Illustration of a mastodon skeleton from an archive somewhere.
The Mastodon Giganteus of North America Public domain image from the Biodiversity Heritage Library

Surviving the Fediverse on a Mastodon

"Why do good things never wanna stay? Some things you lose, some things you give away." — Sleater Kinney, Good Things

Apologia: It takes me forever to start (let alone finish) a blog post anymore. And when I do it often ends up being a brain deluge. So if you're committed, settle in.

Tl;dr: Twitter was bought by a megalomaniac who seems hell bent on demolishing it to get out of a rotten business decision. A lot of users have opted to migrate over to a somewhat janky, open source decentralised social network called Mastodon.  It can be horrible, and it can also be kind of great. And it needs work by the user community themselves because there is no manager to call over to complain.

The Goods: Tools, tricks and hacks to survive in the Fediverse.

A brief eulogy for what was lost

Unless you're not on the internet (and then not reading this) you've likely already seen more news than you ever wanted to about international billionaire Bond villain Elon Musk buying Twitter. In summary: Elon troll-offered to buy the popular, money-losing, flawed but functional website on the grounds that the woke media elite were censoring the racists too much... and something weird about bots. He then failed at back-tracking when shareholders saw their golden parachutes and took it seriously. He was forced to spend $44 billion on a thing not worth half of that. He is now dedicated to destroying it as fast as possible, throwing everything he can at the effort, including the sink he brought to the office with him. Every day some fresh new hell is revealed as more workers are sacked or quit, moderation is eviscerated, advertisers flee, glitches increase, and users keep wishing one another goodbye as though there's going to be some server meltdown any day.

This is a picture of a very dead blue coloured bird.
Photo of a dead, blue-coloured bird for editorial illustrative effect. The image is released free of copyrights under Creative Commons CC0. Via

Twitter is/was not the "simple" platform many people are lately alleging it is/was. It's complex. Those who thought real-names policies or "just allow free speech" or "just show posts in chronological order" were good ideas could never really comprehend the complexity of the platform, or the many users who relied on it. They never understood how it would impact politics, social issues, war even. They didn't consider or care about how even the smallest changes to the user interface or algorithm on such a large-scale social platform could throw thousands of at-risk users under the bus within minutes. There are other blog posts about all these things that I could but realistically won't write. Other people have and probably still are. Read them. Good by hell bird site. Maybe you live another day. Maybe a few after that. But the exodus has begun. Even if you linger, you are in Myspace territory. Effectively dead. Wishing you could die.

What comes next

Enough of all that. The web is essentially a network of sand mandalas. Eventually every platform goes away. This post is about what comes next. For now, that seems to be Mastodon, and the Fediverse. It too is a volatile mess, only in different and decentralised ways. For whatever problems Twitter had that Mastodon may fix, it introduces many others. While I'm encouraging people to give it a try, I'm not a tech optimist about it. I'm the opposite of that. I'm not a luddite, but I'm a pessimist. Every piece of technology ever created is minimally dual purpose, often more than duel. Some of those other purposes are to be weapons. Developers don't usually intend for their creations to be dangerous. But they don't get to decide that, either. They can only try to mitigate the risk of it. At the end of the day, your users will show you the real purpose of what you've built. In social web development, our Dr. Frankenstein doesn't create monsters. He creates what monsters like most: Something that attracts their prey.

Wait, it's getting too dark again. Sorry, I do that. Things are good. We're going to talk about happy stuff. Free, open source, non-capitalist, community driven software, with no algorithms, no corporate incentives to commodify your data, no creepy labour law violations, and no weird crypto-fascist platform owners with cults of trolls harassing anyone who speaks up. It's all as pure as hugs and puppies or rainbows and unicorns. Or something. 

Mastodon, unlike Twitter, isn't a centralised service provider. It's free open-source software. Anyone can host their own Mastodon platform and publish content on it. They can choose to let others register on their platform to do likewise. If you run your own Mastodon, you can set your own moderation policies, your own rules for everything. Anyone on your Mastodon can also follow or interact with other users on other Mastodon platforms hosted elsewhere. This is because Mastodon runs on W3C's ActivityPub protocol. ActivityPub essentially creates a federation of websites, or the "Fediverse" as its fans call it. If you host your own Mastodon, you can choose which other Mastodons your platform federates with, limits or blocks. So, you can rule over your users, but you can't rule over users on another Mastodon. You can already possibly spot the upsides of all of this, and I'll bet you can already see some obvious downsides.

Note: Before we get much further, I want to warn you, dear reader, that while Tweeters "tweet," Mastodon users "toot." As a result, I occasionally may say something like "she tooted." It's not my fault, it's the verb for posting there. Life is trade-offs.

