Is the Twitter alternative, Mastodon, really free?

It’s free Mastodon. Some say they saw him steal your data. Since the rumors about the death of the social network Twitter, believers rush to new alternatives, such as the Mastodon network. But is it a haven of peace that promises calm and tranquility to new users? This is the question that Internet users are asking themselves, which is evidently stuck on Twitter.

In early November, Mathis Hammel, computer security expert in particular alert of data protection risks on its Twitter account. “A small cybersecurity reminder if you decide to start with Mastodon: the owner of the server can access your private messages and your password. So think twice before joining the instance managed by a relative or a colleague”, underlined at the end, before remembering that this is also true for Twitter and many other Web services. Should we be afraid of the enormous social networks? 20 minutes make the point.


While the blue bird of Twitter is (probably) breathing its last, netizens are looking to Mastodon to start a new digital life. Problem is, the social network is by no means an Eldorado of the Web. First of all because it is a decentralized network. In other words, it is not on one server, but on several “instances” that can be completely organized independently… and therefore follow their own rules, especially in terms of moderation.

What about confidentiality? As Mathis Hammel explained, security policies are basically the same everywhere and Mastodon is no better than Twitter in this area. For Florence Sedès, professor at the Toulouse Computer Science Research Institute, there is no point in burying Twitter too quickly, which she considers “quite armored” in terms of data protection. The only problem currently for Elon Musk’s social network, security-critical trades have definitely been asked to leave the company during layoffs.

Moreover, the expert insists on the terms: here it is more about privacy than cybersecurity. “Your bank, for example, protects your private data but is not immune to security issues. Conversely, you may have a site that releases your private data, but is armored in terms of security”.

Messages are stored and processed

On Mastodon’s side, here’s what we can read in its privacy policy: “All messages are stored and processed on the server. […] Please note that server operators and any receiving servers may see these messages, and recipients may obtain, copy or share them. Don’t share any sensitive Mastodon information.” In other words: don’t share everything, not all data can be fully protected.

However, the social network promises to protect the information of its users. “Your password has been hashed using an efficient one-way algorithm. You can enable two-factor authentication to further secure access to your account,” Mastodon’s privacy policy specifically explains.

A small security lock

In reality, social networks always use the lowest level of security, according to Florence Sèdes comparing them to locks. “As for the locks of the Canal du Midi, it is the minimum level of flow that determines the flow of the whole, it is the same for networks. It is the minimum level of security of all these servers that will set the level of security”.

Other social networks even want to go further by installing full encryption of messages, making them impossible to read. The method is already installed in WhatsApp and may come to Facebook Messenger in 2023, explains Digital. But Twitter will think so too (if it doesn’t die already).

Don’t share everything

However, for Florence Sèdes, the problem of privacy is not only in data protection, but also in the information left by the Internet user, without him realizing it. “You expose things, you think they remain in your private domain. Except that this information is never destroyed, there are always copies”, explained the professor who looks forward to the future for further education on this question.

Therefore, it invites users, in all types of integrated social networks, to be vigilant about the passwords used… but also about the information disclosed to the general public that might make it possible to find the passwords this (for example, the name of your dog). And Florence Sèdes remembers: “In the field of cybersecurity, we realize that often the problem is the human link”.

Leave a Reply

Your email address will not be published. Required fields are marked *