A Defensive Computing Checklist    by Michael Horowitz

HOME | About | Domain Names | VPNs | Rules of the Road | DC Presentation | ChangeLog | Stats |

TWITTER

Yes, I know the official company name is X, but it will always be Twitter to me.

FYI: There was so much BS on Twitter about the war in Israel, that the EU complained to Twitter. X CEO responds to EU officials over handling of Israel-Hamas disinformation October 12, 2023

• LEAVING TWITTER FOR MASTODON
  
  To join Mastodon, you need to create an account on a Mastodon server. There are hundreds of different servers and picking one is an annoyance for a new user. Start with this list of Mastodon servers. The lingo is also annoying, as a server is called an "instance". fedi.tips is an informal, unofficial guide for non-technical people who want to use Mastodon.
• CONFIGURING TWITTER
  
  
  1. November 3, 2024: You're overexposed online. This service fixes 223 privacy settings for you. Geoffrey A. Fowler for the Washington Post. The article is about an extension/service from a startup called Block Party. It is available on the Windows, macOS and Linux versions of Chrome, Firefox, and Edge. It works on the websites of Facebook, Instagram, Google, YouTube, X, LinkedIn, Reddit, Strava and Venmo. For these 9 companies, it reviews your privacy settings, recommends changes and can make the changes for you. There is a 7 day trial, after which the service is $20/year. I would add to the article that you might want to disable the extension when you are not using it. Quoting: "I thought I had my Facebook, Google, Instagram, X, Venmo and LinkedIn on privacy lockdown. Then I got terrified by a new service called Block Party. It scans nine critical apps for 223 privacy, security and other settings. Again and again, Block Party found problems with how I'd set up my accounts that left me exposed ... Tech companies want to collect as much of your data as possible, and, often, to share it widely. So they present privacy and other settings with so many confusing knobs and buttons that it feels like flying a 747. There are 44 different privacy settings on Facebook alone. Worse, apps move around settings - and keep adding new ones that find more ways to exploit your personal data."
  2. March 5, 2024: Twitter recently introduced a new feature that lets your followers call you. And, it is on by default. But, it also reveals your IP address to anyone who calls. Configuring this feature can only be done in the mobile app, not at the Twitter website. To turn this off:
     Profile picture-> Settings & Support -> Settings and privacy -> Privacy and Safety -> Direct Messages -> Turn off "Enable audio and video calling"
     Other config changes can limit calls to only verified users or people in your address book. Or, you can open up calling to everyone regardless of whether they follow you or not. For more see Change this X/Twitter setting now to avoid junk calls and protect your IP address by Alyse Stanley for Toms Guide. March 3, 2024
  3. January 25, 2024: iPhone apps abuse iOS push notifications to collect user data by Bill Toulas for Bleeping Computer. Security firm Mysk found some apps that use a trick to run in the background. The apps further abuse things by spying on us while running in the background. The apps they called out were TikTok, Facebook, X (Twitter), LinkedIn, and Bing. The defense is to disable notifications for these apps. To do so: Settings -> Notifications -> select an app -> disable "Allow Notifications".
  4. October 14, 2023: Just after the October 2023 war in Israel and Gaza, Twitter has been criticized for lax content policies that allow for the proliferation of misidentified video footage, fabricated information and violent content. The lone PR person in their employ has said that seeing sensitive content is in the public's interest to better understand what is happening. You can configure Twitter to better protect children at the website (not in the mobile app) with:
     Click on More in the left side vertical column -> Settings and Support -> Settings and privacy -> Privacy and safety -> Content you see
     Uncheck the box that says "Display media that may contain sensitive content."
     Bad stuff will be obscured until the child decides to view it. So, a bit of a scam this is.
  5. October 2023: Speaking of scam, while making the above change, lie to the company about your interests. But, set aside an hour as the list of interests is quite long.
  6. And, before leaving the website, in the Settings and Support section do:
     Settings and privacy -> Accessibility, display and languages -> Data usage -> Autoplay
     Select "Never" to stop videos from playing automatically
  7. Don't give Twitter your phone number. If you did, either change it or turn off the setting for "phone number discoverability". This from How Twitter's Default Settings Can Leak Your Phone Number by Gennie Gebhart of the EFF (Feb 2020). Also, this was how the SEC in the US lost control of their Twitter account as per this January 2024 article by Graham Cluley: SEC Twitter hack blamed on SIM swap attack. The SEC disabled 2FA on their account when Twitter forced users to pay for the Text Message type of 2FA. Then, they were too stupid or lazy or mis-managed to use another type of 2FA. This left them vulnerable to a SIM swap on the phone number.
  8. Don't give Twitter your birthdate (or give a false one). Twitter is planning to remove all 2FA account protection from non-paying accounts in March 2024. Giving them as little personal information as possible is protection from future data thieves that might hack an account without 2FA protection.
  9. To improve the security and privacy, logon to the twitter.com site, then do: More -> Settings and Privacy -> Privacy and Safety and
     Turn off Location information
     Turn off Photo tagging
     Turn off Personalization and data
     Review options to "Receive messages from anyone" and "Discoverability and contacts"
  10. Make it harder to reset the Twitter password. At twitter.com -> Settings -> Security and account access -> Security. Turn on the "Password reset protect" checkbox. This requires providing either the phone number or email address associated with your account in order to reset your password. Along with this, it would be best to have a dedicated email address that is only used with Twitter. See the topic here on a number of ways to create multiple email addresses.
  11. Stop Twitter from sharing your location here twitter.com/settings/location. According to this Feb 2020 Reddit posting this may not be sufficient. You may need to use a VPN to really hide your location.
  12. You can configure an account to accept Direct Messages (DMs) from just people following you or from anyone in the world.
  13. Twitter privacy settings to change now by Heather Kelly for the Washington Post. Last updated October 2022.
• USING TWITTER
  
