How a new X feature led to the most sweeping public exposure of covert foreign activity on a major platform since 2016.
A new feature on X has revealed that a huge number of large, divisive political accounts claiming to be Trump supporters are actually operating out of foreign countries. The discovery — likely the most sweeping public exposure of covert foreign activity on a major platform since the revelations about Russia in 2016 — raises serious concerns about covert foreign influence in U.S. political discourse, mirroring the Russian disinformation campaign in which operatives from Russia’s Internet Research Agency posed as U.S. persons to interfere in the election.
The new feature on X allows users to see the approximate place where an account was created and is primarily operating from, rather than having to rely solely on an account operator’s self-reported location. The move was made to boost transparency and enhance the authenticity of discussions on the platform, but it immediately became apparent that the new feature would have an additional effect: exposing foreign accounts that are posing as Americans.
On Saturday, X users found scores of pro-Trump and MAGA accounts that were trying to pass as Americans but were operated from countries in Europe, Asia, Africa, and elsewhere. X acknowledges that some of the operating locations may actually be the location of a VPN service rather than the location of the account owner, but the sheer number of accounts operating from outside of the United States makes it clear that not all of these are simply proxy locations. Furthermore, some of these accounts had listed their locations as being within the U.S., and some were operating with usernames such as (@)American despite being operated from overseas. As X Product Chief Nikita Bier explained, if an account claims to be from a U.S. location but the data shows it’s based overseas, that discrepancy is a red flag suggesting the account “might have another agenda.”
While location-based discrepancies were found among all types of accounts, the most noticeable and largest group of accounts revealed to be operating from overseas were those reporting to be Trump fans, many of whom described themselves as “Patriots” who champion “America First” politics. For instance, a prominent account called “MAGA NATION” (with 392,000+ followers) turned out to be posting from Eastern Europe, not America. Other examples include “Dark MAGA” (15,000 followers, based in Thailand), “MAGA Scope” (51,000 followers, based in Nigeria), and an “America First” account (67,000 followers) run from Bangladesh. Other large political, crypto, and even public health influencer accounts claiming U.S. roots — many of which are also MAGA-aligned — are similarly being outed with locations traced to countries like India, Nigeria, and elsewhere. In each case, an account that gave every impression of being an American political participant — complaining about gas prices or vaccine mandates, cheering or mocking candidates, reacting to debates, and posting memes about things like the border or inflation — was run by someone who isn’t even in America.
The exposure of foreign-run political accounts on X immediately calls to mind covert influence operations of the past – most notably, Russia’s meddling in the 2016 U.S. election. In 2016, Russia’s Internet Research Agency (IRA) infamously created countless fake social media personas impersonating Americans to sow discord and denigrate Hillary Clinton/boost Trump’s candidacy. According to the Mueller investigation’s conclusions and U.S. intelligence findings, these operatives “posed as U.S. persons…operated social media pages and groups designed to attract U.S. audiences…[and] falsely claimed to be controlled by U.S. activists when, in fact, they were controlled by [foreign actors].” Their strategy included using stolen identities and pretending to be grassroots American voices, all to infiltrate online communities and influence political opinion. By mid-2016 the IRA’s campaign explicitly focused on boosting Trump and disparaging Hillary Clinton, under orders from the Kremlin.
The pattern now emerging on X suggests history may be repeating itself, albeit likely with new actors and technologies. Or perhaps even more likely, these types of tactics never actually stopped in the first place. Covert foreign influence via social media remained a live threat in the run-up to the 2024 presidential election. In fact, investigative reporting by CNN in 2024 uncovered a campaign on X aimed at bolstering Trump’s candidacy – a network of at least 60 fake pro-Trump accounts using profile photos stolen from real women in Europe. These fake personas, posing as enthusiastic American Trump supporters, told U.S. voters to “vote for Trump in 2024” while the actual women depicted (from countries like Denmark, the Netherlands, and even Russia) had no idea their images were being misused.
