Worried about privacy on X? Here’s what to do after the new FTC warning
In early July 2026, a coalition of consumer advocacy groups filed a formal complaint with the Federal Trade Commission, warning that X (formerly Twitter) poses a “serious risk to Americans’ privacy.” The groups argue that changes made under Elon Musk’s ownership have weakened user protections and increased the likelihood of data misuse. If you use X, you may want to take a few practical steps now to reduce your exposure.
What happened
Consumer advocates, including the Electronic Privacy Information Center (EPIC) and others, submitted a detailed complaint to the FTC on July 2, 2026. The complaint, reported by Ars Technica, alleges that X has rolled back privacy safeguards that were in place before Musk’s acquisition. Specifically, it points to:
- Reduced encryption for direct messages (DMs).
- Expanded data collection from user activity, including how posts are viewed and shared.
- Changes to the platform’s terms of service that give X broader rights to use your content and metadata.
- Lack of clear oversight over how third‑party apps and advertisers access user data.
The advocates argue that these changes collectively violate prior FTC consent orders and put users at greater risk of identity theft, surveillance, and unwanted targeting.
Why it matters
For everyday users, the practical impact can be subtle. You might not notice a change in how the app works, but your data may be shared more freely than you expect. For example, if DMs are no longer fully encrypted, they could be read by X employees or intercepted in transit. If your activity data is sold more aggressively, you may see more invasive ads or even have your browsing habits exposed to data brokers.
The FTC complaint doesn’t guarantee immediate action, but it signals that regulators are being asked to look closely at X’s practices. In the meantime, you can take steps to limit what X knows about you.
What readers can do
Here is a practical checklist based on the known risks. Not every step will appeal to everyone, but each reduces the amount of personal data X can collect or share.
Turn off data sharing with third parties
Go to Settings and privacy > Privacy and safety > Data sharing with business partners. Disable “Allow additional data sharing with business partners.” This prevents X from sending your activity data to advertisers and analytics firms.Review your direct message settings
Currently, DMs on X are not end‑to‑end encrypted by default. To enable encryption (where available), open a DM conversation, tap the info icon, and look for the encryption option. Turn it on. Note that not all messages support this yet, and metadata (who you talk to and when) may still be visible to X.Limit ad personalization
In Privacy and safety > Ads preferences, disable “Personalized ads.” This stops X from using your interests, location, and browsing history to serve targeted ads. You’ll still see ads, but they won’t be based on your data.Remove unused connected apps
Go to Settings and privacy > Security and account access > Connected apps. Revoke access for any app you don’t use. Each connected app can potentially access your profile, tweets, and followers.Make your account private
If you don’t need public visibility, switch to a protected account. In Privacy and safety > Audience and tagging, enable “Protect your posts.” Your tweets will only be visible to approved followers, and your data will be harder to scrape.Turn off read receipts
Under Privacy and safety > Direct Messages, disable “Show read receipts.” This prevents senders from knowing when you’ve read their message, but it also limits some metadata sharing.Use a disposable email and avoid phone number
If you create a new X account, consider using a temporary email address and don’t provide your real phone number. X can use your phone number for ad targeting and account recovery, which ties your identity to your account.Don’t post location data
Avoid tweeting your exact location or enabling the “Add location to your posts” setting in the compose window. Even if you don’t tag a place, your IP address can roughly reveal your location.
Longer‑term considerations
If you find X’s privacy stance unacceptable, you can explore alternative platforms like Mastodon, Bluesky, or Threads. None are perfect, but each has different data practices. You might also consider using a privacy‑focused browser extension (e.g., Privacy Badger) or a VPN when accessing X on the web. However, the most effective measure is to limit how much you rely on X for sensitive communication.
Sources
- Ars Technica: “Musk’s X poses ‘serious risk to Americans’ privacy,’ advocates warn FTC” (July 2, 2026).
Link to article
(Note: The above link is a news aggregator copy; the full Ars Technica story may be behind a paywall.)
Stay informed, but don’t panic. By adjusting a handful of settings and being mindful of what you share, you can reduce the privacy risk on X without deleting your account.