Most people think doxxing is something that happens to public figures — politicians, streamers, activists with enemies online. The actual pattern is different. The infrastructure that enables doxxing is run by licensed, registered, publicly traded companies that sell personal records as a commercial service. Violent individuals looking for a home address don’t need to hack anything. They pay a few dollars to a data broker and receive a formatted report containing current address, previous addresses, employer, relatives’ names, and vehicle information. It takes about as long as ordering a pizza.
This is not a fringe concern. It’s the operating model of an industry generating billions in annual revenue and the records those companies sell are the same ones a personal data removal service works to remove.
The Broker-to-Doxxer Pipeline in Practice
Data broker records used to locate individuals for harmful purposes aren’t a bug in the people-search industry — they’re a predictable consequence of its product design. People-search sites are built to let anyone find detailed information about anyone else. The business model depends on that accessibility. And the cost per record — ranging from under one dollar to a few dollars depending on the broker — means that the financial barrier to locating someone’s home address is lower than the cost of a cup of coffee.
The digitization of public records changed the risk profile of information that already existed. Property records, voter registrations, court filings, and marriage licenses have always been public. What’s different now is aggregation: pulling records from dozens of public sources, combining them with commercially sourced data, and presenting them as a searchable profile. Any one of those records in isolation isn’t enough to locate someone. Aggregated and cross-referenced, they’re a precision location tool. Data broker removal services address this by submitting deletion requests to the aggregators that hold these cross-referenced profiles — not just the original public records, which often cannot be removed.
Lawfare documents decades of cases in which abusive individuals used people-search broker data to locate and harm their targets — including home addresses available for under $1.00 per record. The analysis notes that the digitization and aggregation of public records fundamentally changes the risk context of that data even when each individual piece of information is technically public, because aggregation creates targeting capacity that no individual source alone provides.
Who Faces the Highest Risk — and What the Data Shows
Doxxing risk is not evenly distributed. The populations most documented as targets of broker-enabled location exposure include:
• Domestic violence survivors who have changed addresses to escape abusers, whose new locations can be surfaced through property records, updated voter rolls, or commercial data from retail transactions
• Women, LGBTQIA+ individuals, and people of color who face statistically higher rates of targeted harassment and gendered violence in which location data is used as a tactical tool
• Public-facing professionals including judges, law enforcement, prosecutors, healthcare workers, and election officials — several states have enacted address confidentiality programs specifically because broker data has been used to locate and threaten these individuals
• Journalists, activists, and researchers working on contested topics
• People in contentious custody or legal disputes where access to a current address is tactically useful to an opposing party
The financial scale is also documented: U.S. consumers reported more than $12.5 billion in fraud losses in 2024, with a subset of those cases beginning with broker-sourced location data. The crimes range from targeted financial fraud to physical violence — the same data product serving different uses at different price points.
The Consumer Financial Protection Bureau proposed extending FCRA coverage to data broker operations after documenting that brokers “profit by enabling scamming, stalking, and spying.” The CFPB’s record includes the 2020 murder of a federal judge’s son by an attacker who purchased her home address from a broker, and identifies domestic violence survivors and law enforcement personnel as populations facing specific ongoing risk from the commercial sale of contact and location information.
The Specific Records That Doxxers Use and How to Address Them
Understanding what data points enable doxxing informs what a data broker removal service needs to cover:
• Current home address — the primary target. Historical addresses are often scraped alongside current ones, useful for predicting likely current locations from prior patterns.
• Workplace name and address — enables contact or surveillance at a secondary known location.
• Relatives’ names and addresses — enables proxy location when the primary target’s address is unavailable.
• Vehicle records — license plate, make, model, and color allow physical identification.
• Phone numbers — used for harassment campaigns before or after physical location is established.
• Photos — some people-search databases include facial images sourced from social media scraping.
• Daily routine indicators — derived from property records, court filings, and commercial data, used to infer likely locations at given times.
A data removal service that covers only the primary people-search sites misses secondary brokers that hold and resell the same records. Ongoing monitoring is particularly important in doxxing-risk contexts because re-listed records — sourced from updated public records or new commercial data transactions — can reintroduce a current address within weeks of a successful removal.
The Stalking Prevention, Awareness, and Resource Center documents the relationship between technology-facilitated stalking and commercial data availability, noting that personal data records provide abusers with current home address, workplace location, and relative information — enabling sustained contact and physical access that would otherwise require active surveillance. Their research highlights that the harm from broker-sourced doxxing falls disproportionately on domestic violence survivors, for whom location exposure can be life-threatening.
What Address Removal Accomplishes — and What It Doesn’t
Among dedicated removal services, Kanary, iolo, and Mine each address home address and contact detail removal as a core function of their broker opt-out workflows, covering people-search databases including those most commonly used in location-targeting scenarios. The scope of removal and monitoring frequency differs between platforms and should be verified against each service’s specific database coverage list.
What removal does: submits deletion requests to broker databases holding your current and historical addresses, phone numbers, and associated relative records. What it doesn’t do is remove data from original public records sources — property filings, voter rolls, and court records will continue to exist and can be re-scraped. The practical implication is that ongoing monitoring is not optional for people in elevated-risk situations. A single removal cycle eliminates the aggregated profiles that exist today; monitoring prevents new profiles from accumulating from tomorrow’s public record updates and commercial data transactions.
Address confidentiality programs — available in most states for domestic violence survivors, law enforcement, and certain public officials — can suppress your address from appearing in future public filings, which reduces the upstream re-acquisition risk that makes ongoing monitoring necessary.
Every opt-out request filed reduces the number of places your address can be purchased. It doesn’t eliminate the underlying public record or prevent all future aggregation. What it does is raise the effort required to locate you — and for most threats, effort is the variable that determines whether an act occurs.
