Welcome back, friends: and, happy 2026. Our team is anticipating a lot of exciting developments this year! As we write this update in early January, FOSDEM is just a few weeks away. We will have a stand at the event for the third year in a row, where you’ll be able to talk to folks from the team. If you’ve visited us at FOSDEM in the past, you should expect a different setup this year. We will have less merchandise to pick up from us in person, for logisical reasons: you can still order merch online, but we don’t plan to have t-shirts, plushies or mugs with us this year, only some of the smaller items. Apart from our table, we also have a presence in a couple of devrooms. Our Community Director, Hannah will be on stage in the Social Web Devroom with a session entitled Tending the Herd, and will be on a panel on another track as well. We hope to meet some Trunk & Tidbits readers in the Social Web Devroom, so please say hello 🫶🏻 Releases In the past week, we released versions 4.5.4, 4.4.11, 4.3.17 and 4.2.29. These versions contain fixes for various bugs, and include important security fixes (one high severity, and one moderate severity). We recommend that all server administrators update to the new point releases for the Mastodon version they are running. Note the end-of-life dates. Mastodon v4.2.29 will be the final update for the Mastodon v4.2 branch. Coming up, he 4.3 branch will reach EOL on May 6, 2026. Backend and Web In December 2025 we reviewed and merged 183 Pull Requests (137 with translation and dependency updates removed) from 10 contributors. A quieter month - mostly as expected at this time of year, when folks take a break for the holiday. Thank you to everyone who helped with code contributions and issue triage. interface Wrapstodon (our end-of-year summary of your activity) was updated, based on feedback from last year. It no longer requires action from administrators, and is enabled for everyone (but, it can be disabled). It is now generated on-demand, and has a new appearance. — PR #37093 (by diondiondion) — PR #37055 (by ClearlyClaire) — PR #37106 (by ChaosExAnima) — PR #37109 (by ChaosExAnima) — PR #37121 (by ChaosExAnima) — PR #37169 (by diondiondion) — PR #37188 (by ClearlyClaire) — PR #37273 (by ClearlyClaire) api The work on Collections (formerly known as starter packs) is continuing, and the first APIs are implemented. This is still highly experimental and will change. — PR #37053 (by oneiros) — PR #37110 (by oneiros) — PR #37117 (by oneiros) — PR #37139 (by oneiros) ui There is an ongoing refactor aimed at improving our theming system. This will allow 3rd party themes to support a user setting for dark/light mode 😎 — PR #37095 (by diondiondion) backend Fixed an issue where Referer headers were not sent even if the administrator configured them to be sent. — PR #37107 (by ChaosExAnima) ui Fixed YouTube embeds not being displayed. — PR #37126 (by ChaosExAnima) — PR #37139 (by oneiros) iOS We shipped 2025.09 with Liquid Glass controls, better scrolling on iPad, some crash fixes, and a few more localized languages. It was followed quickly by 2025.10, to correct the appearance of the new Liquid Glass icon on the App Store. Community If you like the multi-column view of Mastodon’s Advanced Mode, you might also like to take a look at FediDeck, an in-progress app with some similarities. It is marked as alpha, so be kind! If you’re an iOS user, our friends at Tapbots shipped an update for Ivory with support for Mastodon’s consent-respecting quote posts feature. Finally, Fediway is “a recommendation engine for Mastodon” that you may be curious to investigate. As always: if you’re building with the Mastodon API, let us know! We Appreciate You As we enter a new year, we’re tremendously grateful for your support and contributions. We’re building a people-powered social web, and depend on your donations. Please click below to help out. Thank you! Thank you for supporting Mastodon We develop and maintain the free and open source software that powers the social web. There is no capital behind this — we rely entirely on your support. Donate to the project View our sponsors

We are happy to release our 2024 Annual Report. We’re a non-profit, and open-source; we value transparency, and we are committed to informing our users and supporters about how we operate. Our 2024 was transformative in ways we didn’t anticipate, and we wanted to capture the full story before sharing it with you. As you’ll see in the report, a lot happened in 2024; and 2025 brought along new challenges and accomplishments, which we look forward to sharing with you much sooner this time. So: what’s inside? As always, we’ve got a lot of numbers, recaps, and details to share! How did we expand our budget? How many additions did we make to our small and ambitious team? What did we achieve, and how did our progress prepare us for the changes that arrived in 2025? You will find answers to questions like these in the report. DownloadPDF, 4.2MB Thank you to our designer Pierre Vincent for another visually delightful annual report, and to Dopatwo for some cute new illustrations. Thanks also to the team for their efforts in putting this together - especially Zora, for the coordination 🙏🏻 We extend extra special thanks to you, our supporters, for your patience and generosity. Your donations enable us to continue building a better social web. Thank you for supporting Mastodon We develop and maintain the free and open source software that powers the social web. There is no capital behind this — we rely entirely on your support. Donate to the project View our sponsors

