Mastodon (social network)

Mastodon is free and open-source software for running self-hosted social networking services. It has microblogging features similar to Twitter, which are offered by a large number of independently run nodes, known as instances or servers, each with its own code of conduct, terms of service, privacy policy, privacy options, and content moderation policies.

Each user is a member of a specific Mastodon server that can interact seamlessly with users in any other server. This is intended to give users the flexibility to select a server whose policies they prefer, but keep access to a larger federated social network. Mastodon is powered by the ActivityPub protocol, making it part of the Fediverse ensemble of services such as Lemmy, Pixelfed, Friendica, PeerTube, and Threads.

Mastodon was created by Eugen Rochko and announced on Hacker News in October 2016. It gained significant adoption in 2022 in the wake of Twitter's acquisition by Elon Musk.

The project is maintained by the German non-profit Mastodon gGmbH. Mastodon development is crowdfunded and the code does not support advertisements.

Functionality and features
Mastodon servers run social networking software that is capable of communicating using W3C's ActivityPub standard, which has been implemented since version 1.6. A Mastodon user can therefore interact with users on any other server in the Fediverse that supports ActivityPub.

Since version 2.9.0, Mastodon has offered a single-column mode for new users by default. In advanced mode, Mastodon approximates the microblogging user experience of TweetDeck. Users post short-form status messages, historically known as "toots", for others to see. On a standard Mastodon instance, these messages can include up to 500 text-based characters, greater than Twitter's 280-character limit. Some instances support even longer messages.

Users join a specific Mastodon server, rather than a single centralized website or application. The servers are connected as nodes in a network, and each server can administer its own rules, account privileges, and whether to share messages to and from other servers. Many servers have a theme based on a specific interest.

Mastodon includes a number of specific privacy features. Each message has a variety of privacy options available, and users can choose whether the message is public or private. Public messages display on a global feed, known as a timeline, and private messages are only shared on the timelines of the user's followers. Messages can also be marked as unlisted from timelines or direct between users. Users can also mark their accounts as completely private. In the timeline, messages can display with an optional content warning feature, which requires readers to click on the hidden main body of the message to reveal it. Mastodon servers have used this feature to hide spoilers, trigger warnings, and not safe for work (NSFW) content, though some accounts use the feature to hide links and thoughts others might not want to read.

Mastodon aggregates messages in local and federated timelines in real time. The local timeline shows messages from users on a singular server, while the federated timeline shows messages across all participating Mastodon servers. Users can communicate across connected Mastodon servers with usernames similar in format to full email addresses.

Content moderation
In early 2017, journalists like Sarah Jeong distinguished Mastodon from Twitter for its approach to combating harassment. Mastodon uses community-based moderation, in which each server can limit or filter out undesirable types of content, while Twitter uses a single, global policy on content moderation. Servers can choose to limit or filter out messages with disparaging content. The main author of the Mastodon software, Eugen Rochko, believes that small, closely related communities deal with unwanted behaviour more effectively than a large company's small safety team. Users can also block and report others to administrators, much like on Twitter.

Instance administrators can block other instances from interacting with their own, an action called defederation. By posting toots hashtagged with #fediblock, some instance administrators and users alert others of issues requiring moderation.

Comparison to X
Unlike X, formerly Twitter, Mastodon by default only searches hashtags and mentioned accounts in the Fediverse, not the full text of posts. Some servers allow users to search the full text of their local posts. Furthermore, searching for posts will only show results from the Mastodon instance the user is on and from parts of the Fediverse that that instance has cached via federation, not from all posts on all instances. However, services utilizing the ActivityPub protocol exist which allow for searching all posts on all instances as long as users opt-in.

For similar reasons, only hashtags can appear in a Mastodon instance's trending topics, not arbitrary popular words. Trending topics vary between instances, since individual instances are aware of different subsets of toots from the whole Fediverse.

