Mastodon logo

How to get started on Mastodon

In the last few weeks we’ve seen a lot of tweets from the cybersecurity community about moving away from Twitter and on to Mastodon. It is hard to get people to switch social media, but in the four days following billionaire Elon Musk’s acquisition of Twitter, Mastodon recorded 120,000 new users and the Mastodon chatter seems to have increased since, not decreased.

Mastodon is an alternative social network that looks a lot like Twitter. The major differences are that Mastodon is not a single website, and it isn’t owned by a single corporate entity. The platform is open source, and consists of a set of independent but interlinked communities known as the “Fediverse” (federated universe). Unlike Twitter, Mastodon data isn’t held by a single organization. At the moment the number of active users is about 1 million per month. It is ad-free, community-supported, and it uses anti-harassment tools.

Choosing a community

As well as a web interface, Mastodon has official mobile apps for iOS and Android. I signed up using my web browser.

The first thing you do when you join Mastodon is pick a server and make an account there. Different communities hang out on different servers. This deserves some attention, becasue every server is operated by an independent organization or individual and may operate its own moderation policies.

You can find servers based on region or subject. Some servers accept new users automatically and others will review your application before accepting you. Choosing one server does not block you from enjoying others though. Any Mastodon user can communicate with any other Mastodon user.

Mastodon server choices

To sign up for a server you will need to register your new account. You’ll need a username, a safe password, and a valid email address. We recommend you set up two-factor authentication too.

setting up a Mastodon account

After you register you’ll receive a confirmation email. If it doesn’t arrive, check your spam folder. After completing the verification process you’ll receive a welcome email that offers you some options to customize your account and settings.

a lot of setup options

The same email also contains your full handle, which will look like this @[username]@[instance]. This is what you will need to advertise if you want people to follow you on Mastodon.

If you like, you can follow me but no promises yet that I’ll be very active.

I recommend you read the tutorial when you first log in, then adapt your profile and settings to your liking before you start following other users. Some options are worth mentioning. The Require Follow Requests option lets you approve requests from people who want to follow you. If you’re wary of stalkers, this is a good option to have checked. It helps you keep track of Follow requests.

Another feature you may find useful that I haven’t seen anywhere else is Automated post deletion. This lets you set a lifespan for your posts, after which they are automatically deleted. And it allows you to make exceptions to that rule, so you can keep your most valuable posts.


Posting (or tooting as it was originally called, and still is on some servers) can be done from the left hand side of the main screen.

posting a toot or tooting a post

There are several ways to add an image: By clicking the “add a file/picture” paperclip/camera icon, pasting an image from your clipboard, or dragging a photo over the page.

After posting, you post will become visible in your feed.

my first toot has a picture of my dogs


As we pointed out a few years ago, the decentralized setup of Mastodon also has some disadvantages.

  • Your Mastodon direct messages are stored in plain text. They can be read by the administrator of the server you have joined.
  • It is harder to find people to follow on Mastodon. Taking your friends with you takes some coordination.
  • Although your full handle is unique, your username can exist on other servers. (If the band wants to use my handle, I can’t stop them.)
  • Different servers use different names for the same thing, which makes explanations complex.
  • Getting started takes a bit of probing and trying what works for you. We hope that this post helps a bit with that.

The option to delete your Mastodon account has been added after the referenced post was written. And a crude method to verify your account by linking back to your Mastodon account from your website.

Mastodon is one of the options to replace Twitter, but history has proven that it is hard to say goodbye to a household name. We’ll have to wait and see how it pans out, but at least I’m ready for the future now.

We don’t just report on threats—we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.


Pieter Arntz

Malware Intelligence Researcher

Was a Microsoft MVP in consumer security for 12 years running. Can speak four languages. Smells of rich mahogany and leather-bound books.