I created my account on Mastodon.Social back in 2017. It was neat. I saw some things in the user interface I liked, and other things that were curious, or not intuitive if you're used to a commercial service provider that pays developers a lot of money. But mostly I was only ever a light user because hardly anyone else was there. I'd left Facebook by then, had killed my Reddit account, and even back then people were thinking Twitter's days were numbered. That was due to a lot of weird decisions by Jack's Twitter. Now Elon has made a lot of Twitter users miss Jack in the way Mark's Facebook eventually made people miss Tom's Myspace. And yet they don't go back to Myspace. It's still there. Pointlessly there. We look to the past through rose-tinted glasses.

But I digress. Now people are fleeing the dying bird site, and the decentralised federation of platforms named after an extinct elephant is being resurrected with hundreds of thousands — if not millions — of joiners. In this post I want to explore how a user can survive in the Fediverse, and maybe even enjoy it. High hopes.

Here we start some notes in less of a particular order

Sorry, dear reader. I wish this section was more coherently organised but there's a reason that "blog" is a word that sounds like its definition should be "text vomit." My thoughts are as decentralised at the Fediverse. And with that...

Let's look at rules! Mastodon is decentralised, as we've already covered. This greatly reduces what I call "The Erratic billionaire Man Baby Threat." No one single egotistical maniac can easily kill the whole thing. If Twitter was a Mastodon platform, it could go nuclear, and people could (relatively) easily jettison to another one while it crashes. However, in that dictator's place, with Mastodon we can have a series of petty tyrants overseeing their own fiefdoms (and a number of benevolent chieftains, too).  Remember, every Mastodon administrator can set their own terms of use and moderation policies. The one I'm on is It is hosted and maintained by the German nonprofit, Mastodon gGmbH, which creates and oversees the open source Mastodon software itself. Check out its "About page," and look at two areas: "Server Rules," and "Moderated Servers." I have concerns about whether I should stay on this Mastodon, but we'll get to those somewhere further down your scroll bar.

Side note: Mastodon lingo uses the word "server" a lot. Most people don't really think about servers, and why would they? Essentially a server is just the computer that is delivering you a website. (Of course, it's more complicated than that, but also not really.) When you join a Mastodon, your data is on the server hosting it. Server = some other person's machine. Their house; their rules. Some people call them "instances" instead. I just call them Mastodons. I'm on a Mastodon, you're on a Mastodon, we're on Mastodons. Maybe we're on the same one, maybe not. Maybe they're federated with one another, maybe they aren't. But Mastodon is made by software engineers. This creates certain linguistic challenges and learning curves for users that don't seem necessary to me. Mastodon gGmbH should fix this. Get humans who can explain things to the other humans to name everything. Words mean things, use them correctly.

SERVER RULES: These are useful as one way of determining if a Mastodon is right for you. Looking across different ones is also educational, because you get an idea of how different they can be from one another. Server rules are often both the terms of service and moderation policies. When I think of server rules, I tend to think of firewall policies, or how port forwarding might be set up. But these Mastodon server rules are supposed to be about how humans use a particular Mastodon platform that they've joined.

There are a few different levels of penalties for bad users. Mostly it seems administrators just choose the ban hammer of "suspension", though. Also note: there's sometimes a gap between the published rules and how things really work. Mastodon doesn't solve the moderation problem; it shifts it and creates strange new quandaries. Instead of the central dictator, you have fiefdoms, some with their petty tyrants, others with inconsistent or corrupt cops, and many seemingly with no sheriff in town at all. We'll get back to that.

MODERATED SERVERS: Another useful piece of information you can find on a Mastodon's "About Page" is its list of "moderated servers." These are the other Mastodons that this Mastodon is either limiting access to or blocking. If a Mastodon admin decides they don't like how another Mastodon behaves itself, they have three options to deal with it:

  1. They can just "reject media," and then users of their Mastodon won't see any media, images or files from users of the other one, just the text data.
  2. They could "limit" activity, which means unless their users are following specific accounts, they won't see anything of the other Mastodon.
  3. Or they can suspend the other Mastodon, meaning no interactivity is possible between the two. Sort of like how a Facebook user can't follow a Twitter account. It's again, another bad naming convention. It's essentially a Mastodon blocklist.

Looking at which other Mastodons a Mastodon blocks can let you know what they don't really like to see there. With enough Mastodons blocking others, the Fediverse conceivably falls apart. This calls into question whether we really have a federation or an emerging set of disjointed Bantustans. No one wants a Bantuverse.

