Contactez-nous Suivez-nous sur Twitter En francais English Language

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN



Tanium comments on the Twitter users moving to Mastodon

November 2022 by Melissa Bischoping, Endpoint Security Research Specialist at Tanium

With many Twitter users moving to Mastodon after Elon Musk’s takeover, below is a comment about the security considerations that users should have regarding Mastodon. Comment from Melissa Bischoping, Endpoint Security Research Specialist at Tanium


Mastodon has quickly emerged as the destination of choice for many who’ve opted to leave Twitter in recent weeks. This open-source, decentralized platform has many advantages and the growth in popularity will hopefully lead to additional features and functionality as the open-source platform continues to mature. That said, those joining Mastodon should not consider it a like-for-like Twitter replacement and should be aware of the unique features of the Fediverse. Each instance is managed by an administrator, who has control over the infrastructure and the software running on the servers. This means that you are placing trust in the administrators to secure and maintain their instance and trusting they will protect your account. Because many of these are small teams or individual operators without large budgets or security teams, you should not assume that any instance is secure or private. This doesn’t mean you shouldn’t use it, but it does mean you should not assume any data shared there is encrypted or protected from theft or seizure by law enforcement. Treat the Fediverse and any Mastodon instance as a place to share information, connect, and collaborate in the same way you’d do those things in person in a town square or public coffee shop. In short, don’t use Mastodon to send sensitive, personal, or private information you wouldn’t be comfortable posting publicly anyway. 


Additionally, given the potential for vulnerabilities and exploitation, follow the best practices for account management - unique passwords and multi-factor authentication. Lastly, many instances have been set up specifically for the purpose of testing security and reporting bugs and vulnerabilities, so the ethical hacking and bug hunting community can continue to contribute and improve security of the platform as its popularity grows. 




See previous articles


See next articles