Elon Musk's acquisition of Twitter and the subsequent announcements of sweeping policy changes on a range of matters has brought much turbulence in the platform's community of users, and many of them are already migrating to the visually and functionally similar Mastodon.
Mastodon was designed as analogous to Twitter, featuring micro-blogging options, hashtags, mentions, and the equivalent of tweets, named “toots”.
Contrary to Twitter, Mastodon is an open-source, decentralized social networking platform, meaning it's not centrally owned, managed, or operated by a single business entity or individual.
Moreover, Mastodon is free of ads, so there's no profiling and tracking algorithm to log what each user likes to click on and what content has higher engagement so that personalized ads are served.
All “toots” are posted in a timeline-based feed, so there are no bias or promotion algorithms, and the ground for orchestrated misinformation isn't fertile.
In theory, Mastodon's design sounds great, but in reality, there are some privacy blind spots that users interested in making the leap should keep in mind.
How Mastodon Works
Mastodon's decentralized nature relies on servers run by volunteers, called “Mastodon Instances”.
New users joining the platform must select one of these servers, to begin with, based on the interests, location, theme, and other factors like moderation policies that make each of the instances unique.
Users can still interact with others who access Mastodon via different instances, using the “Federated” option, and later switch to a different server if they like.
Can you trust the server?
Mastodon has a clear privacy policy explaining that the only user data collected by the platform are things that help in moderation and functionality, with the most intruding being:
- email address
- IP address
- browser metadata
The actual privacy risks lie in the operator of the server, who can view a lot more sensitive information, like direct messages users exchange on Mastodon.
Because these messages aren't end-to-end encrypted, the server owner can read everything in plaintext.
For this reason, Mastodon officially suggests that users do not share any sensitive information on the platform.
Please keep in mind that the operators of the server and any receiving server may view such messages, and that recipients may screenshot, copy or otherwise re-share them. Do not share any sensitive information over Mastodon.
– Mastodon Terms of Service
This is much different from what Twitter users are used to, as any leak of their private communications on the platform would hold the company accountable.
Other sensitive information Mastodon instance operators can see includes geographic location data and even account passwords.
The recent and sudden influx of new users has resulted in the opening of over a thousand new Mastodon instances in just five days, which have not been vetted in any way.
It wouldn't be far-fetched to suggest that some of these instances were only set up to collect data from people who never realized what they signed up for.
Of course, we like to believe that most new instances were created to accommodate the sudden rise in user counts. However, with great power comes great responsibility, and some instance owners may end up snooping some data along the way.
Similar risks to Tor and other decentralized projects
Some of these privacy risks with Mastodon are also similar to the privacy and security issues of the Tor network:
- Anyone can set up a Tor node and start routing user traffic and there is zero verification mechanism.
- There are numerous examples of governments and other entities running Tor nodes for the explicit purpose of data collection and de-anonymizing users.
Similarly, we also noted this situation in our guide on private search engines. With reference to the open-source and decentralized Searx project, there is an acute risk or using an instance that ends up abusing your privacy and logging your data. Searx warns users against this threat:
If someone uses a public instance, they have to trust the administrator of that instance. This means that the user of the public instance does not know whether their requests are logged, aggregated and sent or sold to a third party.
– Searx Github page
Be careful with the information you send through unverified instances.
Conclusion: What you can do
If you're planning to join Mastodon, don't let the privacy risks hold you back, but rather bear them in mind and treat everything on the platform as public data.
You can use a VPN to obfuscate your true location and IP address from the instance operator.
Additionally, you can use a locked-down secure browser that is hardened against browser fingerprinting to mitigate the browser metadata that is exposed.
Finally, if you do have sensitive information that you need to share with others, you can consider using other tools, such as:
- Secure messaging services like Signal, Wickr, Wire, and Threema
- Secure email with encryption options
Mastodon is far from perfect when it comes to privacy protection, but as communities grow bigger and stronger, a more robust approach may be crafted by its decision-makers.
Mighty Mouse
Sven Sir EU is planning to Ban i.e. outlaw encryption. UK is also planning the same. What will happen now? What are your views? Does that means VPNs will also be outlawe?
Sven Taylor
Well fortunately, over the years, there’s lots of talk and bluster, but little tangible action. It may be a situation like we saw in Australia a few years ago where governments demand access to encrypted communication, but I don’t see any outright bans happening.
BoBeX
Hi RP,
Great article!
I have the peaceful and blissful existence of not using any social media.
This doesn’t suit everyone’s needs, and this advise is fantastic.
I imagine many people are using the service with out knowing the risks.
As stated in the article, ere Mastodon has been clear in there privacy policy.
The sound like a respectable project. I wonder why they haven’t implemented end-to-end encryption?