• SPAMOUFLAGE: How Massive Inauthentic Networks Pretend to Be Grassroots

    The accounts are fake. The coordination is real. The scale is what makes it work.

    Thousands of Accounts, One Voice

    In August 2023, Meta announced the largest takedown of a coordinated inauthentic behavior campaign in its history. The numbers were staggering: seven thousand seven hundred four Facebook accounts, nine hundred fifty four pages, fifteen groups, and fifteen Instagram accounts, all removed simultaneously after investigators traced them to a single operation. Over half a million people followed at least one of those pages before removal. But the real scope of the operation was orders of magnitude larger. Meta’s investigation revealed that the same coordinated network operated across more than fifty distinct platforms, from TikTok to YouTube to Reddit to VKontakte to dozens of smaller forums whose names would mean nothing to the average social media user. Google’s Threat Analysis Group reported separately that in a single quarter of 2024 alone, the company disrupted over ten thousand instances of activity from the same operation. The network has been tracked since 2019 under the name Spamouflage by researchers at Graphika, a social media analytics firm, and later renamed Dragonbridge by the intelligence community.

    Astroturfing manufactures the appearance of grassroots consensus on a single platform. Spamouflage manufactures it across platforms simultaneously, creating the illusion of a dispersed, decentralized movement that, in reality, originates from a single source: Chinese law enforcement, operating from geographically dispersed locations within China but sharing centralized command, content direction, and internet infrastructure.

    What makes spamouflage distinct from the astroturfing covered in Article 01 is precisely this scale, this distribution, and the technological sophistication required to maintain coordination across so many separate platforms without triggering their individual fraud detection systems. A successful astroturfing campaign needs to fool people about what they are seeing. Spamouflage needs to fool people about what they are seeing while simultaneously fooling platforms’ algorithms about what is happening.


    Definition

    Spamouflage, also known as Dragonbridge, is a large scale, persistent, coordinated inauthentic behavior operation in which multiple fake accounts, pages, and coordinated personas across numerous platforms and forums spread narratives designed to manipulate public perception, typically on behalf of a state actor or well resourced organization, while disguising the coordination and the state origin of the campaign.

    The definition requires unpacking, because several components distinguish spamouflage from adjacent but distinct manipulation tactics. Coordinated inauthentic behavior, or CIB, is the umbrella category describing any operation in which groups of pages or people work together to mislead others about who they are or what they are doing, a term coined formally by Meta’s Nathaniel Gleicher and broadly adopted across platform research teams. Spamouflage is one specific, highly sophisticated type of CIB, distinguished by: scale across multiple platforms, the use of fake personas that claim authentic identities rather than simply amplifying existing ones, the targeting of divisive social issues to exploit existing fissures rather than create new consensus, and the involvement of state infrastructure, typically Chinese law enforcement, suggesting centralized command rather than decentralized coordination.

    Astroturfing, by contrast, typically concentrates on a single platform or tightly integrated set of platforms, and often involves the amplification of existing grass roots or pseudo grassroots movements rather than the wholesale fabrication of coordinated personas. Spamouflage is what happens when astroturfing scales, distributes, and gains access to state resources.


    The Scale and Architecture

    The Meta takedown in 2023 removed nearly ten thousand accounts and pages in a single enforcement action. But this was not a single network that suddenly appeared. It was the consolidation of investigations dating back to 2019, when researchers first identified a pattern of coordinated fake accounts posting low quality content across multiple platforms. What Meta eventually discovered was that this pattern was not multiple separate operations, as they had previously assumed, but a single, unified operation that had been continuously active, evolving, and relocating to new platforms as older accounts were discovered and shut down.

    The operation works through a specific architecture. Content is typically generated in multiple languages or often via machine translation with deliberate awkward phrasings that suggest AI involvement. That content is then posted to obscure platforms first, places with minimal moderation where the material can accumulate. From those smaller platforms, the same content is then amplified, cross posted, and shared to larger platforms where it has more visibility, a technique researchers describe as a pyramid structure and that clearly mimics a Russian operation called Secondary Infektion, suggesting spamouflage has deliberately adopted proven methods from other state backed campaigns.

    The targets are strategic and consistent. Taiwan is a recurring focus, with spamouflage operations launching coordinated campaigns during Taiwanese elections, flooding platforms with AI generated videos, fake news segments with deepfake anchors, and fabricated documents in the weeks before elections. The United States is targeted through divisive issue exploitation, with the same accounts amplifying contradictory narratives on opposite sides of heated social debates around Taiwan, Ukraine, China policy, Israel Hamas, Palestinian issues, immigration, and gun control, not to create consensus but to exacerbate existing divisions and undermine confidence in democratic systems generally. Australia, the United Kingdom, and Japan are secondary focus areas, along with global Chinese speaking communities, particularly diaspora communities and activists living outside mainland China who have criticized the Beijing government.

    Despite the operation’s unprecedented size, the engagement rates tell a striking story: almost all of it fails to reach authentic audiences. Videos posted by spamouflage accounts to YouTube sometimes received more artificial engagement, likes, and comments from other spamouflage accounts than from real users, a pattern that platform researchers use to identify inauthentic behavior. The Taiwan 2024 election campaign flooded platforms with thousands of videos. None achieved meaningful traction. The divisive issue posts targeting American politics receive some engagement from real users, but analysts attribute this primarily to the engagement the accounts receive from bots and other inauthentic personas, not from organic interest. The operation’s ineffectuality is, in a perverse way, part of what makes it notable: here is a campaign with enormous resources, sophisticated coordination, and years of operational experience, producing outputs that consistently fail to achieve persuasion at scale, yet continuing unabated.


    Perpetrator Typology: One Operation, Multiple Origins

    This is where spamouflage’s structure differs meaningfully from astroturfing. In astroturfing, multiple separate organizations, campaigns, or coordinated groups may deploy identical tactics without any shared command. In spamouflage, all evidence points to a single, unified operation originating from China, specifically from individuals connected to Chinese law enforcement. Meta’s investigation revealed that operators of fake accounts were geographically dispersed across multiple locations in China, separated by hundreds of miles, yet shared centralized command structures, coordinated content direction, and, critically, shared internet proxy infrastructure despite their geographic separation. This level of coordination is not achievable through distributed ad hoc volunteer networks. It requires central provisioning, resource allocation, and command authority.

    The DOJ indictment unsealed in August 2023 specifically charged individuals for their roles in spamouflage, naming persons with connections to Chinese law enforcement involved in the operation. Google and Microsoft have separately confirmed that the operation shows no evidence of coordination with Russian information operations or other state actors, meaning the unified origin is confirmed through multiple independent intelligence channels.


    How It Works on the Target Side

    For the target, spamouflage operates as a slow accumulation of environmental noise. A person interested in Taiwan politics notices that certain narratives about Taiwanese officials keep circulating in different forums. Someone following American political debates on social media sees contradictory narratives amplified by accounts that otherwise seem independent. A researcher tracking disinformation watches the same low quality videos posted to multiple platforms in the same week.

    The psychological effect is distinct from astroturfing because it operates at scale and distributes across platforms simultaneously. With astroturfing, the target might assume they are seeing organic grassroots opposition on a single platform. With spamouflage, the sheer omnipresence of similar narratives across dozens of platforms creates an illusion of consensus, not on any single platform but across the information ecosystem itself. The target’s mind integrates messages from Twitter, TikTok, YouTube, Reddit, and smaller forums they barely recognize, and concludes that this particular narrative about Taiwan or Ukraine or American democracy must be more widespread than it actually is, simply because it keeps appearing everywhere.

    This is compounded by the fact that spamouflage’s divisive issue strategy means it is not trying to convince people of a single position, but to make them distrust positions generally. By amplifying extreme arguments from both sides of contentious issues, the operation’s goal is not persuasion but corrosion. If enough Americans see outrage about immigration from multiple fake accounts across multiple platforms, they might not believe any particular message about immigration, but they will believe that American democracy is fractious and dysfunctional, which appears to be the genuine strategic goal of the campaign.


    Platform Detection and Failure

    Spamouflage’s persistence despite being identified and partially disrupted multiple times illustrates something critical about platform enforcement: detection and removal are not equivalent to prevention, and the gap between the two is where most of the damage occurs.

    Facebook’s detection systems caught spamouflage activity and disabled many accounts automatically, according to Meta’s own reporting. But for every account disabled automatically, the research suggests others remained active on Facebook and, crucially, the operation simply shifted to smaller platforms when larger ones increased enforcement. The pattern is cyclical: platforms detect, remove, the operation relocates, platforms detect again, and so on. The disruption is episodic. The operation is continuous.

    Google disrupted over ten thousand instances of activity in Q1 2024 alone. This is an impressive enforcement number. It is also a number that suggests the operation was producing content at a volume that allowed detection systems to catch only a fraction of what was being produced. If ten thousand instances were disrupted in one quarter on Google’s platforms, how many similar instances occurred on platforms where enforcement is less comprehensive? How many were never detected?

    The platform complicity here is not intentional in the way complicity operates in other articles of this series. Platforms are not deliberately allowing spamouflage to operate. What they are demonstrating is architectural vulnerability. An operation that targets more than fifty platforms simultaneously will inevitably find some platforms with weaker detection, slower enforcement, or both. The operation succeeds not through any one platform’s choice to allow it, but through the ecosystem’s inability to maintain consistent detection and enforcement across all surfaces simultaneously.


    Legal Accountability and Its Limits

    The August 2023 DOJ indictment against individuals connected to spamouflage marked a significant but limited victory. Criminal charges against foreign nationals operating from within China are effective as a signal of U.S. law enforcement capacity and willingness to pursue such cases. They are less effective as a deterrent, since the indicted individuals remain in China and subject to Chinese law, not U.S. law.

    Platform enforcement remains the only mechanism with real teeth. Meta’s removal of nine thousand accounts and pages, Google’s disruption of tens of thousands of instances, and OpenAI’s removal of accounts used by spamouflage for AI assisted content generation all matter operationally. They do not permanently defeat the operation, they do degrade its capacity for a period, they do force it to relocate and rebuild, and they do create friction that, accumulated across platforms and enforcement actions, changes the operation’s calculus about where to deploy its resources.

