This is part of training material released by The New York Times.

For more information, please

read this article on NYT Open and see this resource guide. If you wish to make changes to this
doc, please make a copy using the dropdown menu under “File” above.

A Guide to Doxxing Yourself on

the Internet
Threats Online
Doxxing
Social Engineering

Search Engines
Google & Bing Search Operators
Bing Search Operators
Google Alerts

Public Records and Data Brokers

Tips for Opting Out
Data Broker Sites and Opt-out List

Social Media
Identify your Social Media Accounts
Searching on Facebook
Searching on Twitter
Searching on Instagram
Searching on LinkedIn
Securing your accounts

Additional Resources

Threats Online

Doxxing
Doxxing is a low-level tactic commonly used by malicious actors online to acquire and expose the
personal information of public figures. This tactic is used by many different types of people on the
internet, including cybercriminals, hacktivists, trolls and hacking groups. Doxxing is now a normal
tactic used to target journalists. This information is commonly available through a mix of public
records, social media accounts and publications. The publishing of private information can lead to
physical security threats.

Social Engineering
Social Engineering is a tactic where the attacker poses as a trusted individual in order to gain
access to sensitive information. Attackers use information that is easily found online through
social media, search engines and public record to build a believable pre-text for their attack. They
execute this type of attack via the phone, through a phishing email or message, or in-person.
Limiting your personal information online can curb these types of targeted attacks.

Search Engines
Search engines are usually the starting point for criminals looking to target people online. Search
engines are used as initial recon to gather basic info about an individual. Data found is often used
as pivot points to find other data.

Checking for your personal information on a search engine also gives a good overview of the
data that is the quickest and easiest to find about yourself. We recommend leveraging search
operators to give you specific results. We’ve outlined the ones we find most useful below.

Google & Bing Search Operators

Operator What it searches Example

Site Provides results of pages located site:linkedin.com
on a specific domain

AND/OR Use the AND operator to return “John Smith” AND (Portland OR Salem)
results containing two results.
Use the OR operator to return
results that contain one result or
the other result.

Asterisk Google treats the asterisk as a “John * Smith”

placeholder for a word or words
in a search string.

Hyphen This operator allows you to “John Smith” -site:yournewssite.com

exclude the text immediately
 following it.

Filetype Filter search results by a single filetype:xls intext:you@youremail.com

file type extension

Common File Types:

● DOC/DOCX
● XLS/XLXS
● PPT/PPTX
● TXT
● JPG/JPEG/PNG (Image
files)
● PDF

Bing Search Operators

Operator What it searches Example

LinkFromDomain Creates results that link to every LinkFromDomain:website.com
website within a website.

Contains Allows you to filter search results Contains:csv site:website.com

by a single file type extension on a
specific website.

Google Alerts
Google Alerts are a great way to keep tabs on new information that is indexed by Google. Google
search operators can be used in Google Alerts for more specific alerts on your data.

Once you’re signed into your Google account, you can set up Google Alerts here:
https://www.google.com/alerts

Public Records and Data Brokers

After searching for your information on a search engine, you will likely find results pointing to a
website run by a data broker. These sites use public records to aggregate information about you.
This often includes current and previous addresses, phone numbers, names of family members,
or previous names (If you’ve changed your name). See if you can find profiles of yourself on these
sites and consider taking steps to opt out.
Below is a list of sites that aggregate personal data from various sources. Many of these sites
offer that data for sale, and some provide it for free. The New York Times Information Security
team has vetted the sites below, meaning that we are comfortable recommending you to engage
with them to remove your data, and we are confident that they will remove your data.

Tips for Opting Out

Please note that some of these sites will request you provide some personal data to opt
out, such as email address, phone number, and address. Here are some tips for engaging
with them:

✓ Only provide a site with the data they already have about you. If you see that they
have an old home address, do not provide them with a current address, just provide
them with the address they already have listed.
✓ We recommend providing a less-frequently used email address. Setting up a burner
email or opting out is a great way to ensure your email won’t receive a bunch of
spam.
✓ If you are concerned about providing your phone number, consider setting up a
Google Voice or other voice over IP (VoIP) account.

Data Broker Sites and Opt-out List

Site name Website Opt out link Notes

CheckThem https://checkthem.com https://www.checkthe

m.com/optout/

Voter Records https://voterrecords.com https://voterrecords.c Look at the “How

om/faq can I remove my
information from
VoterRecords.com?
” section.

Persopo https://persopo.com/ http://info.persopo.co

m/opt-out.html

Radaris https://radaris.com https://joindeleteme.c You are required to

om/help/kb/how-to-re create an account
 move-yourself-from-ra when removing
daris/ data from Radaris.

