X (formerly Twitter) Privacy & Security Guide 2026

X is fast-moving and highly public. Geo-tagged posts, reply patterns, and follower lists are all OSINT goldmines.

Key steps to lock down X (formerly Twitter) in 2026

These are the exact settings to flip today. Each one removes a documented exposure vector that adversaries actively scrape and chain into doxxing, account-takeover, or stalking campaigns.

1. Profile → Settings and privacy → Privacy and safety.
2. Turn on Protect your posts.
3. Set Who can message you to People you follow.
4. Enable sensitive media marking and hide sensitive content.
5. Turn off Photo tagging entirely.
6. Disable Discoverability by email and by phone number.
7. Audit and delete old tweets that reference location, employer, or family.
8. Enable two-factor authentication via an authenticator app.

Quick checklist

• Profile visibility: Private or friends-only
• Search engine indexing: Off
• Location sharing: Off
• Two-factor authentication: Enabled (authenticator app, not SMS)
• Data partner sharing / personalized ads: Off
• Linked apps + sessions: Audited and revoked where unfamiliar

Why these settings still aren't enough

Even with every X (formerly Twitter) setting locked down, your data still leaks through three channels these settings can't reach: historical exposures already in breach corpora, third-party scrapers that mirrored your old public data, and people-search aggregators that re-list your details every time you remove them. That's where continuous external monitoring becomes essential.

How Warden extends your X (formerly Twitter) privacy

Warden by GalaxyWarden monitors X usernames and linked data across breach corpora, including the 2022 Twitter API leak (5.4M records).

Run a free Warden scan to see exactly what is exposed about you across every platform — not just X (formerly Twitter).