Elon Musk’s X platform has blocked the European Commission from making advertisements, presumably in response to the €120 million fine for its misleading verification system and overall lack of transparency. We’re grateful to Elon Musk for proving once again why the world needs to log off corporate-owned, centrally-controlled social media platforms and log on to a better way of being online. The world needs an open social web through the fediverse and Mastodon. Calls for public institutions to invest in digital sovereignty are increasing across civil society. The term digital sovereignty means that an institution has autonomy and control over the critical digital infrastructure, data, and services that make up their online presence. Up until this point, social media has not been a part of this conversation. We think it is time to change that. In any free society, it is the right of every citizen to access and comment on the news, decisions, and reasonings of their government. We believe it is a government’s responsibility to ensure this right for its constituents. Public institutions should communicate with their citizens on open platforms, not ones that require creating an account and sending personal data to a self-serving tech company. Today, institutions often communicate through the censorious filter of corporations that do not have the best interests of people or society at heart. They let their message be governed by the whims of out-of-touch and overpaid people who believe they should have unchecked power. We cannot let this stand. Mastodon offers a path forward for any institution that wants to take control of their communications, and we can help you get started today. One of the tools these corporate social media platforms use to control an institution’s communications is the algorithm. Platforms strategically tune their algorithms to make it difficult, if not impossible, for institutions to reach their people without paying the platform ad money. Musk’s move to turn off the European Commission’s advertising capabilities feels like a perverse power play over a legitimate fine, one that effectively silences a crucial avenue for public discourse. We should be horrified that any single individual can wield such influence over the relationship between governments and the people they represent. We should be especially concerned when that individual doesn’t think our governments should exist in the first place. Mastodon’s chronological timeline means that no institution needs to game an algorithm to keep their people informed. By using hashtags, it’s easy for people who care about the topics you discuss to find you. What’s more, your constituents don’t need to be on Mastodon to follow your posts. They can subscribe via open protocols like RSS and soon via email. When it comes to the source of the fine in the first place—X’s infamous blue checks, a.k.a. verification—Mastodon also offers a better way. We empower people to verify themselves by linking their social profile to their official (or personal) website. This allows for greater transparency and trust than relying on the often less-than-reputable verification practices of a single corporate entity, especially one that is willing to sell reputation for a low monthly fee. (Meanwhile, another corporate social media platform made $16 billion, 10% of their 2024 revenue, from advertisements for scams and banned goods.) In an era where information is power, it’s disheartening to see our institutions yield so much to the whims of industry and individuals. In contrast, the European Commission is leading the way in taking ownership of social sovereignty on behalf of their people. They own a Mastodon instance, ec.social-network.europa.eu, to reach Europeans directly and keep them well informed. Mastodon is proud to help them manage the technical side of things. If you are someone on the fediverse who would like to see their government own their social sovereignty, we encourage you to get in touch with your local representative and tell them why you think they should start using open social media networks like the fediverse. We’re starting a thread on Mastodon of resources to help you get in touch with your local representative here. By making the news and truth contingent on advertising budgets we’ve created an environment where any narrative can win, as long as the storyteller is willing to pay. If we allow these conditions to continue, we will leave behind the voices that truly matter; the people and their public institutions. It is critical that those voices not be silenced forever. The promise of the fediverse is the promise of a better way forward: free from ads and manipulative algorithms, a place built by and for people like you, where our sovereignty is a right and not a privilege. It will take all of us working together to build a better way of being online. If you want to start an instance or have ideas about how we can encourage more institutions to take control of their social sovereignty, get in touch with us at hello@joinmastodon.org.

