Doxxing — the malicious publication of someone's private information — remains one of the most common and damaging forms of online harassment. For LGBTQ+ individuals, doxxing can lead to forced outing, workplace discrimination, family rejection, stalking, or violence. The risk is especially high when a single compromised account can be traced to your other online identities, pulling together a complete picture of who you are.
The most effective defense against doxxing is compartmentalization: keeping your online identities genuinely separate so that compromising one does not expose the others. This guide explains how to use separate identity vaults to create real boundaries between the different parts of your online life.
How Doxxing Actually Works
Understanding the attack helps you understand the defense. Doxxing rarely involves sophisticated hacking. Most of the time, it follows a predictable pattern:
- An attacker finds one piece of identifying information. A username, an email address, a profile photo, a phone number.
- They search for that identifier across other platforms. The same email on Twitter, LinkedIn, a dating profile, a forum post.
- They cross-reference what they find. Your dating profile mentions your neighborhood. Your LinkedIn shows your employer. Your Reddit history mentions your pets' names. Individually harmless — together, a complete identity.
- They publish everything. Name, address, workplace, photos, orientation, family members, anything they have assembled.
The critical vulnerability is the connections between accounts. If your Grindr profile, your Reddit account, your professional email, and your activist Twitter are all linked by shared identifiers — same email, same username, same profile photo, same phone number — then compromising any one of them exposes all the others.
The Compartmentalization Strategy
Compartmentalization means creating genuine separation between your online identities. Not just different passwords (though that is essential), but different emails, different usernames, different recovery methods, and different storage locations. A password vault with identity compartments makes this manageable.
The Four-Vault Model
Most people's online lives can be divided into four broad categories, each with different privacy requirements and risk profiles:
Vault 1: Professional Identity
- Work email and corporate accounts
- LinkedIn and professional networking
- Industry forums and mailing lists
- Banking and financial accounts tied to your legal name
- Government and official services
Vault 2: Personal / Social Identity
- Personal email (friends and family)
- Social media under your real name
- Shopping and subscription services
- Health and medical portals
- Personal phone number accounts
Vault 3: Dating and Intimate Life
- Dating app accounts (Grindr, Tinder, HER, etc.)
- Hookup and meetup platforms
- Private photo storage
- Intimate communication accounts
- Related email aliases used only for dating signups
Vault 4: Anonymous and Activist Identity
- Anonymous social media handles
- Forum accounts (Reddit, community boards)
- Activism and advocacy platforms
- VPN and privacy tool accounts
- Whistleblower or support group accounts
Making Each Vault Truly Independent
Separate vaults only protect you if the identities within them are genuinely separate. Here is what that means in practice:
Separate Email Addresses
Each vault category should use a different email address, and ideally a different email provider. Your professional vault uses your work email. Your dating vault uses an alias from a privacy-focused provider like ProtonMail. Your anonymous vault uses a different alias that has no connection to any of the others.
Email alias services like SimpleLogin or Apple's Hide My Email can generate unique addresses that forward to a single inbox without revealing the connection. This way, each account has a unique email, but you can manage them from one place.
Separate Usernames
Never reuse usernames across identity boundaries. Your professional LinkedIn name, your dating app display name, and your Reddit handle should share nothing in common — not the format, not the naming pattern, nothing. Username-checking tools like Namechk can quickly show you where a given username appears online. Run your current usernames through one to see your current exposure.
Separate Phone Numbers
If services require phone verification, do not use your primary number across all contexts. VoIP numbers from services like Google Voice (in the US) or MySudo provide additional numbers that are not tied to your carrier account. Use different numbers for different identity contexts.
Separate Profile Photos
Reverse image search makes this critical. A photo used on your professional LinkedIn and your dating profile creates an instant connection between those identities. Use distinct photos for each context, and be aware that some AI tools can match faces across different photos. For anonymous and activist accounts, do not use photos of yourself at all.
Setting Up Your Vaults
A password manager with vault or folder functionality makes this practical. Without one, managing four sets of unique credentials with separate emails and usernames would be overwhelming. Here is how to implement it:
- Audit your existing accounts. Go through your current password manager or browser saved passwords. List every account and categorize it into one of the four vaults.
- Identify cross-contamination. Look for accounts in different categories that share the same email, username, phone number, or profile photo. These are your immediate vulnerabilities.
- Create your vault structure. Set up four distinct vaults in your password manager. If your manager does not support multiple vaults, use clearly labeled folders or tags — though true vault separation provides stronger isolation.
- Migrate accounts. Starting with the highest-risk categories (dating and anonymous), update each account to use its category-specific email, a new unique password, and a category-appropriate username.
- Set up separate 2FA. If possible, use different authenticator apps or separate entries within your authenticator for each identity context. At minimum, store 2FA backup codes in the appropriate vault, not in a single shared location.
Ongoing Maintenance
Compartmentalization is not a one-time setup. It requires ongoing discipline:
- New accounts go in the right vault. When you sign up for something, decide which identity context it belongs to and use the appropriate email, username, and vault.
- Regular cross-contamination audits. Every few months, review your vaults for accounts that have drifted or new connections that have formed.
- Breach monitoring per identity. Monitor each email address separately for breach exposure. A breach in your dating email should not lead you to panic about your professional accounts — because they are not connected.
- Resist the urge to cross-link. It is tempting to use your "real" email to recover an anonymous account, or to reuse a password across vaults because it is convenient. Every shortcut creates a link that an attacker can follow.
What Compartmentalization Cannot Do
No system is perfect. Compartmentalization significantly raises the bar for doxxing, but it does not make it impossible. Be aware of these limitations:
- Behavioral patterns — Writing style, posting times, and interests can link identities even without shared credentials. If you have the same very niche hobby across multiple accounts, that is a connectable data point.
- Location data — If multiple accounts access the same IP address or share location data, they can be correlated. Use a VPN for your anonymous and sensitive contexts.
- Social connections — If the same people follow your professional and anonymous accounts, that creates a linkable pattern.
- Device fingerprinting — Websites can identify your device through browser fingerprints. Use different browsers or browser profiles for different identity contexts.
Compartmentalization is about reducing risk, not eliminating it. But the reduction is substantial. An attacker who finds your Reddit handle should reach a dead end when searching for connected accounts — not a trail leading to your full name, employer, and home address.