top of page
  • Writer's pictureESET Expert

Mastodon vs. Twitter: Know the differences

Looking for an alternative to Twitter and thinking about joining the folks flocking to Mastodon? Here’s how the two platforms compare to each other.

From restructuring their workforces to facing big fines, big tech companies have been on a roller coaster ride recently – but certainly none quite as much as Twitter. Indeed, Twitter has entered a whole new era since Elon Musk became the company’s owner and CEO last October, and you can bet your Tesla that there are more changes on the way for the social media platform.

While many became concerned over their data and how Twitter’s new leadership will deal with content moderation, another platform benefited from the upheaval, gaining momentum and a lot of new users in the process: Mastodon grew from 300,000 users in October to over 2 million in December.

How is Mastodon different from Twitter?

While both are microblogging websites, they’re not like-for-like in many aspects that go way beyond the character limit on tweets and toots, respectively – 280 (for now, anyway) versus 500.

Let’s now review some of the other key differences in greater detail, as well as how to best protect your account on each platform.

1. Centralized vs. decentralized

Twitter is owned and operated by Twitter, Inc., a single company that defines the social network’s policy, moderation rules, and general organization. Just like Meta owns and operates Facebook or Instagram, for example.

Mastodon, on the other hand, is fully decentralized. Mastodon gGmbH is a nonprofit responsible for developing open-source software, in this case Mastodon.

But, unlike Twitter, this means that anyone, whether an individual or an entity, can take advantage of the code to create their own ‘mini social networks’, all of them being interconnected and able to communicate with each other and together making up the Mastodon universe known as the fediverse.

That is to say, each Mastodon server is a completely independent entity, able to interoperate with others to form one global social network. In practice, each of these servers (also known as instances) is created to gather users based on common interests, such as music, hobbies, or professions; a common identity like nationality, religion, or sexual and gender identity; or a cause, such as climate action.

Moreover, because Mastodon gGmbH is a nonprofit, its funds are based on sponsorship or support on Patreon, while individual servers may follow the same model or even be free for members and financially sustained by its admins.

Importantly, Mastodon does not sell data or run ads, nor does it have an algorithmically curated timeline. Instead, it features a “home” timeline with the people you follow, a “local” timeline with posts from users on the same instance and, finally, a “federated” timeline that shows all posts from all users.

2. Content moderation

In Mastodon, each instance (or community) governs its own rules, including content moderation. Thus, different communities may have different policies concerning the type of content that is acceptable and considered safe according to what members are comfortable reading or sharing with others.

While you can choose to share posts only within a community, they can also be public, and all members of all Mastodon instances can communicate with each other. This means that what is considered acceptable on one instance may be considered sensitive on another. In that case, the people responsible for an instance might block other instances to avoid its members seeing unwanted content.

Twitter’s approach to content moderation is different and indeed, more conventional: The rules are established by a legal team and apply to everyone on the platform. While this might seem like an easier and mostly straightforward process, it might also be one of the reasons many users have started considering using Mastodon.

Despite the rules being publicly available and clearly stating the prohibition of engaging in harassment, or inciting others to create or promote hateful content, policy makers and regulators have openly alerted the platform to review its moderation practices amid recent changes and layoffs.

3. Data protection

In the first days of January of this year, over 200 million usernames, email addresses and other data belonging to Twitter users were posted on underground forums by hackers, who had compiled the data from a number of breaches not involving Twitter itself in 2021. While this database does not include users’ passwords, it can lead to more targeted phishing and doxing.

As such, this kind of leak reminds us of the amount of data including direct messages that Twitter, Inc. servers hold on the network’s 450 million users. And for those who pay for Twitter subscriptions, there’s the added risk of a data breach that exposes a range of their personal and financial information.

Meanwhile, it is up to the person or organization behind each Mastodon instance to run their own server that can be hosted on a local hard drive or with a cloud storage service such as Amazon S3 or Google Cloud. This means that despite having 2.5 million users overall, Mastodon’s data is stored across thousands of different servers belonging to any given Mastodon instance.

