We don’t tend to lump Twitter in the same privacy bracket as, say, Facebook.
Why? Well, quite simply, Twitter has largely avoided the sort of self-inflicted wounds that have plagued Facebook and it has generally been quick to respond to privacy and security concerns.
While Facebook has chopped and changed its settings over the years, angering users with furtive and commercially minded privacy and security opt-outs, Twitter has stayed, so far, on the right side of the angry mob.
But as with any social network, Twitter is vulnerable to oversharing, data leakage and unintended consequences.
Like Facebook and Google, Twitter is also driven by ad revenue so it’s very interested in what its users are up to when they’re using Twitter and when they aren’t (you did realise that Twitter tracks the websites you visit didn’t you?).
Last week, Twitter came as close as it ever has to a privacy banana skin when it started injecting users’ ‘favourites‘ into other people’s news feeds (never mind the fact that everyone’s favourited tweets have always been public for anyone who cared to look).
We thought it was a good time to take a look at Twitter’s security and privacy settings, find out what they really mean, and tell you how to tighten them up.
First things first. You’ll find the privacy settings at twitter.com under the gear icon, then Settings.
Then click Security and privacy over on the menu to the left of your screen.
Twitter’s security settings
The first section is about Security and how you access your Twitter account.
This is set by default to off. Make it harder for an unauthorised person to login to your account, by choosing to receive login verification requests via a text message on your phone or the Twitter mobile app.
Set by default to off, you only need to enter your Twitter username.
Check the Require personal information to reset my password so that two factorsare required and, most importantly, so you can avoid reset emails and get a code sent by SMS to your phone instead.
If you have checked the box you’ll be asked to enter your email address or phone number when you reset your password – enter your phone number.
Twitter’s privacy settings
The second section is about how private you choose to make your Twitter account.
Like Facebook, others can tag you in a photo, which is just like a ‘mention’ on Twitter – you get ‘mentioned’ in the uploaded photo.
This is set by default to on, meaning anyone can tag you in a photo. Use the radio buttons to restrict tagging to people you follow back, or disable photo tagging altogether.
By default, Protect my Tweets is off, and anyone on Twitter, all your followers, and anyone searching Google can see your tweets. If you check the box to protect your Tweets, it locks down your visibility. A lot.
It’s not really in the spirit of the whole Twitter thing, but if you do find yourself in a position where you want to communicate through Twitter with just a select group of people, hide all your previous tweets – and future ones – from the rest of the world, and manually accept follow requests – this is the place to do it.
However, it’s all or nothing. So checking the box will also prevent people retweeting anything you say and you can’t share links to your Tweets.
If you choose to keep your tweets public, remember to be very careful about what you write. Anyone can see it, and that means you should never say anything you want to keep private.
This is set as ‘off’ by default and you have to opt-in to use it. You can also specify before you tweet whether you want the location information on or off.
Why would you enable it? Well, sometimes its nice to show people where you are, especially if you’re at a poncy art gallery or at a show that anyone who is anyone wants to be at.
But if you’re at home, for example, you wouldn’t really want the world knowing where your house is. And if you’re not at home, well, you’re somewhere else and you wouldn’t want them knowing that either.
Keep locations off, there are too many unintended consequences, and delete all past location information to be on the safe side.
Let others find me by my email address is on by default and enables people who may not know your Twitter handle, but do know your email address, to find you.
Apply the ‘principle of least privilege’ here. If you can think of a really good reason why you want to be discoverable by your email address (we can’t) then switch it on, otherwise turn it off.
Personalization is about tailoring suggestions of which accounts to follow, based on information that Twitter gathers about you around the internet.
Using the cookies sent to Twitter when you see a Tweet button Twitter can record which sites you’ve visited and use this information to provide a “Twitter experience that’s relevant to you”:
We determine the people you might enjoy following based on your recent visits to websites in the Twitter ecosystem (sites that have integrated Twitter buttons or widgets). Specifically, our feature works by suggesting people who are frequently followed by other Twitter users that visit the same websites.
If you’re based in Europe, this option is greyed out as the feature is not available yet, but if you are part of the Personalization experiment, this setting is on by default.
You can turn it off by unchecking the box next to Tailor Twitter based on my recent website visits.
Ah ha! Here we go – Twitter’s foray into the data collection arena already ruled by the likes of Google and Facebook.
Twitter has ads. These are in the form of paid-for sponsored tweets, Twitter Cards, and promoted accounts. If you want Twitter to “bring you more useful and interesting advertising content”, you won’t uncheck this box.Twitter has partnered with third party ‘behavioural advertising’ companies (behavioural ads are the ones that follow you around from website to website). If you visit a website that’s in of those advertisers’ networks then their ads can now follow you on to Twitter too.
The setting Tailor ads based on information shared by ad partners is on by default. Switch it off by unchecking the box.
You can also disable personalization and promoted content by switching on Do Not Track in your browser. As we mentioned, Twitter has been honouring Do Not Track for a long time, and it says in a support article, “When you have DNT enabled in your browser, Twitter would not receive browser-related information from our ads partners for tailoring ads.”
Hopefully this article helps you to understand what the Twitter privacy and security settings mean, and know what’s on and what’s off by default.
Don’t rely on social networks to have your privacy tuned to your benefit – check them regularly.
If you’re also a Facebook user you should take a look at our 5 Tips to Make Facebook Safer.