Twitter Privacy Settings Guide: Protect Your Account in 2026

How secure is your X (formerly Twitter) account? If you haven't reviewed your Twitter privacy settings recently, the answer might surprise you. X updated its Terms of Service and Privacy Policy in January 2026, changing how user data is collected and shared. Default settings are designed for maximum engagement — not maximum privacy.

This guide walks you through every important privacy and security setting on X, explaining what each one does and what you should change. Whether you want to go fully private or just tighten up your current setup, we've got you covered.

Make Your Account Private (Protected Posts)

The most impactful privacy setting is post protection. A protected account means only approved followers can see your tweets.

How to Protect Your Posts on Desktop

Click More on the left menu
Go to Settings and Privacy
Select Privacy and Safety
Click Audience, media and tagging
Check Protect your posts

How to Protect Your Posts on Mobile

Tap Settings and Support in the side menu
Select Settings and Privacy
Go to Privacy and Safety
Tap Audience and tagging
Toggle on Protect your posts

What Changes When Your Posts Are Protected

Only approved followers can see your tweets
You must manually approve every new follower request
Your tweets won't appear in Google or other search engines
Retweets of your content are disabled
Replies to non-followers won't be visible to them
Your tweets won't appear in hashtag feeds or trending topics

Trade-offs to Consider

Post protection is great for privacy but kills discoverability. If you're trying to grow your following, a protected account makes that nearly impossible since new people can't see your content before deciding to follow.

Best for: personal accounts prioritizing privacy over growth, accounts going through a break, or accounts handling sensitive topics.

Enable Two-Factor Authentication (2FA)

Two-factor authentication is the single most important security setting. Without it, anyone who guesses or steals your password has full access to your account.

How to Enable 2FA

Go to Settings and Privacy > Security and account access > Security
Select Two-factor authentication
Choose your method:
- Authentication app (recommended) — use Google Authenticator, Authy, or 1Password
- Security key — physical USB/NFC key (most secure option)
- Text message — SMS-based (least secure due to SIM swap risks)

Which Method to Choose

Authentication app is the best balance of security and convenience. SMS-based 2FA is vulnerable to SIM swapping attacks — where attackers convince your carrier to transfer your number to their SIM card. Security keys are the most secure but less convenient for mobile use.

Control Discoverability

By default, X lets anyone find your account through your email address or phone number. This is a privacy leak many users don't know about.

Disable Email and Phone Discoverability

Go to Settings and Privacy > Privacy and Safety
Select Discoverability and contacts
Uncheck Let people who have your email address find you
Uncheck Let people who have your phone number find you

This prevents people from uploading their contact lists and automatically finding your X account.

Manage Data Sharing

X collects significant amounts of data by default. Here's what you can control:

Personalization and Data Settings

Go to Settings and Privacy > Privacy and Safety > Data sharing and personalization:

Personalize based on your inferred identity — X tracks you across devices. Turn off to reduce cross-device tracking
Personalize based on places you've been — uses your location history. Turn off for location privacy
Allow additional information sharing with business partners — controls data sharing with third-party advertisers. Turn off to limit data selling
Allow use of where you see X content — tracks which websites with embedded tweets you visit. Turn off

Ad Preferences

Go to Settings and Privacy > Privacy and Safety > Ads preferences:

Personalized ads — turn off to see generic ads instead of targeted ones
Interests — review and remove topics X thinks you're interested in
Your advertiser list — see which advertisers have targeted you

Disabling personalized ads doesn't reduce the number of ads — it just makes them less relevant (and gives X less incentive to track your behavior).

Review Connected Apps

Over time, you've likely granted various third-party apps access to your X account. Many of these may be outdated, defunct, or have excessive permissions.

How to Review and Revoke App Access

Go to Settings and Privacy > Security and account access > Apps and sessions > Connected apps
Review each app listed
Click Revoke access for any app you don't recognize or no longer use

This is critical for security. Old OAuth tokens from defunct apps can be exploited. Our Twitter account cleanup guide covers this step in detail.