The discovery — likely the most sweeping public exposure of covert foreign activity on a major platform since the revelations about Russia in 2016 — raises serious concerns about covert foreign influence in U.S. political discourse.
The geographic spread of the exposed accounts hints at a variety of possible culprits and motives. Some accounts originate in countries historically linked to disinformation targeting the U.S. (e.g. Russia or Eastern European locales) while others come from places like Nigeria, India, Thailand, or Kenya with no obvious state sponsor. This suggests we could be seeing multiple layers of foreign influence: both state-sponsored influence operations (Russia and others) trying to sway U.S. politics, as well as a cottage industry of opportunists and trolls for hire globally who exploit U.S. political tribalism for clout or profit. In 2016, for example, not only did Russian agents interfere, but so did independent foreign scammers – notably the notorious “Macedonian fake news farms” where teenagers churned out pro-Trump disinformation simply because it drew huge web traffic and ad revenue. Today’s foreign MAGA accounts could likewise be profit-driven grifters – people pretending to be patriotic Americans while actually just racking up followers and perhaps soliciting donations or earning X’s ad-share payouts from viral content.
The discovery that a significant number of political accounts – especially in the pro-Trump/MAGA sphere – are operated from abroad carries far-reaching implications. It validates warnings that covert foreign influence on social media did not end with 2016, but is an ongoing challenge to U.S. democracy and societal cohesion. The immediate impact is a jolt of awareness: both the public and policymakers can now see concrete examples of how outsiders try to shape American political conversations from afar. This awareness, thanks to X’s transparency feature, is a double-edged sword. On the one hand, it empowers users and authorities to identify and possibly neutralize foreign propaganda by calling it out and removing its mask of authenticity. On the other hand, it injects a new layer of skepticism and accusation into political discourse – people may reflexively dismiss opposing views as “just foreign bots,” and genuine activists might find themselves under suspicion if their location isn’t easily verified.
Moving forward, we’ll likely see a re-examination of how much credence we give to social media as a barometer of public opinion. Lawmakers, campaigners, and journalists will need to vet online trends more carefully (e.g. check if a trending political hashtag is heavily driven by accounts from overseas). The platform implications for X are significant as well: X must decide whether it will actively clamp down on these foreign-run accounts or simply inform users and leave the content up. Its reputation as a platform for healthy political dialogue is on the line; too much manipulation could drive users to alternatives or invite regulatory backlash.
As for the rest of us, the implications are similar to those following the 2016 Russian campaign: we’re still under attack and likely have been this whole time.
I’ll return with a more detailed analysis of these revelations soon, so stay tuned.
Read the original article
Comments
Unfortunately, it requires 3 clicks ("account" -> "join date" -> "about account") to get the required information.
It should be visible on the post itself: where it was posted from, and where the author's account is mostly located. Just 2 little chips stuck on top of each and every post.
It wouldn't be difficult to include a little "" icon on each post that, when hovered, shows probable location or the creation origin. It's true that VPN's will often muddy this info, and even things like phone number confirmation for 2FA or billing address for Verified badges can't be 100% reliable... but it shouldn't be too difficult to say in those cases "User likely masking location" if the pattern is detected.
The largest effect is that X suddenly (out of nowhere?) started to mention this, publicly. Which, given mr. Musk's political stance (who himself has been the target of a campaign, likely from mr. Putin), wasn't intended to have this effect.
If you were to share this information publicly from the start, the troll/propagandist/agent would know this information is being shared as-is from the start, and they could adapt. Very likely they would adapt. Therefore, the effect would be much less severe.
It is also very obviously PII, which would hurt innocent people (likely a minority but I can imagine it happening).
My take: intelligence agencies were already interested in said information and mr. Musk was like "whatever, we'll just share this with everyone".
By ecommerceguy 2025-11-2416:491 reply Yes, X is the new /pol.
How many of these accounts are Russian? I bet hardly any. My money is mostly from a small country in the middle east.
By koiueo 2025-11-2417:18 How much money are we talking?
russians been interfering with other countries through all possible channels for decades.
