The promises and problems of Mastodon, a Twitter alternative

Intrigued by Mastodon, a new open-source alternative to Twitter that has fine-grained privacy controls. Sean Bonner took a closer look at Mastodon's currents pros and cons. This is the best article I've read about Mastodon.

I’d assumed that upon joining I could tell people “I’m @seanbonner on Mastodon just like I’m @seanbonner on Twitter.” That turns out to be incorrect. I’m actually and if I want to be or or any of the other instances then I have to create separate accounts on each of those, and there is no way to sync them. This also means that some other Sean Bonner can go sign up as @seanbonner@anothermastodon.instance and judging by how much email I get from other Sean Bonner’s who apply for jobs and join dating sites and register bank accounts without knowing what their own email address is, that is going to be a huge problem at any kind of scale. This is the biggest flaw in my opinion because without the ability to claim your identity across an entire service there is huge potential for confusion and no way to embrace it as a home.

I'm frauenfelder at I'm enjoying it so far!

Previously: Mastodon - like Twitter, without Nazis

Notable Replies

  1. Great idea. Needs to iron out the wrinkles.

    I really want this project to succeed, both for its own sake and to give Twitter an incentive to give users the features they've been asking for.

  2. sme says:

    The analogy with email addresses works perfectly as far as I'm concerned. In fact, I'd say it's Twitter's model of a universal name space for handles that's the problem. Unfortunately, it has lulled many of the early adopters into false sense of satisfaction, as they love their nice short, readable handles. For everyone else, this sucks. The namespace problem will eventually doom Twitter, if it doesn't die of something else first.

    The bigger problem is that if any of the current instances disappear, it seems you lose your Mastadon identity entirely, as the service name is part of the handle. That problem exists for email, but we don't worry about it because we've come to rely on a number of long-lived email services that seem to have the necessary staying power. If gmail ever dies, there will be much screaming. The obvious solution is for universities and large corporations to run their own instances, just as they currently have their own email servers. I'm already talking with my university to explore setting up a Mastodon instance for our faculty and students. I can't see savvy people jumping on board in large numbers until they are offered some assurance their Mastadon instance is here to stay, or someone invents the equivalent of email forwarding for when individual Mastadons die.

  3. Having usernames tied to specific instances will make Mastodon unattractive to businesses: how is any user to tell that CompanyName@instance1 is the official company account, while CompanyName@instance2 is a malicious troll, a spammer or worse? In the Mastodon federated timeline, they could look exactly the same.

    You might say "Good, I'm glad companies aren't going to be all over this the way they are on Twitter." But it's also a problem for individuals whose name is their brand: imagine the fun when we have to sort out which of a crop of @doctorow s (for example) is the genuine article. And as the plague of cloned user accounts on Facebook demonstrates, apparently spammers and scammers can get some mileage out of spoofing ordinary people.

    This is not to say Mastodon can't be useful. It just means that I wouldn't trust anything outside my personal timeline, composed of people who I've chosen to follow -- and verify -- myself.

    Verification might be easier if Mastodon could check explicitly against external resources. To give a simple example of how this could work, imagine you're Dory Coctorow, owner of, and your Mastodon account is dcoctorow@instance1. In your settings on instance1, you tell Mastodon "Verify my identity against"; you then add a '.mastodon' file to the root of your website, and add 'dcoctorow@instance1' to that file. When someone wants to follow 'dcoctorow1@instance1', Mastodon would then be able to cross-check and say "This account has been verified as belonging to the owner of Do you wish to follow them?" An impostor wouldn't be able to do that (although they could, of course, buy the domain '', and set up a fake website on that, complete with a picture of Dory Coctorow's smiling face and book jackets).

    Alternatively, maybe people will only follow accounts they've acquired via some other channel: direct from the person themself, published on their website, or whatever.

    Mastodon seems to demand a certain level of wariness. Maybe that's a good thing. We're under the illusion that we don't need to be wary on Twitter, but spoof accounts can thrive there too. If using Mastodon means being more cautious generally, that might not be so bad.

    I'm more concerned with the idea that if an instance goes away, your whole identity and history goes with it. If it turns out that 'instance1' was actually maintained by one random guy who just got fatally gored by a rogue bison and isn't paying his hosting bills any more, you can't just hop over to 'instance2' and carry on uninterrupted. The way around that, of course, is for everyone to run their own instance, but that may be beyond the technical abilities of most folks.

  4. Instead of "Mastodon," what if they called it "No Donalds?"

Continue the discussion

20 more replies