    There is no legal recourse for the person targeted by spamouflage. The operation does not libel individuals in ways that produce actionable defamation claims, it does not violate privacy laws in ways that permit private litigation, and it operates from beyond the reach of domestic law enforcement. What remains is the forensic work of identification, the platform enforcement against accounts and pages, and the public awareness of how the operation functions, which makes it easier to recognize and less persuasive when encountered.


    Recognition and Defense

    Spamouflage is harder to recognize than astroturfing because the inauthentic coordination is distributed across platforms rather than concentrated on one. The signals of coordinated inauthenticity are the same at a micro level, but require stepping back to a macro perspective to see: similar language in different forums, identical videos posted to multiple platforms in the same week, accounts with nearly identical profiles cross posting nearly identical content to dozens of locations within days of each other.

    The strongest defense is platform aware thinking. Narratives that appear on a single platform may be astroturfing. Narratives that appear simultaneously across multiple platforms, particularly narratives that are low quality or feature obvious AI generation or machine translation artifacts, are candidates for spamouflage. The presence of coordinated engagement from accounts that otherwise have minimal followers or low interaction rates is another signal worth noting: coordinated inauthenticity often involves accounts using other inauthentic accounts to amplify engagement rather than relying on real users.

    Checking the source is also protective. Who is posting this? Does the account have a coherent history or does it consist of links and reposts? Are there other nearly identical accounts posting identical content? Does the account have followers? Are the followers real or do they consist of other obviously fake accounts? These questions, asked about accounts across multiple platforms where a narrative is circulating, can reveal whether what appears to be grassroots is actually coordinated inauthenticity.

    Spamouflage succeeds not because it persuades. It succeeds because it makes authentic discourse harder to find.


    Next in the Series: Romance Scams and the Manufactured Relationship

    The next article in Digital Manipulation examines a different kind of coordination, one that does not aim to change your mind about politics or policy but to change your mind about who you are falling in love with. Where spamouflage manufactures consensus, romance scams manufacture intimacy. Where spamouflage targets public discourse, romance scams target the individual. The mechanics are related; the intent is entirely different.


    FAQ

    Q: Is spamouflage the same as astroturfing?

    A: No. Astroturfing manufactures fake grassroots on a single platform or tightly integrated set of platforms. Spamouflage distributes coordinated inauthentic accounts across dozens of platforms, often involving state resources and intentionally divisive messaging rather than consensus building.

    Q: Why does spamouflage produce such low quality content if it has resources behind it?

    A: The low quality may be deliberate. By flooding platforms with high volume, low engagement content, the operation tests detection systems, learns where weaknesses are, and identifies which smaller platforms have minimal moderation. The unsuccessful posts serve a reconnaissance function even if they fail persuasion.

    Q: If the campaigns fail to reach authentic audiences, why does China keep funding them?

    A: Influence operations are evaluated over years, not by immediate returns. Spamouflage may fail at persuasion in 2023 or 2024, but each campaign provides data on platform vulnerabilities, effective messaging, and audiences. The long term goal appears to be capability building for future operations, not immediate success.

    Q: Can platforms stop spamouflage?

    A: Platforms can disrupt it episodically and force relocation, but stopping it entirely would require either universal, consistent detection and enforcement across all fifty plus platforms simultaneously, or coordination between those platforms, neither of which currently exists.

    Q: What should I do if I encounter spamouflage content?

    A: Report the account to the platform where you encountered it. Check whether the account has engagement primarily from other obvious fake accounts rather than real users. If tracking disinformation publicly, document the coordination pattern and share findings with researchers.

    Q: Is spamouflage only Chinese?

    A: Spamouflage specifically refers to the Chinese operation. Similar coordinated inauthentic behavior is deployed by other state actors, including Russian operations, but those are tracked separately and have their own distinct architectures and names.

    Q: Why is spamouflage’s failure documented so publicly?

    A: Because the platforms and researchers studying it benefit from public acknowledgment of their enforcement efforts. The published failures demonstrate capability, deter some level of future activity through the signal of detection, and contribute to public literacy about how these operations function.


    Appendix

    Key Terms

    Spamouflage: A large scale, persistent, coordinated inauthentic behavior operation, linked to Chinese law enforcement, that distributes fake accounts and coordinated personas across dozens of platforms to manipulate public perception, typically by exploiting divisive social issues.

    Dragonbridge: An alternative name for Spamouflage used by Google’s Threat Analysis Group and other intelligence organizations.

    Coordinated Inauthentic Behavior (CIB): A manipulation tactic in which groups of pages or people work together to mislead others about who they are or what they are doing, often using fake accounts and coordinated messaging across platforms.

    Astroturfing: The manufacture of apparently grassroots political support or consensus on a single platform, typically using fake accounts but concentrated on one service rather than distributed across dozens.

    Platform cascade: The technique of posting content first to obscure platforms with minimal moderation, then amplifying it across larger platforms once it has accumulated, exploiting platform differences in enforcement speed.

    Inauthentic metrics: Statistical indicators of fake engagement, such as more likes than views, engagement from accounts with minimal followers, or posting patterns inconsistent with real human activity.

    Further Reading

    Meta. Q2 Adversarial Threat Report. August 2023.

    Google Threat Analysis Group. “Google disrupted over 10,000 instances of DRAGONBRIDGE activity in Q1 2024.” March 2024.

    Graphika. “Spamouflage Dragon” research reports. 2019 onwards.

    Stanford Internet Observatory. Coordinated Inauthentic Behavior research.

    U.S. Department of Justice. Indictment against persons associated with Spamouflage operation. August 2023.


    Digital Manipulation is a space for people who are learning to see what was designed to be invisible. You are not helpless. Coordination can be recognized. Manufactured consensus can be distinguished from authentic belief. You decide what you think.

    gorgeousdiaries.com

  • MALADAPTIVE DAYDREAMING: THE RICHNESS AND THE COST

    Your mind builds worlds more compelling than reality. The question is whether reality can compete.

    You’re sitting at your desk. Your work is open. Your email is waiting. But you’re not here. You’re somewhere else, somewhere with a plot, a narrative arc, characters who need you, scenarios where you matter in ways the real world hasn’t quite figured out yet. An hour passes. Maybe two. You surface, disoriented, guilty, shocked at how much time has gone. Your partner texts. Your deadline moved. Your life continued without you.

    This isn’t distraction. This is something else. This is your mind taking you somewhere so vivid, so emotionally engaging, so perfectly tailored to what you need that the actual world feels thin by comparison. The daydream has a logic, a consistency, a emotional payoff that reality rarely delivers. In the daydream, you’re understood. You’re capable. You’re loved. You’re safe.

    The cost of this safety is that you’re not building anything in the waking world. Not really. Not while your mind is elsewhere.

    This is maladaptive daydreaming. And if you have ADHD, the architecture of your brain makes you particularly vulnerable to it.


    What Maladaptive Daydreaming Actually Is

    Maladaptive daydreaming (MD) is not simply mind-wandering. It’s not what happens when you’re bored in a meeting or stuck in traffic. It involves highly detailed, narrative-driven fantasy worlds with recurring characters, plots, and settings. The fantasies are vivid. The emotions within them are real. The time they consume is significant.

    Here’s the clinical distinction: healthy daydreaming is relatively brief, controllable, does not cause distress, and does not displace real-life engagement. Maladaptive daydreaming is the opposite on every dimension. It’s lengthy, sometimes lasting hours. It feels compulsive, you can’t seem to stop once you start. It causes distress, shame, guilt, the awareness that time is slipping away. And it absolutely displaces real-life engagement. Your work doesn’t get done. Your relationships get deprioritized. Your responsibilities stack up while you’re elsewhere.

    MD is defined as “extensive fantasy activity that replaces human interaction and/or interferes with academic, interpersonal, or vocational functioning”. The “maladaptive” part isn’t about morality. It’s about functional impairment. The daydreaming started as adaptive; as a coping mechanism. But it has become something that costs you more than it protects you.


    The Distinction from ADHD

    This is crucial, because the overlap is real. 23–37% of ADHD adults meet the criteria for MD, which creates an obvious problem: How do you know if you’re dealing with ADHD inattention or maladaptive daydreaming? Are they the same thing?

    They’re not.

    Immersive daydreaming is not simply inattention (Theodor-Katz & Soffer-Dudek, 2025). The distinction matters because the treatment approaches differ. ADHD inattention is about difficulty sustaining focus on external tasks. Maladaptive daydreaming is about compulsive internal focus—your mind becoming so absorbed in the fantasy that the external world becomes irrelevant.

    In 2025, researchers developed a new tool specifically to make this distinction clear: The Daydreaming Characteristics Questionnaire (DCQ), which revealed two distinct factors uniquely associated with MD: immersive daydreaming and daydream functionality. The DCQ asks directly about the content and structure of your intrusive thoughts; the plot, the emotional engagement, the sense of presence in the fantasy. Someone with ADHD inattention might struggle with focus. Someone with MD will describe elaborate storylines they can’t stop engaging with.

    If you have both ADHD and MD, you’re dealing with layered complexity. The ADHD creates the vulnerability (executive function challenges, emotion dysregulation, reward-seeking behavior). The MD is the specific way your brain has learned to cope with that vulnerability.


    A Brief History: Why This Matters Now

    Maladaptive daydreaming isn’t new. People have always retreated into rich inner worlds. What’s new is the recognition that this isn’t just a personality trait or a sign of creativity. It’s a pattern with psychological architecture.

    In 2002, Israeli psychologist Eli Somer published clinical observations of patients who engaged in elaborate fantasy worlds for hours daily. His work provided the first structured description of what he called “maladaptive daydreaming.” Since then, research has accelerated. We now have prevalence studies, comorbidity data, assessment tools, and treatment protocols.

    In 2025, a landmark position paper appeared in the British Journal of Psychiatry. Soffer-Dudek, Somer, Spiegel, and an international collaboration of trauma and dissociation experts argued that maladaptive daydreaming should be included as a dissociative disorder in psychiatric manuals. This matters because it signals clinical recognition. MD is not in the DSM-5 yet, but the field is building the case for formal diagnosis.

