How do you prevent leaking private information on Twitter?

Your Twitter profile is quite popular. Ten-thousands of followers, a lot of engagement. You need it for your brand & livelihood. But after getting doxxed once before, how can you prevent your private information from getting leaked ever again? Without having to leave Twitter, ideally.

Let's take a closer look at your Twitter privacy settings, profile, your friends & followers and what you tweet.

Review privacy settings that protect you

You did already disable sharing location updates, smart. However it is a good time to go through those other privacy settings again. Photo tagging? No thanks. Filter low-quality messages and maybe disable DMs altogether. Don't let people who have your email or phone number find you on Twitter.

Usually giving third party applications access to your Twitter account isn't worth it. So revoke all connected apps that you don't recognize, you won't need most anyway. I just removed 5 unnecessary apps from my own account.

Pseudonymous Twitter profile

Yes, you can set your profile to private, which also prevents you from expanding your audience. For now we'll stick to public, but keep in mind you can always switch to private, if things get uncomfortable.

Your Twitter name is a pseudonym, not even close to your real first and last name. This was confusing at the first meatspace events where people would call you by your handle. Remember to use your nym when ordering any drinks there... and to respond to your screen name when your coffee is ready.

There is no strict rule for what to put in your Twitter bio. Business information? A funny quote? Got any gang affiliations? Keep it non-local, as disclosing your local sports team gives away too much info. There is also this link to your website, got a famous anonymous blog that you'd like to pimp?

Removing your location information from your bio is a first step, but when it comes to geolocation & birthday there is a great opportunity to deploy some Protective Deception:

• Celebrate your unbirthday, so chose another believable but fake date.
• Mislead by picking a city in a different state and timezone.
• Could you get away with acting like you are from another country?

Friends and others you shouldn't follow

Sorry to break it, but those IRL friends are a real risk online. You can't control what they say or do, their actions can leak your true identity. The problem is that your friends won't have the same threat model as you. What is harmless fun photo tagging to them, means a real risk of getting doxxed to you.

If you have to connect with your real life friends on Twitter, create a separate private profile.

Now about those other "friends"; who you associate with can give unwanted hints about your location. While following those local politicians, suburb sports team and local business seems harmless, it can be another data point when reducing potential matches when a stalker tries to find your identity.

Create a private Twitter list instead of following locals, or use your other private profile to receive their updates. Be careful who you follow, but block aggressively.

When you tweet, don't dox yourself

When you send a Tweet of course you won't directly give out your personal information on purpose. But the risk is in distributing certain pieces of text, links, photo's, screenshots, etc. that do contain hints about your private identity and location. A few examples:

• It is your birthday! Hurray, now knowing the day and month anyone can filter down an infinite list of public voting records and other kinds of governmental information to a subset that is likely to include you.
• You share a link from a mailinglist that you subscribe to, however the marketing utm codes are still part of the URL, narrowing you down to a subscriber of that mailinglist and potentially even a cohort.
• What a cute dog photo. However after zooming in on Fido, you can read his dog tag which happens to include your cellphone.
• That screenshot of your iPhone boasting your exercise results, does also include your carrier, local time and background apps that you are using.
• That best cheesecake ever that you just enjoyed in your favorite restaurant, share it on your timeline and anyone knows what building you'll be leaving in the next hour or so.

Scary shit!

Knowing how people are careless about giving out such information, double down on your Protective Deception by tweeting about your unbirthday and fake holiday location.

TLDR

So, besides tightening your privacy settings, there are actually several steps you can take to prevent getting doxxed on Twitter. Keep a pseudonymous profile, don't follow friends or locals. Carefully review what you tweet, especially pictures. Don't dox yourself.