Twitter’s doxxing problem: lapses in legality & digital morality
As Britain's speech landscape closes like a vice around ordinary people, anonymity becomes one of the few tools left.
Doxxing: it can happen to any of us.
On waking, you discover: that you’ve been sacked; there are a dozen reporters outside your apartment; you have several hundred unread emails accusing you of crimes against humanity; and finally, that an AI generated video of you doing unmentionable things to an endangered species of Himalayan feline has been widely circulating Twitter (now X.com). The term “doxxing” owes its origins to 1990s hacker culture; an abbreviation for the leaking of “documents” of a private nature. The hacker collective Anonymous helped popularise the term; however, being doxxed is not reserved for the Edward Snowdens and Julian Assanges of the world.
Twitter’s privacy policy, as of March 2024, describes doxxing as the “sharing [of] someone’s private information online without their permission”. In its modern usage, doxxing can mean simply revealing the legal name of a pseudonymous or anonymous internet user. Often, it will include providing identifiable information about someone’s profession, location or other data enabling those with malintent to find these individuals more easily.
Today, high and low-profile people seeking greater freedom of expression are choosing to operate under pseudonyms online – and who can blame them? I once suggested that you can only pick two of the following: (1) meaningful personal and political expression (2) a traditional career (3) an online following which identifies you. Picking more than two opens you to doxxing.
We live in perhaps the most censorious, professionally regulated and digitally observed time in our history. The UK has over 90 regulatory bodies covering most forms of work, all of which restrict the public speech of named professionals. At a criminal level, S.4A of The Public Order Act (1986) criminalises the act of displaying any “visible representation which is threatening, abusive or insulting”. Anyone who has spent a moment on the internet in the past 20 years knows well that this is an unenforceable legislative pipe-dream, applied to the expanse of human behaviour online.
In practice, sections 4, 4A and 5 , all what I have come to describe as vibes based offences, convict roughly 18,000 a year across 2010–2015, including 18,236 in 2015 and 18,995 in 2014. These are astonishing numbers of individuals for any nation to be convicting for speech and expression – and this is only one act. As a result of Britain's inhuman policies surrounding expression, ordinary human activity continues unfettered in the safe-harbour of anonymity online. And who could blame people for doing so?
Who is actually 'anonymous'?
As early as 2013, Pew Research Center suggested that 86% of internet users have taken steps online to remove or mask their digital footprints—ranging from avoiding using their name to masking their IP addresses. A 2014 study of Twitterfound that identifiable users made up 26.9% to 59.6%, the remainder being anonymous. In 2016, a study of 15-17 year olds found that 65% operated anonymously online.
A decade later, we might expect anonymity online to be higher still. Internet use in the United Kingdom increased by a staggering 78.6% post-COVID. As terrestrial communities unravelled, ersatz, digital ones took their place. A sitting President of the United States has been deplatformed and impeached over his tweets; an unthinkable reality only a decade ago. A higher level of privacy consciousness seems a natural reaction. As anonymous digital identities rise, the vigilante act of doxxing will likely rise to meet them.
What remedies exist on platforms?
Thankfully for those who value their privacy, doxxers are seldom given a hero’s welcome. More often, they are viewed as the aggressors. This is particularly so in parts of the internet that have a high rate of fully anonymous users. One such community can be found in the tech-focussed corners of Twitter; refuges for West-Coast tech workers who fear the censorious reprisals of Silicon Valley employers. To such subcultures, doxxing is akin to digital murder – it is hardly exaggerating to say that they believe Abraham ought to have included doxxing among his Ten Commandments.
Many online platforms agree, and will ban accounts and posts associated with doxxers; however, enforcement can be woefully inconsistent. Twitter’s enforcement appears most puzzling; for example, @VlonePredator, an anonymous account with 300,000+ followers, had their name, appearance and address leaked by a small burner account on 6th January 2024. Twitter instantaneously banned the account responsible.
On 27th June 2024, the activist organisation Hope Not Hate (‘HNH’) revealed the identity of anonymous user ‘Raw Egg Nationalist’, an account with over 200,000 followers. In this instance, Hope Not Hate were handed a suspension of 6 days. So, while individuals such as @VlonePredator’s doxxer are blasted into the sun, others are afforded clemency. HNH operate through a limited company (Hope Not Hate LTD), which performs their political campaigning and smear-campaigning functions, and acquire their funding through grants, given by their charitable arm (Hope Not Hate Charitable Trust) – this almost certainly falls foul of the UK's charity commission's guidance on political uses of charitable funds, but that is a story for another day. Importantly for our purposes, the manner in which HNH afford themselves protection, is by describing their smear campaigning functions as in slippery terms; public interest and journalism.
The Restorationist’s (now defunct) June 2025 piece, still preseredv here, on Hope Not Hate describes one of the most relentless doxxing operations in modern Britain, operating under the cover of “public interest” exposure. The "public interest" has become a weasel-word, and is used to justify many things plainly not in it. These range from withholding the existence of 19,000 afghans brought into Britain, to the publication of highly defamatory material about members of the public, of no particular interest to anyone under the Defamation Act 2013.
Had @VlonePredator’s doxxer been similarly acting in the employ of a news outlet, or operating under the guise of an NGO's charitable purpose, how they were dealt with may have been a different story entirely. He could simply have claimed to be, and reasonably looked like, a journalist – almost anyone can do this, even when reputable publications would not let them within a country mile. For example, former Washington Post writer, Taylor Lorenz revealed the name and address of the anonymous account @Libsoftiktok in an article expose; she then visited their home unsolicited, and filmed it. Lorenz remains on Twitter today, having claimed a possible public interest as a reason for her actions.
