No, that's my response to your question about how you could dox a journalist.
Now, Krebs doxed people in the past who didn't want their true identities revealed. Often because those people were up to no good, but sometimes Krebs went a bit overboard in my opinion.
More in general, and I am not saying Krebs ever did this, there are valid reasons why people might not want their true identities widely revealed. Think whistleblowers, some critical journalists, etc.
A more general definition of doxing would be "publish personal information that the people to whom this information belongs did not give consent to publish". As such, I don't see doxing as generally evil, it depends on the kind of information and context. Out a criminal? OK. Out a journalist? Probably not OK.
Krebs does indeed habitually doxx alleged criminals. There's a perfect example just a ways down from TFA: "Meet the World’s Biggest ‘Bulletproof’ Hoster".[0]
And he doesn't just rely on public sources:
> KrebsOnSecurity uncovered strong evidence to support a similar conclusion. In 2010, this author received a massive data dump from a source that had hacked into or otherwise absconded with more than four years of email records from ChronoPay — at the time a major Russian online payment provider whose CEO and co-founders were the chief subjects of my 2014 book, Spam Nation: The Inside Story of Organized Cybercrime.
> Querying those records on Yalishanda’s primary email address — stas_vl@mail.ru — reveal that this individual in 2010 sought payment processing services from ChronoPay for a business he was running which sold counterfeit designer watches.
Where by "habitually doxx", you mean "reports", which is what reporters do. When it's Fortune 500 executives or politicians, we seem to have no problem with this behavior; in fact, we get mad when it doesn't happen. But when it's someone in our "tribe" getting reported on, there's this whole new set of rules that supposedly applies. It seems like special pleading to me.
Sure, that's what some journalists do. But Krebs' thing is being a grey-hat vigilante. He does social engineering on forums. He trades data with other vigilantes.
> ... you mean "reports", which is what reporters do ...
So this doxx site just reports on people, no?
The distinction between him and the doxx site he writes about is subtle.
I'm sorry, but you're confusing two different concepts. In one instance, Brian Krebs uses public, open sources to discover the true names behind pseudonymous Twitter users; in another, people post home addresses and phone numbers.
I'm not asking why it would violate a norm to post home addresses or phone numbers; it's clear to me why that's problematic.
I'm asking what obligation Krebs has to pretend he doesn't know who a Twitter user is, when that information is available to anyone who knows how to consult public sources to find it. Why is Krebs obligated to help someone remain pseudonymous? It seems clear to me that he is not.
Most doxers use public, open sources to discover the true names behind pseudonymous users. And their addresses. People make mistakes, sometimes even about other people's data. Sometimes people have no choice because a lot of the information is public record.
That isn't an excuse for compiling this information and publishing it as wide a possible. You still have to consider the implications if you want to act morally and in good faith.
Think of the stupid pseudonymous twitter user who made a really abhorrent, ill-considered joke and the people used "public information from public sources" to first get to their real identity and then crawl further until they find their employer and get the person fired. The person who did the research and then started the witchburning by publishing the information so that every other bored twitter user could write easily write a mean email to the employer should have considered what compiling and publicizing that dox could do.
Also, I think Krebs does take this into consideration, and is generally acting in good faith and with consideration, it's just that I disagree with his conclusion sometimes.
I'm still lost. What obligation does Brian Krebs have to pretend that the real identity of a pseudonymous Twitter user isn't discoverable from open sources, or to help conceal that identity? I submit that he has no such obligation, but that message board people like to pretend that he does, and that contravening that norm constitutes the real-world offense of "doxxing". Baloney, I say. Am I wrong? Educate me.
If he's posting home phone numbers or addresses, I'm clear on what the problem is. But if you have a public LinkedIn profile and don't have the OPSEC to keep public sources from linking your secret Twitter handle to that profile, I don't see any problem at all.
Exposing the real names of anonymous/pseudoanonymous people, regardless of whether it's hard to find out (given that many people suck at opsec), is probably the most common scenario people refer to when using the word "doxing".
"researching and broadcasting private or identifying information (especially personally identifying information) about an individual or organization"
I don't care what you call it. If that's what "doxing" means, then I don't know why Krebs would ever be obligated not to "dox". What I see here is a motte and bailey argument where the argument people seem to want to make is that everyone in the world is obliged to honor message board norms that say the real identities of pseudonymous people can't ever be revealed, but when that's challenged, they retreat to the banal argument that the personal addresses and phone numbers of journalists shouldn't be circulated on sites that encourage SWATting.
I'm not talking about personal addresses and phone numbers. I'm talking about names and public LinkedIn profiles.
You're asking what one form of doxing has to do with another? Well... they're both forms of doxing. You seem to arbitrarily consider one form a problem, but not the other.
That is correct. Just because you apply some name with negative message board valence to a set of conduct, that doesn't by itself make it reasonable to condemn every behavior in that set. This seems pretty obvious to me. What am I missing?
Now, Krebs doxed people in the past who didn't want their true identities revealed. Often because those people were up to no good, but sometimes Krebs went a bit overboard in my opinion.
More in general, and I am not saying Krebs ever did this, there are valid reasons why people might not want their true identities widely revealed. Think whistleblowers, some critical journalists, etc.
A more general definition of doxing would be "publish personal information that the people to whom this information belongs did not give consent to publish". As such, I don't see doxing as generally evil, it depends on the kind of information and context. Out a criminal? OK. Out a journalist? Probably not OK.