How We Designed the Risk Scoring System

One of the hardest parts of building DoxxScore has been the risk scoring system.

The question sounds simple:

How exposed is this person to doxxing?

But translating that into a number (a score someone can actually act on) is complex.

Early on, we had to make some key decisions:

First, not all exposed data is equally dangerous. Your name being public is very different from your home address being public. So we built a weighted system that factors in the sensitivity of each data type.

Second, context matters. Having your work email indexed on a company website is different from having your personal email listed on a data broker site. Same data point, very different risk.

Third, we wanted the score to be actionable, not just alarming. A number without context is useless. So every score comes with a breakdown: what's contributing to it and what you can do to bring it down.

We landed on a 0–100 scale with four risk tiers:

Low, Moderate, High, and Critical.

I won't get into the full methodology (for obvious reasons), but the core principle is this:

the score reflects how easy it would be for a motivated bad actor to find and target you using publicly available information.

That's the bar.

Here are some screenshots of live, total scores.

Up next: Part 4 - The Hardest Part of Building a Privacy Tool