Why Is Elon Musk Sending Our Biometric Data to Israel?
The Dangerous Truth Behind X’s Verification Scheme
Why should your biometric data be sent to Israel just to use X?
That is the question millions of users are now facing as X (formerly Twitter) demands a selfie and a government-issued ID for its latest verification process. This data is then handed over to AU10TIX, an Israeli firm with deep roots in the country’s intelligence and surveillance sectors. Is this really about safety, or are we sleepwalking into a new era of digital surveillance?
Whose Security? Whose Risk?
X claims this move is about “preventing impersonation” and making the platform safer. But critics argue the risks to user privacy far outweigh any supposed benefits. Why should a social media company collect and export sensitive biometric data, your face, your ID, your identity, to a foreign company in a country known for pervasive surveillance and rights abuses?
AU10TIX, the company handling your data, was founded by former Shin Bet intelligence officers and has a history of building systems for airport and border surveillance. Digital rights advocates warn that this background is not just a footnote; it is a red flag. What guarantees do users have that their personal data will not be accessed by Israeli intelligence agencies or used for purposes far beyond simple verification?
No Transparency, No Answers
Neither X nor AU10TIX has publicly addressed these concerns, despite repeated calls for transparency from privacy campaigners and journalists. Users are expected to trust that their most sensitive information will be safe, even as past examples like the misuse of Pegasus spyware by other Israeli firms show how surveillance tech can be weaponized against activists, journalists, and ordinary citizens.
How X’s ID Verification Process Works
Step 1: Submission of Documents
Users are prompted to upload a clear photo of a government-issued ID and take a real-time selfie.
Step 2: Third-Party Processing
These images are sent to Au10tix, an Israeli identity verification company headquartered at 5 Hanagar Street, Hod Hasharon. Au10tix uses facial recognition technology to match the selfie with the photo on the ID, confirming that the account belongs to a real person.
Step 3: Data Handling and Retention
Au10tix and X extract biometric data (face data) and information from the ID. These images and extracted data are stored for up to 30 days before being deleted. The process is not available in the EU, EEA, or UK due to strict data protection laws.
Step 4: Verification Outcome
Once verified, users receive an identity badge and may gain access to exclusive features like prioritized support and ad revenue sharing. The verification label is not an endorsement by X but confirms the account holder’s identity.
Where the Data Goes and Who Handles It
All submitted biometric data is sent to Au10tix’s headquarters in Hod Hasharon, Israel. The data is processed by Au10tix’s in-house identity verification team, using proprietary biometric and document analysis systems. The process involves automated extraction and matching of biometric data, as well as validation checks for document authenticity and liveness. While key executives oversee operations, the actual data processing is handled by technical staff and automated systems.
Who Runs Au10tix?
Yair Tal, CEO
Appointed in April 2025, Yair Tal brings over 20 years of leadership experience in payments, fintech, and localization services. Before joining Au10tix, he was CEO of BLEND, a global AI localization firm, and spent 13 years at Payoneer as Senior Vice President and Head of Enterprise. Tal is focused on advancing Au10tix’s machine learning capabilities and driving global growth.Dan Yerushalmi, Former CEO
Dan Yerushalmi led Au10tix prior to April 2025, bringing expertise in cybersecurity, banking, and fintech. He was previously Chief Revenue and Customer Officer at Check Point Software Technologies and CTO/COO at Leumi Bank.Ron Atzmon, Chairman
Ron Atzmon is the longstanding chairman of Au10tix and has overseen the company’s evolution from its origins in airport and border control screening technology to its current status as a global leader in automated identity verification.
About Au10tix
Au10tix is a global identity intelligence company that provides automated solutions to verify and link physical and digital identities. Their technology delivers results in less than 8 seconds, enabling businesses to onboard customers quickly while preventing fraud and meeting compliance requirements. Au10tix is a subsidiary of ICTS International N.V. and serves major global brands in finance, travel, and technology.
The Security and Privacy Backlash
A Major Security Breach
One of the most alarming issues is a major security breach at Au10tix that exposed sensitive user data for over a year. Between late 2022 and mid-2024, administrative credentials were left exposed online, allowing unauthorized access to a logging platform containing names, birth dates, nationalities, ID numbers, and images of identity documents, including facial scans and selfies. These credentials were publicly available for months, and the breach potentially affected millions of users from platforms like X, TikTok, Uber, and Coinbase. Critics argue that such lapses can lead to identity theft, financial fraud, and the misuse of biometric data, highlighting the real-world risks of entrusting sensitive information to third-party processors.
Ties to Intelligence and Surveillance
Privacy advocates and digital rights campaigners are deeply concerned about Au10tix’s origins and leadership. The company was founded by former members of Israel’s Shin Bet intelligence service and has a history of developing surveillance and identity verification systems for airports and border controls. Activists warn that this background raises the risk of user data being accessed or misused by entities with a history of surveillance and rights abuses, particularly in politically sensitive contexts. They stress that the partnership could fortify and weaponize our digital realms, especially for vulnerable groups such as journalists and activists.
Lack of Transparency
Another major criticism is the lack of transparency and accountability. Campaigners urge X to be open about how biometric data is handled and to provide clear assurances that user information will not be misused or accessed without consent. The combination of a recent data breach and the company’s intelligence ties has fueled calls for stronger safeguards and independent oversight to protect user privacy.
A Pattern of Surveillance
This is not an isolated case. Israel’s tech sector is a global leader in surveillance, and its tools have been used to monitor, track, and target vulnerable groups worldwide, from Palestinians under occupation to dissidents abroad. Critics say that by sending your data to AU10TIX, you could be fortifying and weaponizing our digital realms, whether you realize it or not.
Who Benefits?
If verification is about trust, why is X asking users to trust a company with such a controversial pedigree? Why is there no independent oversight, no meaningful way to opt out, and no clear explanation of how your data will be used or who might ultimately have access to it?
The Bottom Line
Before you upload your ID and selfie, ask yourself: Why should my biometric data be sent to Israel? Who is really being protected here, and at what cost to my privacy and rights?
The sentiment inspector is aware.
Thanks for restacking. :)