Diving in to Mastodon

A quick intro to Mastodon. What I've learned and what I think you should know.

There are many indications that Twitter as we know is crumbling and may be soon inundated with even more misinformation and extremist content. We’ll see.

Personally, I’m hoping it survives. I’ve had account since March 2007 and it’s been life changing both personally and professionally. So I’m not leaving it yet but I do want to take steps to try and preserve my online community. I’m not going to use Facebook or Instagram and I’m only on LinkedIn under protest so I’m left to explore an alternative called Mastodon.

Disclaimer: I’m a complete noob regarding Mastodon so this is me learning in public.

What is Mastodon?

Mastodon is a micro-blogging service, similar to Twitter, that is free and open-source. Think of it as a protocol where anyone can run an instance of the Mastodon software and it will communicate with all the other instances.

Certain communities will coalesce around servers but you can communicate with most anyone on a different Mastodon server. This is referred to as federation and is often called the fediverse.

Which server should I join?

That is not an easy question to answer. Since Mastodon is a server anyone can run then you must take great care in thinking about who is behind your mastodon instance. There are 2 things to keep in mind.

  1. You want some sense of stability. You don’t want the instance you use to disapper over night.
  2. Admins can read your direct messages (DMs). This is true on Twitter as well. Treat everything you type as public. No sensitive information in DMs.

It seems the most popular servers are mastodon.social and mastodon.cloud and Mastodon maintains a list of servers you can browse at JoinMastodon.org/servers. These servers are part of the Mastodon covenant which "promise" moderation, backups etc… A promise is better than nothing (I guess).

I’m personally using an infosec.exchange as my server. It’s run by Jerry.

One Note of Caution – Based on what I’ve read I would NOT use Tribel.

Is Mastodon secure/safe/private?

I’m not going to speak to Mastodon infrastructure/code level security rather I’ll focus on end-user security, safety, & privacy. The challenge with this question is that it can mean a variety of things, so let me attempt to answer what I think is being asked.

Q: Are you going to get hacked?

A: If you use a reputable server and enable multi-factor authentication… probably not. (Same as Twitter)

Q: Could the server admin, or threat actor that has compromised admin, takeover your account on that instance?

A: Yes (Same as Twitter)

Q: Is your private information safe there?

A: No. An admin can see anything you enter into the site. (Same as Twitter)

Q: Am I subject to abuse? or safe from extremists?

A: Probably not. I saw a friend receive a racist comment on day 1. However, there are ways to block, mute, and have private accounts. (Same as Twitter)

My Initial Impression

I like it. It works. It has some features that Twitter is missing like better toot privacy options and RSS support. Will it stick? I’m not sure but I kind of hope so. I expect it will be smaller but maybe that’s a good thing.

As tinker said,

"It feels good to not be the product"


The default Mastodon iPhone app is quiet good. I found it familiar and easy to use. There is also a really cute app called Toot!.

I tried Tootle initially but didn’t love the UI and found it hard to use.

A few things I’ve learned so far…

  • Hashtags are key: Searching for hashtags will search across all instances so you use that to find your tribe.
  • Auto-Delete: Mastodon can auto-delete old toots. This is a great feature Twitter should have provided years ago. See at https://{your.instance}/statuses_cleanup
  • User Directory: If you want to follow people, there’s a directory located at https://{your.instance}/web/directory e.g. infosec.exchange/web/directory
  • Find your Twitter community on Mastodon: fedifinder.glitch.me/ Connect your Twitter account and Mastodon account, get a spreadsheet of all your Twitter followers details on Mastodon, then import it into the Settings page – it automatically finds and adds people.
  • Cross-post to Twitter: crossposter.masto.donte.com.br

I’m sure there is much more I should share but it’s late so I’m signing off. If you have questions, suggestions, or corrections please comment below or toot me on Mastodon. (Yeah I can’t believe I had to say toot me either…) @[email protected]

More about Mastodon

Leave a Reply