In 2006 Jack Dorsey and board members of the podcasting company Odeo developed an initial idea for a product that would eventually become known worldwide as Twitter. Unlike Facebook, Twitter makes it incredibly easy to maintain your privacy and security, provided you follow a few very basic rules. (Facebook makes it easy, but not THIS easy)
Internet Safety 101
Before one can hope to maintain privacy on Twitter, one must first understand the basics of Internet Safety and Privacy. Without this foundational knowledge, it's impossible to evaluate the level of privacy one can have on any website. I would strongly recommend reviewing the Privacy Rights Clearinghouse's Fact Sheet on Online Privacy for a primer. Moving forward in this article, I will assume you have a basic knowledge of the Internet, how it works (things like IP addresses and cookies).
We'll start with one of the most annoying aspects of Twitter - advertising. Most experts will agree if the service is free, YOU are the product. In the case of Twitter, its revenue comes from advertising. Unfortunately, many online ads today also track you online. They can track you across websites and build a profile based on the sites you visit, ads you respond to, and products you buy. Additionally, social media widgets like Twitter's "tweet" and "follow" buttons, can easily track your browsing habits across multiple sites. One simple way to prevent this is to install Privacy Badger in your browser. This will allow you to prevent these methods of tracking you.
Sharing is Not Always Caring
Contrary to popular belief, the single biggest threat to your privacy on Twitter is you, yourself. In the early years of Twitter, before privacy became a big issue, most of us thought it was great to share a little about ourselves with the world. We often thought nothing of it so we put our birthday, city and state, and other personal information on our profile. In a perfect world with flawless software and governments that respect privacy, this information would be perfectly safe and secure on your profile. You've set your privacy settings to restrict access to those you follow or allow to follow you, whom you've personally verified as being behind their profiles. Nothing to worry about, right?
Unfortunately, even the most popular software written by the world's top experts can be riddled with bugs and flaws that allow unauthorized access to certain information. As any experienced privacy expert will tell you, a single piece of personal information may not seem worthwhile, but coupled with one or two other details about you, and your entire life can be exposed overnight.
Location, Location, Location
Twitter, being the social platform that it is, allows you to not only share what you're doing, what you're thinking, what you're eating, and what you're watching; but also allows you to share where you're at when you post. I constantly see people tweeting from their phone, as if to let the entire world know where they are. While there's nothing inherently dangerous about this if you tweet at, say, a concert or a nice restaurant, tweeting at work and home or at friends' houses can be a potential threat.
Software exists that can aggregate all the locations from your past posts and build a map showing where you check-in most frequently. The software is easy to use and only requires being able to view your tweets. An adversary could easily generate this map and determine your place of employment and your home. Coupled with any other information you leave available on your profile, your privacy could disintegrate in a matter of minutes.
Twitter now has locations disabled by default for new accounts. The option is still available for anyone to enable and add locations to their tweets.
Turn Off Location Services
The easiest and most effective way to prevent Twitter from using your location on your mobile device is to simply turn off Location Services for the app. Keep in mind if you use a third-party app, you will need to do check with the developer to determine how to do this for that app.
At the center of Twitter lies the profile - your personal account with the information you choose to share with your friends and the world. The following sections outline the various information you can include on your profile.
Twitter, unlike Facebook, does not have a policy regarding the name you use for your account. Additionally, unlike Facebook, Twitter is perfectly cool with someone having multiple accounts, even under different names, so long as those accounts follow the rest of the rules. Anonymous sympathizers and ISIS recruiters employ this tactic on a constant basis - using fake names to interact with the world.
If you intend on tweeting unpopular opinions on very touchy subjects, intend to troll people, or simply want to maintain total anonymity on Twitter, the smartest move you can make is simply to sign up with a fake name or alias.
While the average user has little to worry about with regard to Twitter having their email on file, if you intend to partake it any type of activism or anti-government protesting, or just wish to protect your personal email address from being leaked in a potential data breach, you can (and should) use a free email address specifically for your Twitter account. You can sign up for a free email account with Hotmail, Google, Yahoo, and countless other websites. If you want to take it a step farther, you can also use a service like Mailinator.com and use a totally random email address for signing up.
Just remember, if you use that last method, you need to remember the email address so you can check it again for password recovery if you forget your password. Additionally, you must exercise care to pick a long and random email address that a potential adversary could not easily guess. This method totally dissociates your identity from your Twitter account.
