← Social Media
F

Threads

Fail
Meta Platforms · 🇺🇸 United States
PolicyApp PermissionsNetwork TrafficFirmwareRegulatory
Technical details
Manufacturer: Meta Platforms

⚠️ The bottom line

Threads' own App Store privacy label — which Meta itself filled out — discloses collection of health data, financial information, precise location, contacts, browsing and search history, purchases, and "sensitive info." Top10VPN found Threads collects 45% more data points than X. When asked, Meta's deputy privacy officer said the label "isn't fully representative." They're right — it's worse than it looks. You signed up to post short text updates. Threads wants your health records, bank activity, and precise GPS coordinates. Meta launched Threads in 100+ countries in July 2023 — except the entire European Union. The reason: GDPR. Threads collects "sensitive information" under special EU protection, and European courts had already struck down Meta's "legitimate interest" excuse. The app was so invasive that Meta's own lawyers said "not in Europe." They launched there five months later with modifications. If a product is too invasive for the company's own legal team to defend in court, what does that tell you about using it everywhere else?.

Legal jurisdiction
🇺🇸 United States (headquarters)
CLOUD Act read more →
US govt can demand your data from this company even if stored overseas
FISA §702 / PRISM read more →
NSA collects stored emails, photos, messages without individual warrants
Geofence warrants read more →
Police can demand location data for everyone near a crime scene
Spying
3/4 HIGH
Is someone spying on me?
Data Sharing
2/4 MODERATE
Who gets my data?
Security
0/4 N/A
Is it actually secure?
Honesty
4/4 EXTREME
Can I trust what they say?
REPLACE Extreme risk. Look for alternatives or lock down hard.
6Contradictions
2Critical
4High
0Medium
3Sources
Findings by concern
Spying 3/4 HIGH 2 findings
⚡ highpolicy claims vs app permissions
In December 2025, Meta started using everything you say to its AI chatbot to target you with ads — not just on Threads, but Facebook and Instagram too. Ask Meta AI about anxiety? Expect mental health ads. Mention a vacation? Travel ads everywhere. Privacy groups filed complaints. In the US, there's no simple opt-out — you navigate what experts called "labyrinthine" settings. Meta isn't reading your DMs. They're doing something more efficient: turning your AI conversations into an advertising profile.

What they claim: Meta says its AI features enhance user experience across platforms.

What we found: From December 2025, Meta uses AI chat data to refine ad targeting and content recommendations across Facebook, Instagram, and Threads. Users interacting with Meta AI find inputs feeding algorithms everywhere. In the US, no blanket opt-out — users must navigate labyrinthine settings.

⚡ highpolicy claims vs app permissions
Three apps, three privacy policies, one advertising profile. Everything you do on Threads — who you follow, what you like, what you post — feeds the same targeting engine serving ads on Facebook and Instagram. Like running shoes on Threads? Running shoe ads on Facebook. Follow a mental health account? Wellness ads on Instagram. Three privacy policies govern this, and none clearly say: "A Threads like becomes a Facebook ad." Meta didn't build a new social network. They built a new data collection funnel for the old one.

What they claim: Threads' supplemental privacy policy describes data practices specific to the Threads experience.

What we found: Threads data is combined with Facebook and Instagram to build a unified advertising profile. Posts, follows, and engagement patterns feed the same targeting engine across all three platforms. Three separate privacy policies govern one user. None clearly say a Threads like becomes a Facebook ad signal.

Honesty 4/4 EXTREME 4 findings
⚠️ criticalpolicy claims vs app permissions
Threads' own App Store privacy label — which Meta itself filled out — discloses collection of health data, financial information, precise location, contacts, browsing and search history, purchases, and "sensitive info." Top10VPN found Threads collects 45% more data points than X. When asked, Meta's deputy privacy officer said the label "isn't fully representative." They're right — it's worse than it looks. You signed up to post short text updates. Threads wants your health records, bank activity, and precise GPS coordinates.

What they claim: Meta says Threads provides controls for managing how data is used.

What we found: Threads' App Store label discloses collection of health data, financial info, precise location, contacts, browsing/search history, purchases, and sensitive info. Top10VPN found Threads collects 45% more data points than X. Meta's deputy privacy officer said the label isn't fully representative — but Meta itself filled it out.

⚠️ criticalpolicy claims vs regulatory findings
Meta launched Threads in 100+ countries in July 2023 — except the entire European Union. The reason: GDPR. Threads collects "sensitive information" under special EU protection, and European courts had already struck down Meta's "legitimate interest" excuse. The app was so invasive that Meta's own lawyers said "not in Europe." They launched there five months later with modifications. If a product is too invasive for the company's own legal team to defend in court, what does that tell you about using it everywhere else?

What they claim: Meta launched Threads as a global platform for open conversation.

What we found: Threads launched July 2023 in 100+ countries but deliberately excluded the EU. The DMA and GDPR created risks Meta wouldn't take. Collection of sensitive information would require explicit consent Meta couldn't claim through legitimate interest. Threads eventually launched in EU in December 2023 with modifications.

⚡ highpolicy claims vs app permissions
Want to delete Threads? You have to delete your Instagram too — every photo, every follower, years of content, gone. 275 million people signed up during the hype without reading the fine print. Instagram head Adam Mosseri admitted on Threads itself they were "looking into" separate deletion. That was July 2023. As of 2026, accounts are still chained together. Meta built a roach motel: easy to check in, impossible to leave without torching everything you built on Instagram.

What they claim: Threads gives users control over their data and account.

What we found: Deleting Threads requires deleting the linked Instagram account — destroying years of photos, followers, and content. Instagram head Adam Mosseri acknowledged this on Threads itself, saying they were looking into a separate delete. As of 2026, accounts remain linked. Users can deactivate but not truly delete without losing Instagram.

⚡ highpolicy claims vs app permissions
Threads lets you federate posts to the fediverse via ActivityPub — Meta frames this as freedom and choice. What they don't explain: when you flip that switch, your posts and metadata get copied to third-party servers Meta doesn't control. A Mastodon instance run by one person with no privacy policy now has your content. Meta can't delete it from those servers. You thought you were posting on Threads. Your words are now on servers across the internet that nobody audits and nobody governs.

What they claim: Threads supports ActivityPub protocol to give users choice and interoperability.

What we found: When posts federate via ActivityPub, content and metadata are transmitted to third-party servers with varying privacy policies. Meta has no control over how federated servers store or retain data. A user's post could end up on a Mastodon instance run by one person with no privacy policy.

What happened to real people
Documented incidents involving Meta Platforms products and user data.
Cambridge Analytica harvested 87M Facebook users' data without consent for political ad targeting in the 2016 US election and Brexit referendum. $5B FTC fine. [source]
FISA content requests to Meta increased 2,171% since 2014. Meta complied with 88% of 60,000+ government data requests. PRISM participant since 2009. [source]
What your data is worth to governments
Meta complied with 60,000 government data requests in H2 2023. That's +675% over 10 years. Meta has been a confirmed PRISM participant since 2009. Under this programme, the NSA collects stored communications. The company is legally prohibited from telling you. Jurisdiction: US (CLOUD Act, FISA Section 702).
Documented: Cambridge Analytica harvested 87M Facebook users' data without consent for political ad targeting in the 2016 US election and Brexit referendum. $5B FTC fine.
Documented: FISA content requests to Meta increased 2,171% since 2014. Meta complied with 88% of 60,000+ government data requests. PRISM participant since 2009.
What is PRISM? · What is the CLOUD Act? · Transparency report
Sources