Hello, friends! Last month was momentous and exciting: we announced a new organisation structure; Eugen changed roles; and, we also announced a new path for donors to support us in Europe, thanks to fiscal sponsorship from WE AID. Alongside these changes, we’ve also started a series of social posts to encourage folks to visit the new donation portal. You may see these posts, with a #SupportMastodon hashtag - feel free to boost them, to spread the word about our mission 🙏🏻 Oh, and also, this happened… 🎉 Post by @shlee@aus.social View on Mastodon Events in November, and ahead Andy was at Decidim Fest in Barcelona, as part of the panel “Can Decentralization Fix Social Media?”. There were some lively conversations about digital sovereignty and technical standards, but the core of the event itself was participatory technology for democracy. The concept that civic institutions should own their own social channels, aligns strongly with Mastodon’s own vision and values. Felix joined the in-person Fediforum track at SFSCon in Bolzano, Italy. It was great to connect with a number of our friends from around the Fediverse. Last month also saw the European Digital Sovereignty Summit held in Berlin. Our new Executive Director Felix, and our Chief of Staff, Philip, were able to attend, and connect with other organisations that share a similar mission to Mastodon. Looking ahead into early 2026, we will have a stand at FOSDEM. We’re excited to be heading back to Brussels, where we will also be present in the Social Web Devroom. Releases The current stable release of Mastodon is 4.5.3, released yesterday (alongside 4.4.10, 4.3.16 and 4.2.28): Post by @MastodonEngineering@mastodon.social View on Mastodon During November, we shipped two fixes for the 4.5 release (4.5.1, 4.5.2), and backported equivalent updates for the 4.4 and 4.3 branches: version 4.4.9 and version 4.3.15. We recommend that all Mastodon server owners should be running the latest point version for their release branch, and ideally, to upgrade to the newest stable version of Mastodon. Please pay attention to the upcoming end-of-life dates. The 4.2 branch will no longer receive updates after January 8, 2026, and the 4.3 branch will reach EOL on May 6, 2026. Backend and Web In November 2025 we reviewed and merged 237 Pull Requests (159 with translation and dependency updates removed) from 20 contributors. This was huge. We appreciate the contributions! interface The experimental theme_tokens feature flag as well as our legacy styles have been removed from our codebase, and our new theme tokens (based on CSS variables) are now live on mastodon.social and mastodon.online (and any other servers using our nightly builds). If you are maintaining a third-party theme or a server with custom CSS, now is a good time to ensure your styling tweaks play well with this update. — PR #37056 (by diondiondion) new feature Implementation of “Collections” (our take on Starter Packs) has begun. We are slowly laying foundations, so nothing to see yet, but we are getting there! — PR #37049 (by oneiros) — PR #37020 (by oneiros) — PR #37005 (by oneiros) — PR #36977 (by oneiros) interface Added notifications about interactions between quote posts and Direct Messages — PR #36696 (by ChaosExAnima) interface Updated the media modal with smoother scrolling experience — PR #36673 (by ChaosExAnima) (and multiple others) interface Fixed issues with emoji caching and web worker — PR #36808 (by ChaosExAnima) — PR #36897 (by ChaosExAnima) interface Fix post and keyboard navigation issues — PR #37052 (by diondiondion) (and multiple others) interface Move “Privacy and reach” from “Public profile” to top-level navigation in settings — PR #27294 (by ChaelCodes) interface Fix duplicated counters in some languages — PR #32614 (by xatier) — PR #36844 (by ChaoxExAnima) interface Improve viewing non-public hashtag pages when not logged in — PR #36961 (by diondiondion) interface Prevent vertical videos from overflowing the viewport — PR #36966 (by diondiondion) developer Fix Accept headers when fetching ActivityPub objects to match spec (AP integrity/interoperability) — PR #30354 (by TheOneric) api Fix /api/v1/statuses/:id/context sometimes returning Mastodon-Async-Refresh without result_count — PR #36779 (by ClearlyClaire) admin Increase HTTP read timeout for expensive S3 batch delete operations — PR #37004 (by ClearlyClaire) — PR #36971 (by ClearlyClaire) — PR #36996 (by ClearlyClaire) admin Increase nginx proxy_read_timeout to avoid long-request failures — PR #30599 (by shleeable) admin Optimize nginx location blocks — PR #19644 (by Izorkin) admin Fix tootctl status remove removing quoted posts and remote quotes of local posts — PR #37009 (by ClearlyClaire) admin Separate remote thumbnails into cache/ directory — PR #36911 (by shugo) admin Add systemd service file for Prometheus exporter — PR #35130 (by ThisIsMissEm) admin Rely on Puma default environment and remove legacy AR connection boot from Puma config — PR #36760 (by mjankowski) — PR #36757 (by mjankowski) Android We released an update that adds loading all replies, and several smaller updates that improve the stability of the app. iOS We shipped version 2025.08 on December 1st, with better loading and scrolling performance, an all-new audio player, and improvements