It is free Mastodon. Some even say they saw him steal your data. Since the rumors about the death of the social network Twitter, the faithful are rushing to new alternatives, such as the Mastodon network. But is this haven of peace that promises calm and serenity to new users that peaceful? This is the question that Internet users are asking themselves, visibly remaining on Twitter.

In early November, Mathis Hammel, computer security expert in particular alerted of data protection risks on its Twitter account. “A little cybersecurity reminder if you decide to get started on Mastodon: the server owner can access your private messages and your password. So think twice before joining the instance administered by a relative or a colleague”, underlines the latter, before recalling that the same is true for Twitter and many other services on the Web. Should we be afraid of the mammoth social network? 20 minutes make the point.


While Twitter’s blue bird is (perhaps) taking its last breath, netizens are eyeing Mastodon to start a new digital life. Problem, the social network is by no means an Eldorado of the Web. First of all because it is a decentralized network. In other words, it is not on a single server, but on a multitude of “instances” which can be organized completely independently… and therefore follow their own rules, particularly in terms of moderation.

What about confidentiality? As Mathis Hammel explains, the security rules are basically the same everywhere and Mastodon is no better than Twitter in this area. For Florence Sedès, professor at the Toulouse Computer Science Research Institute, there is no point in burying Twitter too quickly, which she considers to be “fairly armored” in terms of data protection. The only problem currently for Elon Musk’s social network, security-critical trades have certainly been asked to leave the company during the layoffs.

Moreover, the expert insists on the terms: here it is more about privacy than cybersecurity. “Your bank, for example, protects your private data but is not immune to security issues. Conversely, you may have a site that leaks your private data, but is armored in terms of security”.

Messages stored and processed

On the side of Mastodon, here is what we can read in its privacy policy “All messages are stored and processed on the server. […] Please keep in mind that server operators and any receiving server may see these messages, and recipients may capture, copy or otherwise share them. Do not share any sensitive Mastodon information.” In short: do not share everything, not all data will be completely protected.

However, the social network promises to protect the information of its users. “Your password is hashed using a powerful one-way algorithm. You can enable two-factor authentication to further secure access to your account,” explains Mastodon’s privacy policy in particular.

A small security lock

In reality, social networks have always used the lowest level of security, according to Florence Sèdes who compares them to locks. “As for the locks of the Canal du Midi, it is the lowest level of flow that determines the flow of the whole, it is the same for the networks. It is the lowest level of security of all these servers that will set a level of security”.

Other social networks have even wanted to go further by installing full encryption of messages, making it impossible to read them. The method is already installed on WhatsApp and could arrive on Facebook Messenger in 2023, explains the digital ones. But Twitter would also be thinking about it (if it doesn’t die by then).

Don’t share everything

However, for Florence Sèdes, the problem of privacy is not only in the protection of data, but also in the information left by the Internet user, without him realizing it. “You expose things, you think they remain in your private domain. Except that this information is never destroyed, there are always copies”, explains the professor who hopes in the future for more education on this question.

It therefore invites users, on all types of social networks combined, to be vigilant about the passwords used… but also about the information disclosed to the general public which could make it possible to find these passwords (the name of your dog for example). And Florence Sèdes recalls: “In the field of cybersecurity, we realize that very often the problem is the human link”.

By admin