I think people are getting stuck on the concept of the word doxing here. In anonymous online hacking circles, the idea that you're exposing anyone's OPSEC at all is considered basically doxing. People do it regularly, but it's seen as a clear indication of being an enemy.

Some take a "full disclosure" style and expose all OPSEC failures instantly and transparently, because otherwise people seem to collect OPSEC failures and make it seem to be extortion itself, like saying "hey remember that time you signed off with your real name?" or "I know your clearnet address"