X's Audio Calls Are Recording Everything: What You Need to Know

Sound Off: X’s New Audio Calling Feature and the Echoes of Privacy Concerns

/! elementor - v3.19.0 - 28-02-2024 /

X, formerly known as Twitter, has recently introduced a new audio calling feature. This feature allows users to make voice or video calls directly from the platform. While this addition enhances the platform’s functionality, it also raises significant privacy and security concerns. This blog post will explore these implications in detail.

The New Feature

The audio and video calling feature is integrated into the Messages part of the X app. To initiate a call, users tap on the phone icon in an existing Direct Message (DM) conversation or start a new conversation. The recipient receives a notification of the incoming call. If they miss the call, they receive a missed call notification.

X has also added some basic control over who can call you. Depending on your settings, you may be able to limit calls to people you follow or accounts in your address book, or open it up more broadly. On the surface, these controls seem to offer flexibility and convenience, especially for users who rely on X as a primary communication channel.

However, new communication features on large platforms rarely arrive without trade-offs. With X’s calling, those trade-offs sit squarely in the realm of privacy and security.

Privacy Implications

One of the primary privacy concerns with this feature is the potential exposure of users’ IP addresses. By default, calls are routed peer-to-peer, meaning that the devices of the two parties involved in a call connect directly. This design, common in many messaging and calling apps, can make users’ IP addresses visible to each other.

An IP address can reveal a user’s approximate location (sometimes down to a city or neighborhood) and be linked to their online activity. For everyday users, that may feel abstract. For high-risk users—journalists, activists, whistleblowers, targets of harassment, or anyone dealing with a stalker—this is far from theoretical. IP exposure can make doxxing and targeted attacks easier.

To mitigate this, X has introduced an “Enhanced call privacy” setting. When enabled, this setting masks the user’s IP address by routing the call through X’s infrastructure, rather than directly device-to-device. However, this setting is disabled by default, which means users must proactively enable it to protect their IP address.

This “opt-in” design matters. Many users never touch their privacy settings, either because they don’t know they exist, don’t understand them, or simply assume the platform’s default is the safest choice. In X’s current implementation, the default is not the safest choice for privacy-conscious users.

Another subtle concern is data retention and logging. While X has not publicly detailed exactly how long call metadata (who called whom, when, and for how long) is retained, large platforms typically keep such data for operational, legal, and business reasons. That metadata can be highly revealing, even without audio content—painting a detailed picture of your social graph and habits.

Security Implications

A significant security concern is that X’s calls are not end-to-end encrypted. End-to-end encryption ensures that only the caller and the recipient can listen in on a call. Even the service provider cannot decrypt the communication. Without it, there’s a potential risk that X could intercept or access calls, either intentionally, under legal compulsion, or through a security breach.

This lack of end-to-end encryption contrasts with other messaging apps like Signal and WhatsApp, which prioritize this security measure and have made it a core part of their value proposition. When communication isn’t end-to-end encrypted, several risks emerge:

• The platform itself can technically access call content.
• Governments or law enforcement can request or compel access.
• A compromise of the platform’s infrastructure could expose call audio or metadata.

For users in sensitive professions or under oppressive regimes, these are not abstract “what ifs”; they can be matters of safety.

Who Should Be Most Concerned?

Not every user faces the same level of risk. The impact of X’s design choices is particularly serious for:

• Journalists communicating with sources
• Activists and organizers working on politically sensitive issues
• Survivors of abuse or harassment who may be targeted by persistent adversaries
• Corporate users discussing confidential or proprietary information

For these groups, relying on a non–end-to-end-encrypted calling feature with default IP exposure is a significant downgrade from more secure tools.

Recommendations for Users

Given these privacy and security implications, users should consider taking steps to protect themselves:

1. Enable “Enhanced call privacy.”

Turn on this setting immediately if you plan to use X for calls. This helps mask your IP address by routing calls through X’s servers rather than directly between devices.

1. Harden your call permissions.

Limit who can call you to trusted contacts where possible. Reducing exposure reduces the risk of IP harvesting or harassment via calls.

1. Treat X calls as non-private.

Assume calls on X are more like regular phone calls or unencrypted VoIP. Avoid sharing highly sensitive, confidential, or life-critical information.

1. Use dedicated secure apps for sensitive conversations.

For anything truly sensitive, consider tools that provide strong, well-documented end-to-end encryption, such as Signal or other privacy-focused solutions. Use X calls for casual or low-risk communication only.

1. Stay informed about updates.

Features and policies change frequently. Keep an eye on X’s official announcements and independent security research to know if end-to-end encryption or safer defaults are introduced later.

The Bigger Picture

X’s audio calling feature reflects a broader trend: social platforms racing to become “everything apps,” bundling messaging, payments, media, and calls under one roof. Convenience is powerful—but it often comes at the price of complex, opaque privacy trade-offs.

For users, the lesson is clear: new features are not automatically safe features. Each added capability can create new avenues for tracking, profiling, and potential exploitation.

In conclusion, while X’s new audio calling feature enhances the platform’s functionality, it also introduces significant privacy and security concerns. Users should be aware of these implications and take steps to protect themselves. As always, staying informed and vigilant is key to maintaining privacy and security in the digital world.

For more information about privacy, visit our Privacy FAQ's.

---

Related Articles

• Masked Digital Hero: MySudo’s Crusade for Privacy
• Privacy Showdown: The Mac and PC Security Saga