SAC Corner

What even is it?

The name comes from hackers "dropping dox", where dox is short for documents. Doxxing someone means to release their personal and/or private information that may be harmful or embarrassing.

Gotta be illegal...right?

Eh. If the information is publicly available and obtained legally, then no. In that case, doxxing would be legal (not necessarily morally defensible). However, doxxing can get messy in regards to laws prohibiting harassment, stalking, or intimidation; and it can get messy in regards to terms of services of websites (those things we all agree to but never read).

How does it happen?

Some information can certainly come from hacking. What would likely surprise you is how much information comes from what we share on social media. Once upon a time we used to get thick books dropped on our doorsteps with people's names, phone numbers, and addresses (we remember you, Yellow Pages). Directory information like that is often public access information, same with news articles, real estate transactions, and even some state and government records. The use of spyware or "phishing" emails. Even those goofy online boredom surveys are often subtly revealing of information that ties to your passwords. Then of course metadata (data on other data) like where a photo was from or where a post originated can be used for doxxing.

Why?

Some people do it in the name of hacktivism. Trying to do good through hacking skills - or even just good deep dive research skills. They may expose criminals or perpetrators of heinous acts. Some people to it to extort or exploit others. If you recall in issue no. 6 of the SAC Corner, there FBI and DOJ recently warned of financial sextortion - which *could* be done via some doxxing. Revenge is another motive. Political influence prior to key votes or after one that didn't go their way.

How do I protect myself?

Don't fill out those boredom surveys. Be careful of what you post altogether, make sure no one can discover your location (school shirt, local restaurant, geotags). Find strong and validated ID theft protection services to monitor your data, activity, and let you know if there is a breach. If you need to download software to use Wi-Fi - don't! That would be a scam. And if you're on public Wi-Fi you may be vulnerable. Search yourself. See what is out there! Include a reverse image search. Double check those privacy setting, app-tracking, location tracking, use complex passwords and different ones for different things, mix up usernames too, request removal of your data from consumers, look at data brokers to opt out of data collection, use a VPN.

I've been doxxed!

Act fast. Take screenshots for proof before asking sites to remove anything. Ask sites to remove your released info. If you may be in harm, contact police. Keep a file of what has been released in case it moves too fast to track and you want to check in here and there. Lock or deactivate accounts that have been compromised. Set Google Alerts for exposure. Change passwords and usernames. If it is financial you may need to freeze accounts and get new account numbers.

Best Identity Theft Protection Services for 2023

https://www.usnews.com/360-reviews/privacy/identity-theft-protection

Self-Doxxing Guide

https://guides.accessnow.org/self-doxing.html#self-doxing-to-prevent-doxing

Slightly faster than slow and steady is the rising access and growth of the metaverse. The metaverse is a combination of virtual reality (VR) and augmented reality (AR). We've watched it (& been a part of it) for years. Think: Atari > Second Life > FortNite. But with tech always expanding, cryptocurrencies popularizing, and NFTs growing their own legs we are becoming closer and closer to the fantasies of the Matrix (sans Keanu).

The way technology has infiltrated our lives, it isn't just the teens at risk. Our elementary kids are exposed too at earlier and earlier ages.

Why is it dangerous?

The metaverse is like the proverbial wild west. Lawless and scary. Although there are of course policies and community standards of users, it isn't stopping virtual crimes such as avatar on avatar physical abuse, sexual abuse, harassment, bullying, verbal abuse, threats, etc. We know our youths are smart enough to fake their ages to get into the adult worlds, we ourselves likely did it in AOL chat rooms once upon a time. But we need to pay attention very close as the ante has been upped. The potential for child grooming is alarming and the potential for youths (and adults) to have traumatic experiences and impacts looks like it could be guaranteed. Laws aren't prepared for this yet and there are obstacles. For one, anonymity - it's harder to find perpetrators. Also, damage. You would need to prove harm, risk, etc. Now, in our fields we know psychological trauma and online experiences tend to intermingle, but proving that in court, and intent/etc. can be a whole new battle that families are not prepared for.

Also, another danger is the addiction of these worlds and the blurring of IRL. Do a search on addictions of Second Life. Came out in 2003 and resulted in some serious obsessions.

We want to watch out for these words/names:

Metaverse - the virtual universe

VRChat - online virtual world

Horizon Worlds - (developed by Facebook aka "Meta") virtual game world

QuiVR - virtual world game

Snoopverse - Snoop Dogg's virtual world

Sandbox - game platform for virtual worlds and building

Decentraland - virtual game world

Roblox - gaming platform that allows for virtual worlds & interactions

Paris World - Paris Hilton's virtual island

Sand - is, get this, a cryptocurrency within a cryptocurrency. It's the token/payment in Sandbox

NFTS - you likely know this one, also know that is is a form of currency used to buy not just digital art but digital land in these worlds

What's being done?

Minimal efforts are there. The community standards and age restrictions are some basic CYA. Unfortunately, people disregard these all the time.

As of Feb'22, Meta (formerly Facebook) added a personal boundary feature in Horizon. It is a default setting that gives avatars a 2ft radius of personal space. You can still high-five/fist-bump - but other interactions breaking someone's 2ft bubble could make your avatar's body parts disappear until they leave the other person's bubble. This change isn't rolled out yet, but once it is - the idea is a user cannot disable it. They are also making the "block" feature more user friendly. Many have the personal space optional. Which sounds great, but kiddos may disable theirs thinking they will only be subjected to those they wish and then be approached by unwanted strangers and actions.

BBC https://www.bbc.com/news/av/uk-60466557

So this article is from an undercover journalist who entered the metaverse posing as a 13yo. The virtual rooms she experiences are filled with threats, assault, adults grooming children, adults virtually sexually assaulting children, and more. Adult users knew her age as 13 and continued forward with these threats & actions. The reporter described this virtual experience as feeling like it was really happening to her. So what happens when a true youth has this experience?

USA Today https://www.usatoday.com/story/tech/2022/01/31/woman-allegedly-groped-metaverse/9278578002/

Woman details a virtual assault/rape experience when joining a VR world.

Metaverse Crash Course:
https://www.theskimm.com/news/whats-the-metaverse-heres-how-itll-spice-up-your-virtual-life-2pj9S56yCBSWOM2QHWgaW5

Email: hpenna@haddonfield.k12.nj.us
Website: https://haddonfieldschools.org/
Location: A104 HMHS
Phone: 856-429-3960 . 1155