Much ado about Twitter: thinking about the future of your data and social media security

November 18, 2022

Ever since the world’s richest person announced his intention to acquire Twitter, we’ve worried about the future of the platform. At first, our main concerns were centered on how content moderation at Twitter would change — after all, our business is combatting online harassment, and most of our clients are the targets of online hate and abuse. From the beginning, the situation didn’t look promising. Twitter’s now owner pledged to reinstate accounts banned for harmful conduct, and soon after Twitter was acquired, racist hate speech surged on the platform.

In the past two weeks, Twitter laid off 50% of its staff and an estimated 80% of its contractor workforce. Many top executives at Twitter have resigned. Employees who spoke critically of Twitter’s new owner were fired. And yesterday, even more employees, faced with an ultimatum, chose to depart.

It’s now a real possibility that in the near future, Twitter won’t exist. And even if Twitter survives, understaffing, the removal of security controls, and management upheavals could make it easier for bad actors within Twitter to access sensitive information on your account. Furthermore, by slashing its security team, Twitter is now less able to address emerging security threats, making your information on Twitter more vulnerable to hackers.

Here’s what you can do to protect your information and your accounts.

Download your Twitter archive and social graph

We’re not sure when Twitter’s infrastructure will fail, but it’s looking increasingly likely that someday soon you won’t able to contact your friends on Twitter or look at your past tweets. While the outage may only be temporary, you can prepare for the worst case — an unexpected, permanent outage — by backing up your Twitter archive and your social graph.

To request your Twitter archive, follow these steps:

For privacy reasons, your Twitter archive doesn't contain the names or profiles of the people you interact with. Instead, it references user or tweet IDs without the associated name information. If Twitter goes down for good, you may want to know who those IDs correspond to. You can back up your social graph by downloading lists of the people you follow, your followers, and your mutuals using the Listoffollowers.com service. If you use Mastodon, you can use Fedifinder or Debirdify to export your Twitter network to Mastodon. Finally, for those who are more technical, you can use this script to match Twitter profile information to the DMs in your Twitter archive.

Delete your sensitive conversations

Because of Twitter’s rapid staffing changes, it no longer makes sense to trust Twitter’s security or internal access control measures for accessing sensitive account information. Bad actors — whether they’re employees or hackers — may gain access to Twitter’s internal tools and use them to look at your account’s direct messages (DMs). Deleting your side of the conversation can help protect you from this type of targeted attacks, as long as others in the conversation aren’t also targeted.

Depending on how sensitive your DMs are, you may choose to delete them manually before you receive your archive rather than waiting. If you have many conversations you’d like to delete, it might be easiest to use a tool like Semiphemeral to automatically delete conversations. You can use it to delete the last 30 days of conversations by default, or you can upload an index file from your archive to delete older conversations as well.

When you’re deleting your DMs on Twitter, it’s important to understand how Twitter handles DM deletion. Deleting your DMs will delete them from your account’s view. The other people in the conversation will continue to have access to it unless they also delete it. In order to be truly deleted, a DM conversation must be deleted by everyone in the conversation. Then, Twitter’s servers must also delete it, which may take a couple of weeks.

Decide what you’d like to do with your account

It’s possible Twitter will continue to exist as a social media platform. However, we’re still deeply troubled by the losses in staff, contractors, and leadership in Twitter’s Security, Privacy, and Trust and Safety teams. As much as Twitter was a center for online harassment in the past, these teams worked hard to push back against harmful uses of the platform. In the days and months to come, you may find that the benefits of Twitter no longer outweigh the harms.

If you find that Twitter’s no longer a social home for you, you have a few options aside from leaving your account intact.

Option 1: Delete your Twitter account

Because of the risk that a bad actor could scoop up your Twitter handle and use it to impersonate you, we don’t recommend deleting your Twitter account. This is especially true if you’re a public figure or prominent Twitter user, but even regular folks can protect our loved ones from becoming the target of impersonation scams and unauthorized account access by keeping our Twitter handles out of the hands of bad actors.

If you decide deleting your Twitter account is best for you, here’s how to delete your account.

In 30 days, your account will be permanently deleted.

Option 2: Temporarily deactivate your Twitter account

Instead of deleting your Twitter account, you may choose to temporarily deactivate it. Harassment often ebbs after a time, especially if the harassers don’t get engagement and lose interest in their target. You may decide it’s best to temporarily deactivate your account to remove an avenue for harassment.

Deactivating your account will lead to it being deleted in 30 days if you don’t log in to it, and as we mentioned above, we don’t recommend deleting your Twitter account. To learn more, read Twitter’s help article about deactivating vs deleting your account.

Here’s how to temporarily deactivate your account.

If you don’t reactivate your account within 30 days of deactivating it, your account will be permanently deleted.

Option 3: Take your Twitter account private and secure it

The last option for your Twitter account is to limit its visibility and lock down its security so that it’s less likely to be hacked. By continuing your ownership of your Twitter handle, you’ll prevent scammers from using it to trick your loved ones with an impersonation scam. And once you’ve locked down your account, you can use your account as much or as little as is best for you.

Limit your account’s visibility. You can set your tweets to only be visible to people who follow you. Go to the Audience and tagging page in your account’s Privacy and safety settings, then check the box for the setting Protect your Tweets. With this setting active, you’ll need to approve any new followers before they’re able to see your tweets. You can choose to remove accounts that already follow you in the “Followers” section of your profile.

Use Semiphemeral to delete your Twitter history. Protecting your tweets won't prevent employees within Twitter from accessing them using Twitter’s internal tools. If you’re concerned about your tweet history, you can use Semiphemeral to delete your tweets, undo retweets, and undo likes. As we mentioned above, Semiphemeral can also be used to delete your DM history.

Restrict who can send you DMs. For future conversations, you can choose to restrict you can send you DMs. In your Direct Messages settings, uncheck the Allow messages from everyone setting. With this setting unchecked, only people you follow will be able to message you. You can choose to unfollow accounts in the “Following” section of your profile.

Secure your account. Make sure your Twitter account’s password is strong and unique, ideally randomly generated and stored in a password manager. If it’s not, update your password in your account settings.

If you don’t already use two-factor authentication (2FA) on your Twitter account, you should consider setting it up using a hardware security key or an authentication app. If you already have 2FA set up, check your 2FA settings to make sure text message based 2FA is disabled on your account. You can also remove your phone number from your account information. As long as you keep your backup code saved in a safe place, you’ll be able to get into your account without using a phone number.

Conclusion

For all its many faults, Twitter has been a powerful social media platform for over 15 years. We’ve build relationships through it. Some of our funniest jokes and spiciest hot takes are in our Twitter archives. At the end of this era, if Twitter has amplified more than its fair share of nastiness, it has also been redeemed by more than its fair share of humor, thoughtfulness, and friendships.

Those of us who’ve been online since the 90s or early 2000s remember other social networks going away. Others, like Livejournal and Myspace, still exist but have changed dramatically since the height of their popularity. New social networks, like cohost.org and Mastodon, will make room for folks looking for an alternative to Twitter.

Whatever you decide to do with your Twitter data and account, and wherever you end up going after Twitter, we hope you’ll continue to stay safe out there.

gently falling poppy flowers

Protect your team from online harassment, fraud and social engineering.

Get in touch today
gently falling poppy flowers
Find out how