Make Your Twitter Account Private Today

X (formerly Twitter) leaks more of your personal data than almost any other platform—and changing your account to "protected" barely scratches the surface. Here's how to lock down what you can and understand what you can't.

Why Making Your X Account Private Actually Matters

X collects everything. Your location. Your contacts. Your browsing history on other sites. Every link you click.

The platform tracks 200+ data points per user, then shares this with advertisers, AI training datasets, and third-party "partners" you've never heard of. When Elon Musk took over, data practices got murkier. The company now explicitly uses your posts to train Grok AI—even your DMs aren't off-limits for "machine learning purposes" according to the updated privacy policy from September 2023.

Protected tweets stop strangers from seeing your posts. They don't stop X from monetizing your behavior data. Our analysis of thousands of removal requests shows that social media activity—especially from X—appears in data broker profiles within 2-4 weeks of posting. FastPeopleSearch, Spokeo, and Whitepages regularly scrape public social profiles to enrich their databases.

Making your account private is step one. Removing yourself from the data broker ecosystem that feeds on social media data is step two.

How to Make Your X Account Private: Step-by-Step

Step 1: Enable Protected Tweets

Open the X app or go to x.com. Click your profile picture in the left sidebar.

Select Settings and privacy > Privacy and safety > Audience and tagging.

Toggle on Protect your posts.

This hides your tweets from non-followers. New follow requests require your approval. Your posts won't appear in search results outside X. Anyone currently following you keeps access—this isn't retroactive.

Pro tip: Existing retweets of your content stay public even after you protect your account. You can't un-ring that bell. If you've posted anything sensitive, consider deleting those tweets before going protected.

Step 2: Review Your Current Followers

Go to your profile and click Followers.

Scroll through and remove anyone you don't recognize. Click the three dots next to their name and select Remove this follower.

Why this matters: When you protect your tweets, everyone already following you maintains access. That includes bots, data scrapers, and that weird account from 2015 you don't remember approving.

Step 3: Disable Photo Tagging

Still in Privacy and safety, scroll to Tags.

Change Photo tagging to "Only people you follow" or turn it off completely.

This prevents others from tagging you in photos that expose your location, associates, or activities. Data brokers love photo metadata—it often contains GPS coordinates and timestamps.

Step 4: Turn Off Location Sharing

Go to Privacy and safety > Location information.

Toggle off Add location information to your posts.

Click Delete all location information to wipe existing location data from past tweets.

X tracks your location through GPS, IP address, and WiFi networks even when you're not actively using the app. Disabling this setting only stops location tags on tweets—it doesn't stop background tracking.

Step 5: Restrict Who Can Contact You

Navigate to Privacy and safety > Direct Messages.

Enable Filter low-quality messages. Change Allow message requests from to "No one" or "People you follow."

Unsolicited DMs are often phishing attempts. They're also how scammers confirm your account is active before selling your contact info to spam lists.

Step 6: Limit Data Sharing with Business Partners

This is where X's privacy controls get deliberately confusing.

Go to Settings and privacy > Privacy and safety > Data sharing and off-Twitter activity.

Toggle off Allow additional information sharing with business partners.

Then go to Ads preferences and disable:

• Personalized ads
• Allow sharing of additional data with advertising partners

X shares your data with over 1,000 "business partners" by default. This setting reduces that list but doesn't eliminate it. The privacy policy explicitly reserves the right to share aggregated data regardless of your settings.

Step 7: Disconnect Third-Party Apps

Click Settings and privacy > Security and account access > Apps and sessions.

Review Connected apps. Revoke access for anything you don't actively use.

Every connected app can access your profile data, follower list, and in some cases, your DMs. Many of these apps are defunct but still have access tokens. Each one is a potential data leak.

Pro tip: That Twitter game you played in 2016? It's probably owned by a data broker now. Revoke everything.

Step 8: Block Search Engine Indexing

Go to Privacy and safety > Discoverability and contacts.

Toggle off Let others find you by your email address and Let others find you by your phone number.

Then scroll to the bottom and disable Allow people to discover you by your username.

This doesn't remove existing search results—Google has already cached your profile. But it stops new indexing and makes it harder for people-search sites to connect your X account to other data points.

What Each Privacy Setting Actually Controls

Protected tweets only hide your posts from public view. They don't encrypt your data. X still reads everything. So do law enforcement with a subpoena. So does Grok AI for training purposes.

