Comment by nailer
7 hours ago
Feels odd for an infosec blog to use 'doxxing' this way. Doxxing is generally considered to be unethical exposure of personal information.
Identifying a criminal is ethical.
7 hours ago
Feels odd for an infosec blog to use 'doxxing' this way. Doxxing is generally considered to be unethical exposure of personal information.
Identifying a criminal is ethical.
"Doxxing" is from the 90s and was used to describe a hacker unmasking another hacker so they could be arrested. That's almost exactly the same usage as here.
Semantic shift happens over time. A 2026 article is supposed to communicate to 2026, not 1996, readers.
Germany is a bit backwards.
1 reply →
[dead]
I can't find it in the jargon file: http://catb.org/jargon/html/D.html
(someone really needs to make a new jargon file, if not out of practicality then for archival reasons)
It comes from leetspeak. Identity documents -> docs -> dox
I think they obviously just took it as 'exposure of personal information' period.
[dead]
>Identifying a criminal is ethical.
This outsourcing of one's morals to the state is excessive even by already high western white collar internet standards.
Now, make no mistake, these guys are up to no good and probably should be identified and prosecuted, but to just declare that a bad thing is now good because government is doing it is basically an abdication of one's moral compass. At best this is still a bad thing but a necessary one because all the other options are worse. Like shooting someone in self defense, or putting someone in a cage for doing sufficiently bad things.
Edit: I'll admit I played too loose with ethics vs morality here, but still the point stands.
Certainly, criminals also have a right to privacy. However, the limited publication of personal data of criminals by law enforcement is generally a legally legitimate measure. Doxxing, on the other hand, is generally a process that violates the fundamental right to privacy.
>criminals
>law
>legally
You keep using these words but it causes circular logic as those are all defined by the same entity that is acting unilaterally.
The action the government took was not a "good" action by any moral standard. But it was perhaps the least worse action available all things considered. Can't just whisk people off the street in a foreign country or drone them over such matters, those options would be worse.
14 replies →
> Doxxing, on the other hand, is generally a process that violates the fundamental right to privacy.
It historically was used for this exact case: revealing someone hiding behind a pseudonym for purposes of law enforcement. The term dates back to the 90s, if not earlier.
This isn't something Gen Z made up. It's a Gen X term. "Hack the gibson" era. Wargames era.
1 reply →
not the state, but the law
"Identifying a criminal" doesn't imply that it's done by the government, and being done by the government doesn't imply that it's done to a criminal. This comment seems like quite a leap.
It's the government who defines what "criminal" means.
3 replies →
Innocent until proven guilty (in a court of law)?
ethics and morality are not interchangeable are they?
anyway individuals willingly give to teh state some autonomy in return for the safety of governance... that's the social contract free people have with government
"doxxing" a Russian ransomware group is the kind thing to do. bombing them out of existence is within the remit of the range of ideas a government could resort to...
Not disagreeing with your preface but I was under the impression that while it took governments some time to figure things out, kinetic bombing in retaliation for cyberwarfare was pretty much ruled out unless the cyberwarfare results in direct mass casualties (for example cyber sabotaging a refinery results in an explosion which results in casualties.). Else we’d have bombed North Korea, China, Ukraine, Russia, Romania, etc.
1 reply →
> Identifying a criminal is ethical.
I agree that “doxxing” is being misused in TFA, but criminals have privacy rights like anyone else. Violating these rights requires specific justification, it’s not automatically ethical.
They put the person on a wanted list.
My comment isn’t about this specific case. It’s about the general claim.
I mean doxxing is totally incorrect. Let's say for example there was a person on film near a crime scene, even though the police know they weren't directly involved there is no violation of privacy in the US if the police post their picture and ask for them to come forward. Or even later find out their name and look for them publically.