Similarly, The Guardian’s Jason Wilson has a history of article-length doxxing. One of his most prolific victims was @L0m3z, a US academic at the University of California, Irvine. @L0m3z pseudonymously founded the publishing house Passage Press, described as an “alternative to the increasingly closed-minded worldview of modern mainstream publishing”. Wilson’s article, due to being published externally, wasn’t even treated as a doxxing incident by Twitter.
In all these instances, doxxing did not lead to the character assassinations that were intended. In Lorenz’s case, her doxxee garnered enormous sympathy. Lorenz was temporarily suspended in 2022, and later, two commentators rented a Times Square billboard which read "Hey [Washington Post], democracy dies in darkness. That's why we're shining a light on you. Taylor Lorenz doxxed @libsoftiktok". In Wilson’s case, his article acted as an excellent advertisement for Passage, only serving to flatter the man behind @L0m3z in the eyes of many. That said, Twitter’s enforcement on doxxing (or lack thereof) is at odds with Musk’s comments in February 2024 that “Any doxxing, which includes revealing real names, will result in account suspension”.
Kenneth Roth, writing for The Guardian, suggested that the US government’s pursuit of Julian Assange under the Espionage Act “threatens to criminalize common journalistic practices” like those of Lorenz and Wilson. Put another way, Assange may the most prolific serial-doxxer in history, having doxxed most women in Turkey, a sizable portion of the Saudi population, and 76,900 records of incidents and intelligence reports regarding the Afghan war, just to name a few. Assange’s plea, and release from custody, has done nothing to change that and it will be interesting to see how Musk reconciles this with Twitter’s doxxing policy, given Wikileaks frequently publicises leaks via Twitter.
At an individual level, there are two things to consider: if an individual has a sizable enough following, your unmasking of them may be considered to be in the public interest by Twitter. If you claim to act as a journalist, you may equally be pardoned from permanent suspension. What is perhaps most worrying about Twitter’s policy, is the suggestion that revealing the identities of anonymous accounts for the purposes of “gossip” or “allegation” may be also be acceptable. The simple addition of “and, I cannot stand them” could be sufficient for a doxxer to reveal your identity to millions with impunity.
What is the legal situation?
So, outside of US Espionage Legislation, where does the law stand on doxxing for individuals? I reached out to The Legal 500’s top libel specialists on the subject. Simply put, it stands a very long way away from the reality – if the digital situation were an adult cinema, the United Kingdom’s caselaw and legislation on the subject might just as well be two teenagers, stacked atop one another in an oversized trench coat, attempting to gain entry.
At present, if you are doxxed, your only recourse is through civil action in libel. These are no cheap pursuit, often running to hundreds of thousands for claims which reach court. One potential solution is to criminalise doxxing, with the offence carrying a standard non-custodial fine. Essentially, this would provide a deterrent and a free, punitive action for those being doxxed. However, this isn’t much use if your doxxer resides out of your jurisdiction.
The potential for continuous publication (retweeting and reposting) beguiles legal limitation periods. The ability for a doxxer to weaponise multiple accounts, or their own followers, presents issues when restoring claimants to the position they were in initially. Cross-jurisdictional issues make pursuing an action in libel all the more costly, and often protects doxxers operating overseas entirely. Crucially, for libel law to even cover “doxxing”, you must have been defamed to even bring claim, not simply have your private information shared.
Essentially, doxxing you is free – it is tantamount to a right at present. In contrast, restoring yourself to the position you were in prior to being doxxed is an extremely costly, time consuming and largely ineffectual legal process, only available to the deep-pocketed.
Conclusions regarding Twitter/X
Given the inaccessibility of legal solutions, it is my belief that Twitter (and similarly sized sites), must take a more robust and permanent approach to suspending those who engage in doxxing. Temporary suspensions are merely an inconvenience, whereas doxxing an anonymous user is an irreversible act. The doxxer typically has little of value to lose – the doxxee, uniformly does.
Sites like Twitter & Instagram provide financial incentives to individuals carrying out doxxing. If a user has monetised their profile, and is paid in proportion to their engagement, why would they not seek to generate the kind of attention, and thus revenue, that such scandal affords them?
What is more, Twitter itself has a vested interest in generating engagement and site-traffic. If a doxxing saga unfolds on their platform, they have essentially been granted exclusive rights to a story, and the associated digital readership. Twitter also appears hesitant to permanently suspend high-follower accounts who engage in doxxing, for similar reasons. The News of the World’s complicity in phone hacking still exists by proxy – its modern iteration is social media companies’ complicity in doxxing.
Elon Musk’s involvement in his own platform may be seen as positive, in that he has personally funded US litigation for those unfairly dismissed for tweets, one instance being @BronzeAgeShawty’s suit against a former employer. However, Musk can only cast his gaze, Sauron-like, in one place at a time. His statements about his zero-tolerance for doxxing are heartening, but given the site’s need to generate revenue, may well be empty words. Most of us must manage our own privacy, rather than expect enforcement, or legal recourse.
To avoid such threats to your privacy entirely, you have two choices:
A) operate exclusively online, have zero stake in analogue life, thus having nothing to lose; or
B) have a career, a reputation, a family, some stake in society, and do not operate online at all in an age in which the digital affects almost every aspect of our lives.
Of course, B is a largely unreasonable ask to many. The University of Berkeley California’s advice on preventing doxxing is essentially the same – their advice presumes you will be operating pseudonymously online as a given, while guarding that secret closely. Until such a time that the law is capable of understanding, and platforms are capable of enforcing doxxing policies, we are left to languish in the privacy equivalent of the Wild West.