Elon Musk has risked losing subscribers with his overhaul of Twitter, right down to renaming the service ‘X.’
But with the platform still surviving, he continues pushing the envelope. The latest move is a revised privacy policy that comes into effect September 29, allowing it to collect some users’ biometric data and other personal information.
The biometric data collection is for X Premium users only, the company told CBS MoneyWatch.
The privacy policy doesn’t define biometric data, but most experts interpret it as physical characteristics used for login confirmation such as fingerprint, facial or iris scans.
X will give users the option to provide their government ID, combined with a selfie, to add a verification layer, the company told CBS. “Biometric data may be extracted from both the Gov ID and the selfie image for matching purposes,” the company said. “This will additionally help us tie, for those that choose, an account to a real person by processing their government-issued ID. This is to also help X fight impersonation attempts and make the platform more secure.”
Whether users will accept this additional personal information collection or leave the platform isn’t known.
“The announcement is at least an acknowledgment that X will be doing what other social networks have already been doing in a more covert fashion,” Stephen Wicker, a professor at Cornell University and expert on data privacy, told CBS.
By seeking to gather millions of users’ biometric information, “Elon Musk is drawing a huge target sign on X,” said Adrianus Warmenhoven, cybersecurity expert at NordVPN.
“The era of the password is fast being replaced by one in which our fingerprints and retinas hold the keys to our online security, and cybercriminals are already waiting at the gates.
“Research into marketplaces on the Dark Web has revealed tens and thousands of stolen digital fingerprints are already available for sale. as bad actors seek to hoard this valuable data, knowing it will increasingly be used for authentication from social media to banking apps.
“With a giant stockpile of uniquely personal information, the security of X’s data storage will come under renewed scrutiny. In the event of a breach, it will no longer be just a case of requesting affected users to change their passwords, their identities could be compromised forever.
“This, coupled with the increased remit of data capture to include education and job history – another treasure trove for hackers and identity thieves – is also likely to make the platform a higher priority for cyber attackers than ever before.”
While gathering biometrics could help in Musk’s goal to eliminate fake or bot accounts, it is also likely to put extra pressure on X’s free users to subscribe to its paid-for service for additional security, he added. Earlier this year the company decided to limit two-factor authentication to members of X Premium (formerly Twitter Blue).
“Despite existing for some time, systems that collect and utilize biometric data remain controversial,” noted Matt DeLauro, chief revenue officer of SEON, a Hungary-based anti-financial fraud provider. “It will be interesting to see how X implements these technologies within its updated privacy policy, and how the company plans on securing this sensitive information against the risks posed by online fraudsters and cybercriminals.
“Policies like this often necessitate the creation of centralized databases to house sensitive and identifiable materials. This raises concerns about the potential exploitation of this information by internal or external bad actors. Individuals must not only decide if they trust X, but also the company’s cybersecurity defense measures against threats.”