How to improve your Twitter security and privacy

Understanding Twitter's security and privacy settings

Twitter privacy and padlock. Padlock courtesy of ShutterstockWe don’t tend to lump Twitter in the same privacy bracket as, say, Facebook.

(Or Snapchat. Or Google. Or Instagram)

Why? Well, quite simply, Twitter has largely avoided the sort of self-inflicted wounds that have plagued Facebook and it has generally been quick to respond to privacy and security concerns.

While Facebook has chopped and changed its settings over the years, angering users with furtive and commercially minded privacy and security opt-outs, Twitter has stayed, so far, on the right side of the angry mob.

It was much quicker to offer HTTPS than Facebook in the wake of the Firesheep scandal and while Facebook has completely ignored Do Not Track (DNT), Twitter has supported it for years.

But as with any social network, Twitter is vulnerable to oversharing, data leakage and unintended consequences.

Like Facebook and Google, Twitter is also driven by ad revenue so it’s very interested in what its users are up to when they’re using Twitter and when they aren’t (you did realise that Twitter tracks the websites you visit didn’t you?).

Last week, Twitter came as close as it ever has to a privacy banana skin when it started injecting users’ ‘favourites‘ into other people’s news feeds (never mind the fact that everyone’s favourited tweets have always been public for anyone who cared to look).

We thought it was a good time to take a look at Twitter’s security and privacy settings, find out what they really mean, and tell you how to tighten them up.

First things first. You’ll find the privacy settings at under the gear icon, then Settings.

Twitter Settings

Then click Security and privacy over on the menu to the left of your screen.

Twitter Security and privacy

Twitter’s security settings

The first section is about Security and how you access your Twitter account.

Twitter Security

Login verification.

This is set by default to off. Make it harder for an unauthorised person to login to your account, by choosing to receive login verification requests via a text message on your phone or the Twitter mobile app.

Password reset.

Set by default to off, you only need to enter your Twitter username.

Check the Require personal information to reset my password so that two factorsare required and, most importantly, so you can avoid reset emails and get a code sent by SMS to your phone instead.

Reset password Twitter privacy and security settings

If you have checked the box you’ll be asked to enter your email address or phone number when you reset your password – enter your phone number.

Twitter’s privacy settings

The second section is about how private you choose to make your Twitter account.

Twitter Privacy

Photo tagging.

Like Facebook, others can tag you in a photo, which is just like a ‘mention’ on Twitter – you get ‘mentioned’ in the uploaded photo.

This is set by default to on, meaning anyone can tag you in a photo. Use the radio buttons to restrict tagging to people you follow back, or disable photo tagging altogether.

Photo tagging in Twitter privacy and security settings

Tweet privacy.

By default, Protect my Tweets is off, and anyone on Twitter, all your followers, and anyone searching Google can see your tweets. If you check the box to protect your Tweets, it locks down your visibility. A lot.

It’s not really in the spirit of the whole Twitter thing, but if you do find yourself in a position where you want to communicate through Twitter with just a select group of people, hide all your previous tweets – and future ones – from the rest of the world, and manually accept follow requests – this is the place to do it.

However, it’s all or nothing. So checking the box will also prevent people retweeting anything you say and you can’t share links to your Tweets.

If you choose to keep your tweets public, remember to be very careful about what you write. Anyone can see it, and that means you should never say anything you want to keep private.

Tweet location.

Tweet location in privacy and security settingsThis is set as ‘off’ by default and you have to opt-in to use it. You can also specify before you tweet whether you want the location information on or off.

Why would you enable it? Well, sometimes its nice to show people where you are, especially if you’re at a poncy art gallery or at a show that anyone who is anyone wants to be at.

But if you’re at home, for example, you wouldn’t really want the world knowing where your house is. And if you’re not at home, well, you’re somewhere else and you wouldn’t want them knowing that either.

Keep locations off, there are too many unintended consequences, and delete all past location information to be on the safe side.


Twitter Discoverabiity

Let others find me by my email address is on by default and enables people who may not know your Twitter handle, but do know your email address, to find you.

Apply the ‘principle of least privilege’ here. If you can think of a really good reason why you want to be discoverable by your email address (we can’t) then switch it on, otherwise turn it off.


Personalization is about tailoring suggestions of which accounts to follow, based on information that Twitter gathers about you around the internet.

Using the cookies sent to Twitter when you see a Tweet button Twitter can record which sites you’ve visited and use this information to provide a “Twitter experience that’s relevant to you”:

We determine the people you might enjoy following based on your recent visits to websites in the Twitter ecosystem (sites that have integrated Twitter buttons or widgets). Specifically, our feature works by suggesting people who are frequently followed by other Twitter users that visit the same websites.

If you’re based in Europe, this option is greyed out as the feature is not available yet, but if you are part of the Personalization experiment, this setting is on by default.

You can turn it off by unchecking the box next to Tailor Twitter based on my recent website visits.

Promoted content.

Ah ha! Here we go – Twitter’s foray into the data collection arena already ruled by the likes of Google and Facebook.

Twitter has ads. These are in the form of paid-for sponsored tweets, Twitter Cards, and promoted accounts. If you want Twitter to “bring you more useful and interesting advertising content”, you won’t uncheck this box.Twitter's promoted content featureTwitter has partnered with third party ‘behavioural advertising’ companies (behavioural ads are the ones that follow you around from website to website). If you visit a website that’s in of those advertisers’ networks then their ads can now follow you on to Twitter too.

The setting Tailor ads based on information shared by ad partners is on by default. Switch it off by unchecking the box.

You can also disable personalization and promoted content by switching on Do Not Track in your browser. As we mentioned, Twitter has been honouring Do Not Track for a long time, and it says in a support article, “When you have DNT enabled in your browser, Twitter would not receive browser-related information from our ads partners for tailoring ads.”

You can also throw a spanner in Twitter’s personalisation and promoted content works using anti-tracking browser plugins like Ghostery or Lightbeam.

Hopefully this article helps you to understand what the Twitter privacy and security settings mean, and know what’s on and what’s off by default.

Don’t rely on social networks to have your privacy tuned to your benefit – check them regularly.

If you’re also a Facebook user you should take a look at our 5 Tips to Make Facebook Safer.

Image of padlock courtesy of Shutterstock.