Are X (Twitter) DMs Safe?

X (formerly Twitter) Direct Messages are used by hundreds of millions of people worldwide for private conversations. But how private are they really? The short answer: far less secure than most people assume.

The Security Reality of X DMs

The End-to-End Encryption Problem

The biggest issue is that end-to-end encryption (E2EE) is not enabled by default. X introduced encrypted DMs in 2023, but they only work between Premium subscribers and come with significant limitations.

Feature	Regular DM	Encrypted DM (Premium)
End-to-end encryption	No	Yes (limited)
Group messages	Yes	No
Media sharing	Yes	Limited
Message deletion	Yes	Yes
Readable by X servers	Yes	No

Messages Stored on X's Servers

Unencrypted regular DMs are stored in plaintext on X's servers. This means:

• Data breach exposure: If X is hacked, your DM content could be leaked
• Internal access: X employees could potentially access your DMs
• Legal requests: Governments and courts can compel X to hand over DM content

Past Security Incidents

X has a history of security problems:

• 2020: Major account hack exposed DMs of high-profile accounts
• 2022: Former employee convicted of spying for Saudi Arabia using user data
• 2023: Over 200 million email addresses leaked in a data breach

What You Should Never Send via DM

Never share the following through X DMs:

• Bank account numbers or credit card details
• Passwords or authentication codes
• Social Security numbers or government IDs
• Home addresses or precise location data
• Private photos that could be damaging if leaked

Safer Ways to Share Sensitive Information

1. Use Password-Protected Memos

LOCK.PUB lets you create password-protected memos with expiration dates. Share the link via DM, and the recipient enters the password to view the content. Once expired, the information is no longer accessible — unlike DM messages that persist forever.

2. Use an E2EE Messenger

For truly sensitive conversations, switch to iMessage, Signal, or WhatsApp — all of which offer end-to-end encryption by default.

3. Regularly Delete DM History

If your DMs contain sensitive information, clean them out regularly. But remember: deletion only removes messages from your side — the other person may still have them.

Securing Your X Account

Protecting your DMs starts with protecting your account:

1. Enable 2FA: Use an authenticator app, not SMS (Settings > Security)
2. Use a unique, strong password: Never reuse passwords from other services
3. Review connected apps: Remove unnecessary third-party apps with account access
4. Enable login notifications: Get alerted when someone logs in from a new device
5. Watch for phishing DMs: Never click suspicious links, even from accounts you follow

How to Handle Suspicious DM Links

When you receive a link via X DM, check:

• Is the sender someone you actually know?
• Does the URL match the official domain?
• Does it ask for login credentials or personal info?
• Does it offer something "too good to be true"?

If any of these raise a flag, don't click.

The Bottom Line

X DMs are convenient for casual conversations, but they're not secure enough for sensitive information. Use LOCK.PUB to share private data through password-protected, self-expiring memos, or switch to an encrypted messenger for confidential discussions. And take five minutes right now to review your account security settings. Your online privacy is your own responsibility.