Fast People https://www.fastpeoplesearc https://www.fastpeopl

Search h.com esearch.com/removal

Intelius https://www.intelius.com/ https://www.intelius.c

om/optout

Neighbor Report https://neighbor.report https://neighbor.repor

t/remove

White Pages https://whitepages.com https://www.wikihow.c

om/Remove-Your-Listi
ng-on-WhitePages

Family Tree Now https://www.familytreenow.c https://www.familytree

om now.com/optout

Nuwber https://nuwber.com https://nuwber.com/re

moval/link

Spokeo https://www.spokeo.com https://www.spokeo.c

om/optout

Instant https://www.instantcheckmat https://www.instantch

Checkmate e.com eckmate.com/opt-out

Peoplefinders https://www.peoplefinders.co https://www.peoplefin

m ders.com/manage

MyLife https://mylife.com https://joindeleteme.c

om/help/kb/how-to-re
move-yourself-from-m
ylife/

Been Verified https://www.beenverified.co https://www.beenverif

m ied.com/f/optout/sear
ch
 PeekYou https://www.peekyou.com https://www.peekyou.
com/about/contact/op
tout

People Search https://www.peoplesearchno https://www.peoplese

Now w.com archnow.com/opt-out

TruthFinder https://www.truthfinder.com https://www.truthfinde

r.help/remove/

People Looker https://peoplelooker.com https://www.peoplelo

oker.com/f/optout/sea
rch

VerifyThem https://www.verifythem.com https://www.verifythe

m.com/optout

Advanced https://www.advancedbackgr https://www.advance

Background oundchecks.com/ dbackgroundchecks.c
Check om/removal

Anywho https://anywho.com Access profile and

click “remove listing”

Cubib https://cubib.com Once you select

your profile, select
“Opt out” on the
right of the profile.

PeopleSmart https://www.peoplesmart.co https://www.peoples

m mart.com/optout-go

This part of the process is the most time consuming. We recommend breaking the delisting
process out into more manageable chunks and setup a schedule to remove your information.

Your data may show up again. These sites are pulling data from public records and open
source, so if you move, get married, or make another life change, it’s possible your data
may repopulate on these sites. We recommend reviewing your information once a year and
removing any new records that may have appeared.
Social Media
Social media accounts allow malicious actors to gather specifics on things like your relationships,
hobbies, or travels. Social media accounts don’t often consider how transparency on their
platforms can lead to targeted attacks, so we have developed some guidance on locking down
the most commonly used platforms below.

Identify your Social Media Accounts

Enter your commonly used handles into https://namecheckr.com to see where that handle is
being used. This can help you discover old accounts you may have set up, as well as keep an
eye for impersonation accounts

Searching on Facebook
Until recently, Facebook allowed users to search for things such as public posts and photos that a
specific user had been tagged in. This information is still public but now more difficult to locate.
Your privacy on Facebook depends on how private your friends and family are.

Facebook’s internal search provides a limited set of options when it comes to searching
accounts. To get an accurate view of what is public, partner with someone who is not friends with
you on Facebook.

Tip | You must have a Facebook account and be logged in to search for other Facebook users.

Searching on Twitter
Twitter simple search: https://twitter.com/search-home
Twitter advanced search: https://twitter.com/search-advanced

Twitter Search Operators

from Messages username is sending from:username

out

to Messages being sent to from:username to:username

username

geocode Tweets occurring within range geocode:40.753830318,-73.9

of specific GPS coordinates 87329384,1km "search term
here"
 AND/OR Use the AND operator to return from:username OR
results containing two results. from:username
Use the OR operator to return
results that contain one result or
the other result.

since:YYYY-MM-DD Tweets occurring within a From:username

until:YYYY-MM-DD specific date range since:2005-01-01
until:2005-01-31

Searching on Instagram
Instagram recently made it more difficult to locate information about users who have private
accounts. The in app search field only shows users and hashtags related to search terms.

Searching on LinkedIn
Tip | If you are searching for others while logged into your profile, they will be able to see that
you viewed their profile with the default settings. Me > Settings & Privacy > Privacy > Profile
viewing options

LinkedIn’s built in search features can be difficult to customize and provides results based on
your interactions and connections. We recommend leveraging a search engine using custom
search operators for a better understanding of the publicly available information on LinkedIn.

Search engine operators examples for LinkedIn

● Site:linkedin.com “Your place of employment”
● Site:linkedin.com “Your LinkedIn headline”

Securing your accounts

Visit our Social Media Security & Privacy Guide for a list of recommended settings to lockdown
personal information on your social media accounts.

Additional Resources
Check to see if you email or username has been associated with a data breach at
https://haveibeenpwned.com/

To search the Internet Archive for personal information use https://web.archive.org/

IntelTechniques Data Removal Handbook: https://inteltechniques.com/data/workbook.pdf