OTHER BITS AND PIECES: There are also other items a Mastodon administrator may want to include, mostly to keep themselves out of legal hot water, but their presence or absence can be a signal about how well it's being managed. I won't go into all the legal aspects of running a DIY social network, but from a legal perspective, anyone doing it is just as liable for what happens as a Twitter or Facebook would be. mom-and-pop shops are at a real disadvantage. For more on that, here's "A guide to potential liability pitfalls for people running a Mastodon instance." Read that. A few of key take-aways someone that wants to run their own social network that anyone can join:

  • Let your Mastodon be owned by an LLC, or some other legal entity that can take the hit for you if/when things go wrong, and have that information published on the site.
  • Have a privacy policy and other text on complying with various relevant regulations, not just in the jurisdiction where the Mastodon is hosted, but where it may be accessible (GDPR and the like). There's a privacy policy generator for that;
  • Have a DMCA Registration Number, published on your Mastodon, and a link to a take-down request form for people to report copyright violations;
  • And much, much more (really, read the above link.)
Switter logo

Jurisdiction and legislation are important factors in all this, and there's no better example of this than Switter, which was a Mastodon we could now call a central cautionary tale from the Fediverse's own secret history. Few may even know it existed. It was an excellently moderated and maintained social media space for sex workers that used Mastodon as its platform. On it, you could find all kinds of stories about life as experienced by sex workers. They were funny, sad, and sometimes horrific. It was honest.

But it was constantly under attack. U.S. legislation aimed against sex workers under the guise of "stopping sex trafficking" meant Switter couldn't use Cloudflare, for example. Other new laws came in or were on the way in the U.S., UK, Australia and elsewhere that essentially rendered Switter illegal in many jurisdictions and its administrators and users could be held liable for speech that should really not be criminalised in any liberal democracy. It finally had to close in March, 2022. Here's a memorial site. RIP, Switter. It had good moderation practices, and put its community's safety first. But that wasn't enough.

As of this writing, are about 2.6 million monthly active users across 8k online Mastodon servers, according to Mastodon gGmbH. Let's assess some of their policy pages ("About" pages). For our purposes, we'll use a small list. Check out the polices and practices for:

  • Mastodon.Social: General purpose. Run by a friendly looking European nonprofit that also happens to develop Mastodon. It probably wants to showcase a sort of best practices way of doing things. That said, it has a limited "about" page. No information on the active user count. Mostly reasonable, if brief, content policies.  Very explicit "No content illegal in Germany."  At least we know what jurisdiction we're talking about, many Mastodons' "About" pages don't mention it. A large listing of both limited and suspended Mastodons, and each has a line underneath explaining why.
  • Infosec.Exchange: I know more people on this one than most of the others including the Mastodon I'm on. It's a diverse group of digital security experts, the majority of whom take user safety seriously, and will probably want their Mastodon site to do likewise. It has 32k active users (impressive). 10 items on the content policy, which seems to be above the norm. Interesting 10th one (but relevant for the community here) calling for "No attacks against (or from) the instance." Essentially don't hack it. (I don't know that many adversarial hackers follow as platform's ToS, but at least it's asking for no friendly fire. Quite a growing list of suspended Mastodons and only a few limited ones. Controversially, the journalism Mastodon Journa.Host, is limited due to "handling of anti-trans situation." Yes, anti-trans people can just go to hell, but I'm not sure what they're getting at regarding "the situation." Many other suspended Mastodons listed don't have reasons listed for them.
  • Octodon.Social: Seems like a one-person operation. It has 2k active users. In place of a policy there is a disjointed manifesto of sorts with some tough talk in it. Interesting line: "if you betray me, you will be thrown overboard."  Lots and lots of limited or suspended servers, no reason given for any. Sketchy.
  • Mastodon.Lawprofs.Org: Set up for legal experts, so we may expect some policies to match the profession. Has 233 active users. Enjoy that there's a depiction of one of the famed pig trials from the Europe's Middle Ages.  There is a DMCA Registration Number and associated take-down request form. Just 5 fairly brief but widely-encompassing content policy rules. Includes "No content unlawful in the United States or the State of New York." Was expecting more legal verbiage.
  • Journa.Host: Set up for journalists, and has 2.3k of them so far. It has a 501c3 nonprofit hosting it, a DMCA Registration Number and form, and a form for people to apply to join in order to confirm each user is somehow related to the journalistic field. It lists its moderators, which is a first I've seen. It has six straight-forward content policies. Number 2 includes proscribing transphobia, so considering Infosec.Exchange's concerns mentioned already, one is left wondering what may be up.  Moderation is hard. No information is listed whether any other Mastodons are limited or suspended.
  •  Hosted and managed by the university. 280 active users. Limited to MIT related accounts. Content guidelines are under the "about" section, not the "server rules" section, but they are as comprehensive as you'd expect. No information on limited or suspended servers.
NOTE: I think it's important to acknowledge that Mastodon gGmbH does publish a "Server Covenant" which includes a kind of limited, basic set of best practices. These are:

