Shine a light on tech’s hidden impacts. Triple your donation.
Skip navigation

The Breakdown

We Joined Mastodon. Here’s What We Learned About Privacy and Security

As Elon Musk sends Twitter into chaos, we’re sharing what we picked up about Mastodon as we selected a server

In this photo illustration, Mastodon app homepage is seen displayed on a mobile phone screen.
Davide Bonaldo/SOPA Images/LightRocket via Getty Images

Many of us at The Markup are active Twitter users who are witnessing a platform that has been such an important part of journalism descend into what Elon Musk might call a “rapid unscheduled disassembly.”

The chaos of late sparked a migration of sorts, as some Twitter users have sought out a new home on Mastodon, an ad-free, “decentralized,” open social platform that launched in 2016.

We wanted to share what we’ve learned about the privacy, security, and culture of this platform as we parse these dynamics ourselves in real time.  

If you’ve been considering signing up for Mastodon, here are some things we have been thinking about as we take the leap: 

↩︎ link

Privacy

↩︎ link

The server, or “instance,” you choose affects your privacy and what rules you’re asked to follow

When setting up an account, users need to choose an “instance.” Your instance will be reflected in your username similarly to how an email address reveals its email provider (i.e., yourname@gmail.com or yourname@proton.me). Unlike email, on Mastodon you can move to another instance and take your followers with you, but it is possible your username won’t be available. Also, you should engage in some due diligence before picking the instance you will join. 

One of the most interesting aspects of Mastodon’s distributed design is that anyone with  intermediate technical skills (such as setting up servers or working with command line tools) can launch a server and host their own instance of Mastodon. The server software (which runs each instance) is open source and designed to be self-hosted. Mastodon does not set the community rules or privacy policies for the entire platform, but Mastodon’s parent nonprofit organization does maintain a directory of servers that have all agreed to a baseline set of policies known as the “Mastodon Server Covenant,” which, in part, requires “active moderation against racism, sexism, homophobia and transphobia.”

Each instance has its own policies to define its community, including the default language, content moderation standards, topics, and general house rules. The administrators of your instance will have a lot of control over your content and your account, so depending upon how you are planning on using Mastodon, this choice matters a lot. Specifics around what types of behavior are considered abusive, how rules are enforced, whether the instances stall new membership, and conflict resolution among individual accounts vary among instances. You can find the contact information for who runs each server and the rules on the server’s “About” page. (Here’s the About page for mastodon.social, the server that is run by the nonprofit organization behind Mastodon.) 

You can change your follower settings and whether you want a post to be public or private. There is no way to retroactively make past public posts private, but you can always delete—or auto-delete—any of your past posts. Even if your account is currently “locked,” which means you must approve all follow requests, users can still view your public posts.

Admins also control which other servers are blocked from interacting with its users, which is intended to prevent harassment or spam. 

One example of an instance with more detailed policies is Friend.camp (which is currently closed to new users). Its privacy policy lays out clearly that users are putting their privacy in the hands of the server’s administrator, who promises not to look at users’ private data, noting, “You are just going to have to trust him on this.” While not all instances use such clear language, this dynamic is basically the same on all Mastodon instances. You have no guarantee that admins won’t read or adjust any aspect of your account. 

It’s worth noting here that there is more than one type of “admin” user: 

  • one at the server level with the ability to read all of the user data 
  • users with administrative privileges, who help the community run smoothly but may not  have the ability to read private user data 
↩︎ link

DMs differ significantly on Mastodon

When you are sending a direct message to another user, you need to be careful, as Mastodon differs significantly from other platforms here. 

DMs are private posts: “Direct messages” are essentially posts that are only visible to the sender and any designated recipients. Any users you mention will get tagged into the thread and gain access to the contents of that thread going forward. Unlike Twitter, there is no separate inbox for direct messages on Mastodon. So even though your direct message will only be visible to the users you specifically mention (using their handle), you will see the message on your timeline. An “@” symbol below the message will designate it as a post between users mentioned, whereas an earth icon indicates a post is in public view.

  1. Screenshot of a test message in the DM text field in Mastodon. A pink circle is over the @ icon below the text field.
  2. Screenshot of a test message in the DM text field in Mastodon. A pink circle is over the earth icon below the text field.
Left: Composing a direct message to a user. Note the “@” symbol indicating it is only visible to the mentioned users. Right: Composing a public post, which displays an earth icon, indicating visibility to all. Source: Newsie.social
Credit:

DM’ing someone on a different server allows other admins to see your DM: The privacy policy on Friend.camp warns its users about sending direct messages to users in other instances: “Any private message you send to someone on another server could be looked at by the admin of a different server.” 