  
  • Don't share: your birthday, your current location or that you will be away from home for a while.
  • As of Elon Musk ownership, a verified account means nothing.
  • If you care about privacy, you are probably better off using Twitter in a web browser, rather than the Twitter app.
  • 7 steps to staying safe and secure on Twitter by Amer Owaida of Eset (March 2021). Covers hiding your location, protecting tweets from new followers, disabling photo tagging, limiting discoverability and more.
  • How to Filter Out Twitter Trolls by Using Block Party by Yael Grauer for Consumer Reports (March 2021). The Block Party app can filter tweets according to a number of criteria and have the bad ones saved in a separate folder. It is a free service for those willing to apply and wait for an account. Or, for $8, you can get an account immediately.
  • TweetDelete is a service that can mass delete Twitter posts based on their age or specific text they contain.
  • Twitter URLs Can Be Manipulated to Spread Fake News and Scams by Ionut Ilascu (June 2019). Not sure what the defense here is, other than just being aware of this.
  • How to control your data on Twitter June 2016 by Tactical Tech
• FROM TWITTER
  1. About account security
  2. How to reset a lost or forgotten password
  3. How to protect and unprotect your Tweets
  4. Assorted articles on Privacy
  5. Report sensitive media Note that with so few employees left after Musk fired everyone, it is unlikely that this will do anything.
  6. Their Safety and Security page has a section on dealing with abuse, including how to report it.
  7. How to use two-factor authentication. As of March 2023, Twitter does not support 2FA via text messages for non-Premium users. What scares me about using a TOTP authenticator app with Twitter, is that this document has no fallback procedure for when you lose access to the device with the TOTP app. A good system provides one-time-use backup codes. Perhaps Elon fired the guy who did the backup codes.
• DOWNLOAD YOUR TWITTER DATA
  Twitter will send you a ZIP file with an archive of your account information, history, apps and devices, activity, interests, and Ads data.
  
  
  1. From twitter.com (while logged in): Click More in the main navigation menu -> Settings and privacy -> Your Account -> Download an archive of your data -> enter your password -> get a verification code and enter it -> click the blue Request Archive button
  2. Wait. They say it can take 24 hours or longer. If you use the app, you will be notified in the app when the data is ready. If you use the website, they email you when its ready.
  3. I was emailed a link, then had to enter my Twitter password and enter a temporary code they emailed. Then, I had to click a blue Download Archive button, then a second blue Download Archive button. This downloaded a file with a name like
     twitter-yyyy-mm-dd-randomnoise.zip, that was 47MB and contained two folders and an HTML file.
  4. More: How to access your Twitter data from Twitter (undated as of Feb. 2022)

Copyright 2019 - 2025