Doxing is the intentional public release onto the Internet of personal information about an individual by a third party, often with the intent to humiliate, threaten, intimidate, or punish the identified individual. In this paper I present a conceptual analysis of the practice of doxing and how it differs from other forms of privacy violation. I distinguish between three types of doxing: deanonymizing doxing, where personal information establishing the identity of a formerly anonymous individual is released; targeting doxing, that discloses personal information that reveals specific details of an individual’s circumstances that are usually private, obscure, or obfuscated; and delegitimizing doxing, which reveals intimate personal information that damages the credibility of that individual. I also describe how doxing differs from blackmail and defamation. I argue that doxing may be justified in cases where it reveals wrongdoing (such as deception), but only if the information released is necessary to reveal that such wrongdoing has occurred and if it is in the public interest to reveal such wrongdoing. Revealing additional information, such as that which allows an individual to be targeted for harassment and intimidation, is unjustified. I illustrate my discussion with the examples of the alleged identification of the creator of Bitcoin, Satoshi Nakamoto, by Newsweek magazine, the identification of the notorious Reddit user Violentacrez by the blog Gawker, and the harassment of game developer Zoe Quinn in the ‘GamerGate’ Internet campaign.