1. Active moderation against racism, sexism, homophobia, and transphobia;
2. Daily backups;
3. At least one other person with emergency access to the server infrastructure;
4. Commitment to give users at least 3 months of advance warning in case of shutting down;
Banned for capitalism
Banned for capitalism

But even these rules and policies and recommended best practices won't give you the full picture about how each Mastodon is run by their own administrators.

On Octodon.Social, a user's Mastodon account was suspended for "being a capitalist." During that account suspension, the offending money-grubbing user couldn't export their data and move to a server where these perceived capitalist leanings would be more tolerated. Strangely, the suspension notice came with an offer to unlock the account in exchange for some Monero cryptocurrency, so consider how anti-capitalist that moderator may be. This sounds more like ransom. Consider that your chosen Mastodon's moderators are not professionals. If the platform is just someone's plaything, there's no accountability. A moderator with no oversight can be a dangerous thing.

Here's another case file imbued with subtle hints of irony: On Mastodon.Social, Tracy Chou, the creator of the anti-harassment app Block Party, and co-founder of Project Include was herself suspended from the platform for the kinds of things she's helped others combat on social websites for years. The moderator suspended her for content that they felt was violating community guidelines on "racism, sexism, homophobia, transphobia, xenophobia or casteism" and "incitement of violence."

Mastodon post for which Tracy Chou was banned, was about how she should read more rich white men's books to understand the people behind structural racism. If you have a problem with this, you're part of the problem.
The allegedly offending Mastodon post by Tracy Chou

What was the post? She had commented on her reading list including non-white authors, and she said perhaps she should read books by more straight, white men so as to understand the psychology of people who have power over everyone. It was tongue-in-cheek and obviously aimed at the existing racist structure, but it had apparently struck a nerve of a tetchy moderator, and got the ban hammer. Mastodon.Social later overturned it and said the post obviously didn't pose any problem.

Mastodon.Social isn't a mom-and-pop shop. It's the Mastodon that's run by the nonprofit that maintains the software itself, and likely the one with the largest user count. It's also based in Germany which has some of the most aggressive laws around content moderation. With the recent growth spurt of Mastodon users, they have had problems keeping up and have announced that they are currently trying to recruit more people for their moderation teams. However, if the flagship of the Federation is having these kinds of issues, imagine the moderation issue queue for less organised Mastodons popping up.

NOTE:  To be fair, commercial platform moderators are far from perfect. Twitter had problems before, and it is now worse for having cut so many people. Facebook has several horror stories of moderation decisions gone wrong. The list goes on. There is no formalised appeals system. At least on Twitter you can fill out a form contesting the ruling and get an auto-reply message back about how they have ignored you.

I wonder whether I've picked the correct Mastodon for myself. Knowing the content moderation policies is important, but it's not enough. You should also know the country in which the platform you're using is hosted. As mentioned earlier, Item 6 on Mastodon.Social's Server Rules says, "No content illegal in Germany." The country's anti-Semitism laws, ostensibly aimed at aggressively countering hate speech (and for good reason) have been repeatedly, and successfully leveraged for other purposes. They have been repeatedly weaponised against critics of Israel's occupation of Palestinian territory, and against journalists covering it.  A number of people on Facebook, Twitter and elsewhere have been subjected to partisan "reporting attacks" aimed at getting Palestinian views censored, as well as silencing others who talk about them. Having friends around Gaza and West Bank (and just being a human being), I will react toward Israel's occupation/annexation of Palestinian territory much in the way I'd react to Russia's bombardment and attempted destruction of Ukraine, or to Assad's siege on Syrian civilians. In the past that would have gone on Twitter. As a Mastodon.Social user, that's where I'd likely post it now. I kind of wonder what will happen next time I do. We'll find out.

CodePink kicked off a Mastodon, as described by Ben Norton.
A tweet by noted twat Ben Norton.

Moderation is tough to get right. "Federation does not fix moderation problems. Only moderation fixes moderation problems.," tooted Derek Powezek at the start of a good thread on the subject. Consider CodePink being suspended by moderators at  Mastodon.Lol. I'm fine with it. To me, that sounds like a decision aimed at ensuring there's safe space for Ukrainians, given how CodePink and its allies mercilessly harass them across the web. Hopefully there are Mastodon administrators out there doing likewise for Palestinian users, Ulgher users, Syrian users, Iranian users, Kurdish users, and all those who are being persecuted by state actors over their identity and are then chased around social platforms by weird western "activists" for daring to speak out about it.

