We store only what’s strictly necessary for the reconnection operation: matches between X/BlueSky/Mastodon accounts and your (otherwise public) list of subscribers. All this data is destroyed by default at the end of the HelloQuitteX operation.
You’re asking yourself questions, that’s good!
Your X archive contains a huge amount of personal data, and you must legitimately wonder, having given it to Elon Musk, what guarantees you have if you also give it to HelloQuitX via its migration platform.
Respect for privacy is at the heart of the HelloQuitX approach. It is guaranteed by the CNRS ISC-PIF laboratory (public French lab), which coordinates development under an open license and hosts the platform, and by an audit by an independent ethics and RGPD committee of which the Quadrature du Net is a member.
But what does this mean in practical terms?
Firstly, all data shared with HelloQuitteX will be destroyed by default at the end of the migration (we estimate a few weeks after January 20, so around May 2025). In compliance with the RGPD, you can also delete them at any time.
What data do we store?
Associations of your accounts
When you log in to App.HelloQuitX.com with one of your social network accounts (X, BlueSky, Mastodon), we do not have access to your password. It’s the third-party service of the social network in question that guarantees that you are who you say you are.
The only data we store are the associations between accounts, which we know to be certified thanks to your successive identifications.
Sharing followers and followees data
To reconnect you on BlueSky and Mastodon, we need to know who you’re connected with on X. This information is public and available on your profile, but difficult to exploit from an automated point of view. So we need the follower.js and following.js files, which list your followers and followees on X. Their contents look like this:
...{
"follower" : {
"accountId" : "755137239156490240",
"userLink" : "https://twitter.com/intent/user?user_id=755137239156490240"
}
},
{
"follower" : {
"accountId" : "66714410",
"userLink" : "https://twitter.com/intent/user?user_id=66714410"
}
},...
There are two ways to share them with us:
- Whatever the size of your X archive, but necessarily if it’s over 1GB, you can decompress the archive and send us only the two files following.js and follower.js (present in the data directory) in the same upload.
- If your archive is less than 1GB, you can also drag and drop it entirely and directly into the dedicated space on our website (faster). The contents of the archive are not transferred to our servers. The archive is decompressed locally in your browser, which transmits only the following.js and follower.js files. This behavior can be verified on the application’s github account
To sum up
On our servers, we only process declared account associations and subscriber lists, which are already public information but which X has taken great care to make difficult to extract automatically, notably to limit the possibility of exodus.
But wait, there’s more! Let’s ask ourselves what X stores on its servers and know about you... That’s easy, it’s in your X archive! The question is, are you okay with this data now being in the hands of Elon Musk and the Trump administration?
What X stores about you and what it can do with it
Your social-demographic data
The ageinfo.js file contains ... your age and date of birth.
The ip-audit.js file contains all the IP addresses of your connections, along with the date and time. This makes it possible for X to find out exactly where you go, and to infer, for example, where you work and where you live, even if you haven’t told X, from the moment you consult X there. If you have regular medical appointments and are accustomed to consulting X there, X might infer elements about your health. The same applies if you consult X from places where you have religious or social practices. All of these are scenarios for the use of your personal data that cannot be ruled out.
The email-address-change.js file contains all the email addresses associated with your account since the beginning. It can also be resold to make associations between different accounts opened with different addresses on other platforms.
The personalization.js file categorizes you according to a giant list of criteria. These are your tastes inferred by X. Extremely valuable on the personal data market. It can be supplemented by lists-member.js, which tells you which lists you’re a member of, and by like.js, which lists all the tweets you’ve liked.
List of your direct messages (DM)
File: direct-messages.js and direct-messages-group.js
Direct messages (DM), i.e. messages exchanged between users and therefore not public, give a false impression of trust. A lot of secrets have been told in DM since Twitter’s creation in 2006, between journalists, politicians, influencers, entrepreneurs and so on.
Unless you have explicitly opted for encryption, which is rare, these DMs are in the clear in your archive, and X and its owners also have unencrypted access to them. What’s more, even if you have opted for encryption, which implies paying a Twitter Blue subscription (9.6 euros per month), as noted by The Wired :
- The correspondent must also be a Twitter Blue member who has activated (opt in) end-to-end encryption;
- It doesn’t work for group DM ;
- It doesn’t work for sending photos or videos
Time to reread your DMs to make sure there’s nothing confidential. With Musk and Trump, you never know...
List of your ad interactions
File : ad-engagements.js
This file contains a list of all the ads you’ve interacted with: ad text, date of interaction, associated keywords. This is invaluable for profiling or reselling to third parties.
List of deleted Tweets
File: deleted-tweets.js
If you thought deleting a tweet was enough to make it non-existent, you’re wrong. This file lists everything you’ve ever wanted to delete (but never actually succeeded ...).
All your photos from the beginning!
Finally, if you’d like to take a look at yourself, open the data/tweets_media.js folder and data/direct_messages_media.js, it’s all your films and photos since the beginning!!!
Do you still want all this data to remain in Elon Musk’s hands? Just in case, prepare you migration with HelloQuitX : app.HelloQuitX.com