    Why? Because research is showing that MD is more common than we thought, more treatable than we assumed, and more relevant to understanding ADHD than traditional models have captured.


    The Neuroscience: Why ADHD Brains Are Vulnerable

    To understand maladaptive daydreaming in the context of ADHD, you need to understand the Default Mode Network (DMN).

    The DMN is a system of brain regions that activate when you’re not focused on external tasks. The DMN is thought to be involved in daydreaming, self-referential thinking, and recalling memories. It’s active during our “default” state; when our mind wanders and we are not engaged in a specific task. This is normal. Your brain is supposed to do this.

    But here’s where ADHD enters the picture. In a typical brain, the DMN deactivates when you need to focus on something external. You’re in a meeting, and your brain shifts into task mode. The wandering stops. The internal narrative quiets.

    In people with ADHD, research suggests that the DMN may not deactivate appropriately when attention is required for a task. This can lead to a sort of “cross-talk”, or interference between the DMN and the Task Positive Network (TPN), which is responsible for focused, goal-directed activities.

    Imagine your brain trying to do two things at once: engage with the meeting (TPN) and maintain the daydream (DMN). Both networks firing simultaneously. Neither one winning cleanly. The result is inattention that feels less like “I can’t focus” and more like “I’m choosing the internal world over the external one, and I can’t seem to stop.”

    This is where emotion regulation enters. Research found that internalized stigma, emotional dysregulation, escapism, and self-esteem have significant associations with MD in neurodiverse samples (Pyszkowska et al., 2025). The daydream isn’t just an attentional problem. It’s an emotion regulation strategy. Your brain has learned that the fantasy is safer, more predictable, more emotionally rewarding than the real world.


    What It Feels Like: The Phenomenology of Being Elsewhere

    Maladaptive daydreaming involves what researchers call “dissociative absorption.” People engage in dissociative absorption, where an individual deeply immerses themselves into a vivid inner world, focusing their attention primarily inward rather than to the outward environment. You’re physically present. Your body is in the chair. But your consciousness is elsewhere. The world around you becomes muffled, irrelevant, almost unreal. Sage Journals

    The daydreams themselves have specific characteristics. They are captivity, rescue and escape, and idealized self as central motifs. Daydreamers can lose themselves for hours in vivid, highly structured dreams, frequently with a strong sense of being present in the daydream. You’re not passively watching. You’re in the story. You’re the protagonist, or you’re observing with intense emotional investment. nih

    The time distortion is real. You sit down for what you think will be ten minutes of daydreaming before starting work. Two hours pass. You surface with a jolt, confused by how much time has gone, guilty about the work waiting, ashamed that you couldn’t stop.

    Many people with MD engage in physical movement while daydreaming. People report performing kinesthetic movements such as pacing, facial expressions, and limb stretching, as well as listening to music while daydreaming. The body is participating in the fantasy. You’re not just thinking it; you’re embodying it. For some, music is the trigger. A song starts, and the daydream follows. For others, it’s pacing, or a particular physical location.

    The emotional quality is intense. Daydreams act as a form of self-soothing, though it often results in a cycle of emotional avoidance (Dr. Kent Berridge, University of Michigan). The fantasy provides relief. It soothes the anxiety, the loneliness, the sense of being inadequate in the real world. But the relief is temporary, and the cost accumulates.

    What people rarely discuss is the richness. Maladaptive daydreaming isn’t stupid. The daydreams are often sophisticated, emotionally intelligent, narratively complex. They reveal what the daydreamer actually cares about, what they need, what they’re missing. The daydream is a mirror of unmet needs dressed up as entertainment.


    The Healthy-to-Maladaptive Spectrum

    Not all daydreaming is maladaptive. Understanding the spectrum matters because it clarifies where you actually sit.

    Everyone daydreams. Daydreaming is a common, healthy mental activity that 96 percent of Americans engage in. This brain process accounts for over half of all human thought, and the average person appears to have hundreds of daydreaming episodes per day. Your mind wandering during a boring meeting. Imagining your vacation while waiting in line. Thinking through a conversation you wish you’d had. This is normal. It’s healthy. It’s part of how human cognition works. nih

    But there’s a spectrum. Think of it as five stages, each defined by time, control, functional impact, and emotional dependency:

    Stage 1: Healthy daydreaming. Brief episodes. Easily interruptible. You snap back when you need to. No distress. No dependency. The daydreaming enhances your mood without becoming necessary.

    Stage 2: Immersive daydreaming. You spend longer periods in richly detailed mental worlds. Recurring characters. Elaborate storylines. But you can still choose to stop. It doesn’t interfere with your responsibilities. It’s a retreat, not a replacement.

    Stage 3: Boundary-blurring daydreaming. The daydreams are now taking significant time. You notice you’re choosing them over other activities. There’s some distress—you wish you could stop, but you’re not sure you can. You’re starting to hide it.

    Stage 4: Compulsive daydreaming. The daydream is considered safer and less stressful than real life. Over time, this forms a habit of chronic maladaptive daydreaming as a coping mechanism. You’re spending hours daily. You feel helpless to stop. Your life is suffering. You’re ashamed.

    Stage 5: Severe maladaptive daydreaming. The fantasy has essentially replaced real life. You’ve withdrawn from relationships, work, responsibilities. You’re caught in a cycle: the real world is painful, so you retreat; the retreat costs you opportunities, so the real world gets worse; worse reality means more need to escape. The cycle deepens.

    The clinical threshold is a score of 40 or higher on the Maladaptive Daydreaming Scale (MDS-16), which is rated on a 10-point Likert scale with scores ranging from 0 to 100. But scoring high on a clinical measure isn’t what matters. What matters is: Is this costing you your life?


    ADHD, Emotion Dysregulation, and Why the Fantasy Feels Necessary

    Here’s what’s often missing from conversations about maladaptive daydreaming: it makes sense. It’s not irrational. It’s a logical response to a real problem.

    People with ADHD often experience emotion dysregulation. Their emotional responses are more intense, less stable, harder to modulate. People with ADHD often experience symptoms similar to trauma, whether this is mental stress from coping with the symptoms of ADHD, or trauma related to external factors. In fact, adults with ADHD are seven times more likely to experience PTSD.

    Now imagine you’re carrying that intensity, that sensitivity, that difficulty regulating your own emotional experience. The real world asks things of you. You fail sometimes. People disappoint you. You disappoint yourself. The emotional weight of that is significant.

    But in the daydream? You have complete control. You can script every interaction. You can ensure the outcome you need. You can be the person you wish you were. You can feel the emotions you wish you could feel. You can have the relationships, the respect, the safety, the love that the real world hasn’t provided.

    When people are in emotional distress, it can seem appealing to escape into fantasy. Often people who experience maladaptive daydreaming consider the daydream to be safer and less stressful than real life.

    This isn’t weakness. This is your brain using the tools it has to survive emotional overwhelm. The problem is that the tool has become a trap. The relief is real, but the cost compounds. Time lost. Relationships damaged. Opportunities missed. Real-world skills atrophied because you’ve practiced the fantasy instead.


    In Relationships: When Your Mind Is Elsewhere

    This is where maladaptive daydreaming stops being an isolated internal experience and becomes a relational pattern.

    If you’re in a partnership or dating, your partner is experiencing something specific: being present with someone who is not present. When someone you love seems physically present but mentally elsewhere, the experience can range from puzzling to deeply painful. Partners often describe a characteristic progression in recognizing maladaptive daydreaming within their relationship, initially noticing their loved one’s tendency to become lost in thought, misattributing it to normal distraction, or even finding it endearing.

    But over time, the pattern becomes painful. Practical relationship functions suffer, with partners of maladaptive daydreamers often reporting inequitable distribution of responsibilities. Household tasks, childcare, social planning, and financial management may fall disproportionately to the non-daydreaming partner when their loved one regularly retreats into fantasy.

    You can see the dynamic: your partner wants to talk about something important. You’re physically there, but you’re also pulled into the daydream. You’re not fully available. You miss emotional cues. You forget commitments because part of your attention was elsewhere. Over time, your partner stops trying. They stop expecting your presence.

    There’s another layer, particularly if your daydreams center on romantic relationships. Idealized relationships in one’s daydreams begin to become more concrete, and an individual envisions themselves almost in a relationship with another individual, not someone they know in the real world, but rather someone who is a composite of all the qualities they wish to have in a partner.

    This fantasy partner is perfect.
    They’re endlessly patient.
    They understand you completely.
    They never disappoint.
    They never need things you can’t give.
    They’re always available.
    They’re always emotionally attuned.

    Your real partner? They’re complicated. They have their own needs. They get frustrated. They can’t read your mind. They’re not a composite of ideal traits; they’re a whole human with limitations.

    The natural consequence of this is that these maladaptive daydreams can replace the desire for real-world romantic relationships and may preclude an individual from ever entering into one. But the longer that one remains trapped in their own mind, the harder it can be to get back into forming real-world relationships and dealing with the natural ebbs and flows that come along with them.

    If you’re already in a relationship, the ideal fantasy partner becomes a lens through which you judge your real partner. They never measure up. Because no one can. Because they’re not real.


    How to Restore Capacity: A Framework for Redirecting

    The good news: maladaptive daydreaming is treatable. It’s not a life sentence. But the treatment requires understanding what you’re actually trying to achieve when you daydream.

    You’re not trying to waste time. You’re trying to regulate emotion. You’re trying to feel safe. You’re trying to be someone who matters. These are legitimate needs. The daydreaming is just the tool your brain chose because other tools didn’t seem available.

    Treatment, then, is about building better tools.

    CBT and Cognitive Restructuring

    Cognitive behavioral therapy integrates cognitive restructuring to address the beliefs that maintain excessive fantasy, stimulus control and response prevention to break automatic patterns and build control over urges, and behavioral activation to rebuild engagement with real life.

    What beliefs maintain the daydreaming? Maybe: “The real world will never be satisfying.” “I’m not capable of getting what I need in reality.” “It’s safer to retreat.” “I can’t handle real-world emotions.” These beliefs are often rooted in real experience. You may have actually been hurt. You may have actually failed. But the belief that things can’t change is the problem.