to video playback. Major work on rewriting/refactoring is starting to pay off as more areas of the app are replaced with new multi-purpose code and old code files are deleted. This version also saw us replace our complex and outdated localization system with modern .xcstrings format files, which will be much easier for developers and translators moving forward. DevOps If you have an interest in our Helm charts to deploy Mastodon, we would like to hear from you. Post by @MastodonEngineering@mastodon.social View on Mastodon Documentation Shout-out to Matt Jankowski for a huge effort on issue triage & merge support, closing 81 issues in total (most of which merged fixes and updates), backed by 13 contributors in total. Translations We’ve posted a call for proofreaders for translations across our apps and website. If you are already translating our apps and would like to coordinate the work for your language, see this discussion post. If you would like to help translating Mastodon into your language, you can join the many volunteers who already do so on Crowdin: for the web app, the iOS app and the Android app. Community Version 3.2.0 of Pachli for Android was released just over a week ago; it includes support for Quote Posts, and makes lots of useful search options available. Version 7 of Mona for iOS will be available soon. Reminder that if you’re building on the Mastodon API, we’d love to hear about your project. Thanks That’s it for another month of behind-the-scenes updates. We’re grateful for your support for our mission. Please donate to help us if you are able. Thank you for supporting Mastodon We develop and maintain the free and open source software that powers the social web. There is no capital behind this — we rely entirely on your support. Donate to the project View our sponsors

We are happy to announce fiscal sponsorship via WE AID, a German nonprofit organisation that supports charitable projects within an established legal framework. This move is part of Mastodon’s transformation. This partnership offers donors tax-deductible contributions in Germany and ensures verified integrity through WE AID’s oversight. It also enables Mastodon to operate as a nonprofit entity, strengthening our commitment to a user-first, community-driven platform, free from algorithmic manipulation and corporate control. With WE AID’s support, Mastodon joins the ranks of nonprofit tech pioneers we have long admired, like Wikipedia, Signal, and Tor. This move reinforces the digital commons as a shared resource: not a corporate asset. Through this partnership, WE AID provides Mastodon with the infrastructure to continue to thrive as a public-benefit project, rooted in Europe. Together, we’re proving that social media can be community-owned, ethically governed, and globally accessible. Mastodon’s home, the Fediverse, mirrors Europe’s own decentralised ethos. Just as the European Union is home to diverse cultures, languages, and jurisdictions, the Fediverse empowers communities to connect across barriers, fostering unique spaces, no matter their size, for linguistic, cultural, and technical diversity. This alignment embodies the EU’s vision of unity in diversity, ensuring the digital commons remain open, inclusive, and resilient. Thank you for supporting Mastodon We develop and maintain the free and open source software that powers the social web. There is no capital behind this — we rely entirely on your support. Donate to the project View our sponsors

Earlier this year, we announced that Mastodon would be transitioning its legal and operational structures to better reflect our mission. Today, we’re marking another momentous step in this ongoing process as our Founder and now former CEO Eugen Rochko begins his transition into a new role with Mastodon. We are thrilled that he will continue on in an advisory role with our team. In this post, we’re looking ahead to what comes next. We’re pleased to introduce Mastodon’s new leadership team, and share some other exciting updates. Meet The Team When we first set out to design a leadership structure for Mastodon, our aim was to represent the needs of Mastodon as a software project, and the needs of the people that make up the Mastodon community. We also wanted to create a structure that would balance fast decision-making with including more voices at the table. Executive Director: Felix Hlatky Felix has been involved with Mastodon since March 2020. He cares about Mastodon and the Fediverse because it feels like the single most impactful project touching diverse areas such as freedom of expression, politics, media, and technology. As Mastodon’s Executive Director, he’s excited to grow the user base across Mastodon and the Fediverse. His goals include simplifying the process of running servers safely and efficiently, expanding the team to better compete with commercial platforms, and ensuring the project’s long-term financial sustainability, so Mastodon can remain independent forever. You can get in touch with him at @mellifluousbox@mastodon.social. Technical Director: Renaud Chaput Renaud has been involved with Mastodon since late 2022, first working on the project infrastructure, then as CTO. Over the last three years, he’s been instrumental in growing the Mastodon engineering team (now nine