A Twitter User's Guide to Mastodon

Does it feel like your Twitter user experience dropped off a cliff lately? Your feed seems lower quality, your mentions are full of obnoxious trolls, and you’re not sure who’s actually verified anymore? Yeah, me to. I recently found that the extreme drop in quality activity was due to much of my community moving over to Mastodon. Things snowballed as more and more quality users moved out, increasing the noise to signal ratio and forcing more people to leave.

I’ve had a lot of question from people trying to switch, so here’s a quick-start guide.

So, what is Mastodon?

Mastodon isn’t a Twitter clone, nor is it trying to be. You can get the same conversation flow as you would on Twitter, but with higher quality. I recommend going in with the attitude that this is a new platform, rather than trying to look at Mastodon as being a 1:1 map of Twitter. You’ll probably find that most of your favourite Twitter features are there, perhaps some better ones, but if you see it as Twitter 2.0, you’ll find it less enjoyable.

The Fediverse

Mastodon isn’t a single platform, it’s a federation. Anyone can set up their own Mastodon server (usually referred to as an ‘instance’). Think of a Mastodon instance as similar to email providers. It doesn’t matter if you sign up for Gmail, Yahoo, Outlook, iCloud, or AOL; you can still send and receive emails to and from anyone on any other provider. Mastodon is the same. You can follow, reply to, and direct message people across instances.

A Mastodon username looks like this @[email protected] where malwaretech is my username and infosec.exchange is my instance. If you’re on the same instance as a user, you may only see their username and not the full address.

Probably the best thing about the Fediverse is you can move your account between instances. If you don’t like your current instance, you can seamlessly transfer all your followers to another.

While the Fediverse makes Mastodon seem like one big social media platform, there are some caveats to be aware of.

Instance themes

Instances typically have a central focus such as a common interest or community. For example, the instance I use (infosec.exchange) is a cybersecurity focused community. On it, you’ll find some of your favourite cybersecurity accounts such a Lesley Carhart, Kevin Beaumont, Alyssa Miller and Rob Joyce.

The main benefit of joining an instance which pertains to your interest is the local directory and feed. Each instance has a local feed tab containing all the posts from anyone on that instance. This is an amazing way to find cool new like-minded accounts to follow.


Each instance is responsible for its own moderation. Moderators have control over both what people can say or do on their instance, and which accounts on other instances can communicate with their instance. In very extreme cases, instances may decide to defederate another (block any and all interactions with that instance). Usually defederation happens when an instance is considered too abusive, malicious, or un-moderated to be worth allowing communication with.

It’s important to find yourself a well moderated instance for the best experience. You can use instances.social to find an instance that fits you, but I recommend just looking at which ones your friends are using. If you’re unsure, try starting with mastodon.social (the largest Mastodon instance), or if you’re in cybersecurity infosec.exchange (the largest cybersecurity instance).

Direct Messages

DMs on Mastodon are a bit weird. They’re basically just posts that are set to only be visible to the person you messaged. The huge gotcha to watch out for is: if you mention someone’s full handle in a DM, it adds them to the conversation, just like tagging someone in a tweet does.

Something to also be wary of is similar to how Twitter staff can read your DMs, so can Mastodon instance staff. If you send a DM to someone on another instance, both the staff on the sending and receiving instance could read your message if they wanted to. Just like on any social media platform, I do not advise using DMs to share sensitive information. Use DMs for normal discussions, or exchanging contacts. Any sensitive information should be sent via an End-to-end encrypted messaging app like Signal, WhatsApp, Telegram, or Wire.

Finding Your friends

You can use https://fedifinder.glitch.me/ to attempt to find your Twitter friends. It searches your following list for anyone with Mastodon handles in their username or bio. It’s not going to find everyone, but it’s a good start. I also recommend updating your own Twitter bio with your Mastodon handle so others can find you.

liberal use of hashtags is also very helpful. It’s how Mastodon users typically find each other inside the network.

Like, retweets, quote tweets, and verification

  • Favorites - Shows the poster appreciation. Works similar to a like, but provides no boost to the content as there is no algorithm.
  • Boosts - work the same as retweets, use this to help increase the reach of good content.
  • Quote tweets - Probably Twitter’s most toxic feature. Mastodon thankfully has no equivalent.

User verification

There is none.

You’ll occasionally see people with ‘verified’ or ‘unverified’ icons at the end of their name. These are just emojis the user put there themselves, usually to mock Twitter.

For people who have websites, you can verify your website by adding a rel=me to the header. For example, mine is: <link rel="me" href="https://infosec.exchange/@malwaretech">

example of website verification Verified websites will show in green with a check to left

Confirm people’s handles via other platforms. Usernames are like emails, [email protected] is not the same user as [email protected].

example of different accounts these are all different accounts.

Interface & apps

For the web interface, if you like TweetDeck, I recommend enabling the ‘Advanced Web Interface’. It’s very similar.

the advanced mode setting

For Apps, there’s a couple choices. I like the Official iOS app, it’s very clean and much better than the web interface. One thing to be aware of is when logging in, the app may not find your instance immediately. Try typing out the full name (i.e. infosec.exchange) then waiting a bit.

Most of the users in my feed have great things to say about the MetaText app. I’ve not tried it yet, but only heard good things.

Unwritten rules & customs

  • Avoid posting about Twitter or Musk. Most people came here to escape the dumpster fire and don’t want to hear about it.
  • Use the Content Warning (CW) feature liberally. It puts a warning and a click to reveal on your post. It’s also nice for collapsing long posts.
  • This is a free open source project. Don’t complain at the devs. Anything you want you can add and host on your own instance.
  • Be friendly. You’ll find people here are much nicer than on Twitter, return them the favor.

Most instances are hosted by individuals and can be costly. If they have a donation page, consider sending them a tip or two. You can also donate the Mastodon developers here.

That’s all

If you have any question, let me know in the comment section (I’ll add common question to the article). See you over other!