Which online platforms or activists have been tied to doxxing incidents involving ICE employees?
Executive summary
A mix of crowdsourced websites, social networks, scraping projects and both activist and criminal actors have been tied to doxxing incidents involving ICE employees — most prominently the ICE List website that published thousands of names and dossiers and earlier academic and activist scraping projects that used LinkedIn and GitHub as distribution points [1] [2] [3]. Separately, volunteer organizers and hackers have used facial‑search tools and messaging platforms to amplify and circulate personnel data, while major platforms have taken steps to block or limit links to those resources [4] [5] [6].
1. ICE List and the whistleblower narrative: a central repository
The site known as ICE List is repeatedly identified in reporting as the primary repository for recent large leaks of DHS, Border Patrol and ICE personnel data — a release various outlets describe as containing thousands of records and which the site’s founder says was fed by a DHS whistleblower [1] [2] [7]. Coverage ties ICE List to the January 2026 exposure of roughly 4,500 employees’ information and describes volunteers and site maintainers curating entries, with the site organized like a crowdsourced wiki that links heavily to LinkedIn profiles [1] [8].
2. LinkedIn and public‑profile scraping: activists, academics and code repositories
Academic and activist projects have previously scraped publicly available LinkedIn profiles of ICE employees and reposted them — most famously a 2018 scrape that posted data to GitHub after a Medium essay, an act widely discussed as doxxing though based on information users had published on LinkedIn themselves [3]. Contemporary reporting shows LinkedIn is frequently cited as a primary source on ICE List pages, with reviewers finding roughly 90 percent of entries referencing LinkedIn as a source in one review [8].
3. Volunteers, facial‑search tools and reverse‑engineering identities
Volunteer networks working on ICE List and related projects have reportedly used reverse image search and facial‑recognition tools like PimEyes to run masked imagery and match officials to public social accounts, magnifying the reach of scraped records and generating visual approximations of officers’ faces [4]. Migrant Insider’s reporting describes an organized pipeline where volunteers run images through PimEyes and then link those results to LinkedIn, Instagram and other public records to build dossiers [4].
4. Criminal hackers and messaging platforms: Telegram and hacker group ties
Security reporting connects separate postings of masked ICE agents’ personal details to criminal hacking collectives and Telegram channels; one cybersecurity outlet says a group dubbed “The Com,” affiliated with ransomware and extortion groups including BlackCat/ALPHV, has posted personnel data to Telegram, illustrating that both activist and criminal actors have circulated similar data sets [5]. Those reports complicate the picture by showing leaks are exploited beyond activist communities and may be amplified on encrypted or semi‑public messaging platforms [5].
5. Platforms’ responses and political pushback: blocking links and legislative framing
Major platforms have reacted: Meta reportedly began blocking links to ICE List on its services, an effort framed as limiting the spread of doxxing content [6]. At the same time, federal officials and some lawmakers have characterized doxxing as a threat to officers’ safety and sought legal remedies such as the Protecting Law Enforcement from Doxxing Act — a political and legal response that frames the releases as criminal or dangerous even as site operators and some activists argue whistleblowing and public accountability are motives [4] [2].
6. Activists and named individuals: a mixed cast, varying motives
Named actors tied to past doxxing incidents include academic and artist Sam Lavigne’s 2018 LinkedIn scrape, which became a touchstone in debates about “doxxing” ICE employees, and contemporary volunteer organizers and the ICE List founder, who has publicly claimed a whistleblower source [3] [2]. Reporting also shows a spectrum from recruitment‑oriented data aggregators and activist volunteers to outright criminal groups re‑posting or exploiting the same datasets, which means attribution often depends on whether the actor is an organizer, a curator, or a malicious third party republishing leaked data [8] [5].
Conclusion: overlapping ecosystems, contested intent
The evidence shows a porous ecosystem where LinkedIn‑based scraping, crowdsourced wikis like ICE List, reverse‑image search tools such as PimEyes, activist volunteers, and criminal hacking groups have all been linked to incidents exposing ICE personnel, while platforms and policymakers respond with blocking and proposed laws; reporting attributes specific roles differently across sources, and no single narrative fully explains every release or reposting event [8] [4] [5] [6] [1].