Tanium comments on the Twitter users moving to Mastodon
November 2022 by Melissa Bischoping, Endpoint Security Research Specialist at Tanium
With many Twitter users moving to Mastodon after Elon Musk’s takeover, below is a comment about the security considerations that users should have regarding Mastodon. Comment from Melissa Bischoping, Endpoint Security Research Specialist at Tanium
Mastodon has quickly emerged as the destination of choice for many who’ve opted to leave Twitter in recent weeks. This open-source, decentralized platform has many advantages and the growth in popularity will hopefully lead to additional features and functionality as the open-source platform continues to mature. That said, those joining Mastodon should not consider it a like-for-like Twitter replacement and should be aware of the unique features of the Fediverse. Each instance is managed by an administrator, who has control over the infrastructure and the software running on the servers. This means that you are placing trust in the administrators to secure and maintain their instance and trusting they will protect your account. Because many of these are small teams or individual operators without large budgets or security teams, you should not assume that any instance is secure or private. This doesn’t mean you shouldn’t use it, but it does mean you should not assume any data shared there is encrypted or protected from theft or seizure by law enforcement. Treat the Fediverse and any Mastodon instance as a place to share information, connect, and collaborate in the same way you’d do those things in person in a town square or public coffee shop. In short, don’t use Mastodon to send sensitive, personal, or private information you wouldn’t be comfortable posting publicly anyway.
Additionally, given the potential for vulnerabilities and exploitation, follow the best practices for account management - unique passwords and multi-factor authentication. Lastly, many instances have been set up specifically for the purpose of testing security and reporting bugs and vulnerabilities, so the ethical hacking and bug hunting community can continue to contribute and improve security of the platform as its popularity grows.