They integrated with every single Ukrainian election (including the most recent one in 2019), they tried hijacking (with various success) elections in Romania, Moldova, Lithuania, Czech Republic, Estonia, etc..
This includes radio, tv, printed periodics, social networks, even popular music, movies, tv series and books...
So how much are you willing to bet that this time it's definitely not russians?
By space_ghost 2025-11-2416:254 reply Followed immediately by these groups making VPNs a standard part of their toolkit. This data is enlightening but its reveal doesn't solve the problem.
Twitter can require verification on their end or require ID upload or something along those lines. The social media companies can solve this problem, it’s just way too profitable to not. They make a lot of money when you read about non-existent events from an account curated in China or India or Belarus and then go look at a bunch of ads for Patriot Bars (R) or Rainbow socks (L) or whatever.
They could by default for example require an identification of some sort, and then allow “non-ID” accounts to exist but require specific opt-in to view broadly or something along those lines.
More easily though you can just delete your account and then you don’t have to care about any of this crap.
There's already pretty sophisticated setups to get fake live ID verifications where it's already a cat and mouse game between the tools to verify and the tools faking live verifications (sometimes including just scamming people into acting as the 'user' for verification). Ideally I'd also not have to provide my ID for yet another inane service and risk that ID getting leaked as seems to be inevitable.
Yea that’s fair. I guess the easy/best solution is to just not use the product in that case.
But I’d be in favor of even an in-person verification system though the costs to do that would be unpalatable but I guess you could stand up a 3rd party to do that. Maybe there are better solutions out there that I’m not thinking of. I do know it’s very much against what the larger social media companies would want though because they actively want you to be outraged and misinformed since they make a lot of money off of that.
By rtkwe 2025-11-2418:04 I wish they had included it as part of the RealID system. It would have been pretty easy to make them smart cards that could use simple public private key tech to verify IDs. Private keys go into the cards and public keys get registered with the state agency issuing the IDs. It's not perfect but it'd at least be a pseudonymous way to verify ID possession.
By pluralmonad 2025-11-2417:34 I've recently (last several years) started framing my use/consideration of services and products as a dependency. I find myself arriving at "I'd rather go without than depend on xyz" quite often.
By bequanna 2025-11-2416:37 It seems like they are using a more sophisticated way to determine location (App Store download county, etc) not just IP.
By luxuryballs 2025-11-2416:36 yeah it needs to be robust enough to keep a trail so it can detect leaks and predict, and perhaps eventually identify vpn nodes, like Reddit will often block my request when I’m on VPN so there may be a way to smartly disregard certain requests from being counted as the true location, this seems really complicated the more I think about it though
By shanev 2025-11-2418:44 I built a little Chrome extension that shows the flag for where the account is based in on the profile page itself: https://grokify.app.
By insin 2025-11-2417:35 I'm thinking of adding it next to the Tweet source when you focus a Tweet:
https://twitter.com/ControlPanelFT/status/199301008332080747...
By chuckreynolds 2025-11-2416:47 they really should. i thought they'd have a flag on the actual profile.
In the old days 'where it was posted from' used to be displayed on tweets, and Elon intentionally changed it to 'Earth'. Interesting to see a backpedal here, albeit concealed.
By ancorevard 2025-11-2416:422 reply This is incorrect.
The old Twitter and its API had "source" field which showed the client app a tweet was sent from.
{ "created_at": "Mon Nov 20 12:34:56 +0000 2023", "id_str": "1726578932412345678", "full_text": "Example tweet", "source": "<a href=\"http://twitter.com/download/iphone\" rel=\"nofollow\">Twitter for iPhone</a>", ... }
If you had access to the twitter feed (and I did at one point, as our company got the firehose from Twitter), it showed the Lat/Long of where it was posted from IIRC.
I still remember looking at that tweet when the helos went in for OBL, from someone in Abottabad PK, saying something like "helicopters hovering at 2AM... this is a rare occurrence" (or something like that).
By ancorevard 2025-11-2417:16 You can still opt in today to tag your location in a post, that never changed.
