In 2018, Reddit- r/announcements- posted a report about a data breach that affected its legends and veterans of 2005-2007 details. The doxxer accessed some Redditors’ email addresses.
A hacker penetrated their system and compromised it. The doxxer managed to retrieve a whole backed-up database of the platform and recovered some salted and hashed passwords.
But since then, Reddit has strived to mitigate such doxxing threats as much as possible. The platform disabled the SMS-based intercept vulnerability that gave the doxxer a walk-over compromise. You are advised to always use the token-based 2FA authentication for security reasons.
As in everything else online, doxxers can compromise your Reddit account and the platform itself. And in this post, I have highlighted various measures to mitigate vulnerabilities that make you susceptible to Reddit doxxing.
What is Doxxing?
Doxxing (also doxing) is a malicious intention of stealing and publishing (or other preferences) private and confidential information concerning an individual or a corporate entity on the internet. It’s against every social media platform's rules unless a legal institution has requested a subpoena, but for investigation only.
Your username, real name, physical address, and any other sensitive data risk exposure when you are doxxed . If you happen to notice this in your sub, dismiss the comment instantly, bar the user and report them immediately to the admin.
You can simply do that completing the form at https://www.reddit.com/report
Popular Reddit Doxxing Scandal
Getting doxxed has severe consequences, as in this example and the one below.
The Violentacrez persona
Michael Brutsch created the Violentacrez, the Redditor and Reddit employee, created an online persona. He’s known for popular trolls in his Reddit subforums. For example, he came up with misogyny subreddits of underage girls.
While at it, he kept it secret. No one knew him for a long while until Gawker’s Adrian Chen doxxed him. After successfully connecting him to Violentacrez, it went public.
It's vital for you to note how Adrian exploited Michael’s vulnerability. First of all, Adrian physically met some Redditors. Whenever he took photos, he’d blur his face. He even had to host a podcast that he later on used in a phone conversation with Michael to determine whether voices matched.
After the dox, Michael lost his job and suffered severe public shaming, especially when he did a CNN interview. In essence, Michael Brutsch unprofessionally committed a crime. Worst still, vigilantism and public shaming are worth a million trauma.
Tips to Keep in Mind to Avoid Getting Doxxed on Reddit
1. Secure your IP with a proxy/VPN
A VPN like Norton filters your internet traffic. Your traffic passes through VPN and acquires its IP address, location, and similar data. Your data is encrypted such that your Internet Service Provider cannot figure out your actual IP address.
Therefore, a doxxer will have to climb a slippery slope to get your confidential data. A proxy enhances your privacy and anonymous browsing.
2. Do not accept to log into websites with the Reddit button
How often do websites and applications prompt you to register with the “Login with Reddit” buttons? What happens after that? You are registered on their website using your Reddit-associated email address.
3. Use a burner username
Avoid using your real name (change right now) on your account. Choose a different username and limit posting your credentials. Doxxers are resourceful enough to collect and collate your data for malice. They follow up to determine your persona and discover your real identity, with a clue of your credentials.
4. Avoid using unsecured public internet connections
A doxxer does not need to be a Reddit user to steal your data. The doxxer intercepts your connection to packet sniff your passwords, email address, and credit card information on a public Wifi. With a real-time interception, the doxxer gets whatever you type on your Android or PC.
5. Restrict your device metadata
You participate on Reddit by posting photos. With photos EXIF data, a doxxer easily acquires your camera model, resolution, the time you took, and location (in case GPS is enabled). If you are a Microsoft user, here's a guide to limit what metadata amount you share.
6. Register with a burner email address
You’ve probably used the firstname lastname @ example.com formula to create your Reddit-associated email. How straightforward and professional is that? But do you mind how much information you have given out to a doxxer?
The doxxer, with enough capacity, can easily break into the account to access your credentials and any other data. You better use different burner emails when signing up for your social media platforms, none of which should relate to your real names.
As a mod, you can become a target of doxxing anytime, especially if you banned or disagreed with another user. Threats often accompany the act. Contact Reddit and maybe the local police about the threats when this happens.
Every social media platform, and anything on the web, encourages users to use strong and unique passwords and robust authentication methods. For example, Reddit provides authentication through an authenticator app but not SMS.
Avoid getting doxxed on Reddit. It begins with you; just be careful what you post and submit when registering an account. Adhere to the guidelines outlined in this post to stay secure and dox-proof.
Whenever you suspect malice on your Reddit account, remove your information instantly. If you don’t know how to do that, visit the Reddit help page.