But was it really the right call? I don't pretend to be an expert on content moderation and am obviously biased in this case. The point is, without a common standard framework, open and subject to iteration to plug all the new ways that users will find to work around it, there is going to be trouble.

The Mastodon Fediverse is missing folks. By that I mean a significant number of people who are not white, western of European descent. Without them, it's not going to work. At least for me. As people tweet about which platforms to move to (myself included), it's worth considering what's being lost amid Elon's controlled demolition of the bird site, and won't be easily replaceable. I'm particularly looking at Mastodon enthusiasts with heads in the sand. As Elon makes Twitter less of a hospitable place for users outside of his cultish fanbase, There is, as of yet (as this Wired article explores) no replacement for Black Twitter.

Sure, there are many non-white Mastodon users across the Fediverse, but not in the numbers that there could or should be. A lot of BAME users have found their first steps into the Fediverse to be into hostile territory.  "Why are so many people being banned from Mastodon instances for talking about racism and bigotry in general?" asked user Black Aziz Anansi [In Exile] on their Mastodon profile, later adding to the thread: "Also, this is a problem because many Black activists are being run off of twitter by the change in management yet a lot of folks don't feel  comfortable posting on Mastodon. This needs to change."

I was happy to see there is a Mastodon while searching around during the blogging of this part of the blog. I hope it helps re-create the space that Black Twitter is/was. As of this blogging it has 1.27k users contributing 12.4k posts, a straight forward set of content standards, not unlike what you'd see on other Mastodons, and an outstanding ToS page (complete with DMCA notice) of the kind I've not seen on any other Mastodons. New users can request an invite to join.

Physics prof. and Twitter/Mastodon power user Chanda Prescod-Weinstein has been maintaining a Tweet thread on the Fediverse's often hostile environment for BAME, trans and other often-targeted users: "Women of color getting banned for talking about important issues by people who cannot be held publicly accountable. It’s all gonna be like whack a mole."

For more on the topic, check out Johnathan Flowers' Mastodon feed, or his interview on "The Whiteness of Mastodon." There are many other cautionary stories from BAME users of the Fediverse across Mastodon and Twitter that are just a few search queries away. The response from a community that doesn't want to exclude them can't be "¯\_(ツ)_/¯".

Caveat: Moderation doesn't scale well. When a platform reaches significant population, it stops working. It's a matter of physics. If enough people show up, the variety of interactions increases and an increasingly large number of them will be icky. And even vast, well-moneyed commercial enterprises running the largest social networks on the planet haven't cracked that problem, and they have an economic incentive to attempt it (to some extent). Read Mike Masnick's own "Masnick's Impossibility Theorem: Content Moderation At Scale Is Impossible To Do Well" to learn all about it.

But that does not mean we don't make the attempt. Things can be much better. Mastodon's own nonprofit organisation should take a leading role in this. Currently, its "best practices" mostly seem to be limited to the technical aspects of running a social community on their software. And it's a really solid document. (I'm particularly interested in the possibility of running a Mastodon as a Tor Hidden Service, and kind of wonder how that would be compatible with a Fediverse construct.)

There is  lot that seems to be missing, though. Mastodon gGmbH should really include its Server Covenant guidelines here, and with more depth. It should include how to think about implementing better policies, scaling them, cultivating them, and supporting moderation teams, etc. To go back to Masnick's Impossibility Theorem, What's the ideal moderator to user population ratio? 1/100? 1/200? What if Mastodons could only allow new users when additional moderators were added to maintain the ratio? Just spit balling. Online interaction is a social issue, not a technical one. There are no technical solutions to the problems of the human condition, just more band-aids.

This is a FOSS tech bro Mastodon user. He writes: "@ncweaver @mattblaze Some things are unavoidably hard, they require learning to do well. People who don't have the desire or the inclination to do the learning may feel excluded but that saves the experienced people an unreasonable amount of support requests from people they consider just lazy.  Look at Twitter and Facebook for examples of what happens when you lower the barrier to entry to include 'everyone'."
How to not make friends or influence anyone.

