New Privacy Risk For: X [Formerly Twitter] Is Getting Rid of “Circles”
Today, X [Formerly Twitter] has announced they plan to shut down their “Circles” feature as of Oct 31st, 2023. This offering was intended to let users restrict the visibility of tweets so they could be seen only by explicitly selected accounts. Platform users would put accounts in a “Circle” and could assign specific tweets to that Circle, meaning only accounts within the Circle had viewing rights to those Tweets. The shut-down raises concern regarding the privacy of personal communications that took place under the protection of Circles before November 1st 2023.
“Although X has not disclosed what will happen with Tweets that are currently ‘Circle-protected’, we should assume and prepare for the worst. Disabling this privacy feature could expose Tweets previously ‘Circle protected’, either by design or accident, resulting in sensitive information public,” says Christopher Budd, Director Threat Research at Sophos. For example, if someone previously disclosed sensitive health information like pregnancy or a diagnosis and protected it with Circles, that information could end up being publicly viewable.
After Oct 31st, 2023, there will be no “per Tweet” privacy options, the only privacy options will be to “Lock” the entire account so that only approved accounts can read Tweets. This will protect the account’s Tweets from being publicly viewable. But accounts approved to see the locked account will be able to see all Tweets in that account. If users do not choose to lock their account after Oct 31st, 2023, all new Tweets will be public at all times.
“Unfortunately, X has not indicated by now what will happen to Circle-protected Tweets posted prior to that date,” says Budd. “Anyone who has used Circles to protect Tweets needs to assume that all Circle-protected Tweets will become public. Anyone who has Circle protected Tweets and does not want those Tweets to potentially be public should proceed with caution and review their account.”
Here is what X-users should bear in mind if they are using Circles:
- Download a copy of your data if you want to retain a copy of those Circle-protected Tweets and manually delete the Circle-protected Tweets.
- Within settings, download a copy of your data to ensure you retain a copy of those Circle-protected Tweets
- This data can also act as a check list of “circle” Tweets you could manually delete to ensure they are not potentially made public
- Be vigilant, should you wish to close your account, your handle can be taken by someone else. If you are concerned about account impersonation, you should not close the account but instead retain it and leave it empty by deleting all Tweets as above and not closing your account, but locking it using a strong password and MFA with an authenticator app.