‘Doxxing’ to shame targets raises touchy questions
It was midday Saturday when Joey Saladino’s phone started ringing with threats.
A Twitter account dedicated to pointing out racism, @YesYoure Racist, circulated pictures and names of people who appeared to have participated in the weekend’s whitesupremacy march in Charlottesville, Va. While many exposed did not deny their participation, Saladino — better known as Joey Salads on YouTube — was 1,300 miles away in Jamaica.
“People took a photo (from six months ago) out of context, saying that I was at the riots,” Saladino said. “The news spread like wildfire . ... I was getting death threats, and messages saying I’m a disgusting human.”
Though he was targeted in error, Saladino was a subject of “doxxing” — the increasingly common practice of publishing documents about a person’s identity with the intent of shaming him or her. As Google, Facebook, Twitter and Reddit have made it increasingly easy to identify — or misidentify — someone, online activists across the political spectrum have been adopting the tactic as part of their arsenal, seeking to get people they disagree with fired, ostracized or worse. And it raises fresh questions about the balance between free speech and privacy in the Internet age. In that tug-of-war, civility is collateral damage.
“We have very few real privacy rights in this country,” said attorney Ted Claypoole, an expert on data security. “We have certain rights as it relates to types of information — financial, health care — but in general, this country is based on free speech.”
The Charlottesville demonstrations began Friday night in opposition to the city’s decision to remove a statue of Confederate Gen. Robert E. Lee. They escalated Saturday to a bloody clash with counterprotesters. A 32-year-old woman, Heather Heyer, died after she was hit by a car that plowed into a crowd of those rallying against the extreme-right march. The driver, James Alex Fields Jr., 20, has been charged with second-degree murder.
The @YesYoureRacist Twitter account, run by Logan Smith of Raleigh, N.C., not only criticized people for being at the rally but also mentioned some of their employers. A Bay Area man named Cole White lost his job as a result of the exposure. His employer, the dining chain Top Dog of Berkeley, said White “voluntarily” resigned.
“We do not endorse hatred or any illegal conduct. It simply is not part of our culture,” the restaurant said in a statement. “We do respect our employees’ right to their opinions. They are free to make their own choices but must accept the responsibilities of those choices.”
Peter Tefft, who was singled out on social media for being at the rally, was denounced by his father, Pearce Tefft of Fargo, N.D., who wrote in an open letter that he wishes “to loudly repudiate my son’s vile, hateful and racist rhetoric and actions.”
Doxxing was also a factor in Google’s handling of an employee’s controversial July memo denouncing the company’s attempts to diversify its workforce. The identity of the author, software engineer James Damore, was soon revealed online, and he was subsequently fired.
Google CEO Sundar Pichai called a companywide meeting to discuss the issue. He canceled the meeting Thursday after employees expressed concern that they would become targets of harassment if they spoke publicly about the memo. Already, some Google employees who had criticized Damore had been named by right-wing sites.
In February, a scheduled appearance by right-wing provocateur Milo Yiannopoulos caused riots at UC Berkeley, leading to the event’s cancellation. Members of the group that invited Yiannopoulos had their contact details exposed online. Naweed Tahmas, a vice president of the Berkeley College Republicans, said his group was inundated with death threats and other abuse following the protests. Tahmas even had drinks thrown at him.
“It’s a shameful tactic,” he said. “They not only try to find all of the details about your life, they also send you messages threatening your life and sending slanderous emails to your employers.”
Tahmas recognizes that in today’s world, nothing is really private. But, he added, people on social media “take it a step ahead.”
Doxxing, short for “dropping dox,” or documents, originated as a revenge tactic among computer hackers in the 1990s, according to Wired magazine. In that scene, ripping away anonymity was seen as an effective way to disarm an adversary. More recently, doxxing has emerged as a general tool of harassment in cultural and political disputes like 2014’s GamerGate campaign against diversity in video games and the protests against police violence in Ferguson.
While experts say exposing people’s identities online is generally legal, someone whose identity has been revealed incorrectly or who has been put in harm’s way by being identified may have a legal basis to sue. Others worry that the constant threat of exposure could have implications on the public’s desire to participate in public discourse.
“The biggest issue is going to be the self-policing of their thoughts and ideas,” said Jeremiah Grossman, chief of security strategy at SentinelOne, a Palo Alto software firm.
The fear of exposure is nothing new: People with radical ideas — such as the KKK — used to cover their faces so people wouldn’t know if it was the “doctor, or the judge, or the plumber in the community,” Claypoole said.
But what is new is the speed with which the Internet can rip off the veil of anonymity and point a fire hose of vitriol.
Smith, the man behind @Yes YoureRacist, told the News & Observer that he, too, had been receiving death threats. Most are from little-followed Twitter accounts, but they are incautious in their invective.
“They’re not hiding behind their hoods like they did before the civil rights era,” Smith told the paper.
“The biggest issue is going to be the self-policing of ... thoughts and ideas.” Jeremiah Grossman, software security expert
Trisha Thadani is a San Francisco Chronicle staff writer. Email: TThadani@sfchronicle.com Twitter: @TrishaThadani