 Distant cousins (though sometimes not too distant) to the bigoted users that keep BAME, women and LGBTQ+ people from feeling like the Fediverse is home are the FOSS tech bros and tech-elitists that make newbies feel horrible for the audaciousness of simply asking a question. They don't often break most moderation rules, but they really kill the mood, and cause people to rethink trusting that "The Community" to run itself. These guys (they're mostly guys, mostly white guys) do think the technology is the end point, and not the start. They consider themselves "free speech absolutists" until you don't fawn over what they see as their obvious brilliance. Each one is a kind of mini-Elon of sorts in their own way. I'll just quote computer science prof. Matt Blaze from his own Mastodon account here:

"One of the things I keep hearing here, over and over, is that 'new' people on this platform shouldn't complain about things they find confusing or that don't meet their needs. That's exactly wrong. New uses, who've not yet adapted themselves to possibly unworkable or inscrutable interfaces and limitations, are often in a unique position to have insights that old hands can no longer see. Perhaps you're tired of hearing the same complaints over and over. But think about why people make them." Matt Blaze

Anyway, I could go on here about this variety of douche, but the rest of the internet is doing that anyway. There are no moderation policies that will work on a dude who has decided their own self-defined brilliance is just an unrecognised gift to the world. Pile-ons, muting and blocking may be the best responses. Send them to the void.

Security bits

So far, I've not gone into any of the security aspects around joining a Mastodon platform.

Is Mastodon secure? Maybe. It depends on what you're doing with it, and who's hosting it. There is no one way to know how each Mastodon will be set up, secured, or maintained. While there are some good practices in the documentation, there's no guarantee how secure things will actually be on the Mastodon you choose. Maybe they keep the server locked down and all the software up to date, maybe they don't. Maybe there's no malware on the server, or crypto miners or data harvesters. Like any site on the web, you're trusting the owners to maintain it securely. Unlike large corporate services like Facebook or TikTok, the Mastodon you choose likely won't have big teams of people on top of this. They'll have one or two people... maybe. What happens if there's a data breach? Will the administrators know? Will they decide to tell their users? Is there a function to rapidly do that?

There is little transparency about security. Hosting and web security standards and transparency another area I think Mastodon gGmbH should lead. It would be great if there were transparency reports on what could be publicly scannable across the Fediverse. If you could look up any Mastodon and see what versions it's on, what score the HTTPS gets, etc. that would be something. I'd like to see a Mastodon Observatory that shows the health of any federated Mastodon instance at any given time.

Nothing is encrypted on a Mastodon platform. This is fine, Twitter isn't either. Your DMs are not out-of-reach of moderators and administrators. But it should be more broadly communicated on a project like Mastodon as a part of the whole FOSS ethos. Your private drafts, direct messages, notes, lists, etc. are all viewable by any Mastodon administrator with database access. Getting end-to-end encryption right, and keeping it that way, is not trivial work and I'd suggest it's out of scope for something like Mastodon. The fact should however be more clearly communicated. Here's the current hill I may die on with this platform. Mastodon administrators aren't employees (for the most part) who can be held as accountable for lurking at data, and as we've already discussed, there can be bad actors running Mastodons out there.

Two-factor authentication: Mastodon has this available, for both physical security keys (like Yubikeys) and authenticator apps. You can also generate recovery codes that you can keep somewhere securely and offline in case you lose your 2FA things. Use it, along with complex passphrases (long passwords).

Authorized apps: This is a section in your account preferences. It will show you what applications can currently access your Mastodon account. Go through it on occasion and remove anything if you don't recognise it.

Electronic Frontier Foundation has a blog post looking at Mastodon security. You may like it. Also check out this article at The Markup. My advice, treat anything you put there as public and/or potential public. Do not re-use a password you use on any other platform (never re-use passwords, really), occasionally export your account data (it's easy to do) and save it in case for one reason or another the Mastodon you're on suddenly dies. Don't download strange things from strange people.

The good things

Gif from the film "Pollyanna" which shows her talking to an older woman and saying "Thats' when you can play the 'Glad Game.'"

With all that out of the way, I hope all of these things can be fixed, and it works. I want free open-source software to win. I want Mastodon, or something like it, to win. To get there, it needs to be inclusive, accessible, usable, and where people can find others they want to be around. They also need to easily be able limit their exposure to those that they don't want to hear from. There needs to be stronger transparency and reporting mechanisms for bad actors and bad Mastodons. I'm not new to the Fediverse but have been absorbed by watching it suddenly grow in the last few weeks. While I hope it works, I expect many fiery crashes along the way. It's not commercial. There is no manager to talk to. You're not going to a restaurant, but to a pot luck. You're going to have to keep track of your own casserole dish.

