mailing address
- Credit card information
- Passport information
- Financial information
- Medical records
- Zip code
- Race
- Gender
- Date of birth
- Place of birth
- Religion
In 2016, the Interstate Doxxing Prevention Act was introduced into Congress. Unfortunately, the sponsor passed a year later, and the bill was never fully adopted. Fortunately, some of the contents of the bills were moved to other legislation.
This article helps address some of it.
Congress is considering a new bill that would outlaw doxxing and swatting
Revenge porn, swatting, and doxxing may soon be illegal, as a new proposed bill would outlaw the practices at the federal level.
www.digitaltrends.com
Aside from the PII issue, doxxing can be a form of stalking - which is a federal crime. So, if you're interested in learning more "google" away... there is a ton of documentation out there.
My lessons learned over the years hunting APTs align with all the other recommendations, but I would say go one step further and try to remove your data from the "data brokers." I pay about $100 a year for this service, and I have noticed the number of those distracting spam phone calls go down since I have done it.
References - simple searches
Congress is considering a new bill that would outlaw doxxing and swatting
Revenge porn, swatting, and doxxing may soon be illegal, as a new proposed bill would outlaw the practices at the federal level.
www.digitaltrends.com
What is doxing? Weaponizing personal information
Doxing (or doxxing) is the practice of posting someone's personal information online without their consent and typically with the intention to intimidate, humiliate, or harass the victim.
www.csoonline.com
How to protect PII under GDPR
The EU's General Data Protection Regulation requires companies to protect the privacy of their EU customers. That means keeping personally identifiable information (PII) safe. Here's what you need to know.
www.csoonline.com
Some Steps to Defend Against Online Doxxing and Harassment | ACLU
Digital attacks are on the rise — but you can help defend your community.
www.aclu.org
Last edited:
