Vitalik Buterin Cautions That X’s Location Functionality Poses a ‘Simple to Fabricate’ Security Threat

Ethereum co-founder Vitalik Buterin has expressed significant apprehensions regarding X’s newly introduced location-tagging feature, cautioning that malicious actors will easily bypass the system while genuine users may encounter privacy threats.

This feature, which reveals the country or region of user accounts, was launched worldwide on November 22 via the platform’s “About This Account” section, which can be accessed by clicking on the signup date in user profiles.

Buterin’s criticism focuses on the feature’s susceptibility to manipulation, forecasting that within six months, foreign political troll accounts will adeptly fake their locations to seem as if they are based in the United States or the United Kingdom.

He contended that while acquiring fake locations for a million accounts might be somewhat challenging, establishing a single account with a false location and expanding it to a million followers would be relatively easy through tactics such as renting passports, phone numbers, and IP addresses.

Prediction about this “show which country the account is from” thing:
In the short term it will have lots of positive effects.
In the medium term, the sophisticated actors will find ways to pretend to be from countries that they are not. Lots of ways to rent individual people’s…

— vitalik.eth (@VitalikButerin) November 23, 2025

Privacy Concerns Overshadow Security Benefits

The introduction of the location feature has triggered immediate backlash from the crypto community, with notable figures like Uniswap founder Hayden Adams labeling it “psychotic” and questioning its compulsory nature.

Adams differentiated between voluntary and mandatory information sharing, asserting, “opt-in doxxing is fine, mandatory doxxing is psychotic.”

Thanks, I hate it
Opt-in doxxing is fine, mandatory doxxing is psychotic https://t.co/KvFIGy1VCc

— Hayden Adams (@haydenzadams) November 23, 2025

The rollout of this feature raises particular concerns for crypto users, considering the industry’s history of targeted attacks and kidnappings associated with digital asset ownership.

Buterin later clarified his stance after receiving feedback from the community, recognizing that disclosing location data without user consent or an opt-out option infringes on privacy.

“There are some individuals for whom even a small amount of data leakage is risky, and they should not have their privacy retroactively compromised without recourse,” he stated.

While X product director Nikita Bier announced privacy toggles for users in regions where speech is penalized, critics argue that this does not resolve the core privacy invasion issue for the wider user base.

The controversy is particularly pronounced when juxtaposed with platform owner Elon Musk’s March 2022 assertion that X would “do whatever it takes to protect the rights of users to remain anonymous, as they would otherwise face persecution from employers or risk of physical harm.“

This platform will do whatever it takes to protect the rights of users to remain anonymous, as they would otherwise face persecution from employers (as many have) or risk of physical harm

— Elon Musk (@elonmusk) March 22, 2024

This commitment was made when the platform revised its privacy policy to prohibit the publication of real names associated with anonymous accounts.

Industry Experts Debate Long-Term Implications

Finance professor Maxim Mironov from IE Business School proposed that the feature could serve a purpose similar to spam prevention strategies, suggesting that imposing additional costs for falsifying country information would diminish bot activity.

However, Buterin countered that the existing system necessitates individual users to manually verify each account’s location, undermining any benefits of mass verification and proving useful only for high-profile accounts that warrant explicit scrutiny.

Think about spam: if you introduced a one-cent cost for sending every email, the amount of spam would drop significantly. Similarly, if you introduced extra costs for faking the country you are writing from, the number of bots pretending to be from specific countries would…

— Maxim Mironov (@mironov_fm) November 23, 2025

Cryptoanalyst Nic Carter presented a differing viewpoint, framing the location disclosure as an acknowledgment that unrestricted access to Western communication infrastructure has led to widespread exploitation.

“Why should we continue to grant scammers direct access to our phones, inboxes, and DMs?” Carter remarked, likening the approach to China’s longstanding restrictions on foreign involvement in domestic platforms.

He described the human cost of open access as “astronomical,” highlighting seniors’ difficulties in using the internet safely and the ongoing SIM-farm spam issues.

Several users pointed out practical workarounds and raised concerns regarding the feature’s implementation.

Web3 attorney Langerius advised followers to disable country visibility through settings or switch from country-level to region-level display.

Developer Mayowa cautioned that the feature could foster discrimination against users from specific regions, noting that “innocent users will be abused or thrown under the bus simply because of where they’re chatting from.”

Tech investor Jason Calacanis humorously suggested, “Long VPN stocks,” indicating that virtual private networks would likely see increased usage as users attempt to conceal their actual locations.

Long VPN stocks https://t.co/Yc5nLP0UDZ

— @jason (@Jason) November 23, 2025

The feature signifies X’s declared effort to establish what it terms the “global town square,” with Bier assuring that additional authenticity verification methods are in the works.

The post Vitalik Buterin Warns X’s Location Feature Creates ‘Easy to Fake’ Security Risk appeared first on Cryptonews.