Mastodon security is a hot debate among new Mastodon users and those planning to move to the platform. Since Mastodon is a decentralized open-source platform, it makes people think about the security of all remote servers and apps. There are some fields where you need to be careful while using Mastodon; there are many others where you can use the right tools to check Mastodon security.
Mastodon isn’t the latest social media post; it’s been there for years. As we know, Twitter HQ and the Twitter site are going through massive changes. There are many who are annoyed by these changes, which have been responsible for an exodus of such users from Twitter to Mastodon, as it bears huge similarities to the former.
People who have switched to Mastodon and those who are almost there on the login page are concerned about the safety of Mastodon. Users report bugs, security crises and many other issues they encounter on the platform. That’s why I’m here to inform you about Mastodon’s security and measures that can help you keep your account and data safe. Let’s start.
Mastodon security threats
Mastodon is not an end-to-end encrypted platform like Facebook, Instagram, Twitter and many more. It is an open source platform. People from different fields and ranges use this platform to create their own servers (also called instances). Therefore, you need to be sure in which instance you are. Another threat is DMs. You have no control over it. Let’s talk about it in detail:
Also read How does Mastodon work: a detailed guide
Instances (also called servers) are maintained by independent administrator(s). When you create a Mastodon account, you are actually creating it within a particular server. There are plenty of servers available on Mastodon. These servers operate, to some extent, in the same way as an independent social networking site.
Since other social media platforms, for example Twitter or FB, can access and control the data uploaded to your account at any time, these instance administrators have the same power. They can delete your account at any time; they can see your account information – email ID, DOB, messages and messages.
You could argue that if Twitter, Facebook and other networks have access to our data, why should we care about these server administrators? True, but the larger and established networks and developers have some hard and fast rules, terms and legal bases. On the other hand, instance administrators are people who may not have any accreditation. I can also create a server and have people connect to my network. But am I as reliable as any bigger site?
That’s why it’s important to partake in an authentic one. Yes, they can access your data, but it’s all up to you what you want to share.
Also read How to Add a Relay to Your Instance: 4 Best Mastodon Relays
DM function is another concern for Mastodon’s safety. DMs are also tricky. People struggle with DMing on Mastodon in the first place. Then they find DMs useless too. The way DMs work on Instagram, Twitter, Facebook or other larger and established networks is completely different on Mastodon.
A post limited to a single person or two is considered a post on Mastodon. The funny and weird thing is that you can add any person to your conversation whenever you or the other person(s) in the chat want to.
Also Read Mastodon vs Discord: Which Is The Best Platform (2022)
Third Party Plugins
There are many plugins that allow you to perform various tasks on your Mastodon account. These plugins also pose a huge threat to Mastodon’s security. With these plugins you can see which of your Twitter friends has joined Mastodon. You can run many other third-party services at any time.
This security threat from Mastodon is not normal. It transfers your data to their service and it is unknown what they can do with it. There are some plugins and services that also work on good ethics.
Also read how to get verified on Mastodon: here’s the easiest guide
Tips to maintain your Mastodon safety
Since there are threats around your Mastodon account, it is good to inform you in advance. I have discussed some threats above. Let’s look at several methods to maintain Mastodon’s safety.
Creating and setting a strong password is essential. It helps your account against attackers and hackers. If you keep simple passwords, you are more likely to be hacked if you have a good following or if you are a public figure. While hackers avoid normal accounts, this is not a general rule. They can hack any account they want.
Strong passwords make it difficult for hackers to decrypt them. They leave such accounts and move on. So it is the first thing you should do. Keep your password longer, make it alphanumeric with addition of other characters and upper and lower case letters.
Avoid keeping your name, your pet’s name, date of birth, wedding anniversary, spouse’s name, and any other names and dates that can be easily guessed. Here are some examples of strong but short passwords.
1. [email protected]\^/0rd
4. [email protected]
7. [email protected])s0mE
8. [email protected]
9. [email protected]
Avoid using identical passwords for more than one account. Do not use your email ID password on your Mastodon account. Make it a habit to update your passwords regularly.
Also read How to disable animated avatar in Mastodon on iOS and Android app
2FA on Mastodon
It’s a good idea to enable 2FA on Mastodon. With Two-factor authentication (or 2FA), unauthorized persons and devices cannot access your profile unless you approve them by providing a code. After setting a strong password, 2FA improves your Mastodon security.
Setting up 2FA on Mastodon is quite easy. Follow these steps:
1: Launch the Mastodon app or login to the website.
2: To access the settings, click on the gear icon.
3: Navigate to Account settings.
4: On your smartphone, tap the burger menu symbol. Bypass these on the Internet.
5: Select Two-factor authentication.
6: Select the ESTABLISHED choice.
7: Enter your password and press the GET ON knob.
8: Scan the QR code or copy and paste the provided code into your authenticator app.
9: Copy the code produced by your Authenticator app.
10: Paste the code into the Mastodon app or website and press SWITCH.
Done! Now only you have the authority to access your account wherever you try from a new device. The login process will not continue, even if your password is known to the person accessing your account. You too cannot log into your account without providing the code produced by your authenticator app.
2FA on Mastodon is only available in apps; you cannot use your phone number to receive codes from now on. So it’s important to keep a copy of the backup codes – which you get once you click Enable while setting up 2FA – for use in an emergency or in case you can’t access your Authenticator app.
Also read How do I set Mastodon profile metadata? Here’s how to do it
Since DMs are not encrypted, keep caution while sharing your message or images with a second person. Your sender or recipient can make your private conversation public by mentioning one or more people in the chat.
Unless you trust the person, keep your DMs free of your personal information and images. Gossiping, sharing secrets and talking badly about someone should also be avoided. You may be in an awkward position if the recipient mentions that person in the chat.
DMs should therefore be used and treated as public messages.
Also Read Counter Social vs Mastodon: Which One Should You Join? (2022)
Join a reliable server
There are hundreds and thousands of servers available on Mastodon. Most of them have unknown administrators and could be Mastodon security threats. So, to keep your Mastodon security intact, join recognized and known servers or the ones you know to be safe.
Authorized bodies are listed on the website. Pick and choose one. Still, you should use the servers with care. You can change servers and switch to another Mastodon server at any time.
Also read How to invite people to Mastodon Server? 7 easy steps
You can filter Mastodon messages to maintain your Mastodon safety. The filter feature allows you to ban some words and terms that you don’t like or want to keep your kids away from because you don’t know when your kids are peeking in or accessing your phone.
Block and report
You can block someone if you think they are a Mastodon security threat. You can also report people so that Mastodon investigates and deletes them forever.
You can also report a server if you think the server is stealing your data or behaving in an anti-ethical way. You may also need to contact Mastodon for this.
Also Read How To Delete Mastodon Account In Just 6 Steps (Solved)
Mastodon itself is not responsible for the security of Mastodon, it is the third party users and instances as well as services. You must keep your personal information, images and videos to yourself. Only share them if you have complete confidence in the security of your audience, server, and account.
I hope you find this article on Mastodon safety easy and helpful. This article is part of Path of EX’s Mastodon guides and how-tos. I suggest you go through the rich help once to master the platform.