Mastodon has a lot of decent things going for it as a model of decentralisation, and just as a platform.  The character count is better for including enough context in a post. There are good settings people should explore that let them decide how discoverable they want to be in the Fediverse, whether people can automatically follow them or not, and some tools that allow users to automatically prune their older toots, sort of like how Semiphemeral works for Twitter users. You can create lists of users like you can on Twitter, but you need to be following them first. You can also write your own personal notes about other accounts on their profile pages that only you can see (and the Mastodon administrator if they bother to look). Users can choose to have a busy TweetDeck dashboard or go, like I do, for a single-column, classic feed look.

One thing I particularly like in the settings is "slow mode." One annoying thing about Twitter (and Mastodon) is that the avalanche of content keeps pouring. While I'm still absorbing one post, it's been shoved down to make way for what's piled on top of it. "Slow Mode" simply means no new content arrives on a page until you manually click a link that allows them to load.

Lastly, I do like the idea that if I wanted to put in the time and effort, I could host myself on my own Mastodon, and decide what my own blocking or access policies should be. I doubt I'll get to it, and if I did I surely wouldn't open it to invites, but being able to homestead in the Fediverse is a nice freedom.

There are also some things we shouldn't miss that Mastodon is lacking:  All the tracking and surveillance capitalism, for example; The algorithms that are mostly trained around how to stir the pot, make people angry, just look at the site longer; or shop.  I love a good doom scroll with my morning coffee, don't get me wrong. But I don't need machine learning to help amplify all that's wrong with the world for me.

I kind of miss quote-tweets, where if you retweet a post, you can add your own comments on top of it, and question the presumption that not enabling this on Mastodon reduces negative interactions. But I appreciate the motive behind the decision. Possibly one of the best thing that Mastodon brings to the table is the good intentions, which I realise sounds fairly Pollyanna. Some people say the road to hell is paved with good intentions. I say that road can lead anywhere we want it to.

I'll stay on Elon's Twitter as long as it's alive. I was there before he was, after all. If anyone should leave, he should. But I've reduced my presence there, and I now see it as an ephemeral, disposable medium. I already post on Mastodon more. I've downloaded my Twitter archive and wiped most of my content there except for the last 30 days. Anything posted there now is disposable, should the site suddenly vanish. As the song goes, "some things you lose, some things you give away."

Tools, tricks and hacks to survive in the Fediverse

Didn't read the diatribe above? No big, here's some key take-aways about using Mastodon, living in the Fediverse without all the waffle in between.