By insin 2025-11-2417:15 It's still there, they just stopped showing it in the UI. If you poke about in the React state of the Twitter UI, you can see it in the `tweets` entity cache (everything else is still Twitter under the hood too).
By jsheard 2025-11-2416:40 Didn't that show the client the user posted from, not their location? Which was mostly useless anyway after they all but killed the API.
Absolutely wild that this isn't bigger news. This should be the front page of every major news network.
By phantasmish 2025-11-2416:172 reply It’s widely known and reported this is happening. I guess this might get the message to people in the back who aren’t paying attention… but given we’ve had most of a decade of off-and-on coverage of this, anyone left is probably unreachable, and a bunch of them have been primed to ignore this exact sort of headline as “fake news”.
By morkalork 2025-11-2420:10 There was that whole Russian operation paying blogs, influencers and other alt-media personalities in the run up to the election that was investigated. Nothing came of it and no one cared. I lost all faith in anyone being reasonable at that point. People want to hear what they want to hear, you can tell about how it's a psyops all you want, they still don't care.
>It’s widely known and reported this is happening.
I am not sure it's "widely known and reported" that the official Twitter account for the Department of Homeland Security was created in, and is run from, Israel.
By Aarostotle 2025-11-2416:342 reply Given the sibling comment here, I am wondering if you’ve fallen for a fake screenshot. I hope you did not make this up.
Yeah that DHS screenshot is fake. If you boost the exposure there's conspicuous gaps in the JPEG artifacts around the fields where they were edited.
They would have got away with it if they just used Inspect Element!
Are you sure?
https://x.com/DHSgov/status/1992314672436175055
---
Head of Product at X also changed narratives in real-time, going from "this was never shown" for gray accounts like the DHS', to saying the feature was disabled due to incorrect information from IP ranges changing over time - when you're literally just checking their first IP check-in:
https://x.com/lporiginalg/status/1992385445024665655
---
And there was, to everyone's credit, DOZENS of X threads of people torture-testing their browser recordings to confirm whether the information was legit or not:
https://x.com/AdameMedia/status/1992331293212963080
---
Make your own decisions, but that's what I took from the situation.
> Are you sure?
I'm sure that the screenshot going around shows signs of being edited, I checked that myself. For the rest, I have no idea.
By HaZeust 2025-11-2420:13 Maybe THAT screenshot was, but it's not looking good that the information in that screenshot (doctored or not) wasn't exposed.
Also fotoforensics is irrelevant, take a screenshot of an X account's information and you see those black bars. Why would they doctor the "@DHSgov" username otherwise lol?
The same head of product quoted in the sib comment admits that "for a small set of accounts the location data was incorrect". Given what we know about Twitter's relationship with the government and this administration in particular, you're simply left to do with that information what you will.
I personally do not trust Twitter, or the government, very much. I also would not be surprised if some government accounts were created at various embassies around the world or through strategic VPN networks, or if general business is conducted through a darknet-like node system which includes allied endpoints. To me those are more plausible.
By JumpCrisscross 2025-11-2416:47 > I personally do not trust Twitter, or the government, very much
Then don’t conclude—much less spread as “known”—foreign interference from Twitter/X’s purported location data about the government.
By redindian75 2025-11-2416:27 after it was reported/recorded, X "fixed" it by making .gov accounts untrackable. So now it doesnt show Israel anymore (and MAGA accounts now have an opportunity to scream fake news)
By harrisonjackson 2025-11-2416:242 reply https://x.com/nikitabier/status/1992382852328255743?s=20
> This is fake news. Location was not available on any gray check account at any point. Furthermore, the DHS has only shown IPs from the United States since account creation.
- head of product @x
Not to discount the impact of foreign powers over social media but maybe don't spread this misinformation.
Does this make the fact that it showed as Israel, was disabled, and is now "corrected", mean that this feature is good or bad?
Either we can trust all location data all the time, or we can trust none of it. We cannot expect Nikita Bier to swoop in on every suspicious tweet and try to educate us on IP range changes and DNS glitches or whatever.
