Is Twitter/X Safe to Use in 2026?
X, formerly Twitter, has become increasingly concerning from a privacy perspective since its acquisition by Elon Musk. The platform now uses all user posts and interactions to train its Grok AI model by default, has loosened content moderation policies, reduced the trust and safety team significantly, and expanded data collection practices. The platform shares data with xAI for model training without meaningful opt-out mechanisms. Combined with reduced transparency and the departure of key privacy personnel, X presents substantial privacy risks for users who share personal information or opinions on the platform.
What X (Twitter) Collects
- All posts, replies, direct messages, likes, bookmarks, and engagement patterns across the platform
- Device information, IP addresses, precise location data, and browsing behavior on sites with embedded tweets
- Phone number and email required for account creation, which are used for advertising and discovery features
- Behavioral data used to train Grok AI models including conversational patterns and topic preferences
Who Sees Your Data
- X Corp and xAI, which uses platform data to train the Grok large language model without clear user consent mechanisms
- Advertising partners who receive behavioral targeting data, with X having expanded its advertising data sharing since acquisition
- Any user on the platform, as posts are public by default and the platform has reduced privacy protections for user content
Privacy Changes Under New Ownership
Since Elon Musk acquired Twitter and rebranded it as X, the platform has undergone significant privacy changes. The trust and safety team was reduced by over 80 percent, eliminating institutional knowledge about privacy protections. The privacy policy was rewritten to allow broader data use, particularly for AI training. Grok, the AI chatbot built by xAI, is trained on user posts and interactions with default opt-in settings that most users never discover. The company has also reduced transparency reporting and stopped publishing regular privacy audits that were previously required under an FTC consent decree.
Grok AI and Your Data
X routes user data to xAI for training the Grok language model. This means your posts, interactions, and behavioral patterns contribute to a commercial AI product without clear compensation or consent. The opt-out setting is buried in privacy menus and only prevents future data use, not the deletion of data already ingested. Direct messages, which users expect to be private, may also be analyzed for AI training purposes according to the current terms of service. This represents one of the largest uncompensated data appropriation programs in social media, as billions of posts become training material for commercial AI development.
Content Moderation and Safety Concerns
The dramatic reduction in content moderation staff has led to increased exposure to harmful content, misinformation, and coordinated harassment campaigns. Reduced moderation combined with algorithmic amplification of engagement-driven content means users are more likely to encounter manipulative or harmful material. The relaxation of verification requirements through paid blue checks has made it easier for impersonation accounts and scammers to appear legitimate. These changes have tangible safety implications beyond privacy, as users may be exposed to scams, harassment, or targeted influence campaigns with fewer platform protections than previously existed.
Recommended Privacy Settings
| Setting | Where | Recommended |
|---|---|---|
| Grok AI Training | Settings > Privacy and Safety > Grok | Opt out of allowing your data to be used for Grok AI training to prevent your posts from being used as AI training material |
| Discoverability | Settings > Privacy and Safety > Discoverability | Disable phone and email discoverability to prevent your account from being found through contact information |
| Personalization and Data | Settings > Privacy and Safety > Data Sharing | Disable all personalization and data sharing options to reduce behavioral tracking for advertising |
Safer Alternatives
Our Verdict
X earns a risky rating due to the expanded data collection for Grok AI training, gutted trust and safety operations, reduced transparency, and the overall deterioration of privacy protections since the change in ownership. The platform now functions as both a social network and an AI training data pipeline, with user content being appropriated for commercial AI development. If you continue using X, opt out of Grok training, minimize personal information shared, and use the platform through a browser rather than the app to reduce device-level data collection. Mastodon and Bluesky offer substantially better privacy guarantees.
Related Safety Checks
Frequently Asked Questions
Are my direct messages on X private and secure?
Direct messages on X are not end-to-end encrypted for most users. X introduced encrypted DMs but limited the feature to verified subscribers messaging other verified users. Even with encryption enabled, metadata about who you message and when is still collected. The platform terms of service allow X to access and analyze DM content for safety reviews and potentially for AI training. For private communications, do not rely on X direct messages and instead use a dedicated encrypted messenger like Signal.
Can I prevent X from using my posts to train Grok?
You can opt out of future Grok training data collection in Settings under Privacy and Safety, then Grok. However, this only prevents future data from being used. Posts and interactions that were already collected before you opted out may still be included in training datasets. There is currently no mechanism to request deletion of data already used for AI training. The most effective prevention is to make your account private and minimize the personal content you share on the platform going forward.
Has X been fined for privacy violations?
Twitter was previously under an FTC consent decree for privacy violations and paid a 150 million dollar fine in 2022 for misusing phone numbers and email addresses provided for security purposes to instead target advertising. Under the current ownership, compliance with the consent decree has been questioned by regulators and privacy advocates. The reduced trust and safety staff raises concerns about the company ability to maintain compliance with existing regulatory requirements across multiple jurisdictions worldwide.