Privacy by Design
XTagger was built around a single constraint: your opinions about other people are yours. They should live on your device, leave only when you choose, and be impossible for any third party β including the XTagger developers β to access without your explicit action.
Where your data lives
All tags are stored in IndexedDB inside your browser profile:
- Encrypted at rest by your operating systemβs disk encryption
- Scoped to your browser profile β other users on the same machine cannot read it
- Wiped automatically if you clear browser data or uninstall the extension
- Portable via browser profile backup
There is no XTagger server. If you want to verify this, install the extension and watch the Network tab in DevTools β you will see nothing going out to any XTagger infrastructure.
Why this matters
X.com already knows a great deal about you: who you follow, what you like, how long you dwell on each post. Your annotations β the private model you build of who is trustworthy, who is a troll, who is worth reading carefully β are something different. They are your judgement. They should not sit on a platform that may change its terms, get acquired, or be subpoenaed.
Keeping tags local means:
- No breach surface. We hold no data; there is nothing to breach.
- No subpoena risk. We cannot be compelled to hand over what we do not have.
- No lock-in. You own the export format. Any tool that implements the XTAG: spec can read your data.
- No platform dependency. If X.com changes or shuts down, your tags still exist.
Sharing is opt-in and explicit
Every tag starts private. To share, you mark individual tags as public and export them as an XTAG: string, which you distribute yourself. No sharing infrastructure is involved on our end.
When you import someone elseβs collection, those tags arrive with a source field recording where they came from and when. You can review, edit, or delete them exactly like your own tags. Imported tags do not report back to the person who shared them.
Permissions requested
| Permission | Why |
|---|---|
storage | Read and write tags to IndexedDB |
activeTab | Inject the tag UI into the current X.com page |
contextMenus | Add the right-click tagging option |
No http://*/*. No identity. No access to pages other than X.com.
Auditing for yourself
XTagger is fully open source under the GPL-3.0 licence. Every line that runs in your browser is available to read, audit, and build yourself.