X Privacy Warning: How to Protect Your Account After FTC Complaint
A coalition of privacy advocates has filed a complaint with the Federal Trade Commission (FTC) warning that changes made to X (formerly Twitter) under Elon Musk’s leadership pose a “serious risk to Americans’ privacy.” While the company has not yet responded publicly, the specific concerns are concrete enough that everyday users can take steps now to limit their exposure.
Here is what the complaint says, why it matters for your account, and—most importantly—what you can do about it.
What happened
On July 2, 2026, a group of privacy and consumer advocacy organizations submitted a formal complaint to the FTC. They argue that X has made several alterations to its platform that weaken user privacy protections. According to the complaint, these include:
- Changes to direct message encryption – X previously offered end-to-end encryption for DMs, but the advocates claim recent updates have undermined that promise, potentially allowing the company (or third parties) to access message contents.
- Increased data sharing with third parties – The complaint alleges that X now shares user data more broadly with advertisers, analytics firms, and other partners without clear user consent.
- Reduced transparency around data collection – The platform’s privacy policy has reportedly become less specific about what data it collects and how long it retains it.
The FTC has not commented publicly on the complaint at the time of writing. X has not issued a formal response.
Why it matters
If the advocates’ claims are accurate, the risks are not theoretical. Your direct messages could be read by more than just their intended recipient. Your browsing behavior on X, your location data, and even your contacts could be passed to companies you have never heard of, often without your explicit permission.
For everyday users, the most immediate concern is that the privacy settings you may have relied on in the past—such as disabling ad personalization or limiting visibility of your posts—may no longer work as expected. The default settings after recent updates may also have become more permissive.
What readers can do
Even without an official response from X or the FTC, you can take practical steps to reduce the amount of personal data the platform collects and shares.
1. Review and tighten your privacy settings
Open X’s settings (on web or mobile: Settings and Privacy > Privacy and Safety). Go through each section:
- Audience and tagging – Ensure your tweets are set to “Protected” if you want only approved followers to see them. This is the simplest way to limit who can read your posts.
- Direct Messages – Under “Direct Messages,” turn off “Allow message requests from everyone” and “Allow DMs from anyone.” This reduces spam and unsolicited contact, but also limits the surface area for data leakage.
- Data sharing with business partners – In “Privacy and Safety > Personalization and data,” toggle off “Allow additional data sharing with business partners.” This setting, if enabled, sends more data to third parties for ad targeting and analytics.
- Location – Go to “Location” and disable “Add location information to your posts.” Also clear any saved locations.
- Off-Twitter activity – Under “Personalization and data,” toggle off “Allow X to use your off-app activity to personalize content.” This stops X from tracking your browsing on other sites that use its widgets.
2. Limit what data X has already collected
Even after changing settings, X likely has a trove of historical data. You can download and review it:
- Go to Settings and Privacy > Your Account > Download an archive of your data. Requesting a download gives you a copy of everything X has stored about you. Once you see it, you can decide to delete your account if the volume of data bothers you.
3. Consider using a third-party client or web-only access
Third-party clients such as TweetDeck or other apps (if they still work with X’s API after the recent restrictions) may offer more granular control over what data they share with X. Alternatively, using X only through a web browser with privacy extensions (like uBlock Origin) can block some tracking scripts. Note that these workarounds are not guaranteed and may break if X changes its API further.
4. Delete your account as a last resort
If the risks are unacceptable, you can delete your account permanently. Before doing so, download your archive (as above). Then go to Settings and Privacy > Your Account > Deactivate your account. Deactivation suspends it for 30 days; after that, deletion is final. Alternatives to X include Mastodon, Bluesky, or Threads—each with different privacy trade-offs, so research which fits your needs.
Sources
The FTC complaint was filed by a coalition of privacy groups including the Electronic Privacy Information Center (EPIC), the Center for Digital Democracy, and others. The full complaint is not yet publicly posted as of writing, but the organizations’ press release and the Ars Technica report (linked below) contain the key claims.
- Ars Technica: “Musk’s X poses ‘serious risk to Americans’ privacy,’ advocates warn FTC” (July 2, 2026)
- EPIC press release (July 2, 2026) – [link not yet available at time of writing]
Note: X has not publicly contradicted the claims. Until more information is available, treating the platform with a higher level of caution is reasonable.