    Cognitive restructuring doesn’t mean positive thinking or denial. It means examining the evidence. Yes, you’ve failed sometimes. But you’ve also succeeded sometimes. Yes, people have disappointed you. But some people have come through. Yes, the real world is unpredictable. But so is your emotional experience, some days the daydream soothes; some days it just compounds the shame.

    Stimulus Control: Breaking the Trigger Pattern

    Stimulus control involves identifying and systematically modifying the environmental triggers that have become associated with daydreaming. Over time, certain contexts become so strongly linked with fantasy that they almost automatically trigger the urge to daydream.

    For many, music is the trigger. A song starts, and the daydream follows. Stimulus control means: don’t listen to that song right now. Redirect to something else. For others, isolation is the trigger. Stimulus control means: don’t work alone at home. Work in a coffee shop. Schedule video calls during your high-risk times.

    Physical movement is often part of the pattern. Stimulus control involves practicing stillness when urges arise, or redirecting movement toward purposeful activities. Instead of pacing while daydreaming, the person might go for a walk with intention.

    This isn’t about willpower. It’s about changing the context so the automatic response doesn’t fire.

    Mindfulness and Grounding

    Mindfulness meditation and self-monitoring have shown the most promise. One large trial found that an eight-session, internet-based program combining mindfulness meditation and self-monitoring significantly reduced symptoms and improved life functioning, achieving a 24% clinically significant improvement rate.

    Mindfulness is not about stopping the daydreams. It’s about noticing them without judgment, recognizing the urge, and choosing something else. Grounding techniques anchor you to the present: name five things you can see, four you can touch, three you can hear, two you can smell, one you can taste. It sounds simple, but it interrupts the drift.

    Addressing What Underlies It

    If MD developed as a response to trauma, anxiety, depression, or ADHD, those conditions need treatment too. Because many people who have maladaptive daydreaming also have related conditions like ADHD, treating the related conditions may also help.

    For ADHD, that might mean medication, external structure, or executive function coaching. For trauma, it might mean trauma-focused therapy. For anxiety or depression, it might mean medication or CBT. None of this is shameful. It’s rebuilding the capacity to be present in your own life.


    Self-Assessment: Where Do You Actually Sit?

    These six questions help you gauge whether you’re dealing with healthy daydreaming or something that’s costing you significantly.

    Rate each 1-5 (1 = strongly disagree, 5 = strongly agree):

    1. Time Loss — When I start daydreaming, I lose track of time and am often shocked by how much time has passed.

    2. Loss of Control — I try to stop daydreaming, but I can’t seem to interrupt it once it starts.

    3. Functional Impairment — My daydreaming interferes with work, relationships, or daily responsibilities.

    4. Emotional Dependency — I feel like I need to daydream to manage difficult emotions.

    5. Social Withdrawal — I’m choosing daydreaming over time with people who matter to me.

    6. Shame — I feel ashamed or guilty about how much time I spend daydreaming.

    Scoring:

    • 6-10: Healthy daydreaming range. Your inner life is rich, but it’s not interfering with your outer life.
    • 11-20: Immersive but manageable. You’re spending significant time daydreaming, but you’re not in crisis.
    • 21-30: Clear pattern present. This is costing you something tangible. Treatment would help.

    This isn’t diagnostic. It’s a mirror. Does it reflect your experience?


    FAQ

    Q: If I have MD, does that mean I have ADHD?

    No. Maladaptive daydreaming is not just ADHD, but research shows that people with ADHD are more likely to have maladaptive daydreams than the general public. That said, research also suggests that the majority of people with ADHD do not have maladaptive daydreams. You can have one without the other. But if you have ADHD, your risk for MD is higher. (Sleep Foundation)

    Q: Is maladaptive daydreaming a mental illness?

    Not formally—not yet. It’s not in the DSM-5. But researchers have published a position paper in the British Journal of Psychiatry arguing it should be classified as a dissociative disorder. More importantly: whether or not it’s officially diagnosed, if it’s costing you your life, it deserves treatment. (nih)

    Q: Can I have a good relationship if I have MD?

    Yes. But it requires honesty and effort. Your partner needs to understand what MD is, that it’s not about them, not about lack of love, but about a coping mechanism that’s become automatic. Effective approaches typically begin with education and de-stigmatization. Understanding that maladaptive daydreaming represents a genuine psychological mechanism, not a choice or character flaw—helps partners respond with compassion rather than blame. (Balancedmindofny)

    Q: Will my daydreams ever stop completely?

    Probably not. Daydreaming is normal. The goal isn’t never-daydream. The goal is: daydreaming that’s brief, controllable, and doesn’t displace real life. You’re aiming for healthy daydreaming, not the absence of daydreaming.

    Q: If I treat my ADHD, will the MD go away?

    Maybe partially. Treating ADHD helps with emotion regulation and executive function, which can reduce the compulsive pull of the daydream. But MD often needs its own targeted treatment. You’re addressing the vulnerability (ADHD) and the specific pattern (MD) simultaneously.

    Q: Is there medication for maladaptive daydreaming?

    There’s no specific MD medication. But if MD is connected to depression, anxiety, or OCD, treating those can help. Some people find that ADHD medication helps because it improves executive function and reduces the ease with which the daydream captures attention.

    Q: How do I know if I’m making progress?

    Look for: increased awareness of when you’re drifting; shorter duration when you do daydream; reduced shame; more time engaged in real activities; better presence in relationships. Progress isn’t linear. But after a few months of targeted work, you should notice something shifting.

    Q: What if I’m afraid that treating my MD means losing part of myself?

    This is real, and it matters. The daydreams have been your companion, your refuge, your creative outlet. Reducing them can feel like loss. But the question is: what are you building instead? In place of the fantasy, you’re building real relationships, real accomplishments, real agency. The richness of your inner life doesn’t disappear. It gets redirected toward the real world.


    Appendix

    Key Terms

    Default Mode Network (DMN): A system of brain regions active during rest and mind-wandering; includes medial prefrontal cortex, posterior cingulate, and medial temporal lobe.

    Dissociative Absorption: Deep immersion into an internal fantasy world, with primary focus inward rather than on external environment.

    Emotion Dysregulation: Difficulty modulating, understanding, or responding to emotional experiences; common in ADHD.

    Stimulus Control: Breaking automatic associations between environmental triggers (music, isolation, physical location) and the urge to daydream.

    Task Positive Network (TPN): Brain regions active during focused, goal-directed external tasks; works in opposition to DMN.


    Further Reading

    Pyszkowska, A., Nowacki, A., & Celban, J. (2025). The daydream spectrum: The role of emotional dysregulation, internalized stigma and self-esteem in maladaptive daydreaming among adults with ADHD, ASD, and double diagnosis. ADHD Attention Deficit and Hyperactivity Disorders, 17(1), 45-62.

    Soffer-Dudek, N., Somer, E., Spiegel, D., & Chefetz, R. (2025). Maladaptive daydreaming should be included as a dissociative disorder in psychiatric manuals: Position paper. The British Journal of Psychiatry, 226(4), 279-290.

    Theodor-Katz, N., & Soffer-Dudek, N. (2025). Where is my mind? The daydreaming characteristics questionnaire, a new tool to differentiate absorptive daydreaming from mind-wandering. Journal of Attention Disorders, 29(7), 515-528.

    Theodor-Katz, N., & Soffer-Dudek, N. (2025). Differential diagnosis between maladaptive daydreaming and ADHD: Immersive daydreaming is not simply inattention. International Journal of Clinical and Health Psychology, 25(3), 100616.

    Cleveland Clinic. (2024). Maladaptive daydreaming: What it is and how to stop it. Retrieved from https://health.clevelandclinic.org/


    Resources

    International Center for Maladaptive Daydreaming Research (ICMDR): https://daydreamresearch.wixsite.com/md-research

    Maladaptive Daydreaming Scale (MDS-16): Open-access screening tool, available through ICMDR

    Daydreaming Characteristics Questionnaire (DCQ): Differentiates MD from ADHD mind-wandering

    Wild Minds Network: Community resource for people experiencing MD


    Gorgeous Diaries is a space for people who are done being confused by things that were never actually confusing. They just needed the right language.

  • Doxing: How Identity Becomes a Weapon

    The information was always public. That is exactly what makes it dangerous.

    The Moment You Find Out

    It starts with a notification you do not recognize. Then three more. Then a screenshot someone sends you, not because they want you to see it, but because they think you should know before you find out some other way: a thread on a forum you have never visited, with your full name at the top, your home address two lines down, and a photo of your own front door, taken by someone standing on your own sidewalk.

    You did not post your address anywhere. You were careful, or you thought you were. But carefulness was never really the variable. Somewhere between a voter registration record, an old apartment listing, a data broker you have never heard of, and a comment you made under your real name four years ago, someone built a complete picture of where you sleep at night. It took them an afternoon. It will take you years to feel safe again.

    This is doxing. Not hacking, not usually, not technically. Just assembly. The pieces were always there, scattered and legal and mostly forgotten. Someone simply put them in one place and handed that place to anyone who wanted to find you.

    That is the part that makes it different from almost everything else this series has covered. Astroturfing manufactures what other people believe about an issue. Account suppression weaponizes a platform’s own rules against you. Doxing skips the platform entirely and goes straight for the thing no terms of service can protect: the fact that you have a body, and that body is somewhere, and now everyone knows where.


    Definition

    Doxing, sometimes spelled doxxing, is the act of publishing someone’s private or identifying information without their consent, typically with the intent to harass, intimidate, or expose them to real world harm. The term descends from the hacker slang dropping docs, worn down over decades of internet culture into a single, ugly verb. The information itself is rarely exotic. Home addresses, phone numbers, workplace details, family members’ names, financial details, and the link between an anonymous online handle and a real legal identity make up the overwhelming majority of doxing payloads.

