What is Mastodon?
Mastodon is an open-source social media network people can use to set up self-hosted servers that act as their own social networks. It’s decentralized and uses microblogging features similar to what you get on X (formerly called Twitter).
Even though Mastodon doesn’t set the community rules and privacy policies for the entire platform, its parent nonprofit organization still maintains a directory of servers agreeing to a baseline set of policies dubbed the Mastodon Server Covenant. The guidelines require “active moderation against racism, sexism, homophobia, and transphobia.”
Based on the fact Mastodon resembles X, many have dubbed Mastodon the Twitter alternative. That’s why it gained a large number of users in 2022 when Elon Musk bought Twitter and made significant changes to how it works.
Mastodon first appeared in October 2016 when Eugen Rochko, a Russian-German software developer, released the beta version of the platform. He managed to fund the development through crowdfunding but also made use of a grant from the European Commission and an open-source development grant obtained from Samsung.
Rochko was largely led to develop Mastodon when he heard rumors that Peter Thiel wanted to purchase Twitter. He believed that a large social network like Twitter, which is almost a public service, shouldn’t be controlled by a US corporation.
According to Statista, Mastodon has been gaining traction, with 10.04 million registered users as of March 2023. In the wake of Musk’s acquisition of Twitter, Mastodon gained 230,000 new users in only the first week of November 2022.
How does Mastodon work?
As stated, Mastodon operates on independent instances, each of which can be considered a unique social network with its own rules and security and privacy standards. Every one of these nodes is also its own website, meaning you have to register on the one you want to use. The original Mastodon server is Mastodon.social.
Every instance is managed and operated by a team of admins and moderators, all of whom are volunteers. More often than not, the instance only has one person who does all the work. These operators have complete freedom to decide how they run their server and how and if the instance they run will interact with other instances.
This decentralization is possible because all the data and services are distributed among nodes and users instead of sitting on one centralized server or a set of interconnected ones. This makes Mastodon more protected from a typical hacker compared to other networks, though that’s not necessarily the case with every server on the platform, precisely due to their independence.
In terms of its operation, Mastodon is considered a federated social network because users of one instance can still interact with every other instance as long as they are not blocked for reasons like hate speech. This allows users to select the node they prefer based on the policies it respects.
The whole network is powered by a decentralized social networking protocol called ActivityPub, which is also implemented in services like Friendica, Kbin, Lemmy, Nextcloud, and Pixelfed.
Decentralized social networks
To understand fully how this social network operates and to answer the question “Is Mastodon safe to use?”, it is helpful to first understand the differences between centralized and decentralized social networks. Here’s a quick overview:
|Centralized social networks
|Decentralized social networks
|Control is given to a central authority
|Power is distributed across many nodes
|A central authority makes all the decisions
|Decisions are made through consensus
|Often harder to use
|A single point of failure is possible
|No single point to breach by hackers
|Bigger target for hackers
|Not often targeted by hackers
|Entirely relies on internal services
|Often depends on third-party services
|The central authority owns content
|Content is in the hands of the users
|Easily censored by central authority
|Hard to censor because it requires consensus
|More complicated to moderate under a unified set of standards
|A central authority decides the amount of privacy
|Users can have more privacy, but that depends on several factors
|Reliance on advertising
|Less reliance on ads
Is Mastodon safe?
Mastodon seems to be secure, but this only applies to the platform as a whole, not every server. As Mastodon is a fully decentralized structure, it’s not an easy target for a standard data breach, but such events can still happen on instances without proper safety precautions. An individual user can still be affected by a scam on a less secure server.
When it comes to direct and followers-only posts, they are visible only to the included users. However, it’s important to understand that this policy also depends on the server the users are coming from.
Comparison to other social media networks
Mastodon collects and stores less data than most other social media networks do, especially centralized ones like X and Facebook. Due to that, the site is less of a target for serious breaches, social engineering, identity theft, scams, and bots.
Evaluating Mastodon server choices
As you’ve already realized from how this network works, you need to be careful with the servers you join because you can easily end up choosing a Mastodon instance that’s insufficiently secure.
Even larger instances can be more prone to cyberattacks precisely because of their size, albeit to a lesser extent than centralized social media platforms that are more commonly targeted.
Still, Mastodon community security is high in most reputable instances as long as they have a proper set of rules and privacy features.
Authentication and data privacy features on Mastodon
Passwords are hashed with a one-way algorithm, and you can use the Mastodon two-factor authentication feature to secure your Mastodon account further. The system even allows the use of popular authenticator apps like Google Authenticator.
Moreover, Mastodon privacy controls are sound, with the exception of the little caveat we’ve mentioned, where server administrators may be able to access your messages and the content you post and send.
Advertising and Data Collection: Mastodon vs. Twitter
You don’t have to worry about your Mastodon privacy as much as you do on Twitter or X.
Naturally, this is only true if you use Mastodon.social and other reputable instances. Social media data collection on these instances is much lower than on X, and you have a lot more control over who sees your posts and interacts with you.
Moreover, Mastodon doesn’t rely on ads, so you’re less often bombarded with promotional content. At the same time, Mastodon doesn’t collect as much information as X does.
So, is the Mastodon app safe? Yes, it is secure, but Mastodon users need to exercise their due diligence when choosing which instances they will rely on, as each is its own website with a different set of rules.
Moreover, using Mastodon’s 2FA feature and outside services like a malware protection tool and a VPN is a good choice if you want more security. And as always, stay vigilant and smart with where, how, and with whom you share your sensitive information.
Want to read more like this?
Get the latest news and tips from NordVPN.