Why This Matters for Privacy

Most follower tracking and analytics tools require OAuth access, which gives them permission to read your followers, following list, and sometimes your DMs. This is a significant privacy risk.

Unfollr is specifically designed as a privacy-first alternative. It works entirely in your browser — no OAuth connection, no data sent to external servers, no account access granted. Your follower data never leaves your device. See our comparison of unfollower trackers for a privacy breakdown of popular tools.

Direct Message Privacy

Disable Message Requests from Everyone

By default, anyone can send you a DM request. To restrict this:

Go to Settings and Privacy > Privacy and Safety > Direct messages
Turn off Allow message requests from everyone

With this disabled, only people you follow can send you DMs.

Encrypted DMs

X has been rolling out end-to-end encrypted messaging through its Chat feature. When available, encrypted DMs create a private key pair on your device and use a PIN that never leaves it. This prevents even X from reading your messages.

Location Privacy

X can tag your tweets with your precise location. This is a major privacy concern.

Disable Location Tagging

Go to Settings and Privacy > Privacy and Safety
Select Location information
Turn off Add location information to your posts
Optionally: Delete all location information attached to past tweets

Why It Matters

Location data in tweets reveals your home, workplace, travel patterns, and daily routine. Even if you don't tag locations manually, X can infer your location from your IP address and network data.

Sensitive Content Settings

Control what content you see and how your content is classified:

Viewing Sensitive Content

Go to Settings and Privacy > Privacy and Safety > Content you see:

Display media that may contain sensitive content — toggle to control whether sensitive images/videos auto-display

Marking Your Content as Sensitive

If you post content that could be considered sensitive (adult content, graphic imagery), mark your account accordingly:

Go to Settings and Privacy > Privacy and Safety
Select Your posts
Check Mark media you post as having material that may be sensitive

Failing to mark sensitive content can lead to account restrictions or shadowbans.

The Privacy-First Approach to Follower Tracking

One of the biggest privacy decisions X users make is choosing follower tracking tools. Most popular tools require OAuth access, which means:

The tool can read your entire follower and following list
It may access your tweets, likes, and DMs
Your data is stored on external servers
You're trusting a third party with your account security

Unfollr takes a fundamentally different approach:

No OAuth — you never grant account access to anyone
No data leaves your browser — all processing happens locally
No registration required — no email, no password, no account to create
No external servers — your follower data stays on your device

This makes it the only follower tracking tool that's fully compatible with a privacy-first approach. Learn more about who doesn't follow you back without compromising your account security.

The Complete Privacy Checklist

Here's your quick reference for a privacy audit:

FAQ

Does making my account private hide my profile completely?

No. Your profile name, bio, and header are still visible. Only your tweets, media, likes, and follower/following lists become restricted to approved followers only.

Can I protect my posts temporarily?

Yes. You can toggle post protection on and off at any time. Tweets posted while protected remain protected even after you switch back to public — but new tweets will be public.

Will changing privacy settings affect my follower count?

Not directly. However, enabling post protection may slow new follower growth since people can't see your content before deciding to follow. Existing followers are unaffected.

Do privacy settings protect me from bots?

Partially. Post protection means bots can't see your tweets (unless you approve their follow request). But bot accounts may still follow-request you. For active bot removal, see our fake follower removal guide.

What's the safest way to track unfollowers privately?

Use Unfollr — it works entirely in your browser with no OAuth, no data sent externally, and no account connection required. It's the only privacy-first option for tracking who unfollowed you.

Final Thoughts

X's default settings prioritize engagement and data collection over your privacy. Taking 10-15 minutes to review and adjust your Twitter privacy settings significantly reduces your exposure — from data tracking to discoverability to third-party app risks.

Start with the highest-impact changes: enable 2FA, revoke unused app access, and disable discoverability. Then work through the rest at your own pace. And when you need follower tracking, choose Unfollr — the only tool that respects your privacy as much as you do.