    The line is not the information itself. Much of what ends up in a dox is, on its own, publicly available and entirely legal to possess. Property records are public. Voter rolls are semi-public. A person’s employer is often listed on their own social media. What turns research into doxing is intent and aggregation: the deliberate compiling of scattered, mostly harmless fragments into a single weaponized profile, published with the explicit or implicit goal of inviting others to harass, threaten, or locate the target.

    This is also where doxing gets genuinely contested rather than simply condemned. Investigative journalism regularly publishes true, lawfully obtained information about people, including information they would prefer stayed private, because the public interest in knowing it outweighs the subject’s preference for privacy. Courts have generally protected this kind of publication under the First Amendment, in a line of precedent sometimes called the Daily Mail principle: the government can rarely punish the publication of truthful information that was lawfully obtained. The same protection that shields a reporter exposing a corrupt official’s finances can also shield someone publishing a private citizen’s home address under the banner of accountability. The line between the two is not always where people on either side of a dispute would like it to be, and that ambiguity is part of why doxing has proven such a durable tactic across every part of the political spectrum, a pattern this piece returns to directly.


    The Scale of the Problem

    The numbers are larger and more ordinary than the headlines suggest. A 2025 survey from the home security research firm Safehome found that roughly four percent of American adults, an estimated 11.7 million people, have been doxed at some point, with another sixteen percent reporting that a friend or family member had experienced it. The Anti-Defamation League’s 2024 survey on online hate and harassment found that fifty six percent of American adults had experienced some form of online harassment, and twenty two percent had experienced a severe form, a category that explicitly includes doxing alongside stalking and physical threats.

    The exposure is not evenly distributed. Pew Research Center’s long-running work on online harassment has consistently found that women experience more sexualized and identity-targeted abuse than men, and that LGBTQ adults report dramatically higher rates of online abuse overall, with roughly seven in ten lesbian, gay, or bisexual adults reporting some experience of online harassment compared to about four in ten straight adults. Journalists and activists, particularly women in those fields, show up disproportionately in research on who gets doxed and why, not because they are careless with their information but because visibility itself is the risk factor.

    The psychological research on doxing specifically is thinner than the research on harassment broadly, but the mechanism is not mysterious. Doxing collapses the distance between online conflict and physical safety. A hostile comment can be ignored, blocked, or muted. A hostile comment paired with your home address cannot, because the threat is no longer contained to the platform where it appeared. It follows you into your kitchen.


    Four Kinds of People Who Do This

    THE DISGRUNTLED INDIVIDUAL

    This is doxing’s oldest and most personal form: an ex-partner, a former coworker, a litigant on the losing end of a court case, someone with a specific grievance against a specific person, acting alone. The motive is rarely ideological. It is personal, often furious, and frequently underestimated by everyone around the target, including the target.

    This type produced the worst documented outcome in this entire piece. In July 2020, a disgruntled lawyer who had appeared before U.S. District Judge Esther Salas found her home address online and arrived at her New Jersey residence disguised as a delivery driver. He shot and killed her twenty year old son, Daniel Anderl, and seriously wounded her husband, before fleeing and later taking his own life. Authorities later found a list of other judges in his vehicle. Judge Salas has said publicly that her son’s death traces directly to how easily his attacker found where they lived.

    The Disgruntled Individual is the type people picture least and should fear most, because there is no forum to monitor, no campaign to track, no coordination to detect in advance. There is only the address, sitting in a database somewhere, waiting to be sold.

    THE ORGANIZED BRIGADE

    Where the disgruntled individual acts alone, the organized brigade acts as a crowd, and that changes everything about what it feels like to be on the receiving end. Forums and group chats dedicated to tracking specific targets turn doxing into a participatory hobby, with members competing to surface new personal details the way other communities compete over trivia.

    Clara Sorrenti, a Canadian transgender Twitch streamer known online as Keffals, experienced this directly in 2022 after becoming a target of the forum Kiwi Farms. Members of the site located an old obituary for her father, traced it to a memorialized Facebook photo of her childhood home, and used satellite mapping to confirm the address. Weeks of escalating harassment followed, culminating in a swatting attack: someone impersonated her and emailed local officials with a fabricated mass shooting threat, sending armed police to her door. After fleeing to a hotel, trolls identified the building from the pattern on her bedsheets, visible in a photo of her cat. She left the country entirely, and her stalkers found her again in Belfast. Sorrenti’s campaign to hold Cloudflare accountable for providing security services to Kiwi Farms eventually succeeded, and the company cited an imminent threat to human life when it dropped the site in September 2022. Notably, a separate attacker claiming affiliation with the same forum also swatted U.S. Representative Marjorie Taylor Greene days later, a reminder that this particular weapon does not check anyone’s politics before it fires.

    THE ACCOUNTABILITY DOXER

    The most ethically contested form of doxing is the kind its practitioners do not consider doxing at all. The Accountability Doxer believes the target’s public conduct, speech, or affiliation justifies exposing their private identity, on the theory that consequences require a name and an address attached to them. This type exists across the entire political spectrum, deployed by people who would otherwise agree on almost nothing else.

    In the days following conservative commentator Charlie Kirk’s death in September 2025, a website calling itself Expose Charlie’s Murderers published the names, employers, and personal details of people who had posted critical commentary about him, leading to firings and suspensions for some of those named. A separate, longer running effort has compiled lists of more than five thousand students and academics critical of Israel, sharing their information in blacklist campaigns that critics say have jeopardized jobs, immigration status, and safety. A digital billboard truck circling Harvard Square displayed the names and photos of students who had signed a public letter about the October 7 Hamas attack, a tactic widely described as doxing even though, legally, it involved nothing but a megaphone pointed at an already public letter. The Department of Homeland Security has separately reported a seven hundred percent increase in assaults against immigration enforcement agents whose identities and home information have been published by activists opposed to their work.

    None of these campaigns share a politics. They share a justification: that some forms of speech or affiliation forfeit the speaker’s right to privacy. Whether that justification holds up is a genuine and unsettled argument, not a settled one, and it is worth sitting with rather than resolving in either direction here.

    THE OPPORTUNIST

    The newest entrant requires no grievance and no ideology at all, only timing. In the wake of UnitedHealthcare CEO Brian Thompson’s killing in December 2024, two anonymously run websites published the names, personal email addresses, phone numbers, compensation figures, and LinkedIn profiles of hundreds of Fortune 500 executives within months, explicitly framing the killing as righteous and the published list as a target index. Both sites were taken offline within twenty four hours of going live.

    Twenty four hours was enough. The data had already been scraped, archived, and redistributed by the time either site disappeared, illustrating a gap this piece returns to in its legal section: the time it takes to publish a dox is measured in hours, and the time it takes to remove one is measured in weeks. The Opportunist does not need to sustain a campaign. The internet does that part for them.


    What Being Found Actually Does to a Person

    Ask anyone who has been doxed what changed, and very few of them start with the information itself. They start with the texture of their own attention afterward. Hypervigilance becomes the baseline state: checking locks twice, flinching at unfamiliar cars on the street, treating a knock at the door as a category of event rather than a doorbell ring.

    The financial cost arrives quietly and compounds. Some victims relocate entirely, absorbing the cost of breaking a lease or selling a home at a loss. Others spend on data removal services, new phone numbers, address confidentiality programs, and in extreme cases private security, none of which existed as a budget line item before the dox. Professional costs follow close behind. Employers, uncomfortable with the liability or attention a doxed employee brings, sometimes part ways with the very person being targeted rather than the people targeting them, a dynamic survivors describe as feeling punished twice.

    The least visible cost may be the most consequential at scale: the chilling effect on speech itself. Research on women journalists and activists who have experienced or witnessed doxing consistently finds a pattern of self-censorship afterward, not because the underlying belief changed but because the calculation of what it costs to say it publicly did. A platform user who watches a colleague get doxed for a position does not need to be personally targeted to learn the lesson the dox was designed to teach. For many perpetrators, this is the actual point. The named target absorbs the damage. The chilling effect is the return on investment.

    Swatting sits at the furthest edge of this spectrum, where the threat stops being psychological and becomes literally a matter of who shows up with a weapon at your door. It is the rare and extreme outcome of doxing, but it is not a freak occurrence disconnected from the everyday version. It is what the everyday version is always one bad actor away from becoming.

    How a Person Becomes Findable

    It is worth being precise about what doxing actually requires, mostly because the answer is so much less impressive than the result it produces. There is rarely any hacking involved, and no special access is needed. The architecture is mundane, built from a handful of unremarkable categories of information that, individually, almost nobody thinks to protect.

    Public records form the foundation. Property deeds, voter registrations, court filings, and business licenses are designed to be searchable, and in most states they are not redacted by default even for people who would have good reason to want them hidden. Commercial data brokers, the subject of the next section, aggregate this material at industrial scale and resell it as searchable consumer profiles, often for a few dollars per lookup. Old social media posts and abandoned usernames provide a different kind of fuel: the connective tissue between an anonymous handle someone has used for a decade and the legal name attached to their driver’s license. A single careless post linking the two, made years earlier and long forgotten, is often all it takes to collapse an entire identity firewall.

    Less commonly, but more dangerously, compromising a connected account can surface information no public record contains at all. Sorrenti’s case illustrated this directly: after fleeing to a hotel, her rideshare account was compromised, exposing her phone number, home address, and her family members’ contact information through a service that had nothing to do with her public profile or her activism. The lesson generalizes uncomfortably well. Every account linked to a real address, a real phone number, or a real payment method is a potential leak point, regardless of how carefully someone guards their public-facing identity.

    None of this requires sophistication. It requires patience, a willingness to spend a few afternoons cross-referencing sources that are often free or nearly free, and a target who has, like almost everyone, left more digital breadcrumbs than they remember leaving.

    The Industry That Makes This Possible

    Doxing has perpetrators, but it also has a supply chain, and the supply chain is legal. Data brokers are companies whose entire business model is collecting, aggregating, and reselling personal information, often without the meaningful knowledge or consent of the people the information describes. Some specialize in so called people search services, explicitly designed to let anyone type in a name and receive an address, phone number, relatives, and property history within seconds, for a subscription fee that rarely exceeds the cost of a streaming service.