people), shipping new features, and establishing more efficient development processes. He’s excited to continue building a strong and modern open-source social media platform as Mastodon’s Technical Director. You can get in touch with him at @renchap@oisaur.com. Community Director: Hannah Aubry Hannah has been involved with Mastodon since early 2023, first as a partner and champion of the project during her time running the Fast Forward program at Fastly, then as a volunteer on our outreach team. Earlier this year, she joined our Board of Directors. In her role as Community Director, she’ll oversee the strategy and growth of Mastodon’s community and trust & safety programmes. She brings her valuable experience in community, social media, and free and open-source software. You can get in touch with her at @haubles@hachyderm.io. Hannah, our former team-mate Inga, Felix, and Eugen. Friend-shaped #plushtodon, too! An extended leadership team includes Eugen Rochko, Andy Piper, and Philip Schröpel. As Strategy & Product Advisor, Eugen will leverage his deep knowledge about the Fediverse / social media and product expertise to support Mastodon’s long-term vision and development. Andy will continue in his role as Head of Communications, and Philip as Chief of Staff. Our next step is to build more ways for the community to get involved with Mastodon at all levels. Our efforts to define community governance are well underway, and we’re looking forward to getting everyone involved in that soon. With that in mind — are you someone who wants to get involved with Mastodon? We’d love to hear from you! Organisational Update A vital aspect of our restructuring initiative is transitioning Mastodon to a new European not-for-profit entity. Our intent is to form a Belgian AISBL as the future home of the Mastodon organisation. As an update on our current status, Mastodon is continuing to run day-to-day operations through the Mastodon gGmbH entity (the Mastodon gGmbH entity automatically became a for-profit as a result of its charitable status being stripped away in Germany). The US-based 501(c)(3) continues to function as a strategic overlay and fundraising hub, and as a short-term solution until the AISBL is ready, the 501(c)(3) will own the trademark and other assets. We intend to transfer those assets as soon as the AISBL is ready. To enable tax-deductible donations for German donors, we partnered with WE AID as our fiscal sponsor. In the meantime, we’re moving forward with defining who we are, how we operate as a team, and how we engage more transparently with the community. To start, we sat down and defined our vision, mission, and values. We’ll be publishing these on our blog soon. Stay tuned! A Fundraising Update When we announced our restructuring earlier this year, we asked for your help with fundraising, to support us in furthering our efforts around usability, discovery, and trust & safety. With their express consent to disclose, we deeply appreciate the generosity of Jeff Atwood and the Atwood Family (EUR 2.2M), Biz Stone, AltStore (EUR 260k), GCC (EUR 65k), and Craig Newmark. We’re excited to share how we’ve put your contributions to good use. One of our main expenditures from the fundraising initiative has been hiring across our engineering, product, marketing, and operations. Our larger team is making it possible to move faster on important new features like launching Quote Posts, co-developing Mastodon’s Collections (our take on “Starter Packs”), and thinking big thoughts about Mastodon v5.0 (👀). What’s more, our larger team has made it possible to launch our commercial service offerings — an important step to ensuring organisations without the technical and moderation resources to start a Mastodon server can finally do so while contributing to our long-term financial sustainability. For our team, a vital aspect of getting this restructuring right was making sure that Eugen was compensated fairly for Mastodon’s brand trademark, assets, and the 10 years he spent building Mastodon into what it is today (while taking less than a fair market salary). Based on replacement costs, Eugen’s time and effort, and the fair market value of the Mastodon brand, its associated properties, and the social network, we settled on a one-time compensation of EUR 1M. We are deeply grateful for his past contributions, and look forward to his contributions still to come. We want to thank the generous individual donors that participated in our fundraising drive. We put individual donations entirely towards Mastodon’s operations (primarily, paying our full-time employees to improve Mastodon), which totalled EUR 337k over the past 12 months (September 2024 - September 2025). We also want to thank the law firm Paul Hastings for their generous support by advising us pro bono. What’s Next So what’s next for our team? A different configuration but the same mission: Ensure that our online social spaces belong to the people forever, and provide a safe place for public discourse. If you believe in that mission too, we’d love your support. Grassroots efforts like Mastodon and the Fediverse require creative and monetary contributions from their communities to survive. It will take all of us working together to build resilient, governable, open and safe digital spaces.