Versions
In September 2018, with the release of version 2.5 with redesigned public profile pages, Mastodon marked its 100th release. Mastodon 2.6 was released in October 2018, introducing the possibilities of verified profiles and live, in-stream link previews for images and videos. Version 2.7, in January 2019, made it possible to search for multiple hashtags at once, instead of searching for just a single hashtag. Version 2.7 has more robust moderation capabilities for server administrators and moderators, while accessibility, such as contrast for users with sight issues, was improved. The ability for users to create and vote in polls, as well as a new invitation system to manage registrations was integrated in April 2019. Mastodon 2.8.1, released in May 2019, made images with content warnings blurred instead of completely hidden. In version 2.9 in June 2019, an optional single-column view was added. This view became the default displayed to new users, with a user "preferences" option to switch to a multiple-column-based view.

In August 2020, Mastodon 3.2 was released. It included a redesigned audio player with custom thumbnails and the ability to add personal notes to one's profile.

In July 2021, an official client for iOS devices was released. According to the project's CEO, Eugen Rochko, the release was part of an effort to attract new users.

Mastodon 4.0 was released in November 2022, including language support for translating posts, editing posts and following hashtags.

Software
Mastodon is written as free and open-source software (FOSS) for federated microblogging, which anybody can contribute code to, and which anyone can run on their own server infrastructure, if they wish, or join servers run by other people within the fediverse network. Its server-side software is powered by Ruby on Rails and Node.js, and its front end is written in React.js and Redux. The database software is PostgreSQL. The service is interoperable with the decentralized social networks and platforms which use the ActivityPub protocol between each other. Since version 3.0, Mastodon dropped previous support for OStatus.

Client apps for interacting with the Mastodon API are available for desktop computer operating systems, including Windows, macOS and the Linux family of operating systems, and on mobile phone systems, including iOS, Android and open-source mobile phones.

Adoption
While Mastodon was first released in October 2016, the service began to expand in late March and early April 2017. Servers were mostly operated by academic institutions, journalists, hobbyists, and activists. The Verge wrote that the community at this time was small and that it had yet to attract the personalities that keep users at Twitter. The global use had risen from 766,500 users as of 1 August 2017, to 1 million users on 1 December 2017. InNovember 2017 artists, writers, and entrepreneurs such as Chuck Wendig, John Scalzi, Melanie Gillman and later John O'Nolan joined in.

Another spike in popularity came in March through April 2018, due to the concerns about user privacy raised by the #deletefacebook effort.

Membership of Mastodon and other alternative social media sites increased in early December 2018 after Tumblr announced its intention to ban all adult content from the site.

In November 2019, nearly 20,000 Twitter users in India temporarily shifted to Mastodon over complaints by users against Twitter's moderation policies.

To circumvent the increasing online censorship of social networks in mainland China, an increasing number of Chinese-language users have chosen to migrate to Mastodon in 2022.

2022 Twitter-related spikes in adoption
A spike in Mastodon's user participation occurred in April 2022, following the 25April announcement of Elon Musk purchasing Twitter. By 27April, $30,000$ new users had joined Mastodon. On 28April 2022, the European Data Protection Supervisor (EDPS) launched the official ActivityPub microblogging platform (EUVoice) of the EU institutions, bodies and agencies (EUIs), based on Mastodon.

Musk's acquisition became final on 27October 2022. Mastodon had an increase of $70,000$ new users from a resultant "diaspora" on 28 October alone. Daily downloads increased substantially, rising from 3,400 daily downloads on 27 October to 113,400 on 6 November 2022. According to Rochko, by 3 November, use of the federated network had grown to 665,000 active users, with a few growing pains. In particular, Mastodon's largest instance, mastodon.social, needed capacity upgrades to handle the new load. Accounts on a server called journa.host founded by Adam Davidson are restricted to professional journalists.

Mastodon's increased adoption continued in the days following the Twitter takeover. On 11 November, the number of new users of the platform compared to the previous week was reported to be 700,000, moving Mastodon over the 7 million user mark. During that period, several prominent figures joined Mastodon, including prominent actors, comedians, journalists, political activists, and politicians. In December 2022, the number of monthly active users of Mastodon reached two million.

On 15 December, the official Mastodon Twitter account was banned from Twitter, as well as other accounts with links to some Mastodon instances. On the following day, Twitter began to flag all Mastodon links as malware, preventing Twitter users from sharing them. A Mediaite opinion piece on the bannings included an erroneous report of an account for "John Mastodon" (a misspelling of @joinmastodon), "founder of a competing social media company named after himself", being banned. Subsequently, Mastodon users wrote fictional backstories and memes about "John Mastodon" and circulated the hashtag #JohnMastodon.