Furthermore is it more likely that a small set of special accounts seemingly never collected location data on signup, or that for a small number of accounts X simply modified that data post-hoc?
> the fact that it showed as Israel
Please re-read. That never happened.
It may have happened. There are already many users saying their "created in" locations were incorrect. Thus the rest of my comment: trust is binary. We can either be 100% certain the data is correct, or we must assume it is never correct.
By JumpCrisscross 2025-11-2416:52 > trust is binary. We can either be 100% certain the data is correct, or we must assume it is never correct
You’re mixing up trust and faith.
By blitzar 2025-11-2416:37 Blink twice if you are in danger.
By rtkwe 2025-11-2416:56 It's been known for a while this is just verification. Accounts give themselves away all the time accidentally through phrases or tells. eg: A tweet from an account claiming to be from the US talking about Texas succession that mentions 'warm water ports', very few people care or think about that because all the ports on the continental US don't freeze over in the winter. (In fact very few countries do because most have as many warm water ports as they need, one of the few with significant issues with this is... Russia)
By yetihehe 2025-11-2416:18 No one likes to be the bad messenger saying to Americans that they were fooled and all that hatred against their opponents (opposite party) was actually induced, not born out of their own superiority.
It’s going to get flagged off of HN front page within the hour like it did the last two times someone posted about it
By yetihehe 2025-11-2417:23 It already disappeared from front page. Your comment was 45 minutes old when I was writing this.
By ALittleSlow 2025-11-2417:06 Tall tale signs of a foreign influence campaign cover up, watch your 6
By jorisboris 2025-11-2419:361 reply Why, does it breach any rules?
By an0malous 2025-11-2421:09 It doesn't violate any rules as far as I can tell. Why do certain topics get predictably flagged when they don't breach any rules? I don't know, that's a good question for the admins
Why?
Govs doing influence campaigns was admitted during the twitter files [1]. While it's the US-relationship, Twitter is a global company so they're going to have other country relationships.
[1]: https://en.wikipedia.org/wiki/Twitter_Files#Nos._8%E2%80%939...
First, the government wasn't doing influence campaigns, and the "Twitter Files" had all been reported before, it was just a PR campaign for Musk to try to lessen trust among the populace.
Second, this is about foreign influence driving a lot of the self-destructive politics in the US. Right now the US is going through economic and political destruction a lot like Brexit, and it should be no surprise that it's being lead by those outside of the US who want to make the US weaker.
> First, the government wasn't doing influence campaigns, and the "Twitter Files" had all been reported before
My guy, there's like 40 words between my post and the source try reading them. They were doing influence campaigns ...
> [1] documents that showed the Twitter Site Integrity Team whitelisted accounts from United States Central Command (CENTCOM) used to run online influence campaigns in other countries
By bigyabai 2025-11-2421:55 How does that relate to covert influence networks targeting the US?
By simonw 2025-11-2416:45 I doubt most of this is foreign government influence campaigns. I think it's more that Twitter will pay you to post clickbait, and if you are in Africa or many parts of Asia the amount you can earn is significant.
There was some great reporting about Macedonian teenagers doing this kind of thing back in 2016 - https://www.nbcnews.com/news/world/fake-news-how-partying-ma... - it was actually the origin of the term "fake news" before Trump redefined it to mean any mainstream media coverage that he didn't like.
By hn1986 2025-11-2419:11 this isn't surprising. as the article mentions, this has been going on since at least 2016. You can expect influence campaigns to be on every social network and comment section.
The problem is that these companies do nothing about this.
They (major news networks) are owned by Trump friendlies (Bezos/WaPo, Soon-Shiong/LAT, etc.) or they are afraid of Trump’s influence.
By inglor_cz 2025-11-2421:13 If MAGA does not care, Trump won't care either, and I cannot imagine MAGA caring.