Location on Profile
Unlike the location information you can optionally add to tweets, the location field on your profile is a custom text area where you can enter anything you wish. My personal profile has "/dev/null" for the location (computing jargon for "nowhere"), which obviously isn't a "real" place. Feel free to enter any random location in this spot, but keep in mind that adding a legitimate location far from your real location is an excellent form of disinformation.
Control What You Share
Twitter's profile visibility settings allow you to control who sees certain pieces of your profile. I personally recommend protecting your tweets. When you protect your tweets, people cannot simply follow you, they must request permission to follow you. You can then approve or deny their request. This allows you more control over who can see your tweets.
Not so very long ago, Twitter added the option for users to add their birthday to their profile. Some folks feel more than willing to share their special day with their Twitter friends and followers. However, the privacy-obsessed individual can quickly see how easily this information could be used against them.
When all else fails, you can always block people on Twitter. Generally, people block someone who is harassing or otherwise annoying them. However, there is absolutely nothing wrong with blocking someone who has never contacted you. I have several people blocked on Twitter simply because I do not want them to find my profile.
All of the advice in the world can't protect your account if you don't take its security seriously. If you don't use login verification, anyone can get into your account with your password alone. Using login verification means that you will need to enter your password as well as a special code Twitter sends to your phone as a text message. The only way to access your account now is to know your password and have access to your phone.
One of the biggest things I've seen people fail to do with their Twitter account is to frequently review the apps you use on Twitter such as games, quizzes, and other websites you've used Twitter to sign-in with. Some games and apps have been maliciously crafted to steal your information or spam your friends on your behalf.
A privacy expert's greatest weapon - disinformation is the act of deliberately sharing or spreading false or misleading information. Since Twitter is often a go-to starting point for finding information on someone, it stands to reason that the more inaccurate information you share on Twitter, the more misguided anyone would be when trying to violate your privacy. Examples of disinformation on Twitter would be setting your current city to the nearby metropolis when you live in a suburb or even in the general vicinity. I live about an hour or so from Nashville, so I would list Nashville as my city instead of the actual town I live in.
Despite the many privacy controls and security options Twitter offers, nothing can protect your data from extraction by a hacker who exploits a security flaw in Twitter's platform. Some flaws merely allow people to view your profile when they otherwise wouldn't be allowed. More serious flaws, however, can allow an attacker to access to your private messages. Even without security flaws, Twitter frequently receives government requests for user data. Additionally, the Snowden leaks reveal that the NSA can tap your Twitter chats and even impersonate Twitter. If your potential adversary is an oppressive government, sharing your real information on Twitter will be the equivalent of handing yourself over on a silver platter. Disinformation can be critical in such a case.
- Use a burner phone number and change it on your account every time you get a new one.
- Use a throw-away email address and change it frequently.
- List a fake current city and change it often.
- Use the Tor Browser or Tails to access your account. This will mitigate the ability to track you down by your IP address.
- Never access your account from an insecure or public location like a library. Your session can easily be tracked to your identity (using your library card or ID to use the computer as well as surveillance footage of you at a given machine) and other metadata about your visit (books you checked out, surveillance video of the vehicle you drove, etc.) can be used to destroy your privacy.
One of the most dangerous mistakes someone makes on social media in general, especially Facebook and Twitter, is posting about how wonderful their vacation in the Bahamas is and how relaxing it is to be away from home. This is a bright beacon of hope for any potential burglar. If they can see your tweets, they'll know that you're away and likely know when you'll be back. It's becoming more and more common for burglars to use social media to find their next target, all because you couldn't resist to post that picture of you and the kids with Mickey Mouse in the Magic Kingdom.
Twitter, like anything else, can be a wonderful tool to stay in touch with friends, family and like-minded folks. I don't believe in avoiding Twitter like some experts suggest unless you are at high risk for harassment or abuse, in which case you may wish to use the precautions I've outlined in this article. So go ahead, enjoy your digital self. Just use common sense:
- Be responsible.
- Think before you post.
- Verify who's really behind that profile. (If you can't, avoid them)
- Lock down your privacy settings.
- Secure your account with login verification.
- Clean up and remove access to old apps, games, and quizzes you no longer use.
- Never send sensitive information in a Twitter message, even if you trust the recipient.
- Never trust Twitter to protect your most sensitive information. It can always be compromised.