Doxing-as-a-Service: Demystifying the Chinese Online Doxing Ecosystem

Doxing refers to the disclosure of personal information without consent, has evolved from sporadic acts of online vigilantism into a structured and commodified practice. In Chinese cyberspace, this shift has produced Doxing-as-a-Service (DaaS), a commercial model in which personal data is retrieved, organized, and traded as on-demand products. This industrialization of privacy violation lowers the barriers to doxing and amplifies its social harms, posing new challenges for building a responsible and safe web. Yet little is known about how DaaS operates or sustains itself, motivating our systematic, data-driven examination of its ecosystem and practices. This paper provides the first systematic study of the Chinese DaaS ecosystem. Analyzing 25,972 messages and 13.22 million subscriber links from 100 major channels on Telegram, we demystify its organization, operations, and user engagement. We find that the DaaS ecosystem operates through a three-tier supply chain linking data providers, service operators, and end users. Operators sustain illicit businesses through six major service categories, persistent advertising, and crypto-based payments, while users interact via specialized group spaces that enable real-time matching, large-scale identity exposure, and community-driven fraud mitigation. Our findings reveal a mature, resilient underground data market operating within mainstream messaging platforms, highlighting new challenges for online privacy and exposing critical vulnerabilities in platform governance and content moderation. This study provides empirical evidence for developing effective regulatory frameworks and accountability mechanisms to mitigate commodified online harms on encrypted messaging services.