A good reminder that Mastodon posts are very public

Posted by Matt Birchler
β€” 3 min read

I know, I'm writing a lot about Threads recently, but I think it and it's future federation are just super interesting. Anyway, this post was making the rounds a bit this week, and it basically lists all the bad things Meta has done over the years, which is fair enough. It basically discusses how once Threads federates with the rest of the ActivityPub world, people who post to Mastodon may have their content replicated on Meta's servers. Read the article to get more info, but this is basically the issue they're explaining:

Whenever you post something to your own Mastodon account, that post is stored on your server, but then it's also saved to every server where someone follows you. You can prevent this step by having your server admin block entirely, which will prevent anyone on Threads from following you. This in turn prevents any of your posts from syncing to the server. However, if someone on another Mastodon server boosts one of your posts and someone on Threads follows that person, then your post will sync to This is a problem for people who never want Meta to see what they post to Mastodon.

I tried to make that as simple as possible, but federation is weird and I don't blame you if you can't quite follow perfectly. Essentially it means that you can't reasonably block 100% of your posts from ever touching Meta's server.

But then this top comment on Hacker News I thought did a quite good job of explaining why this concern is a bit odd.

If you have personal information you do not wish bad actors to see, do not publish it using an open protocol explicitly designed to allow anyone to read said information.

Mastodon is open, unencrypted social networking. Here's a post on my personal server that you can just grab today. You are not able to make an account there, but you can see everything posted there just fine. I'm not saying you need to shut up and be quiet online if you are in a marginalized group, but Mastodon is very open to the wider net already.

Let's consuder this another way. You're reading this blog post right now even though you can't log into my Ghost account, let alone my server. You may even be reading in an RSS reader or read-later app like Matter or Readwise. Maybe you found it through Google, which scraped the page and indexed it. My point here is that you didn't need to use federation to access, analyze, duplicate, and archive it.

Defederating from Meta as a solution is stupid - Meta can (and will if they actually care enough) just rejoin undercover.

This is technically true, although it delves a bit into the "Meta is a bunch of evil humans who want to fuck over everyone because it's the only thing that brings them joy" territory. As mentioned above, Mastodon posts are public anyway, so being sneaky doesn't seem necessary.

There could be an argument made that federating means Meta will get all this information more easily than other scraping methods, so I will conced that they could try to federate with a random domain and hope no one notices.

Furthermore, when it comes to the fediverse, Meta is actually one of the more trusted actors compared to whatever else is on there - at least they're a known legal entity instead of some random.

This is true as well. Despite the many problems with Meta, they are a publicly traded company who has tons of scrutiny on them when it comes to privacy and security, and they have many people dedicated to this work (again, even if they don't always get it right). How confident are you that the random person you don't know and just so happens to own a cool domain that runs your Mastodon server would do if law enforcement served them a warrant? Do you even know they're not backing up all posts to their personal computer?

Finally, the fact that publishing private information publicly on the fediverse wasn't considered an issue before Meta came along shows just how irrelevant the whole thing is - the data has been public all this time, but the network is so irrelevant that not even bad actors cared enough to actually scrape it (or at least do anything with it).

A little flippant, but yeah, your Mastodon posts have always been public, accessible to all the big tech companies as they scrape the web, and completely accessible to anyone who wanted them. As I've said before, it's very reasonable to be weary of Meta for many reasons, but in my opinion this whole situation is a very good reminder that the stuff we're all posting to Mastodon is very public and we're typically trusting our data with individuals who don't have the motivation or the means to protect our data if someone scary comes looking for it.

Mastodon is for everybody, but it definitely has drawn a crowd that's more anti-Meta than the general public. If Meta has fucked you or people like you over in the past, then by all means look at them theough thr harshest lens possible. I just think this is a good example of why posting to the open web with open standards cuts both ways: everyone can see what you're saying.