The same obligation that those "neo-nazis" have to maintain the anonymity of the journalists they dox on that doxbin, more or less. (I'm not condoning swatting.)
2. Linked article is poorly written and unclear as to what actually happened and the context. If I'm reading it correctly it looks like everyone was using a real name associated with their online work anyway.
3. In any case mentioning someone's name and town in a Twitter fight is a world away from systematically organizing armed SWAT police calls to journalist's homes, physically threatening them or have them falsely arrested because they write about white supremacists and terrorism.
You post their home address. Their private phone number. And the same of their spouses. And their parents. And the address of the school their children visit. And the route they usually take to work. etc.
Then the bad person hacks their icloud and dropbox and releases their private pictures and videos, the naughtier the better.
And yes, all of that happened recently in Germany mostly to some prominent politicians, who also use their own names in public really often.
No, that's my response to your question about how you could dox a journalist.
Now, Krebs doxed people in the past who didn't want their true identities revealed. Often because those people were up to no good, but sometimes Krebs went a bit overboard in my opinion.
More in general, and I am not saying Krebs ever did this, there are valid reasons why people might not want their true identities widely revealed. Think whistleblowers, some critical journalists, etc.
A more general definition of doxing would be "publish personal information that the people to whom this information belongs did not give consent to publish". As such, I don't see doxing as generally evil, it depends on the kind of information and context. Out a criminal? OK. Out a journalist? Probably not OK.
Krebs does indeed habitually doxx alleged criminals. There's a perfect example just a ways down from TFA: "Meet the World’s Biggest ‘Bulletproof’ Hoster".[0]
And he doesn't just rely on public sources:
> KrebsOnSecurity uncovered strong evidence to support a similar conclusion. In 2010, this author received a massive data dump from a source that had hacked into or otherwise absconded with more than four years of email records from ChronoPay — at the time a major Russian online payment provider whose CEO and co-founders were the chief subjects of my 2014 book, Spam Nation: The Inside Story of Organized Cybercrime.
> Querying those records on Yalishanda’s primary email address — stas_vl@mail.ru — reveal that this individual in 2010 sought payment processing services from ChronoPay for a business he was running which sold counterfeit designer watches.
Where by "habitually doxx", you mean "reports", which is what reporters do. When it's Fortune 500 executives or politicians, we seem to have no problem with this behavior; in fact, we get mad when it doesn't happen. But when it's someone in our "tribe" getting reported on, there's this whole new set of rules that supposedly applies. It seems like special pleading to me.
I'm sorry, but you're confusing two different concepts. In one instance, Brian Krebs uses public, open sources to discover the true names behind pseudonymous Twitter users; in another, people post home addresses and phone numbers.
I'm not asking why it would violate a norm to post home addresses or phone numbers; it's clear to me why that's problematic.
I'm asking what obligation Krebs has to pretend he doesn't know who a Twitter user is, when that information is available to anyone who knows how to consult public sources to find it. Why is Krebs obligated to help someone remain pseudonymous? It seems clear to me that he is not.
Most doxers use public, open sources to discover the true names behind pseudonymous users. And their addresses. People make mistakes, sometimes even about other people's data. Sometimes people have no choice because a lot of the information is public record.
That isn't an excuse for compiling this information and publishing it as wide a possible. You still have to consider the implications if you want to act morally and in good faith.
Think of the stupid pseudonymous twitter user who made a really abhorrent, ill-considered joke and the people used "public information from public sources" to first get to their real identity and then crawl further until they find their employer and get the person fired. The person who did the research and then started the witchburning by publishing the information so that every other bored twitter user could write easily write a mean email to the employer should have considered what compiling and publicizing that dox could do.
Also, I think Krebs does take this into consideration, and is generally acting in good faith and with consideration, it's just that I disagree with his conclusion sometimes.
Exposing the real names of anonymous/pseudoanonymous people, regardless of whether it's hard to find out (given that many people suck at opsec), is probably the most common scenario people refer to when using the word "doxing".
"researching and broadcasting private or identifying information (especially personally identifying information) about an individual or organization"
I don't care what you call it. If that's what "doxing" means, then I don't know why Krebs would ever be obligated not to "dox". What I see here is a motte and bailey argument where the argument people seem to want to make is that everyone in the world is obliged to honor message board norms that say the real identities of pseudonymous people can't ever be revealed, but when that's challenged, they retreat to the banal argument that the personal addresses and phone numbers of journalists shouldn't be circulated on sites that encourage SWATting.
I'm not talking about personal addresses and phone numbers. I'm talking about names and public LinkedIn profiles.
At issue is a site called the “Doxbin,” which hosts the names, addresses, phone number and often known IP addresses, Social Security numbers, dates of birth and other sensitive information on hundreds of people — and in some cases the personal information of the target’s friends and family.
2. Linked article is poorly written and unclear as to what actually happened and the context. If I'm reading it correctly it looks like everyone was using a real name associated with their online work anyway.
3. In any case mentioning someone's name and town in a Twitter fight is a world away from systematically organizing armed SWAT police calls to journalist's homes, physically threatening them or have them falsely arrested because they write about white supremacists and terrorism.