Mastodon is not the latest social media entry; it has been there for years now. As we know, Twitter HQ and the Twitter site are undergoing enormous changes. There are many who are annoyed with these changes, which accounted for an exodus of such users from Twitter to Mastodon as it has tremendous similarities with the former. People who have shifted to Mastodon and those who are almost there on the sign-up page are worried about Mastodon safety. Users report errors, safety crises, and many other issues they encounter at the platform. That is why I am here to inform you of Mastodon safety and measures that would help you keep your account and data safe. Let’s get started.

Mastodon Safety Threats

Mastodon is not an end-to-end encrypted platform like Facebook, Instagram, Twitter, and much more. It is an open-source platform. People from different fields and reaches use this platform to create their own servers (also called instances). Hence, you need to make sure which instance you are in. Another threat is DMs. You don’t have control over them. Let’s talk about them in detail: Also, read How Does Mastodon Work: A Detailed Guide

Mastodon Instances

Instances (also called servers) are maintained by independent admin(s). When you create a Mastodon account, you actually create it within a particular server. There are plenty of servers available on Mastodon. These servers work, to some extent, similarly to an independent social network site. As other social media platforms, say Twitter or FB, can access and manage the data uploaded to your account anytime, these instance admins have the same power. They can delete your account anytime; they can see your account details — email ID, DOB, posts, as well as messages. One may argue that when Twitter, Facebook, and other networks have access to our data, why should we care about these server admins? True, but the larger and established networks and developers have some set rules, terms and conditions, and legal base. On the other hand, instance admins are people who may not have any recognition in or out. I can create a server as well and let people join my network. But am I as reliable as any larger site? Hence, it is important to join an authentic instance. Yes, they can access your data, but it is all up to you what you want to share. Also, read How to Add a Relay to Your Instance: 4 Best Mastodon Relays

Mastodon DMs

DM feature is another concern for Mastodon safety. DMs are also tricky. People, in the first place, struggle with how to DM on Mastodon. Then they find DMs useless as well. The way DMs work on Instagram, Twitter, Facebook, or another larger and established networks is totally different on Mastodon. A post limited to a single person or two is deemed a message on Mastodon. The funny and weird part is that you can add any person to your conversation anytime you or the other person (s) in chat want to. Also, read Mastodon vs Discord: Which One is the Best Platform (2022)

3rd Party Plugins

There are many plugins that let you do different tasks on your Mastodon account. These plugins are also a huge Mastodon safety threat. These plugins let you find who among your Twitter friends has joined Mastodon. You can run many other 3rd Party services anytime you want. This Mastodon safety threat is not a normal one. It transfers your data to their service, and it is unknown what they can do with it. There are some plugins and services that work on good ethics as well. Also, read How to Get Verified on Mastodon: Here is the Easiest Guide

Tips To Maintain Your Mastodon Safety

As there are threats surrounding your Mastodon account, it is great to have awareness about them beforehand. I have discussed some threats above. Let’s see various methods to maintain Mastodon safety.

Strong Password

Creating and setting up a strong password is essential. It helps your account from attackers and hackers. If you keep plain passwords, it is more likely to get hacked if you have a good followership or you are a well-recognized person. Though hackers avoid normal accounts, it is not a general rule. They can hack any account they want. Strong passwords make it tough for hackers to decode them. They leave such accounts and move on. So, it is the first thing you should do. Keep your password longer, make them alphanumeric with an addition of other characters and capital and small letters. Avoid keeping your name, pet’s name, DOB, wedding anniversary, partner’s name, and all other names and dates that can be guessed easily. Here are some examples of strong but short passwords.

  1. [email protected]^/0rD
  2. *&$assw0ri)
  3. I^ssw0RI) 4. [email protected]
  4. P4ss^/0rd
  5. @pa55w0rD
  6. [email protected])s0mE 8. [email protected]
  7. [email protected] Avoid using identical passwords for more than one account. Don’t use your email ID password on your Mastodon account. Make a habit of updating your passwords on a regular basis. Also, read How to Turn Off Animated Avatar in Mastodon on iOS & Android App

2FA on Mastodon

It’s a good idea to have 2FA on Mastodon turned on. With Two-factor authentication (or 2FA), unauthorized people and devices cannot access your profile unless you approve them by giving a code. After setting up a strong password setting 2FA enhances your Mastodon safety. Setting up 2FA on Mastodon is pretty simple. Follow these steps: 1: Launch the Mastodon app or sign in to its website. 2: To access the settings, click the gear icon. 3: Navigate to Account Settings. 4: On your smartphone, tap the hamburger menu symbol. Bypass this one on the web. 5: Select Two-factor Authentication. 6: Select the SET UP option. 7: Enter your password and press the CONTINUE button. 8: Scan the QR code or copy and paste the provided code into your authenticator app. 9: Copy the code produced by your Authenticator app. 10: Paste the code into the Mastodon app or website and press ENABLE. Done! Now only you have the authority to access your account wherever you try it from a new device. The login process won’t proceed even if your password is known to the person who wants to access your account. You too cannot log in to your account without providing the code produced by your authenticator app. 2FA on Mastodon is available only on apps; you cannot use your phone number to receive codes as of now. So it is important to keep a copy of backup codes — which you will get once you hit Enable while setting up 2FA — for emergency uses or in case you don’t have access to your Authenticator app. Also, read How To Setup Mastodon Profile Metadata? Here’s How To Do It

DMs Safety

As DMs are not encrypted, you must stay cautious while sharing your message or images with a second person. Your sender or recipient can switch your private conversation to the public by mentioning a person or many inside the chat. Keep your DMs free from your personal data and images unless you trust the person. Gossiping, secret sharing, and talking badly about a person should also be avoided. You may find yourself in an awkward position if the recipient mentions that person in the chat. DMs, hence, should be used and treated like public posts. Also, read Counter Social vs Mastodon: Which One Should You Join? (2022)

Join a Trustworthy Server

There are hundreds and thousands of servers available on Mastodon. Most of them have unknown admins and can be Mastodon safety threats. Hence to keep your Mastodon safety intact, join recognized and well-known servers or the servers that you know are safe. There are authorized instances mentioned on the website. Pick and choose one of them. Still, you should use the servers carefully. You can change a server anytime you want and shift to another Mastodon server. Also, read How to Invite People to Mastodon Server? 7 Easy Steps

Filter Mastodon

You can filter Mastodon posts to maintain your Mastodon safety. Filter feature helps you ban some words and terms that you don’t like to view or you want to keep your kids away from as you don’t know when your kids peep in or access your phone.

Block and Report

You can block someone if you think they are a Mastodon safety menace. You can also report people so that Mastodon look into the matter and delete them forever. You can also report a server if you think the server is stealing your data or behaving anti-ethical. You may need to contact Mastodon for this purpose as well. Also, read How to Delete Mastodon Account in Just 6 Steps (Solved)

Wrapping Up

Mastodon in itself is not responsible for Mastodon safety, it is users and the third-party instances as well as services. You need to keep your personal data, images, and videos to yourself. Only share them if you have full confidence in your audience, server and account security. I hope you will find this article on Mastodon safety easy and helpful. This article is a part of Path of EX’s Mastodon guides and how-tos. I suggest you go through the rich aid once to master the platform.


Mastodon Safety  Protect Yourself NOW with these 6 Tips - 30Mastodon Safety  Protect Yourself NOW with these 6 Tips - 18Mastodon Safety  Protect Yourself NOW with these 6 Tips - 26Mastodon Safety  Protect Yourself NOW with these 6 Tips - 64