Case Study 1: Undoxxable!
For this case study, we interviewed Alison Macrina. Alison is the founder of the Library Freedom Project where she offers regular trainings on topics related to digital safety and online privacy and security.
We ask all of the people who contribute stories to this book what “privacy” and “security” mean to them. To Alison, “privacy” means personal autonomy and control. It is also related to consent. She pointed out that “privacy” overlaps with “security,” but that “security” is about preventing a violation.
Alison was at her computer when she saw an email come in. Strangely enough, it was from an anonymous person, and its subject line caught her attention: I want to warn you of a possible harassment campaign forming against you.
She opened the email and saw that its body was almost as long as its title:
“On the /pol/ section of the image board 8chan fascists have been talking about you.”
There were also two links to “/pol/” for Alison to follow, but she did not click them immediately. She made sure to open a Tor browser in order to get to them, and once on these boards, she saw that everything had started because someone had seen a picture of her on Twitter participating in a protest event. One person took that picture and put a target over her face. Other people proclaimed they were trying to access her private online information while others egged them on, intent on causing her harm.
“You’re all just pussies. If you were good at doing something, you would follow her. Kick her. Set her on fire,” someone said.
Over the next week, Alison kept an eye on the /pol/ thread but saw that the people involved made little progress in stealing her information in order to “dox” her.
Before all this, Alison had led many trainings that focused on anti-doxing, so she had thought carefully about her “threat model,” her strategy for protecting her privacy and security online. She had painstakingly looked up her information in data brokers and had either requested to have that information removed or substituted what they had with something false and misleading. She had also set up two-factor authentication on many of her online accounts and kept her passwords in LastPass, which she had signed up for with a secure password by using the “diceware method.” Over the years, Alison had cultivated what she describes as an “adversarial mindset” about the internet. She doesn’t have a presence on Facebook, and she carefully considers whether photos she posts on Twitter contain identifying details.
Even though Alison had taught these practices, and even though she felt confident employing them, she still wasn’t prepared for how sickening it was to see people working in such a concerted, malicious way to hurt her.
After that week, these people became bored, and they eventually gave up on their doxing and moved along to a new, easier target.