Mastodon vs. Twitter: Know the differences

Looking for an alternative to Twitter and thinking of joining the people flocking to Mastodon? Here you can see how the two platforms compare to each other.

From restructuring their workforces to facing hefty fines, big tech companies have been on a rollercoaster ride recently — but certainly none quite as much as Twitter. Twitter has entered a whole new era since Elon Musk became the company’s owner and CEO last October, and you can bet your Tesla that more changes are coming for the social media platform.

While many became concerned about their data and how Twitter’s new management will handle content moderation, another platform benefited from the upheaval, gaining momentum and a lot of new users in the process: Mastodon grew from 300,000 users in October to over 2 million in December.

How does Mastodon differ from Twitter?

Although both are microblogging sites, they are not like-for-like in many aspects that go well beyond the character limit of tweets and tweets respectively – 280 (for nowanyway) against 500.

Now let’s go over some of the other important differences in more detail, as well as how to best protect your account on each platform.

1. Centralized vs. decentralized

Twitter is owned and operated by Twitter, Inc., a single company that defines the social network’s policy, moderation rules, and general organization. Like Meta, for example, owns and operates Facebook or Instagram.

Mastodon, on the other hand, is fully decentralized. Mastodon gGmbH is a nonprofit responsible for developing open source software, in this case Mastodon.

But unlike Twitter, this means that anyone, whether an individual or an entity, can take advantage of the code to create their own ‘mini social networks’, all interconnected and able to communicate with each other and together make up the Mastodon universe known as the fediverse.

That is, each Mastodon server is a completely independent entity capable of interoperating with others to form one global social network. In practice, each of these servers (also known as instances) is set up to bring together users based on common interests, such as music, hobbies or professions; a common identity such as nationality, religion or sexual and gender identity; or a cause, such as climate action.

Moreover, because Mastodon gGmbH is a non-profit organization, its funds are based on sponsorship or support on Patreon, while individual servers can follow the same model or even be free for members and financially supported by its administrators.

Importantly, Mastodon does not sell data or run ads, nor does it have an algorithmically curated timeline. Instead, it has a “home timeline” of the people you follow, a “local” timeline of posts from users on the same instance, and finally a “connected” timeline that shows all posts from all users.

2. Moderation of content

In Mastodon, each instance (or community) governs its own rules, including content moderation. Thus, different communities may have different policies regarding the type of content that is acceptable and considered safe, depending on what members are comfortable reading or sharing with others.

While you can choose to only share posts within a community, they can also be public and all members of all Mastodon instances can communicate with each other. This means that what is considered acceptable in one case may be considered sensitive in another. In that case, those responsible for an instance can block other instances to prevent its members from seeing unwanted content.

Twitter’s approach to content moderation is different and actually more conventional: the rules are established by a legal team and apply to everyone on the platform. While this may seem like an easier and mostly straightforward process, it may also be one of the reasons why many users have started considering using Mastodon.

Despite the fact that the rules are publicly available and clearly states the ban on engaging in harassment or encouraging others to create or promote hateful content, policymakers and regulators have openly warned the platform to review its moderation practices amid recent changes and firings.

3. Data protection

In the first days of January this year, over 200 million usernames, email addresses and other data belonging to Twitter users were posted on underground forums by hackers who had collected data from a series of breaches that did not involve Twitter itself in 2021. While this database does not contain users’ passwords, this can lead to more targeted phishing and doxing.

As such, this kind of leak reminds us of the amount of data, including direct messages, that Twitter, Inc. servers have on the network’s 450 million users. And for those who pay for Twitter subscriptions, there’s the added risk of a data breach exposing a range of their personal and financial information.

Meanwhile, it’s up to the person or organization behind each Mastodon instance to run their own server, which can be hosted on a local hard drive or with a cloud storage service like Amazon S3 or Google Cloud. This means that despite Mastodon having 2.5 million users in total, data is stored on thousands of different servers belonging to a given Mastodon instance.

But of course, that doesn’t mean Mastodon isn’t prone to security issues. In fact, the platform has been found to contain several security vulnerabilities in recent months; in another “security scare,” someone scraped posts and public account information from more than 150,000 Mastodon users.

So is one safer than the other?

There is never a single answer to this kind of question, and certainly not in this case. For example, neither Twitter nor Mastodon have implemented end-to-end encryption on their direct messages, meaning that Twitter employees could, if they wanted to, access your communications with other users – as has allegedly happened before. The same is the case with the administrators of your Mastodon instance, who can also read your direct messages. [If you’re looking for a secure messaging app, look somewhere else.]

On the other hand, it should be mentioned that unlike social media companies, Mastodon does not collect data for marketing purposes. Switching from Twitter to Mastodon can therefore alleviate your data protection concerns stemming from the former’s data collection practices.

Ultimately, while trusting large companies to manage personal data may lead users to Mastodon, it’s important to assess the risk of entrusting your data to someone you don’t know why they decided to run a Mastodon- server, or even how secure and leak-proof their server infrastructure is. It all boils down to personal beliefs and who you entrust your data to – staying away from social media altogether might not be the most appealing solution, after all.

How to best protect your Twitter and Mastodon accounts

You can choose to only have an account on one of the platforms or stay on both, so here are a few tips to keep in mind:

1. Registration

On Twitter: As you probably already know, opening a new account is pretty straightforward as you only need to submit your name, phone or email address, date of birth, verification code and choose a password. Alternatively, you can sign up with your Google or Apple account.

On Mastodon: This part is a bit more complicated, but once you understand how it works, it won’t be a big deal. Choose a server you want to be a part of, accept the ground rules, and set up your username, display name, email, and password. note that carefully to choose a reliable server can play a big role in how secure your data is, so take the time to explore your options before making a decision.

Additionally, keep in mind that Mastodon works as communities. So even though you may feel like you belong to a certain server at first, you can always change it and explore other communities, just remember to back up the data you want to transfer to a new account.

On both Twitter and Mastodon: Remember to choose a strong and unique password or passphrase and enable two-factor authentication (2FA).

2. Set up 2FA

On Twitter: Select “Two-Factor Authentication” under “Security” in “Settings”. You can decide to receive an SMS with a verification code, or better yet, an authentication app (like Google Authenticator) or a security key.

On Mastodon: There is only one option, which is to use an authentication app. You can enable this option in “Account Settings”; tap the three lines in the upper right corner and select “Two-factor authentication” under “Account”.

3. Choose who should see your posts

On Twitter: “Protect your tweets” allows you to only show what you post to the people who follow you, so you also have to approve each follower. To enable it, go to “Settings”, tap “Privacy and security” and select “Targeting and tagging”. You can also limit your DMs to people you follow by disabling “Allow message requests from anyone” also on “Privacy & Security” under “Direct Messages”.

On Mastodon: Under your profile in “Account Settings” you can select “Require follow request” to manually approve who follows you. You can also select “Hide your social graph” to hide both followers and follow lists.

To make your posts private, go back to “Account Settings”, tap “Preferences” and select “Other”. Here you can choose default privacy for posts as: public, unlisted or followers only. Another feature you should consider if you want to lower your digital footprint is to enable “Opt-out of search engine indexing” in the same menu.

Bonus tip: Pay attention

It is important to be aware of who and what is behind the platforms we use, and this shows how internet users are becoming more aware of their digital presence and its implications. But just as importantly, and regardless of where you stand, this critical approach must be applied to all the apps we use and to which we entrust our personal data.

Furthermore, it starts with being aware of what we share and how we interact with others online – yes, following our own ‘self-moderation rules’ is a simple and effective starting point.


Leave a Reply

Your email address will not be published. Required fields are marked *