With a significant boost in technology, Internet services have been widely used. Users’ digital footprints are spread worldwide on the Internet. These online footprints are at the risk of being collected and processed by a third party, and being used in products improvement by tech companies as well. The aggregation effect shows that modern data analytics can deduce extensive information about a data subject. Worse still, it could even trigger a doxing attack. “Doxing” means the action of retrieving, and publishing a person’s personal information that can be used to identify or locate an individual based on the information on the internet. Doxing has become ubiquitous in the cyberspace today and many results of doxing attract social debates. However, doxing invokes the dilemma that it is a form of expression protected by the constitution, while it also brings new threats to the right to privacy. How to balance the protection of the right to privacy and the interests of freedom of expression is a question worth discussing. This article delves into the legal challenges of doxing firstly by pointing the weakness of the current regulations to deal with this rising issue, providing a review over the rights and obligations of relevant actors—the data subject, the doxer, the resource provider, and the service provider. This article also analyzes related foreign jurisprudence and proposes three possible regulatory solutions—affirming the right to be forgotten, advocating “privacy by design,” and reinforcing the obligation of service providers. All the solutions aim to enhance the right of information self-determination.