[rndgermandude]

Most doxers use public, open sources to discover the true names behind pseudonymous users. And their addresses. People make mistakes, sometimes even about other people's data. Sometimes people have no choice because a lot of the information is public record.

That isn't an excuse for compiling this information and publishing it as wide a possible. You still have to consider the implications if you want to act morally and in good faith.

Think of the stupid pseudonymous twitter user who made a really abhorrent, ill-considered joke and the people used "public information from public sources" to first get to their real identity and then crawl further until they find their employer and get the person fired. The person who did the research and then started the witchburning by publishing the information so that every other bored twitter user could write easily write a mean email to the employer should have considered what compiling and publicizing that dox could do.

Also, I think Krebs does take this into consideration, and is generally acting in good faith and with consideration, it's just that I disagree with his conclusion sometimes.

[tptacek]

I'm still lost. What obligation does Brian Krebs have to pretend that the real identity of a pseudonymous Twitter user isn't discoverable from open sources, or to help conceal that identity? I submit that he has no such obligation, but that message board people like to pretend that he does, and that contravening that norm constitutes the real-world offense of "doxxing". Baloney, I say. Am I wrong? Educate me.

If he's posting home phone numbers or addresses, I'm clear on what the problem is. But if you have a public LinkedIn profile and don't have the OPSEC to keep public sources from linking your secret Twitter handle to that profile, I don't see any problem at all.

[rndgermandude]

What obligation? A moral one. Do no harm.

[tptacek]

I do not have a general moral obligation to actively help shield you from the consequences of your own speech, however harmful they might be.

[rndgermandude]

I am rather speechless... This is just... wow.

[tptacek]

Go on? By the definitions being used on this thread, a good part of all of journalism constitutes "doxing".

[rndgermandude]

So what? Doxing isn't inherently evil or inherently good. It has to be seen in context, and it is your and my and the journalist's moral obligation to look at the context first and weigh the likely harm to the person you dox against the possible good it can do. And it doesn't matter if the information was kinda public in some obscure corner of the internet or some public record or commercial database before. Once you publicize their information, you create publicity and draw a target on that persons back.

Dox some criminal? OK, but you have to be sure your allegations have merit and you've done your due diligence[0]. This is mostly what Krebs does.

Dox some politician who had an extramarital affair? Maybe OK. Dox their extramarital partner? Probably not OK.

Dox the latest terrorist? Generally OK. Dox every person that ever came into contact with the terrorist? Not OK. Publish personal information about the victims of the terrorist without their (next of kin's) consent? Not OK, even if you only report information you got from their facebook.

Dox some kid who misbehaved once on the internet, thereby directing an army of assholes on twitter to take notice, dox the kid further and bully them? Not OK.

When I was young (pre-facebook era), one of my teachers got murdered; her husband was later convicted. Some (tabloid) journalists showed up like locusts camping around our school, offering money for our pictures and other private information about the victim, her husband and their kids. Not OK. The same journalists also found "public information from open sources" about e.g. the kids' memberships in youth groups and such, and published that and also went to those youth groups for more information like they did at our school. Not OK.

[0] There was more than one case where "helpful" people on the internet and sometimes journalists published the names of alleged criminals who turned out to be entirely innocent, which didn't stop people from bullying them or even neighbors from forming mobs to "visit" them at home.