The definition of doxing is the publication of a physical residential address, or information protected by law (social security numbers, medical records, and so forth).

***

Abusive people love claiming they’ve been doxed.

Here, I have to acknowledge that I’m pulling a similar move. The word “dox,” like “abuse,” is infused with fear and panic. A popular stance is that doxing is strictly unacceptable. It is the great taboo of the Internet. Similarly, who on earth would defend abuse?

But while we engage in some level of productive discourse on what counts as abuse and what abusive dynamics actually are (though not nearly enough!), there is very little productive discourse on what doxing actually is.

Doxing has taken on a deeply nebulous and completely unhelpful definition, mostly thanks to abusers exploiting the hell out of the word.

Let’s take a look at the evolution of “doxing” or “doxxing,” starting with a textbook example of doxing. In 2007, Kathy Sierra was fully doxed—her Social Security number, her physical address, and much much more was all posted online with malicious intent. Yet the term “dox” was not commonly associated with what happened to her until many years later.

The strict “hacker” definition of “dropping dox”/“dropping docs” involves the publication of documentation, which can include addresses, phone numbers, financial information, medical records, and emails. Schneier dates the term back to 2001 (confined mostly to hacker circles, I imagine), but some people have given me anecdotal and unconfirmed accounts of it being used in the mid-to-late 1990s.

The word burst into the mainstream in 2012 (although it had been used in previous articles in 2011 in the newspaper), as documented by The New York Times’s “Words of 2012.” The NYT defines “dox” as

DOX: To find and release all available information about a person or organization, usually for the purpose of exposing their identities or secrets. “Dox” is a longstanding shortening of “documents” or “to document,” especially in technology industries. In 2012, the high-profile Reddit user Violentacrez was doxed by Adrian Chen at Gawker to expose questionable behavior.

Between 2001 to 2012, “dox” undergoes a remarkable dilution. It starts out as an information dump that includes physical addresses, social security numbers, financial information, and other information protected by law and/or acquired in ways criminalized under federal and state law. Then it comes to mean “unmasking.”

Adrian Chen did not publish Michael Brutsch’s address. He did not publish his SSN. He did not hack and publish Brutsch’s personal documents. He merely outed Michael Brutsch as Michael Brutsch.

Depending on the circumstances, outing someone can be quite dangerous and is unwarranted or immoral. But that depends on the circumstances. When an abusive anonymous individual is terrorizing individuals that go by their real names on the Internet, it is sometimes better for everyone that that person be unmasked. An unmasking can make people safe, even if the abusive anon is not arrested, reported, or even fired from his workplace. Unmasking can deter an abusive personality from serially harassing people out of a community.

For a word so infused with moral authority, “dox” should not encompass actions that are often justifiable depending on the circumstances.

Unmasking someone by their full name, identifying someone by their first name, identifying their place of work, or screencapping e-mails are not doxing. They are—once again, depending on the circumstances—possibly abusive things to do. But they are not doxing.

Do you know what is an abusive thing to do? To expand the definition of doxing in order to harness public outrage without having to actually discuss the circumstances in which you have been exposed.

While the definition of “harassment” remains nebulous, there is no reason that “dox” should be diluted.

The definition of doxing is the publication of a physical residential address, or information protected by law (social security numbers, medical records, and so forth).

A similar analysis will appear in my forthcoming Internet of Garbage, published as an ebook through Forbes.