Interesting Mastodon Security Article
Interesting topic about Mastodon Security on Ars Technica
Of course, all platforms have these sorts of vulnerabilities, and Mastodon developers and instance admins have been quick to patch them once reported. But other platforms have teams of security engineers, researchers, and compliance specialists who pore over recently patched vulnerabilities to ensure their platform runs up-to-date components. Mastodonβs federated structure canβt replicate this. Expecting volunteers to perform at the same scale as a centralized platform is unrealistic, to say the least.
True, a dedicated security team at a large tech company would theoretically provide better security than a single instance administrator, but (from what I have seen) many admins are thoroughly knowledgeable in tech security & some even specialize in the tech security arena.
Have Mastodon instances been attacked beforeβ½ Yes. Counter Social (a Mastodon-based instance) is a semi-frequent target of hacks. However the instance admin @th3j35t3r@counter.social (also @th3j35t3r@twitter.com) has done a phenomenal at keeping the site up.
Fortunately we have not seen wide spread attacks against Mastodon servers which is probably due to several reasons:
- The Fediverse has yet to cross the threshold of 50 million confirmed active users (they might have crossed this already as many Chinese citizens use Mastodon)
- Mastodon is only one part of the Fediverse, & even if one instance software could be taken down, people would still be able to sign up & create accounts on other platforms
- There is little financial incentive in taking over an instance, due to the lack of personal information available (as Ars Technica explains)
Storing less personal information makes Mastodon a lower-value target and means that even if an instance gets hacked, thereβs less data for a hacker to take. Another thing that is likely to make Mastodon a less likely target is its decentralization. A site like Twitter or Facebook gives hackers the opportunity to steal data for hundreds of millions of people with a single hack. Mastodon's instances have orders of magnitude fewer users.
As more people discover & join the Fediverse, it will be interesting to see how the community adjusts to new security threats that will emerge. Although truth be told I personally believe most future attacks will not come from random hackers seeking to generative a quick fortune, but from governmental authorities attempting to stifle information from citizens.
π¨πΎβπ» by @darnell@darnellclayton.com π @darnell@darnell.day
πΊπΎ Follow my adventures upon:
ππΎ @darnell@one.darnell.one π (Mastodon)
ππΎ @darnell@darnell.moe π¦ (Misskey)
ππΎ @darnell@darnell.ooo πΈ (Pixelfed)
π¦ΉπΎββοΈ WordPress Workarounds:
ππΎ @darnell@darnell.tv π¨πΎβπ» (TeleVerse)
ππΎ @darnell@darnell.africa π (Africa)
ππΎ @darnell@darnell.co π§πΎββοΈ (Creative Outlet)
π₯·πΎ Other Hideaways:
ππΎ @darnell@threads.net 𧡠(Threads)
ππΎ @darnell@darnell.xxx π (Hard News)
ππΎ @darnell@flipboard.com π° (Flipboard)