Following the Mastodon suspension and ban on Mastodon links on Twitter, Twitter introduced a new policy on 18 December to prohibit sharing links on Twitter to a variety of social media websites, with Mastodon being one of those blocked. The policy stated that it prohibited links in both tweets and account details and that accounts that violated the policy would be suspended. By 19 December, the policy and official mentions about it had been removed from Twitter web pages. Musk stated the following day that banning users for posting Mastodon links had been a mistake.

Rochko claimed that at least five venture capital firms looking to invest in Mastodon had been turned away by December 2022, and that Mastodon's nonprofit status would not be jeopardized.

By the start of January 2023, Mastodon had 1.8 million active users, down 30% from its peak of over 2.5 million active users in early December 2022. On 19 March 2023, Mastodon passed the ten million mark for registered user accounts. In a July 2023 post, Rochko said that monthly active users was trending up and had crossed the 2-million mark. Following Elon Musk's acquisition of Twitter, there has been a surge in the number of users migrating to other platforms. Among these, Mastodon is widely regarded as one of the most promising alternatives in the competitive social media landscape, standing out among others like Threads and Bluesky.

Large and corporate instances
In 2017, Pixiv launched a Mastodon-based social network named Pawoo. The service was acquired by media company Russell in December 2019;  in December 2022, Russell sold it to The Social Coop Limited, a Cayman Islands-based entity affiliated with Web3 firm Mask Network. Pawoo is banned by most instances on Mastodon due to allowing lolicon art.

In April 2019, computer manufacturer Purism released a fork of Mastodon named Librem Social.

Gab, a controversial social network with a far-right user base, changed its software platform to a fork of Mastodon and became the largest Mastodon node in July 2019. Gab's adoption of Mastodon allowed Gab to be accessed from third-party Mastodon applications, although four of them blocked Gab shortly after the change. In response, Mastodon's main contributors stated in their blog that they were "completely opposed to Gab’s project and philosophy", and criticized Gab for attempting "to monetize and platform racist content while hiding behind the banner of free speech" and for "paywalling basic features that are freely available on Mastodon".

In October 2019, the Fourth Estate Public Benefit Corporation released a fork of Mastodon named Civiq.Social.

Tooter is an Indian social networking product launched in September 2020. Tooter is forked (derived) from the main branch of Mastodon software.

In October 2021, former US President Donald Trump founded Truth Social, which is based on Mastodon. Initially, Truth Social did not make its source code available, violating Mastodon's AGPLv3 license. Eugen Rochko sent a formal letter to Truth Social's chief legal officer on 26 October 2021. On 12 November 2021, Truth Social published its source code.

Security
While Mastodon's decentralized structure is one of its most distinctive features, it also poses additional security challenges.

Since many Mastodon instances are run by volunteers, some security experts are concerned about data security and responsiveness to new threats (like high-severity vulnerabilities) considering the difficulty of configuring and maintaining servers as well as uneven skill level among administrators. Errors in instance configuration and security bugs in server implementation has already led to user data being scraped or changed by attackers. It is worth noting that Mastodon collects considerably less personal data, compared to other social media platforms which makes it a lower-value target and potential losses less significant.

Eugen Rochko argues that these issues do not set it apart from other software products that can be hosted by non-professionals.

In 2023, the Mozilla Foundation contracted with Cure53 to perform penetration testing on the Mastodon software, in preparation for establishing an instance for the Mozilla community. The testing discovered several vulnerabilities, including one called "TootRoot" that would have enabled arbitrary code execution and another that would have enabled cross-site scripting attacks through oEmbed cards. These vulnerabilities were patched in July 2023.

Another issue can be content moderation. While Mastodon instances can limit or filter out undesirable types of content, a large-scale harassment and misinformation campaign may require active moderation.

Mastodon currently delays fix for link previews.

Funding
Mastodon is crowdfunded and does not contain ads; as of November 2022, it was supported by 3,500 people. Since 2021 it has been registered in Germany as a nonprofit organization (gemeinnützige GmbH).