How X (Twitter) Might be Secretly Leaking Your Data

By: Chris Gorrie | Published: Jan 25, 2024

X, formerly Twitter, finds itself in a sorry state as of late. Some commentators have gone so far as to claim the platform has been so radically altered under Elon Musk’s leadership that it is now “a shadow of its former self.”

Spam runs rampant, verification badges have lost their meaning, and privacy and security have taken a nosedive. In the post-Elon Musk era, X grapples with notable privacy issues, shedding privacy and security-focused employees and, consequently, witnessing the erosion of crucial features. 

What Happened to Twitter Circles?

X’s decline is not mere conjecture; it’s evident in the case of Circles. This legacy privacy feature, designed to restrict specific tweets to a trusted group, inadvertently failed, exposing private community’s conversations to the public.

The Twitter logo–a light blue bird flapping its wings–against a dark blue background.

Alexander Shatov/Unsplash

While the premise of Circles is clear enough—private chat groups meant for a select, trusted few—recent developments suggest a breach in this circle of trust. TechCrunch sheds light on a concerning trend: private Twitter Circle tweets entering the For You feeds of users who don’t belong to the intended Circle.


Failure of Twitter Circles More Than a Glitch

This flaw is more than a glitch; it challenges the fundamental purpose of the legacy privacy feature. Numerous users have reported their private musings surfacing in the feeds of followers outside the designated Circle. 

A smartphone with a cracked screen lying on a white background. The screen says, “error 404.”

Kostiantyn Li/Unsplash

Even more alarming is when these tweets appear in the feeds of individuals who don’t follow the original poster at all. The issue’s scope remains uncertain, leaving users to question the reliability of a feature designed to safeguard sensitive or private thoughts, ultimately calling into question X’s handle on privacy at large.

An X User’s Experiment

Consider the case of Ian Coldwater, a Twitter user curious to test the validity of these reports. Creating a Twitter Circle with one user, Coldwater sent a tweet explicitly asking to be liked only by the designated Circle.

Ian Coldwater’s tweet explaining his experiment revealing that Twitter Circles are not private.


In a working system, only the Circle member should have the ability to like and, consequently, see the tweet. However, to Coldwater’s surprise, three people, including two non-followers, liked the tweet. Confirming the issue, other users in the thread acknowledged seeing the message in their feeds without the Twitter Circle label.

Is the Failure of Twitter Circles Really a Big Deal?

For those using Twitter Circles as a casual means to share thoughts with a select group, the risk may seem inconsequential. Thoughts on a favorite TV show reaching the “wrong” eyes might not raise alarms. 

A brunette woman holds her hands out in front of her, shrugging.


However, for those using Twitter Circle as an outlet to vent about work, seek confidential advice, or share personal struggles with trusted connections, the warning bells ring loud and clear—this may no longer be a secure space.

Symptom of a Much Larger Privacy Issue

This incident marks another instance of a major Twitter feature failing to function as intended. Amidst the ongoing drama surrounding the company, it signals a broader issue—Twitter may no longer possess the resources to maintain reliable functionality.

A sticker on a spray-painted wall that says, “we respect your privacy!”

Marija Zaric/Unsplash

A comparison with platforms like Instagram’s Close Friends and Snapchat’s Private Story, which continue to operate seamlessly, accentuates the failure of Twitter Circles. It prompts users to reevaluate their reliance on a platform grappling with the erosion of privacy features and the ability to uphold user expectations.


Is X Leaking Data from Your iPhone?

Now, a fresh problem has surfaced, only adding to the growing concern over X. The platform is apparently leaking user identity, a discovery made by the security researcher duo, Mysk. 

Someone holding four iphones of varying shades of gray. They are held in a fan spread above a gray background.

Daniel Romero/Unsplash

While not as immediately alarming as the exposure of supposedly private tweets, any data leakage is cause for concern. In this case, it revolves around crash reports.


X Is Sharing Crash Reports Without Your Consent

The iOS version of the X app provides users the option to opt-out of sending crash reports. You’d think that, if you disabled this option, the app would honor your preference and remain discreet when encountering a crash. 

A computer showing a long wall of computer code in various colors.

Markus Spiske/Unsplash

Unfortunately, that’s not the case. The app defies your choice and surreptitiously shares crash reports without your knowledge or consent.


How Exactly Does This Leak Occur?

Mysk demonstrates this in action through a video demo, running the iOS app on a Mac with the “Send crash reports” option turned off. Upon restarting the app, it becomes evident that the app indeed transmits a crash report to Crashlytics, a Google product. 

A person viewing a report on an electronic pad.

Towfiqu barbhuiya/Unsplash

What makes this breach even more unsettling is the fact that crash reports, according to the App Privacy breakdown, are not anonymized or aggregated but are personally linked to individual users. In essence, every time the app crashes or restarts, a report tied to your identity is dispatched to Crashlytics.


A Breach of User Trust

This breach is not only a data leak but a breach of user trust, occurring even when users explicitly express their desire for the app not to share crash report data. The magnitude of this issue warrants attention, perhaps even intervention from regulatory bodies like the EU.

The word “trust” spelled with dark red wooden blocks, sitting on a piece of wood.

Ronda Dorsey/Unsplash

As users grapple with these concerning developments, the immediate solution proposed is stark but straightforward—delete the X app from your iPhone. It’s advice that carries weight, urging users to reconsider their digital interactions with a platform that seems increasingly unreliable in safeguarding user data.


X Struggles to Maintain User Privacy

This narrative has become a cautionary tale. X, once a beacon of social media, now faces compounding issues, from compromised privacy features to veiled data leaks. 

The X social media logo standing on a glossy black foundation, with some minimal blue lighting.


The consequences are not just technical glitches but a tangible erosion of user privacy and trust. The vulnerabilities in Circles and the involuntary sharing of crash reports underscore a broader issue—the platform’s struggle to maintain robust privacy measures and uphold user expectations.


Users Must Stay Vigilant

As users grapple with this news, prioritizing privacy becomes more and more necessary. Deleting the app may be a temporary workaround, but it prompts broader reflection on the evolving landscape of social media.

A peeling triangular sticker with an exclamation point in the middle, stuck onto an orange wall.

Markus Spiske/Unsplash

X’s decline serves as a stark reminder that user trust is fragile and must be constantly earned and upheld. In an era where digital platforms play a central role in our lives, the vigilance and discernment of users become crucial in navigating the increasingly blurred line between the public and private.