X privacy warning: How to lock down your account after advocates sound the alarm
A coalition of privacy and consumer advocacy groups has formally warned the U.S. Federal Trade Commission that changes at X (formerly Twitter) under Elon Musk’s ownership pose “a serious risk to Americans’ privacy.” The warning, detailed in a letter reported by Ars Technica on July 2, 2026, cites specific policy shifts and data practices that could expose users to increased tracking, unwanted data sharing, and use of their content for artificial intelligence training without meaningful consent.
If you use X—even infrequently—this is a moment to review how much of your data the platform can access and what you can do about it.
What happened
The advocacy groups—including the Electronic Privacy Information Center (EPIC), the Center for Digital Democracy, and others—submitted a complaint to the FTC arguing that X has engaged in unfair and deceptive practices. According to the letter, key changes under Musk include:
- Expanded data sharing with third-party partners (including AI companies) without clear user opt-in mechanisms.
- Use of public posts and interactions to train AI models, with only a buried opt-out setting.
- Increased collection of device-level data, biometric information, and precise location.
- Altered privacy policies that give the company broader leeway to combine X data with data from other sources.
The groups claim these changes violate X’s prior commitments to the FTC under a 2022 consent order that required the company to maintain a comprehensive privacy program and not mislead users about data practices.
Why it matters for everyday users
The concern is not hypothetical. If you have an X account, your activity—likes, replies, direct messages (though those are less exposed), profile details, and even how long you hover over a post—can now flow to partners you have never heard of. The AI training angle also means your public words could become part of a commercial model without your knowledge, and it is difficult to remove that data later.
Moreover, the FTC’s ability to act is limited when privacy policies change, unless those changes contradict prior promises. The advocates argue that X has done exactly that. But enforcement takes time. In the meantime, your data is being used in ways you may not have authorized.
What you can do right now
You cannot undo all the data already collected, but you can reduce future exposure. Below are steps that work on the X web interface and mobile apps as of mid-2026. Settings menus change periodically, so check the exact labels if they shift.
1. Turn off AI training on your posts
- On the web: Go to Settings and Privacy → Privacy and Safety → Data sharing and personalization. Look for a toggle labeled something like “Allow your posts to be used for training X’s AI.” Switch it off.
- On mobile (iOS/Android): Settings and Support → Settings and Privacy → Privacy and Safety → Data sharing and personalization → AI training. Disable it.
- Note: Some users report this setting may re-enable after app updates. Check it monthly.
2. Limit data sharing with third parties
- In the same Data sharing and personalization section, look for “Allow additional data sharing with business partners.” Turn it off.
- Also disable “Personalization based on your inferred identity” where available.
3. Restrict ad tracking
- In Privacy and Safety → Ads preferences, turn off “Personalized ads.” This reduces the amount of data X passes to ad partners.
- On mobile, also go to your phone’s settings and limit ad tracking (on iOS: Settings → Privacy & Security → Apple Advertising → Turn off Personalized Ads; on Android: Settings → Google → Ads → Opt out of Ads Personalization). This won’t stop X from collecting data, but it limits how that data is used by ad networks.
4. Reduce location sharing
- In Privacy and Safety → Location, make sure “Precise location” is off (X says it uses coarse location based on IP). Even better, don’t tag posts with locations.
- Check that your device’s location permissions are set to “Never” or “While Using” for the X app.
5. Review connected apps
- In Settings and Privacy → Security and account access → Apps and sessions, revoke access for any third-party apps you don’t actively use. Each connected app can pull your profile data and interactions.
6. Lock down your account visibility
- In Privacy and Safety → Audience and tagging, enable “Protect your posts.” This makes your tweets visible only to followers you approve. It reduces the pool of data available for AI training (though X may still use DMs and other datapoints).
- Also disable “Allow people to tag you in photos.”
7. Delete old posts
- Use a third-party tool (carefully—review its privacy policy) or manually delete older tweets. X has an option to download your archive, but no bulk delete built-in. Tools like TweetDeleter or Redact (for Twitter) can help, but they require API access and may not be risk-free.
8. Consider a secondary account
- If you need to keep an X presence for work or news, create a “burner” account with limited personal information (no real name, no phone number, no profile photo that could be reverse-searched). Use it only for reading and occasional replies. Keep your real data off the platform.
Should you delete your account entirely?
If the risks outweigh the benefits for you, deletion is the only sure way to stop data collection. Note that X may retain some data for a period after deletion (check the current policy). To delete:
- Go to Settings and Privacy → Deactivate your account. Deactivation is reversible for 30 days; after that, the account is permanently removed. Make sure to download your archive first if you want a copy.
Alternatives like Mastodon, Bluesky, or Threads exist, but each has its own data practices. There is no perfect private social network, but deleting X at least cuts off this particular pipeline.
Filing a complaint with the FTC
If you believe X has misused your data, you can file a complaint at ReportFraud.ftc.gov (the FTC’s consumer complaint portal). While individual complaints may not trigger an investigation, they contribute to the public record and can support broader enforcement. Include details such as dates when settings changed or when you noticed unexpected data use.
The advocacy groups’ letter is one step. User complaints are another piece of the puzzle.
Sources
- Ars Technica (July 2, 2026): “Musk’s X poses ‘serious risk to Americans’ privacy,’ advocates warn FTC”
- EPIC and other groups’ complaint letter to the FTC (referenced in the Ars Technica report)
- X’s current privacy policy and settings (as accessed July 2026)
This guide reflects publicly available information as of the date of publication. Settings and policies may change. Always verify instructions against the live interface.