    The Federal Trade Commission’s case against the location data broker Kochava made the scale of this industry impossible to ignore. According to the FTC’s complaint, Kochava sold precise, timestamped geolocation data drawn from hundreds of millions of mobile devices, specific enough to trace a single device from a reproductive health clinic to the residential address it returned to that night, or from a domestic violence shelter to whatever location came next. The agency alleged that Kochava’s own marketing materials touted the ability to identify a household from its data, and that the company had taken essentially no steps to prevent the kind of identification that exposes people to, in the agency’s own language, stigma, stalking, discrimination, job loss, and physical violence. The case eventually resulted in a settlement barring Kochava from selling sensitive location data without explicit consumer consent, one of the most significant enforcement actions against the data broker industry to date, though hardly the last word on an industry with dozens of comparable competitors still operating largely as Kochava once did.

    The most consequential reform in this entire space did not come from regulators acting proactively. It came from a tragedy that made the abstract risk impossible to dismiss as theoretical. After her son’s murder, Judge Salas became the public face of an effort to force data brokers to stop selling the addresses of judges and law enforcement officers. New Jersey’s Daniel’s Law, passed within months of the attack, gave covered individuals the right to demand removal of their address and phone number from any business that published it, with financial penalties for noncompliance. By 2024, more than one hundred lawsuits had been filed under the law against companies that failed to comply with removal requests in time. Congress followed in 2022 with the Daniel Anderl Judicial Security and Privacy Act, extending comparable protections to federal judges nationwide and explicitly prohibiting data brokers from trading their personal information.

    Platforms occupy a parallel, if distinct, position of complicity. Cloudflare’s eventual decision to drop Kiwi Farms came only after sustained public pressure and an explicit declaration of imminent threat to human life, years after the forum’s harassment campaigns had already been linked to at least three suicides, according to reporting at the time. The company that hosted the infrastructure was not the one writing the threats, but it was, for years, the reason the threats stayed online and reachable. Accountability for enabling a harm and accountability for committing it are different categories of responsibility, but they are not unrelated ones, and the gap between when a platform could have acted and when it actually does is where most of the damage in these cases gets done.

    What the Law Actually Does About This

    There is no federal law in the United States that criminalizes doxing by name. Several bills have been introduced, including measures specifically protecting federal law enforcement personnel, but none have passed Congress as a standalone doxing statute, leaving most enforcement to a patchwork of state law that varies enormously depending on where the victim and the perpetrator happen to live.

    As of 2025, three states, Alabama, California, and Illinois, have written doxing into their statutes by that explicit name. Fourteen additional states criminalize the same underlying conduct, publishing personal information with intent to harass or harm, without using the word doxing itself, often by amending existing harassment or stalking statutes. California’s Doxing Victims Recourse Act, effective January 2025, created a civil right of action allowing victims to sue for damages ranging from fifteen hundred to thirty thousand dollars, plus attorney’s fees, regardless of whether prosecutors ever bring a criminal case. Most other states offer no comparable statutory path at all, leaving victims to rely on general stalking, harassment, or invasion of privacy law that was never written with doxing specifically in mind.

    The deeper obstacle is constitutional rather than merely legislative. Courts have repeatedly held that the government can rarely punish the publication of truthful information that was lawfully obtained, a principle that protects investigative journalism and, less comfortably, protects a great deal of what gets called doxing in practice. Any new law in this space has to thread a narrow needle: specific enough to reach the conduct that causes real harm, broad enough to actually deter it, and careful enough not to hand public officials a tool to punish embarrassing but legitimate reporting about themselves.

    Even where the law clearly applies, the timeline rarely matches the damage. The Fortune 500 executive doxing sites described earlier were taken offline within twenty four hours of being discovered, a genuine enforcement success by most measures. It did not matter. The data had already spread to dozens of mirrors and screenshots by the time the original sites disappeared, and no legal remedy exists that operates on a twenty four hour clock. Legal recourse in doxing cases functions best as documentation, leverage, and eventual restitution. It functions poorly, almost by design, as a fire alarm.


    Self-Assessment: How Exposed Are You, and Have You Ever Been the One Holding the Match

    Rate each statement from one, not at all true, to five, completely true.

    1. A simple search of my full name returns my home address, current or former, within the first page of results.

    2. I have used the same username or handle across platforms where my real identity is public and platforms where I intentionally keep it anonymous.

    3. My job, activism, public commentary, or relationship history makes me a plausible target for someone with a grievance against me.

    4. I have shared someone else’s address, workplace, phone number, or full legal name in a group chat, comment section, or forum during a dispute, even one that felt justified at the time.

    5. I do not know whether my information has ever been removed from, or sold by, a data broker or people search site.

    6. If a stranger online decided to find out everything about me tomorrow, I genuinely do not know how hard that would be.

    Scores of twenty four to thirty suggest your exposure, your participation in the practice, or both, deserve immediate attention. Scores of twelve to twenty three suggest meaningful gaps worth addressing methodically rather than urgently. Scores below twelve suggest a relatively low baseline risk, though the steps below are worth reviewing regardless, since exposure tends to change faster than awareness of it.


    What to Actually Do About It

    If you suspect your information is already circulating, start by documenting everything before you do anything else. Screenshot the original posts, the URLs, the timestamps, and the usernames involved, because platforms and data broker opt-out forms will ask for this evidence and it disappears or gets edited faster than victims expect.

    Next, request removal directly. Most major data brokers and people search sites maintain opt-out pages, though the process is deliberately tedious by design, often requiring a separate request to each individual broker rather than one universal form. Google maintains a personal information removal policy that allows individuals to request that search results combining personal information with explicit or implicit threats be delisted, which will not remove the underlying page but will make it considerably harder to find through a casual search.

    Then, lock down the accounts that could leak further information without your knowledge. Two factor authentication on email, financial, and rideshare or delivery accounts closes the exact gap that exposed Sorrenti’s location after she had already fled once. Review what services have your real address on file and consider whether each one actually needs it.

    If you are in a profession that qualifies for legal protection, judges, prosecutors, and certain law enforcement or public safety roles in many states, file the paperwork those protections require rather than assuming they apply automatically. They generally do not activate until you request them.

    Resist the instinct to respond publicly to the people circulating your information, however justified the anger feels. Public engagement, even angry engagement, generates the attention and the content the harassment campaign is built to harvest. Document instead, report to the platform and, where the threat is credible, to law enforcement, and let evidence accumulate quietly rather than feeding a public spectacle that benefits whoever started it.

    Finally, treat this as a sustained process rather than a single fire to put out. Information removed from one source often resurfaces from another months later, and the people most successful at managing a doxing aftermath describe it less as a crisis they resolved and more as a vigilance they adopted.


    When This Becomes an Emergency

    Everything above assumes a serious but survivable situation. Some doxing cases escalate past that point, into explicit threats of violence, stalking behavior in physical space, or swatting, and those situations require a different response entirely. If you believe you are in immediate physical danger, contact local law enforcement directly rather than relying on a platform’s reporting tools, which are not built for emergencies and were never designed to move at the speed a genuine threat requires.

    The Cyber Civil Rights Initiative and Online SOS both maintain resources specifically for victims of coordinated online harassment and doxing, including guidance on documentation, legal options, and in some cases direct support navigating a crisis. The National Network to End Domestic Violence’s Safety Net project focuses specifically on technology facilitated abuse and stalking, which overlaps heavily with doxing in cases involving a current or former intimate partner. None of these organizations can make the underlying exposure disappear, but they exist precisely because the gap between a dox and an emergency is sometimes a matter of hours, and having a resource already identified before that gap closes matters.


    You Did Not Fail by Being Findable

    Almost everyone is findable, by anyone sufficiently motivated, because the architecture of modern life was never designed with your safety as its first priority. It was designed for convenience, for commerce, for searchability, and your privacy was a cost nobody budgeted for until it was already spent.

    What you control is not whether the information exists. Most of it already does, scattered across databases you will never fully audit. What you control is how quickly you notice, how methodically you respond, and whether you let the discovery turn into permanent vigilance or a managed, finite process with an end. The people who recover fastest from being doxed are rarely the ones with the least information exposed. They are the ones who stopped treating the exposure as a referendum on their own carelessness and started treating it as exactly what it is: a system failure that happened to land on them.

    Doxing does not invent a threat. It just hands one an address.


    Next in the Series: Coordinated Harassment and the Architecture of the Pile-On

    A single doxed address is a location. A hundred accounts arriving at that location’s digital front door, in the same hour, using language that was clearly written somewhere else first, is a campaign. The next installment of Digital Manipulation examines what happens in the gap between a single bad actor and a coordinated one, and why platforms built to detect spam are so consistently unable to detect a crowd that was never actually spontaneous.


    FAQ

    Q: Is it doxing if the information I shared was already public?

    A: Possibly. The legal and ethical question hinges on intent and aggregation, not just availability. Compiling scattered public fragments into a single profile, published with the goal of inviting harassment or harm, generally crosses the line even when each individual fact was technically findable beforehand.

    Q: What’s the difference between doxing and investigative journalism?

    A: Purpose and proportionality. Journalism that reveals true information about a public figure’s conduct, in service of a documented public interest, generally enjoys strong legal and ethical protection. Doxing aimed at a private individual, with no comparable public interest beyond punishing them for speech or identity, does not carry the same justification even when it uses similar techniques.

    Q: Can I get in trouble for sharing someone’s address during an argument online, even if I didn’t mean any harm?

    A: In several states, yes, depending on intent and outcome. Many anti-doxing and harassment statutes focus on whether a reasonable person would expect the disclosure to invite harassment or fear, not solely on whether the person sharing it meant to cause harm. If you have done this, even once, it is worth taking seriously rather than assuming good intentions provide automatic protection.

    Q: How do I find out if I’ve already been doxed?

    A: Search your own full name, along with variations and any usernames you have used publicly, on a regular basis. Set up free alert services for your name and home address where available. Check whether your information appears on major people search and data broker sites, since most allow free lookups even when removal requires a paid or manual process.

    Q: Are data broker opt-out services worth paying for?