  • How to choose a Mastodon: I suggest going with one that has agreed to the Mastodon Server Covenant. You can find a searchable index of those here:
    • Do not choose a Mastodon that's run by just one or two people, or some anonymous group or something. Choose one run by an organisation, foundation or something where they have some real (financial, repetitional, etc.) stake in the game. 
    • Check out what other Mastodons that one is limiting or has suspended. Decide if you are okay with that list. Are they blocking people you'd block?
    • Check out the community size on that Mastodon. Does it list the number of active users? I suggest also going to one you've already heard that a lot of your friends and mutuals on other social networks are using.
  • Find people you follow on Twitter on Mastodon: When you show up some place new, it's kind of nice when you can first find some familiar faces.  Use Debirdify.
  • Find more people: Once you find some Twitter mutuals (assuming you're doing that), the next thing to do may be to see who are some decent Mastodon users that they follow, and maybe add some to your list. Also check out what's happening on hashtags such as #BlackMastodon or users from the Mastodon called and follow some accounts you like on these. One way of making things inclusive is to build up the following of people who may feel a place is kind of hostile toward them.
  • Control how things look and feel and how much content you get slapped with: I wasn't really very keen on default Mastodon when I started my Mastodon.Social account. Some settings really helped make it more comfortable.
    • The default Mastodon view looks like Tweet Deck, which I really don't like. In Mastodon "Settings" under "Appearance," I turned off "Enable Advanced Web Interface" and got a very simple, single-column Twitter-like page as a result.
    • Default Mastodon, like Twitter, will refresh your feed for you. I hate that. Fortunately, there is "Slow Mode." It stops that. You can also find it in preferences, on the Appearance page, too.
    • I hate notifications from Apps and Browsers both. I disabled all the Notifications. For some reason it still sometimes makes a sound, and I'm not sure why. Annoying.
    • I like the idea of things like Twitter and Mastodon being more of an ephemeral experience, and don't want to keep a lot of old clutter around. Mastodon's preference section has a neat "Automated post deletion" page. I wish it worked. Apparently it only operates when there is extra server capacity. There never is extra server capacity.
  • Manage your follows and followers. Mastodon's interface for this in the Preferences section is far better than Twitter's very basic page. It's got some nice ways to quiet quit people you may be done with.
  • Block or mute other users, mute or leave conversations. This works roughly as it does on Twitter. Do it when you feel you need to and feel good about it.
  • Block whole Mastodon domains. If you really find a lot of users from another Mastodon to be jerks, you can block the whole domain any of them are on from reaching you. If a Mastodon called "" starts, you can just block all its users in one go.
  • Set some filters for what you want to see less of. I haven't done this yet, but Mastodon does have some good filtering tools if you want to hide certain words or phrases behind a content warning, or just block seeing them all together.
  • Avoid the "Federated Timeline" except as an occasional novelty. It's literally just an avalanche of nonsense from across every Mastodon in the Fediverse in chronological order. It reminds you why you only follow who you do.
  • Use Lists. In the right-hand sidebar you can create lists of users based around any category you want. Creating your own lists of what you want to see is you being your own algorithm. You can only add people you follow, which is a limitation, but it has some other custom options that I think make it better than Twitter's lists.
  • Use notes. On Mastodon, every profile has a section where you can write yourself a little post-it not about what you think of them. The other person doesn't see it. Can be good to remind yourself why you followed them (or didn't).
  • Keep your own local backups. Mastodon lets you export your own data at any time, and it's easy to do. Keep local copies, don't trust other people's clouds.
  • Keep Control of your account. Unlike more commercial, well-moneyed platforms, there is no real account recovery or safety team behind your Mastodon. It could be harder to report a stolen or hacked account. An ounce of prevention will make your life much easier.
    • Use a strong password. 14 characters or more. Different from all of your other passwords. Randomised or some sort of long phrase or sentence, with punctuation. That's not unique to Mastodon, do that everywhere.
    • Use two-factor authentication. Mastodon offers it, use it. 
  • Don't have confidential conversations or expect real privacy on a Mastodon. I'd say the same thing about Twitter or most other platforms not built around end-to-end encryption (E2EE). I'd say that around ones built around kind of shit encryption too, say Telegram. WhatsApp, Wire, Signal, Matrix, Briar all have well-implemented E2EE. Move confidential chat there. I don't even think I'd recommend a roadmap for it on a thing like Mastodon. I do think it should be more transparent about how transparent things are. Wherever you see a 🔒in the user interface (outside of your browser's address bar where it means the site has SSL) just know that has nothing to do with security.
  • Should you host a Mastodon yourself? Let's see...
    • Short answer: No. 
    • Longer answer: Let's look at some different use cases:
      • A Mastodon of one's own: If you are technically able to, curious to understand how Mastodon works, or if you want to fine-tune your own experience, host a one-person Mastodon just for you. Important(!): Don't let anyone else join it! Just make that your own personal address for engaging with the rest of the Fediverse, it works just fine. There are a quite a few people doing this. You can do all sorts of custom things to your own platform. Give yourself a blue tick if you like, or three of them. Choose which other Mastodons to block, control the whole look and feel of your profile page when others from elsewhere in the Fediverse drop by. Go nuts, make it look like your old Myspace page with JavaScript glitter, animated gif backgrounds. and some pop song that plays as soon as the page loads. The best mad scientists always experiment on themselves. Tom would be proud.
      • Your own Mastodon for the many: Stop now. This way madness lies. If want to DIY a whole Mastodon community platform by your lonesome with potentially dozens or hundreds or thousands of other users, my question would be: Why? To do it correctly, you're in for a lot of extra, unpaid, thankless effort, and it still may not be enough. No one says nice things when websites work, but they can get very outraged when they don't. Moderators are the referees everyone loves to hate and second guess. You will make no friends and lose some. And then consider the legal liabilities you're going to be held responsible for when something goes bad. Just Don't. Find a hobby or join a gym. Or, if you really want to be on that side of things, just volunteer to be a moderator on some other Mastodon that already exists and needs help until you've gotten it out of your system.
      • Entities bigger than a single human: If you're a company, NGO, nonprofit organisation, university, or some sort of institution or large collective of beings, doing this may make some sense depending on what kinds of services and tools are of use to the staff, community, members, students, or etc. you serve. Just make sure you're putting resources into monitoring, moderating and keeping your Mastodon safe and secure for all its users.

And that's it, that's the end of my gargantuan post on Mastodon. I have no idea if the Fediverse is a stopover or a destination in the great social web migration. Tumblr, Flickr, and other online services have hinted that they are considering adopting the technology Mastodon uses to share content across the web, called ActivityPub. I think that will likely outlive Mastodon itself. That would be good news for Mastodon users; it means they can migrate to other things without losing their entire data backstory if they want. Or maybe not. Every creation on the web is eventually a set of cautionary lessons for what comes along to replace it. Sorry.

"Ever tried. Ever failed. No matter. Try Again. Fail again. Fail better." — Samuel Beckett