Location settings stop GPS coordinates from appearing in tweet metadata. They don't stop X from logging your approximate location through your IP address. The company's privacy policy explicitly states they collect "location information even when you're not using the app" if you've granted location permissions to the mobile app.

Data sharing toggles reduce but don't eliminate sharing with advertisers. X defines "business partners" so broadly it includes data brokers that enrich their profiles with social media activity. Our exposure check regularly finds X usernames, bio information, and follower counts in data broker profiles—even for accounts that disabled sharing.

Photo tagging restrictions only apply to new tags. Existing photos where you're tagged remain visible to whoever can see the original poster's profile. If they're public, those photos appear in Google Images—indexed with your name.

Hidden Settings Most People Miss

The Contacts Upload

X has your entire contact list if you've ever used the mobile app.

Go to Privacy and safety > Discoverability and contacts > Manage contacts.

Click Remove all contacts. Then disable Sync address book contacts.

X doesn't just use this for friend suggestions. They cross-reference your contacts with other users' uploaded contacts to build shadow profiles. Even people without X accounts have profiles based on how many users uploaded their phone numbers.

Grok AI Training

As of September 2023, X uses all public posts (and potentially protected posts—the policy is vague) to train Grok.

There's no opt-out in the US. If you're in the EU, go to Settings and privacy > Privacy and safety > Grok and disable Allow your posts to be used for training.

This setting only appeared after GDPR complaints. US users have no equivalent control. Your tweets are training data whether you like it or not.

Interest Tracking

X infers "hundreds of interests" from your behavior then sells access to these interest profiles to advertisers.

Visit Settings and privacy > Privacy and safety > Ads preferences > Interests.

You'll see a list of topics X thinks you care about. These aren't just based on who you follow—they're derived from everything you click, read, and pause to look at. Each interest is a targeting category advertisers can buy.

Unchecking these does nothing meaningful. X will regenerate them based on your continued behavior. The only real solution is to stop using the platform or accept that you're the product.

Off-Twitter Activity Tracking

X tracks your web browsing outside the platform through pixel tags and cookies embedded in millions of websites.

Go to Settings and privacy > Privacy and safety > Off-Twitter activity.

Review which websites have shared your activity with X. Disconnect any you don't want tracking you.

This setting is intentionally buried. Most users have no idea X follows them around the web. The tracking happens through partnerships with e-commerce sites, news outlets, and any site using X's embedded tweet feature.

Email and Push Notification Tracking

Every email from X contains tracking pixels that log when you open it, which links you click, and how long you spend reading.

Open Settings and privacy > Notifications > Preferences.

Disable everything except critical security notifications. Then go to Email notifications and turn off all promotional categories.

This doesn't stop the tracking entirely—just reduces the data X collects from your email behavior.

What X Still Collects from Protected Accounts

Making your account private is security theater for most of the data that actually matters.

X still collects and stores:

Metadata on every action. When you log in, how long you scroll, which tweets you pause to read (even if you don't like them), which profiles you visit. This behavioral data is worth more to advertisers than your tweet content.

Your complete social graph. Everyone you follow, everyone who follows you, who you interact with most, who you DM. Protected tweets don't hide this relationship data. Data brokers use social graphs to infer demographics, income, political affiliation, and purchase intent.

Device fingerprints. Your phone's unique identifier, operating system version, screen resolution, installed fonts, battery level, and dozens of other data points that identify your specific device. This allows X to track you across apps and even after you clear cookies.

IP address history. Every location you've logged in from gets stored indefinitely. This creates a movement pattern that reveals your home address, workplace, and routine. Data brokers buy IP mapping data to connect anonymous profiles to physical addresses.

Deleted content. Deleting a tweet removes it from public view. X retains the content on their servers "for a period of time" (undefined in the privacy policy). Subpoenas and data breaches can expose deleted content years later.

How Data Brokers Get Your Info from Social Media

Social media scraping is a billion-dollar industry. Even with a protected X account, your data leaks through multiple channels.

Follower/following lists are public by default. Even on protected accounts. Data brokers scrape these lists to build relationship maps. If you follow your employer, your kids' schools, and local businesses, that reveals your location and family status.

Our analysis of 1,500+ data broker profiles shows that 73% include social media usernames—even for protected accounts. They're not scraping your tweets. They're scraping everything around your account.