    A: For most people facing an active threat, yes, because the manual process of contacting dozens of individual brokers is time consuming enough that most people abandon it halfway through. These services do not guarantee permanent removal, since brokers frequently reacquire data, but they meaningfully reduce the number of sources someone would need to check to find you.

    Q: Is doxing always intentional, or can it happen by accident?

    A: It can happen without malicious intent, particularly when someone shares a screenshot, a location tag, or an identifying detail without realizing how it connects to information already circulating elsewhere. Accidental doxing still causes real harm to the person exposed, even when no one intended it, which is part of why basic digital hygiene matters even in low conflict situations.

    Q: What should I do if I’m being swatted or believe a swatting attempt is imminent?

    A: Contact local law enforcement directly and, if possible in your jurisdiction, register your address with any swatting prevention or threat flagging program your local department offers. Some departments allow residents to pre-register safety concerns tied to a specific address, which can change how responding officers approach the scene.

    Q: Does deleting my social media accounts protect me after a dox?

    A: It limits future exposure but does nothing to remove information that has already been copied, screenshotted, or mirrored elsewhere. Treat account deletion as one part of a broader cleanup rather than a solution on its own.

    Q: Why does this article cover examples from across the political spectrum instead of focusing on one side?

    A: Because the evidence does not support treating doxing as a tactic native to one political position. It has been deployed by activists, partisans, and opportunists across the entire spectrum, often using nearly identical methods against opposite targets. Treating it as exclusively a problem of the other side makes it easier to excuse when your own side does it, which is precisely the blind spot this piece is trying to close.

    Q: Is it doxing to research someone before a first date?

    A: Generally no, as long as the research stays private and proportionate to a reasonable safety concern, such as confirming someone’s identity matches what they have presented. It becomes a different and more troubling practice the moment that research is published, shared publicly, or used to humiliate rather than simply to verify.

    STATISTICS & RESEARCH STUDIES

    Safehome 2025 Doxing Survey

    Citation: Safehome Research Team. (2025). National doxing prevalence survey.
    Key Finding: 4% of American adults (approximately 11.7 million people) have been doxed; 16% report a friend or family member experienced doxing.
    Link: https://www.safehome.org/ (search for “doxing survey 2025” or contact for research findings)
    Usage in article: “The numbers are larger and more ordinary than the headlines suggest…”

    Anti-Defamation League (ADL) 2024 Online Hate and Harassment Survey

    Citation: Anti-Defamation League. (2024). Online hate and harassment survey.
    Key Findings:
    56% of American adults have experienced some form of online harassment22% have experienced severe forms (doxing, stalking, physical threats)
    Link: https://www.adl.org/resources/report/2024-online-hate-and-harassment-surveyUsage in article: “A 2025 survey from the home security research firm Safehome…”

    Pew Research Center — Online Harassment & Demographic Patterns

    Citation: Pew Research Center. Ongoing longitudinal research on online harassment.
    Key Findings:Women experience disproportionately higher rates of sexualized and identity-targeted abuse~70% of LGBTQ adults report online harassment vs. ~40% of straight adultsJournalists and activists show higher victimization rates

    Links:
    General harassment research: https://www.pewresearch.org/Search: “online harassment demographics” or “LGBTQ online abuse”
    Usage in article: “Pew Research Center’s long-running work on online harassment…”

    II. CASE STUDIES & DOCUMENTED INCIDENTS

    Case 1: Judge Esther Salas / Daniel Anderl Murder (July 2020)

    The Incident: A disgruntled lawyer located Judge Esther Salas’s home address via public records and data brokers, appeared at her residence disguised as a delivery driver, and fatally shot her 20-year-old son Daniel Anderl. Her husband was also seriously wounded. The attacker fled and later took his own life.

    Documented Sources:
    U.S. Courts Press Release: Judge Salas incident investigationFBI Statement (July 2020): Investigation into the shootingJudge Salas’s public statements on data broker accountability

    Key Links:

    NBC News report: https://www.nbcnews.com/news/judge-esther-salas-son-killed-doxing-public-records-n1232336Judge Salas’s TED talk on data broker reform (2021)

    Usage in article: “The Disgruntled Individual” perpetrator type

    Critical Note: Judge Salas has made doxing-to-violence causality a core part of her public advocacy.

    Case 2: Clara Sorrenti / Keffals vs. Kiwi Farms (2022)

    The Incident: Clara Sorrenti, a Canadian transgender Twitch streamer (username: Keffals), became target of coordinated harassment by Kiwi Farms forum members.

    They: Located her childhood home via old Facebook memorial post and satellite mapping. Conducted sophisticated tracking across platforms and addresses. Coordinated swatting attempts (false emergency reports to police)Found her subsequent locations through metadata (bedsheet pattern, etc.)Forced her to flee Canada and ultimately leave the country

    Documented Sources:
    NBC News / Variety coverage (September 2022)Vice investigative reporting on Kiwi Farms harassment campaigns. Cloudflare statement on dropping Kiwi Farms (September 2022)Clara Sorrenti’s own testimonials and Twitter/X documentation

    Key Links:

    Variety: “Cloudflare Drops Kiwi Farms After Harassment Campaign” (September 2022)BBC: “What is Kiwi Farms and why did Cloudflare drop it?” (2022)Clara Sorrenti’s own documentation (Twitter/X): @keleffals

    Usage in article: “The Organized Brigade” perpetrator type, platform complicity section.

    Critical Detail: The rideshare account compromise exposing family contact info is a major detail in the article; verify via Sorrenti’s own statements.

    Case 3: Marjorie Taylor Greene Swatting (September 2022)

    The Incident: Days after Clara Sorrenti’s case, a swatting attack was directed at U.S. Representative Marjorie Taylor Greene (R-GA). The attacker falsely reported an armed incident at her home to trigger an armed police response.

    Documented Sources: Official Capitol Police statement. Multiple news outlets (CNN, NBC, etc.) covering the incident, Linked to Kiwi Farms forum members by investigators

    Key Links:

    CNN: “Rep. Marjorie Taylor Greene’s home swatted for third time in a year” (September 2022)Capitol Police press releases

    Usage in article: To illustrate that doxing/swatting crosses political linesNote: The article explicitly uses this case to show the tactic is not partisan.

    Case 4: Charlie Kirk Doxing Campaign (September 2025)

    The Incident: Following the death of conservative commentator Charlie Kirk, a website called “Expose Charlie’s Murderers” published names, employers, and personal details of people who had posted critical commentary about him online, leading to job losses and suspensions.

    Documented Sources: This is a recent, real incident; verify via:
    NewsGuard or media watchdog archives. Conservative news outlets covering retaliation. Job loss/suspension documentation from affected individuals

    Key Links:

    Web archive snapshots (if available)News coverage in conservative media

    Usage in article: “The Accountability Doxer” type, showing left-leaning deploymentCritical Note: You may need to verify the exact date and details; the article uses September 2025 which may need fact-checking if we’re past that date in your publishing timeline.

    Case 5: Pro-Palestine Academic Doxing Campaigns

    The Incident: Digital blacklist campaigns targeting academics and students critical of Israel. The article mentions “more than five thousand students and academics” on published lists.

    Documented Sources:
    The Israel-Palestine conflict reporting from organizations tracking both sides:

    The Incident: Digital blacklist campaigns targeting academics and students critical of Israel. The article mentions “more than five thousand students and academics” on published lists.

    University statements on student harassment. Individual case documentation from affected students

    Key Links:

    Inside Higher Ed: “Blacklists and Academic Freedom” (2023-2024)Chronicle of Higher Education coverage.
    FIRE (Foundation for Individual Rights and Expression): tracking academic harassment cases

    Usage in article: “The Accountability Doxer” type, showing left-leaning deployment
    Note: The article mentions “five thousand students and academics” — The specific number may need to be verified

    Case 6: Harvard Square Billboard Incident

    The Incident: A digital billboard truck circled Harvard Square displaying names and photos of students who signed a public letter about the October 7 Hamas attack, widely described as doxing.

    Documented Sources:
    Harvard Crimson (student newspaper) coverage
    Boston Globe reporting Pro-Israel advocacy group statements (likely where the billboard originated)

    Key Links:

    Harvard Crimson: Search for “billboard incident 2023” or “students named October 7″Boston Globe coverage of same incident

    Usage in article: “The Accountability Doxer” type, showing right-leaning deploymentNote: Verify the exact date; the article uses it as a historical reference.

    Case 7: Immigration Enforcement Officer Doxing

    The Incident: The article mentions activist doxing of ICE agents and claims a “seven hundred percent increase in assaults against immigration enforcement agents whose identities and home information have been published by activists opposed to their work.”Documented Sources:

    Department of Homeland Security (DHS) reporting. ICE officer union statements (National Immigration and Customs Enforcement Council)News coverage of specific incidents

    Key Links:

    DHS press releases on agent safety. ICE union press statements. Investigative Reporters & Editors (IRE) coverage of doxing of federal agents

    Usage in article: “The Accountability Doxer” type, showing left-leaning deployment
    Critical Detail: The “seven hundred percent increase” figure needs verification; this is a specific, quantifiable claim that should be traced to a primary source.

    Case 8: UnitedHealthcare CEO Brian Thompson Murder Aftermath (December 2024)

    The Incident: Following the killing of UnitedHealthcare CEO Brian Thompson, two websites published names, emails, phone numbers, and LinkedIn profiles of hundreds of Fortune 500 executives, explicitly framing the killing as righteous and the list as a target index.

    Documented Sources:
    News coverage from December 2024 onwardsWeb archive snapshots (Internet Archive / Wayback Machine)Law enforcement statementsExecutive protection firm reports

    Key Links:

    NBC / CNN / Reuters coverage of the doxing campaigns. Internet Archive snapshots of the doxing sites (before takedown)Statements from affected corporations

    Usage in article: “The Opportunist” perpetrator type.
    Critical Note: The article states both sites were taken down within 24 hours; verify this timeline.

    III. LEGISLATION & LEGAL DOCUMENTS

    Daniel’s Law (New Jersey, 2020)

    Official Citation: N.J. Stat. § 2C:12-3.1 (Daniel’s Law)What It Does: Allows judges, prosecutors, and law enforcement officers to demand removal of their home address and unpublished phone number from data brokers and public-facing business databases.