But this doesn’t mean that Mastodon isn’t prone to security issues, of course. Indeed, the platform has been found to contain several security vulnerabilities in recent months; in another “security scare”, somebody scraped the posts and public account information of more than 150,000 Mastodon users.

So is one safer than the other?

There’s never a simple answer to these kinds of questions, and definitely not in this case. For example, neither Twitter nor Mastodon have implemented end-to-end encryption on their direct messages, which means that Twitter employees could, if they wanted to, access your communications with other users – as has allegedly happened before. The same is true with the admins of your Mastodon instance, who, too, can read your direct messages. [If you’re looking for a secure messaging app, look somewhere else.]

On the other hand, it bears mentioning that unlike social media companies, Mastodon doesn’t collect data for marketing purposes. Switching from Twitter to Mastodon could, therefore, assuage your data privacy concerns that stem from the former’s data collection practices.

Ultimately, while trusting big corporations to manage personal data might be driving users to Mastodon, it is important to evaluate the risks of entrusting your data to someone you don’t know, why they decided to run a Mastodon server, or even how safe and protected from leaks their server infrastructure is. It all boils down to personal belief and to whom you entrust your data – staying away from social media altogether might not be the most appealing solution, after all.

How to best protect your Twitter and Mastodon accounts

You might choose to have an account on only one of the platforms or to stay on both, so here are a few tips to have in mind:

1. Signing up

On Twitter: As you probably know already, opening a new account is rather straightforward, as you only need to submit your name, phone or email address, date of birth, verification code, and choose a password. Alternatively, you can sign up with your Google or Apple account.

On Mastodon: This part is a bit more complicated, but once you understand how it works, it will be no big deal. Choose a server you want to be a part of, agree with the ground rules, and set up your username, display name, email and password. Note that carefully choosing a reliable server can play a great role in how safe your data is, so take the time to explore your options before deciding.

Plus, keep in mind that Mastodon works as communities. So, while you might initially feel you belong to a specific server, you can always change it and explore other communities, just remember to back up the data you want to transfer to a new account.

On both Twitter and Mastodon: Remember to choose a strong and unique password or passphrase and enable two-factor authentication (2FA).

2. Set up 2FA

On Twitter: Under “Security” in “Settings” choose “Two-factor authentication.” You can decide to receive an SMS with a verification code or even better, an authentication app (like Google Authenticator) or a security key.

On Mastodon: There’s only one option, which is to use an authentication app. You can enable this option in “Account Settings”; touch the three lines on the upper right corner and select “Two-factor Auth” under “Account.”

3. Choose who gets to see your posts

On Twitter: “Protect your Tweets” allows you to show what you publish only to the people who follow you, thus you will also have to approve each follower. To enable that go to “Settings,” tap “Privacy and Security” and choose “Audience and tagging.” You can also limit your DM’s to people you follow by disabling “Allow message requests from everyone” also on “Privacy and Security” under “Direct Messages.”

On Mastodon: Under your profile in “Account Settings” you can select “Require follow request” to manually approve who follows you. You can also choose “Hide your social graph” to hide both followers and following lists.

To make your posts private, go again to “Account Settings,” tap “Preferences” and select “Other.” Here you can choose the default posting privacy as: public, unlisted or followers only. Another feature you should consider if you want to lower your digital footprint is to enable “Opt-out of search engine indexing” in the same menu.

Bonus tip: Be mindful

Being conscious of who and what is behind the platforms we use is important, and it shows how internet users are becoming more aware of their digital presence and its implications. But just as importantly, and no matter where you stand, this critical approach needs to be applied to all the apps we use and to which we entrust our personal data.

Moreover, it does start with us being mindful of what we share and how we interact with others online – indeed, following our own ‘self-moderation rules’ is a simple and effective starting point.


bottom of page