Sorting by

×

New X feature can leak your location without you realising

Strangers can now see the locations of users on X after the social media platform rolled out a new calling feature.

Anyone with a profile on X, previously known as Twitter, has a new setting on their account turned on by default, which enables others to call their profile. By doing so the caller can see their town, city or postcode.

The feature has caused concern among liberty groups and digital rights campaigners who say showing this information could be a “matter of life or death” for vulnerable campaigners. The Open Rights Group and Big Brother Watch labelled the move by X as “extremely concerning” and “a serious error of judgement” regarding users’ safety and privacy.

The Information Commissioner’s Office told i platforms were required to ensure personal information was protected and for users to be made aware of changes to their private data.

X’s change reveals a user’s IP address when they are called. This is a unique set of numbers assigned to a device, like a phone or laptop, that is connected to the internet. Those numbers enable the device to communicate with the internet and include information, such as its physical location.

An IP address can reveal the town, city or postcode of a user. It can be used to find the exact address of individuals – a practice known as ‘doxxing’.

It is unclear when the new feature was rolled out across accounts. After searching on an archive of X’s website, i found a ‘Help Centre’ page detailing the update on 23 February. Five days later on 28 February, X announced the ability to make calls on the app but did not disclose that a person’s IP address would be visible.

Some users sought to let others know about the privacy issue through X’s ‘community notes’ feature, where accounts can highlight key information the original user has omitted in a post.

A post on X was amended by users to highlight the IP address concern

The function can be disabled, but some people have reported receiving an error message or having to try multiple times before the feature would turn off. It also appears it can only be disabled while using X’s app, not on a desktop.

There is one barrier to who is able to call an X user on their profile. The platform states that a caller must have sent a message to the account at least once before. The audio feature was previously only available to premium users.

The real-world impact of this change is alarming, according to Mahsa Alimardani, a digital rights researcher at the Oxford Internet Institute.

She has closely monitored the use of social media in the recent Iranian protests against the government, when activists used anonymised accounts to publish videos, photos and posts from within the country to highlight how protesters were being silenced.

Ms Alimardani told i: “Despite a mass migration off of Twitter, most Iranians inside Iran are still using it for their activism, as are a lot of other community activist communities. This was just reckless behaviour from X for vulnerable users.

-- AFP PICTURES OF THE YEAR 2022 -- This UGC image posted on Twitter reportedly on October 26, 2022 shows an unveiled woman standing on top of a vehicle as thousands make their way towards Aichi cemetery in Saqez, Mahsa Amini's home town in the western Iranian province of Kurdistan, to mark 40 days since her death, defying heightened security measures as part of a bloody crackdown on women-led protests. - A wave of unrest has rocked Iran since 22-year-old Amini died on September 16 following her arrest by the morality police in Tehran for allegedly breaching the country's strict rules on hijab headscarves and modest clothing. (Photo by UGC / AFP) / AFP PICTURES OF THE YEAR 2022 === RESTRICTED TO EDITORIAL USE - MANDATORY CREDIT "AFP PHOTO / UGC IMAGE" - NO MARKETING NO ADVERTISING CAMPAIGNS - DISTRIBUTED AS A SERVICE TO CLIENTS FROM ALTERNATIVE SOURCES, AFP IS NOT RESPONSIBLE FOR ANY DIGITAL ALTERATIONS TO THE PICTURE'S EDITORIAL CONTENT, DATE AND LOCATION WHICH CANNOT BE INDEPENDENTLY VERIFIED === / (Photo by -/UGC/AFP via Getty Images)
Huge protests swept across Iran after the death of a woman in custody. Foreign press were largely unable to enter the country and evidence published to social media played a key role in exposing the violent crackdown on demonstrators

“Iran has had massive crackdowns to really snuff out all the dissidents and activism, [including those on] Twitter anonymously posting against the regime. We’ve seen cyber army accounts dox activist accounts. They are putting a tonne of resources into locating and identifying people on this platform.

“Now having this feature, where they would be able to find this person’s IP address, is really making things easier for the regime.”

She added: “This is a matter of life and death.”

Abby Burke, programme manager at Open Rights Group, a digital rights safeguarding group, echoed her concerns.

“It’s extremely concerning that X has rolled out a new feature that has serious implications for users privacy and security quietly, without making users aware of the changes.”

She added this change had come in the wake of X scrapping its content moderation teams and a rise in hate speech on the platform. “Profit is the motivating factor over user safety and security.”

Mark Johnson, advocacy manager at civil liberties group Big Brother Watch, said: “This is a serious error of judgement from X, which could have major ramifications for people on the site who require privacy to ensure their safety and security.

“The platform should reconsider the design of this new feature and ensure any system that facilitates calls via the site does so in a way which doesn’t compromise the privacy of users.”

Pat de BrĂșn, head of big tech accountability at Amnesty International, said many human rights workers relied on X to document abuses and that “any moves by X that risk surreptitiously exposing the location of platform users are deeply alarming and should be revisited immediately to ensure compliance with human rights standards”.

The Information Commissioner’s Office, the government body looking at the use of private information and tasked with upholding information rights in the UK, said: “Online platforms are required to take a ‘data protection by design’ approach when introducing new features that might reveal personal data.

“As part of this approach, platforms should put protections in place to minimise the amount of personal information surfaced to other users and people should be fully informed about the privacy impacts of these features.”

X did not respond to requests for comment.

How to turn the feature off

Go to the X app on your phone.

Go to your messages and tap the settings button.

Toggle the button to ‘off’ (so it is not green) on the ‘Enable audio and video calling’ section.

If you encounter an error or glitch, some users have reported that closing and reopening the app works, while others have also had success when uninstalling and reinstalling the app.

Source link

Related Articles

Back to top button