After nearly 10 years, I am stepping down as the CEO of Mastodon and transferring my ownership of the trademark and other assets to the Mastodon non-profit. Over the course of my time at Mastodon, I have centered myself less and less in our outward communications, and to some degree, this is the culmination of that trend. Mastodon is bigger than me, and though the technology we develop on is itself decentralized—with heaps of alternative fediverse projects demonstrating that participation in this ecosystem is possible without our involvement—it benefits our community to ensure that the project itself which so many people have come to love and depend on remains true to its values. There are too many examples of founder egos sabotaging thriving communities, and while I’d like to think myself an exception, I understand why people would prefer better guardrails. But it would be uncouth for me to pretend that there isn’t some self-interest involved. Being in charge of a social media project is, turns out, quite the stressful endeavour, and I don’t have the right personality for it. I think I need not elaborate that the passion so many feel for social media does not always manifest in healthy ways. You are to be compared with tech billionaires, with their immense wealth and layered support systems, but with none of the money or resources. It manifests in what people expect of you, and how people talk about you. I remember somebody jokingly suggesting that I challenge Elon Musk to a fight (this was during his and Mark Zuckerberg’s martial arts feud), and quietly thinking to myself, I am literally not paid enough for that. I remember also, some Spanish newspaper article that for some reason, concluded that I don’t dress as fashionably as Jeff Bezos, based on the extremely sparse number of pictures of myself I have shared on the web. Over an entire decade, these tiny things chip away at you slowly. Some things chip faster. I steer clear of showing vulnerability online, but there was a particularly bad interaction with a user last summer that made me realise that I need to take a step back and find a healthier relationship with the project, ultimately serving as the impetus to begin this restructuring process. As for what the legacy of my run will be, I find hard to answer. For one, I think it is not up for me to judge. On the other hand, it is as much about what didn’t happen as it is about what did. I’ve always thought that one of the most important responsibilities I had was to say “no”. It is not a popular thing to do, nor is it a fun thing to do, but being pulled into too many different directions at once can spell disaster for any project. I’d like to think I avoided some trouble by being careful. But I’m also aware that my aversion to public appearances cost Mastodon some opportunities in publicity. Ultimately, while I cannot take sole credit for it, I am nevertheless most proud of how far we’ve made it over these last 10 years. From the most barebones project written out of my childhood bedroom, to one of the last remaining and thriving pieces of the original, community-centred internet. I have so much passion for Mastodon and the fediverse. The fediverse is an island within an increasingly dystopian capitalist hellscape. And from my perspective, Mastodon is our best shot at bringing this vision of a better future to the masses. This is why I’m sticking around, albeit in a more advisory, and less public, role.

We started the Trunk & Tidbits series to provide greater visibility into what we’re building, and the decisions that go into making Mastodon. At the start of October, we published our ideas on an upcoming feature - that we’re temporarily describing as “Packs”, or collections or lists of people to recommend to follow. As with our work on Quote Posts, we’re publishing our thinking early, and intend to follow up with a Fediverse Enhancement Proposal to share with the broader Fediverse community. Also, following on from our announcement of service offerings, we were excited to share the news that AltStore are making the Fediverse their home, including generous donations to a number of projects, and the launch of a new Mastodon server. Post by @Mastodon@mastodon.social View on Mastodon On a completely different note, we also shared that the adorable #Plushtodon is making a comeback 🥳 this time in two colours and a more compact form factor, but still perfectly squeezable. Look out for new mug designs, too - all of these should be hitting the merch store later this month 🤞🏻 Events October was a busy month of events for the team. We kicked off with Andy speaking at Berlin Fedi Day in Germany, to talk about sovereignty, freedom, and hope. Andy was also on stage at EmpoderaLIVE in Malaga, Spain, to talk about Mastodon and the Fediverse. You can watch the interview (on YouTube) in English, or with a Spanish translation. Post by @espiritusanto@mastodon.social View on Mastodon Several members of the team dropped in to sessions at Fediforum online, and hosted a conversation about Packs. Felix attended a number of discussions around policy, cooperation, and healthy online spaces at OSCE on his “home turf” in Vienna, Austria. It remains vital that we engage in these conversations with organisations to spread awareness