X appears to be drafting a public notice that would disclose when an account location could be swayed by the use of a VPN or proxy, marking a new era of openness and renewing privacy concerns. Code strings discovered in the app indicate that there may be a profile disclaimer to inform viewers who see country or region tags that such tags don’t mean the user is actually present in that location.
The move is part of a larger company effort to reduce trolling and sockpuppetry by providing more context around “About This Account.” But it also risks demonizing privacy tools — including tools many journalists, activists, and everyday users rely on for safety and security — by association.
- What the app code shows about upcoming VPN notices
- Why X says it wants location labels for profiles
- Privacy risks and potential misfires of VPN labeling
- How a VPN is usually detected by major platforms
- What users need to do now to protect their privacy
- The bigger picture: balancing transparency and safety
What the app code shows about upcoming VPN notices
Developers looking into recent X builds saw text that suggested a third-party partner might automate someone being alerted when a connection is initiated via a proxy like a VPN. One sentence says the service could display a message to the public such as “Country or region may not be accurate,” hinting at an assumption that the profile’s location label is estimated and could be influenced by other routing.
Previously, X’s head of product Mikita Bier said the company was “playing with country by account right now” along with other signals. He added that there would be privacy toggles, but said users could still see changes for a while if people change them, making it possible to configure a profile that might be visible to others — an approach which could effectively shine a light on attempts to reduce exposure.
Why X says it wants location labels for profiles
Platforms have relied on authenticity markers to fight coordinated harassment and disinformation. Instagram, to take one example, added “About This Account” information years ago to surface creation dates and location signals for big profiles. X’s version looks like an effort to make it more difficult for repeat offenders to hide behind transitory identities, as well as offer audiences added context about who is speaking.
And since X is reporting hundreds of millions of monthly users, even marginal improvements in trust and safety tooling can have outsized effects. But location displays are blunt instruments. They may discourage bad actors and they also inadvertently make people who have reasons to conceal their whereabouts a target.
Privacy risks and potential misfires of VPN labeling
Security experts caution that a blatant VPN flag could be weaponized. Executives at some of the biggest VPN companies have said that flagging users as “suspicious” just because they used privacy tech could open up vulnerable communities to harassment or surveillance. Digital rights activists have raised similar apprehensions, highlighting that network routes are a lousy proxy for identity or intent.
There’s also a compliance wrinkle. If an app has inferred a jurisdiction based on the region of its store, or the country according to its IP (including people who travel often and use corporate VPNs, mobile carrier NATs, etc.), it’s possible that they will be misclassified. That can include the wrong restrictions for content, friction on age-gating, or limiting who can see an account that doesn’t properly correspond to a user’s real legal environment.
How a VPN is usually detected by major platforms
The vast majority of platforms use IP intelligence feeds and reputation databases that minimize access to trusted data center ranges, public proxies, and exit nodes. Vendors like MaxMind, IP2Location, and their ilk assign a score to whether an address is residential, mobile, or hosted — and if it has a history of proxy usage or abuse.
That methodology is good for finding automated trolling and spam, but it’s not perfect. Your shared Wi-Fi, the corporate tunnel back to headquarters, or the hotel network can all appear “proxy-like.” False positives are so pervasive that trust and safety teams generally rely on multiple signals — device fingerprints, behavioral patterns, verification checks — before acting or surfacing labels.
What users need to do now to protect their privacy
Review privacy settings when new location options are introduced. If X also provides a toggle that lets you show or hide country- or account-level metadata, review it and make sure you understand which data is becoming public.
Consider keeping more dangerous activity on a separate account from your personal one, and not accessing corporate VPNs or highly sensitive posts with it if its label could be misinterpreted.
Note that a “country may not be accurate” warning could result from perfectly valid privacy practices. If you depend on a VPN for security, consider in advance how that visible signal might shift the tenor of exchanges — particularly in those more hostile, between-competitors threads where one’s adversaries are looking for any excuse to discredit or dox.
The bigger picture: balancing transparency and safety
VPN adoption is mainstream. Between 25 and 30% of internet users claim to use a VPN within any given month, with privacy, public Wi-Fi security, and safer access to content among the most commonly cited reasons in GWI research. In many countries with tight press freedom, the use of a VPN is a security measure, not something to raise eyebrows.
If X goes forward, the how will matter. Clarity in definitions, a high threshold for false positives, an option that doesn’t “punish” privacy — those are the factors that will decide if the use of the feature improves integrity without chilling speech. Transparency should mean letting users know, not accidentally outing those most in need of protection.