Posts—DMs included—are not end-to-end encrypted by default: When you are about to message another user in Mastodon’s web interface, it warns, “Posts on Mastodon are not end-to-end encrypted. Do not share any sensitive information over Mastodon.” 

Gizmodo created a thorough guide on everything you need to know about sending DMs on Mastodon.

↩︎ link

Apps and Security

Mastodon offers two-factor authentication, and you should definitely enable it. On the Mastodon web interface, go to Preferences > Account > Two-factor Auth. You can then scan a QR code using an authentication app, such as Google Authenticator, to complete the setup. 

In addition to the platform’s own app, there are many different ways to access Mastodon on a phone via apps like Tusky and Metatext. (You can find a list of third-party apps on the Mastodon website: https://joinmastodon.org/apps.) 

You can think of the apps as different web browsers, in the same way you can view a particular webpage through the Safari, Chrome, or Firefox browser. The third-party apps have their own privacy policies and can/do collect your data for a variety of purposes (including to serve you targeted ads). Read each app’s privacy policy carefully (e.g. https://metabolist.org/privacy-policy), as the app is a party that can access your data and possibly share or sell it. 

↩︎ link

Accessibility

The iOS screen reader, VoiceOver, initially could not be used to compose new posts in Mastodon’s iOS app. On Oct. 30, Mastodon tweeted, “We’ll try to do better,” in response to a blind user who raised the issue. A subsequent update to the iOS app released on Nov. 20, appears to have fixed the problem with VoiceOver. 

Still, the Mastodon iOS app currently only allows users to listen to alt text through a screen reader and does not display the alt text. Using third-party apps such as Metatext and Husky or accessing Mastodon via a web browser are workaround solutions for now.

The Mastodon web interface includes a text box for writing accessible image descriptions. Its latest version alerts you with a nudge that reads, “no description added,” if you haven’t included alt text. The interface also offers an option to extract text from an image using optical character recognition (OCR). The Mastodon iOS app does offer computer-generated image descriptions when alt text is not included, but the results are predictably rudimentary and not a viable replacement for human-written image descriptions. If you access Mastodon via a browser, no computer-generated alt text is included.

↩︎ link

Etiquette

Mastodon, and the “fediverse” ecosystem of decentralized services that it is part of, have been around for a while now. There’s a large community of users and administrators who have spent years defining the vibe for these social spaces. Keep that in mind when learning the norms and etiquette on a platform that has some important “anti-viral” features that set it apart from its advertising-driven counterparts. For example, you can enable “slow mode” on the Mastodon web interface, which makes you click a button before more posts show up in your timeline rather than being overwhelmed by the never-ending firehose of tweets that may have kept you glued to your phone far longer than you had intended.

Your Mastodon timeline is just a reverse chronological feed of the people you follow, or the posts from people on your instance only (and not across all of Mastodon). There’s no mysterious algorithm optimized for your attention.

You should also get up to speed on the other cultural dos and don’ts on Mastodon, such as the widely used “content warning” field, which allows users to clearly label sensitive, triggering content and offers followers an opportunity to choose whether to see that content.    

↩︎ link

How We Chose Our Server

So how did The Markup choose which server it should use to join Mastodon, especially as servers for the journalism community are gaining traction? Our starting point was simple: Where are other similar newsrooms? Many have yet to take the leap, but we saw STAT, Chron, and ProPublica had chosen newsie.social. 

First, we checked out the server’s rules. Like many, it outlines standard policies against discrimination and harassment as well as misinformation. 

Second, we headed to the server’s privacy policy. The policy is fairly pared down compared to other social platforms, and that has to do with the fact that Mastodon isn’t monetizing its users’ every move. Information collected is said to be used to keep the server functioning. 

Finally, we decided to avoid communicating any sensitive information—like responding to tips—via the platform. Without end-to-end encryption, it doesn’t make sense to use Mastodon for tips, and we’ll continue to direct people to all the other ways they can share tips with us.

We ultimately felt good about the server’s policies and wanted to be in the same place as other newsrooms like ours, so we set up shop there at newsie.social/@themarkup.

For now, this account will be an experiment. We can’t say what it will look like in a few months, but we’re excited to try something new alongside our readers. Existing on social media while critiquing it has been part of what we do since day one. Mastodon will be no different. We hope to see you there: newsie.social/@themarkup.

We don't only investigate technology. We instigate change.

Your donations power our award-winning reporting and our tools. Together we can do more. Give now.

Donate Now