    Key Details:
    Passed within months of Daniel Anderl’s murder (July 2020)Imposes financial penalties for noncomplianceBy 2024, over 100 lawsuits filed against companies failing to comply

    Link: https://www.nj.gov/njleg/ (search Daniel’s Law or S3043/A5185)
    Further Info: New Jersey courts website and data broker compliance resources
    Usage in article: Legal landscape section

    Daniel Anderl Judicial Security and Privacy Act (Federal, 2022)

    Official Citation: S. 3054 / HR 6246 (Daniel Anderl Judicial Security and Privacy Act)What It Does: Extends Daniel’s Law protections to federal judges nationwide; explicitly prohibits data brokers from trading the personal information of federal judges.Key Details:

    Passed 2022Creates federal enforcement mechanismComplements state-level Daniel’s Law protections

    Link: https://www.congress.gov/ (search by bill number S.3054 or HR 6246)
    Further Info: U.S. Courts Administration office statements on compliance
    Usage in article: Legal landscape section

    California Doxing Victims Recourse Act (AB 2881, effective January 2025)

    Official Citation: California Penal Code § 528.5 (as amended); Assembly Bill 2881What It Does: Creates a civil right of action allowing victims of doxing to sue for damages ($1,500 to $30,000 per incident) plus attorney fees, regardless of whether criminal charges are filed.Key Details:

    Effective January 1, 2025
    Applies to publishing personal information with intent to harass or cause harm
    No requirement that criminal prosecution occur
    Amends existing harassment statute

    Link: https://leginfo.legislature.ca.gov/ (search AB 2881 or Penal Code 528.5)Further Info: California Attorney General’s office guidance on implementationUsage in article: Legal landscape section

    State Doxing Laws Overview (Three Explicit + Fourteen Indirect)

    States with explicit “doxing” statutes: Alabama, California, Illinois (as of 2025)States with implicit criminalization via harassment/stalking laws: 14 additional states (list to be compiled)
    Documented Sources:
    Council of State Governments doxing law tracker
    FIRE (Foundation for Individual Rights and Expression) state-by-state analysis
    National Conference of State Legislatures (NCSL) research on harassment statutes

    Key Links:

    Council of State Governments: https://www.csg.org/ (search “doxing laws”)
    FIRE: https://www.thefire.org/ (search “doxxing” or “state laws”)
    NCSL: https://www.ncsl.org/ (search “harassment” or “cyberstalking statutes”)
    Usage in article: Legal landscape sectionNote: You may need to compile the exact list of 14 states; this is a current/evergreen detail.

    Federal First Amendment Precedent: Daily Mail Principle

    Legal Basis: The principle comes from Smith v. Daily Mail Publishing Co., 443 U.S. 97 (1979)
    What It Holds: The government can rarely punish the publication of truthful information that was lawfully obtained, even when that publication causes harm to its subjects
    Modern Application: Used in cases examining whether doxing or targeted publishing can be restrictedKey Links:

    Supreme Court opinion: https://supreme.justia.com/cases/443/97/Law review articles on “Daily Mail principle” and doxing (search legal databases)
    FIRE analysis of First Amendment and doxing: https://www.thefire.org/
    Usage in article: Legal landscape section explaining the constitutional challenge

    IV. SUPPORT ORGANIZATIONS & CRISIS RESOURCES

    Cyber Civil Rights Initiative (CCRI)

    Focus: Coordinated online harassment, swatting, doxing
    Services: Education, research, victim support, policy advocacy
    Contact & Resources: https://www.cybercivilrights.org/Specific Programs: Online harassment hotline, support guides, legal resourcesUsage in article: Crisis resources section

    Online SOS

    Focus: Victims of coordinated online harassment and doxing
    Services: Personalized support, resources, navigation of platform reporting and legal options
    Contact & Resources: https://onlinesos.org/Specific Programs: Case-by-case support, crisis responseUsage in article: Crisis resources section

    National Network to End Domestic Violence (NNEDV) — Safety Net Project

    Focus: Technology-facilitated abuse, stalking, doxing (especially in intimate partner context)
    Services: Specialized resources, safety planning, technical support
    Contact & Resources: https://www.techsafety.org/
    Specific Programs: Free tech safety guides, stalking resource guides, privacy toolkitUsage in article: Crisis resources section

    V. FEDERAL AGENCIES & ENFORCEMENT

    Federal Trade Commission (FTC) — Data Broker Oversight

    Key Case: In re Kochava Inc. (location data broker enforcement action, 2023)
    Resources:FTC data broker enforcement actions: https://www.ftc.gov/
    Search: “Kochava” for the full settlement and complaintFTC guidance on data broker consumer rights
    Usage in article: Data broker complicity section

    Department of Homeland Security (DHS) — Immigration Enforcement Data

    Key Finding: DHS reported statistics on assaults against ICE agents following doxing campaigns
    Resources:
    DHS press releases and annual reports on officer safetyCongressional testimony on agency security concerns
    Usage in article: Statistics on effect of “Accountability Doxer” campaigns

    VI. MEDIA & INVESTIGATIVE REPORTING SOURCES

    On Kiwi Farms & Clara Sorrenti Case

    BBC News: “What is Kiwi Farms and why did Cloudflare drop it?” (September 2022)
    Variety: “Cloudflare Drops Kiwi Farms After Harassment Campaign Against Transgender Streamer” (September 2022)
    Vice: Ongoing coverage of Kiwi Farms harassment campaigns
    NBC News / CNBC: Coverage of doxing and swatting incidents (2022)

    On Judge Salas & Daniel Anderl Murder

    NBC News: Comprehensive reporting on the incident and data broker implications. New Jersey law enforcement press releases. Judge Salas’s public statements and TED talks

    On UnitedHealthcare CEO Murder Aftermath

    Reuters: Coverage of executive doxing campaigns (December 2024)
    CNN / NBC: Analysis of the doxing sites and threat to other executives
    Business Insider / Forbes: Impact on corporate security practices

    On State-Level Doxing Laws

    Inside Higher Ed: Academic freedom and doxing campaigns (2023-2024)
    Chronicle of Higher Education: Coverage of academic harassment via doxing

    VII. LINKABLE GLOSSARY & INTERNAL DEFINITIONS

    These terms are defined in the article’s Appendix section

    Core Concepts

    Doxing — The publication of someone’s private or identifying information without consent, with intent to harass, intimidate, or expose to real-world harm.
    Doxxing — Alternative spelling of doxing; same meaning.
    Swatting — Making a false emergency report (active shooter, hostage situation) with intent to provoke armed police response at target’s location.
    Data broker — Company whose business model involves collecting, aggregating, and reselling personal information.

    Legal & Constitutional Terms

    Daily Mail principle — First Amendment precedent (Smith v. Daily Mail, 1979) holding that government can rarely punish publication of truthful information lawfully obtained.
    First Amendment — Constitutional protection for free speech; relevant to debates over what doxing can/cannot be legally restricted.
    Daniel’s Law — New Jersey legislation allowing judges, prosecutors, law enforcement to demand address removal from data brokers.
    Daniel Anderl Judicial Security and Privacy Act — Federal law extending Daniel’s Law protections to federal judges.
    California Doxing Victims Recourse Act — California civil remedy allowing doxing victims to sue for damages ($1,500-$30,000).

    Technical Terms

    Two factor authentication — Security method requiring two separate verification steps to access an account; increases protection against account compromise that could expose linked personal information.
    Data removal service — Third-party company that handles requests to remove personal information from data brokers and people-search websites.
    Address confidentiality program — State programs that substitute a confidential mailing address for a person’s actual address on public records (available in most U.S. states for certain protected groups like domestic violence survivors, judges, law enforcement).

    Organization Terms

    Cyber Civil Rights Initiative — Nonprofit focused on coordinated online harassment, swatting, doxing; offers support and resources.
    Online SOS — Nonprofit providing personalized support to doxing and coordinated harassment victims.
    National Network to End Domestic Violence (NNEDV) / Safety Net — Project focused on technology-facilitated abuse and stalking.

    Appendix

    Key Terms

    Doxing: The publication of someone’s private or identifying information without their consent, typically with the intent to harass, intimidate, or expose them to real-world harm.

    Swatting: Making a false emergency report, typically of an active shooter or hostage situation, with the intent of provoking an armed police response at a target’s location.

    Data broker: A company whose business model involves collecting, aggregating, and reselling personal information, often without the meaningful knowledge or consent of the individuals described.

    Daily Mail principle: A line of First Amendment precedent holding that the government can rarely punish the publication of truthful information that was lawfully obtained, even when that publication causes harm to its subject.

    Daniel’s Law: New Jersey legislation, passed in 2020 after the murder of Daniel Anderl, allowing judges, prosecutors, and law enforcement officers to demand removal of their home address and unpublished phone number from businesses and data brokers.

    Further Reading

    Federal Trade Commission. “FTC Sues Kochava for Selling Data that Tracks People at Reproductive Health Clinics, Places of Worship, and Other Sensitive Locations.” FTC press release, August 2022.

    The Council of State Governments. “Doxing: State Protections Against Digital Threats.” 2025.

    NBC News. “Kiwi Farms: Anti-trans stalkers chasing Keffals around the world.” September 2022.

    Rutgers Law School. “Groundbreaking Judge Turned Tragedy into Change.” Profile of Judge Esther Salas.

    The Foundation for Individual Rights and Expression. “Is doxxing illegal?” by David L. Hudson Jr.

    Anti-Defamation League. 2024 Online Hate and Harassment Survey.

    Crisis Resources

    Cyber Civil Rights Initiative, Online SOS, and the National Network to End Domestic Violence’s Safety Net project all maintain resources for victims of coordinated online harassment, doxing, and technology-facilitated abuse. If you believe you are in immediate physical danger, contact local law enforcement or emergency services directly.


    Digital Manipulation is a space for people who are learning to see what was designed to be invisible. You are not helpless. Coordination can be recognized. Manufactured consensus can be distinguished from authentic belief. You decide what you think.

    gorgeousdiaries.com