An open-source software based social platform, Mastodon works on multiple decentralised servers. This is what you should know.
Social networks have long accustomed us to the idea that users love getting together and making friends. But nowadays, it seems that Facebook, Instagram, X (ex-Twitter), and TikTok have become too big for those who prefer smaller communities. For some, the alternative has been to join Mastodon.
Mastodon is an open-source software based social platform, similar to X, but decentralised. It works on multiple decentralised servers (called ‘instances’), brought together to form a single network and interact with each other. Users can select instances according to their preferences and settings, but still communicate with members from other instances. That offers better customisation and control.
It is far more complicated to use than any other social media platform, but the learning curve can be worthwhile. Bear in mind, though, that you will rarely find your friends hanging out there.
Kaspersky experts have prepared useful tips and insights on Mastodon to help users strengthen their privacy level and keep personal data secure.
What about privacy policy?
Specific privacy policies are issued for each instance. On the whole, they all contain basic clauses regarding data collection, usage, storage and security, and about sharing information with third parties. On the odd occasion, you might come across a particularly law-abiding server that mentions users’ rights to delete, amend, or do other things with collected personal data — usually these are EU servers that are subject to the GDPR.
So, let’s set up a privacy setting
- Some settings can look familiar if you’re an X user. There are several types of Mastodon accounts: public (available for everyone), unlisted (your posts are still visible to everyone, but they’re not listed on public timelines), and available only for your followers.
- It is important to note, that each server has its own privacy policy, so don’t forget to explore all details before registration. Bearing this in mind, a safe tip is to only use instances that you trust, and do not share any personal data with users that use servers that you don’t trust.
- Posts can also have three privacy levels. The ones visible to everyone, those visible to followers, and ones that only appear to users mentioned in the post.
- A good option is to establish rules and exceptions for auto-deleting posts and so that archivists can export and download the complete archive of all stored information.
- It’s also better to avoid using direct messages to transfer and share personal and any other sensitive information. Messages such as these are stored on instances as clear text. So, they are not using any specific extra encryption types like end-to-end encryption (E2EE).
What about security?
- Like all other services, Mastodon can face data leaks. Considering that, a safe option would be, first of all, to install a reliable security solution, which will detect and protect personal information in such cases. Moreover, these services also have features that can check whether your personal data was leaked or not.
- In order to avoid any phishing, it’s safer to install apps that are offered only in official stores like AppStore and Google Play.
- It is especially important to be vigilant when receiving any links for unknown websites. Such situations can lead you to get malware programs or to get redirected to a phishing service. Modern security solutions can detect possible phishing websites or malware files, so your computer and data will be safe.
“Compared to other social media platforms like X.com or Threads, Mastodon is certainly less regulated,” says Anna Larkina, web content analyst at Kaspersky. “However, there are rules that must be followed by all platform participants. As with any other online publication, users should always follow the ‘think before you post’ rule when publishing information on Mastodon.”