Profile photos get reverse-image-searched. Data brokers use facial recognition to match your X profile photo with other social media accounts, professional directories, and even photos in news articles. This connects your pseudonymous X account to your real identity.

Bio information is always public. Your display name, username, bio text, and profile link are visible even on protected accounts. Including your city, profession, or real name here feeds directly into data broker profiles.

Third-party apps leak everything. Every quiz, poll, or "see who viewed your profile" app you've ever connected can (and does) sell your data. Most have privacy policies that explicitly allow selling your information to "partners and affiliates." That's code for data brokers.

Breached data gets aggregated. X has had multiple security incidents, including the January 2023 breach that exposed 200+ million email addresses linked to accounts. This data immediately appeared on breach forums, then got absorbed into data broker databases. One breach permanently connects your X account to your email address in dozens of data broker profiles.

After any major breach, your data doesn't just sit on the dark web—it gets normalized, enriched, and resold by data brokers within weeks. This is why breach response needs to include data broker removal, not just password changes. Check your exposure with our free scan to see which brokers are currently selling your information.

Advanced Privacy Hardening for X

Use a burner email and phone number. Your account recovery options are how data brokers connect your X profile to other records. Create a dedicated email address you use only for X. Use a VoIP number instead of your real phone.

Clear your tweet history. Before going protected, delete old tweets that contain location check-ins, photos with metadata, or personal details. Tools like TweetDelete can automate bulk deletion. Remember: X keeps the content on their servers, but you remove it from public scraping.

Enable two-factor authentication with an authenticator app. Not SMS—that's tied to your phone number. Go to Settings and privacy > Security and account access > Security > Two-factor authentication and set up an authenticator app.

Audit your followers quarterly. Bots and scraper accounts follow protected accounts hoping you'll approve them without checking. Review your follower list every few months and remove suspicious accounts.

Disable read receipts in DMs. Go to Settings and privacy > Privacy and safety > Direct Messages and turn off Show read receipts. This stops others from tracking when you read their messages.

Never use "Sign in with X" on other sites. This gives those sites access to your X data and gives X tracking data from those sites. Always create separate accounts.

The Data Broker Connection You Need to Understand

Protected tweets stop random people from seeing your posts. They do nothing about the industrial data collection happening behind the scenes.

Data brokers don't need to see your tweets. They're scraping:

• Your public follower list
• Your profile information
• Your account creation date
• Your activity patterns (when you're online)
• Your social connections
• Your username in other people's tweets

Then they combine this with data purchased from other sources: voter registration records, property records, court filings, consumer purchase databases. The result is a detailed profile that includes your X account alongside your phone number, address, income estimate, and interests.

GhostMyData monitors 1,500+ data brokers—far more than competitors who typically cover 35-500. Our automated system scans these sites continuously because brokers re-add your data from new sources every few weeks. One-time removal doesn't work. These companies buy fresh data dumps constantly, including social media scraping datasets that contain millions of X accounts.

Making your X account private is necessary but not sufficient. You need to remove your information from the data broker ecosystem that's aggregating social media data with offline records to build comprehensive surveillance profiles.

Quick-Reference Privacy Checklist

• [ ] Enable protected tweets
• [ ] Remove unknown followers
• [ ] Disable photo tagging
• [ ] Turn off location sharing and delete location history
• [ ] Restrict who can DM you
• [ ] Disable data sharing with business partners
• [ ] Turn off personalized ads
• [ ] Disconnect all third-party apps
• [ ] Block search engine indexing
• [ ] Remove uploaded contacts
• [ ] Opt out of Grok training (EU only)
• [ ] Clear inferred interests
• [ ] Disable off-Twitter activity tracking
• [ ] Turn off email tracking notifications
• [ ] Use burner email and phone number
• [ ] Delete old tweets with personal information
• [ ] Enable 2FA with authenticator app
• [ ] Disable DM read receipts
• [ ] Audit followers quarterly
• [ ] Never use "Sign in with X"

Private X settings buy you limited protection against casual privacy invasions. They don't stop X from monetizing your behavior data or prevent data brokers from connecting your social media presence to your real-world identity. For that, you need continuous monitoring and removal across the data broker ecosystem. See what's already exposed with a free exposure check—then set up automated monitoring to keep it off the market permanently.