X biometrics

X wants your biometric data

Users of X (formerly Twitter) paying for a checkmark under what used to be called Twitter Blue (now X Premium) have some biometric related decisions to make. The BBC reports that Elon Musk, having dismantled the old checkmark system to replace it with the all new Premium, is (re)introducing identity verification.

The old verification system typically verified users by requesting a copy of government issued ID like a passport scan. This system is now returning, but with some additional features along for the ride.

People signed up to the subscription service can now choose to provide an image and photo ID for verification. In relation to the updated privacy policy, X had this to say to the BBC:

X will give the option to provide their government ID, combined with a selfie, to add a verification layer.

“Biometric data may be extracted from both the government ID and the selfie image for matching purposes. This will additionally help us tie, for those that choose, an account to a real person by processing their government-issued ID. This will also help X fight impersonation attempts and make the platform more secure.

That’s not all. Users may be able to submit additional information like employment and education history. The policy continues:

We may collect and use your personal information (such as your employment history, educational history, employment preferences, skills and abilities, job search activity and engagement, and so on) to recommend potential jobs for you, to share with potential employers when you apply for a job, to enable employers to find potential candidates, and to show you more relevant advertising.

As with so many proposed changes to how the platform operates, there are potentially frustrating gaps in how this would work in relation to certain possible issues. If the concept behind ID verification for paying users is to “fight impersonation attempts”, making it optional may not help unless X clearly shows which paying users have confirmed ID.

As a proposed solution to impersonation, it may end up being needlessly messy. At time of writing we have the blue badge, a grey badge for Government officials, and gold badges with square profile pictures instead of circular for business entities. From those, some are paid, some have been given to users free of charge depending on popularity, and others are entirely bogus and show up in rogue adverts.

Yet more badges or qualifiers to wade through when trying to establish the genuine nature of an account could be a hassle. You knew exactly where you stood with a single blue badge under the old system. More quirks, wrinkles, and caveats for “at a glance” assessment feels like needless friction on a fast moving platform.

The general response from paying users so far has not been particularly positive, so it remains to be seen if there’ll be a big push for biometric sign ups. Even under the old system, verified accounts could be compromised and used for nefarious purposes. If you could swipe an identity verified Twitter account back in the day, would you also be able to swipe an identity verified X account? The smart money will be on “Yes, absolutely”.

The oft-stated desire from Elon Musk to turn X into the “everything app” managing everything from job applications to banking and payments may largely depend on a big biometric uptake. Given the many issues prevalent across all of social media, I would suggest holding off to see how things turn out before handing over this kind of valuable data.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


Christopher Boyd

Former Director of Research at FaceTime Security Labs. He has a very particular set of skills. Skills that make him a nightmare for threats like you.