By mschuster91 2025-11-2416:30 Don't know why you're being downvoted. Ever since Trump first silenced critics by abusing the authority of his office (or threatening to do so), it is painfully obvious how many large media houses shy away from all-too-blatant reporting.
By postflopclarity 2025-11-2416:25 I mean it's been pretty obvious for a while...
the people who would care already knew about this. the people who didn't know about this don't care (or are in denial).
By numpad0 2025-11-2416:19 Musk's like a transparent kid these days. Anything he touches seem to disappear from media - there is such thing as bad publicity after all, I guess.
By JumpCrisscross 2025-11-2416:46 > wild that this isn't bigger news
Give it time.
So far, we only know that X’s “About This Account” feature says a number of accounts, “the most noticeable and largest group” being “those reporting to be Trump fans,” are from suspicious locations.
We don’t know if X fucked up. We don’t know what fraction are via VPN. We don’t know if this Substack author is considering a biased sample. It may be individual profiteers. It could be one, or multiple, coördinated campaigns. X may be complicit or clueless.
I’d be surprised if serious journalists aren’t tasked on this. But it’s going to need to be one of the papers with investigative resources, i.e. ones with paying subscribers, and I’m not seeing anything here that screams this should be a top priority right now versus any time between now and the midterms, nor that it will be remotely easy doing the needed verifications.
(That said, the premise is incorrect. In limited cases, it’s gaining traction [1].)
[1] https://www.theatlantic.com/technology/2025/11/x-about-this-...
By NuclearPM 2025-11-2416:55 Hard to compete with leaders being accused of raping, corruption, and and calling for execution of political opponents for newsworthiness.
By Fricken 2025-11-2416:48 We've known of foreign influence campaigns targeting Americans on social media for a long time. A significant number of HN users have a vested interest in pretending it isn't the case. Some of them are making money off it. Others are too proud to entertain the notion that they might be the gullible victims of rage-bait and disinformation. Posts on the subject usually gets flagged pretty quick, but it's getting harder to ignore the truth.
By overrun11 2025-11-2417:16 That people from third world countries are making slop political accounts to make money? Hardly a news story at all
By specialist 2025-11-2418:02 No surprise to us geeks, of course. "On the Internet, nobody knows you're a dog" and all that.
The big surprise (disappointment) to me was witnessing how "do your own research" looks in practice.
There's something about media that bypasses most adult's innate skepticism. Like if I told some stranger (IRL) that saffron cures baldness, they'd be all GTFO. But hear it from a talk show host or read it on Facebook, well shit, it must be true.- Type in some search terms. - Open handful of the top hits. - Believe everything. - Even the obvious scams & ads.Most of this, to some degree, has been well established for a while.
American Republicans have relied heavily on foreign interference to achieve their goals. From social media manipulation to laundering illegal political bribes, Republicans have been doing it.
By jrm4 2025-11-2416:18 100%, but the clear proof afforded by Elon should be the opportunity to really put it out there.
By baklavaEmperor 2025-11-2417:341 reply If people are concerned about foreign interference, it’s worth noting that Twitter’s ID-verification pipeline runs through AU10TIX. The company is founded in Tel aviv by an ex Israeli military person and maintains core operations and engineering in Israel, which is where part of the verification flow is processed. That creates a direct data-flow path for sensitive government IDs outside the U.S. for no real reason, and most users have no idea this is happening. I do not want a foreign government to have access to the address of all American verified users on Twitter.
You'll need to be more specific. Every adult in Israel is ex-military since they have a mandatory draft. The exception is draft dodgers. FWIW, notably orthodox Jews are among those.
By baklavaEmperor 2025-11-2417:551 reply Mandatory service isn’t the point. The issue is that a foreign jurisdiction with a tight intelligence industry overlap is processing U.S. government IDs. especially for something like X/Twitter where verified accounts include journalists, activists, and government officials. There are many alternatives located in the US.
By Fnoord 2025-11-2419:39 If that isn't the point, why mention they are ex-military? Mentioning they're located in Israel ('foreign jurisdiction with a tight intelligence industry overlap') would suffice.