and understanding of the Fediverse. Post by @mellifluousbox@mastodon.social View on Mastodon Releases Mastodon 4.5 is now available as the latest stable release of the software. This follows three release candidates during October. Mastodon 4.5 brings the long-awaited consent-respecting quote posts feature (FEP-044f), as well as greater customisation for server owners, and other features (see the announcement post). As we approached the release, we published a blog post all about the changes that developers need to know about in Mastodon 4.5. For previous stable release branches, we also shipped: version 4.4.8 (and 4.4.6 and 4.4.7 before that) version 4.3.14 version 4.2.27 As always, we recommend that all Mastodon server owners should be running the latest point version for their release branch, and ideally, to upgrade to the newest stable version of Mastodon. There are a lot of new features in version 4.5, particularly since this release makes display and authoring of quote posts available to everyone. The release of Mastodon 4.5 also updates our list of supported versions, and upcoming end-of-life dates. In particular, the 4.2 branch will no longer receive updates after January 8, 2026, and the 4.3 branch will reach EOL on May 6, 2026. Looking ahead You will find that the Roadmap page on the website has had a complete overhaul. We know that the previous roadmap was outdated and did not reflect what we are currently working on, or considering for future versions - particularly with our expanded team and the increased pace of development. The page is now simplified into: features we’ve recently shipped (current stable release); those we are actively working on (for the next major release); and those we are exploring (this may include research and specification work, usually for a version after the next major update). The road map is simply to provide a little more insight into where the team’s efforts are directly focused. The existence of this page and its contents, does not exclude other changes and adjustments that we make along the way. Backend and Web Reflecting the pace of change in the final weeks before 4.5 shipped, we reviewed and merged 202 Pull Requests (134 with translation and dependency updates removed) from 21 contributors. It was a huge month. We appreciate the support and contributions from the community. interface The refactor of Mastodon’s UI colours to use semantic theme tokens is almost complete. We’re planning to merge this change in two phases starting soon after Mastodon 4.5 is released. This is a large PR with countless changes across our SCSS files, and very likely to affect third-party themes and forks. Please let us know your feedback or any concerns directly in the Pull Request. — PR #36640 (by diondiondion) interface We updated our supported emoji to 16. — PR #36501 (by ChaosExAnima) interface Refactored the Emoji handling code to be more efficient, simpler to work with, and allow rendering native emojis instead of the Twemoji SVGs, depending on the user browser and preference. admin Added granular settings for the various live feeds. — PR #36338 (by ClearlyClaire) — PR #36607 (by ClearlyClaire) interface Improved display of CWs, link previews and quote posts in the admin UI. — PR #35958 (by ThisIsMissEm) — PR #35935 (by ThisIsMissEm) — PR #35964 (by ThisIsMissEm) new feature Small fixes and improvements to the ‘fetch all replies’ widget, and periodic checks for new replies. — PR #36334 (by diondiondion) — PR #36383 (by diondiondion) — PR #36547 (by diondiondion) developer Changed the identifiers used in ActivityPub URLs for new users to not contain the username, which will enable account renames (for these accounts) in a future version. — PR #36316 (by ClearlyClaire) — PR #36365 (by ClearlyClaire) new feature Added a new setting to allow one-click boosting, which moves the quote option into the status three dots menu. — PR #36516 (by diondiondion) new feature Changed the minimum characters required for a logged out account search from five to three. — PR #36487 (by Gargron) api Enabled receiving “modern” RFC 9421 HTTP signatures for all servers. — PR #36610 (by oneiros) api Added support for Update to non-natively handled ActivityPub object types. — PR #36322 (by ClearlyClaire) Android There were two small updates fixing some crashes during October. iOS We shipped an all-new timeline layout and support for quote posts in the 2025.06 release at the start of October, and followed up with several important bug fixes in 2025.07. More coming soon! Community On the community side of things, the project now uses the Contributor Covenant version 3 as the Code of Conduct for contributors and community members. As usual, we wanted to highlight a few fun things we’ve seen on the internet this month, built using the Mastodon API. The Hall of Toots is an immersive way to explore your Mastodon feeds! TootSDK continues to follow our API updates closely, and has been updated to support quote posts and timeline visibility options. Thanks to Dale Price and other contributors. Important note there are a range of other libraries available for the Mastodon API - let us know if we are missing something 🙂 The prolific Stefan Bohacek continues to impress, with a game to see how well you know your Fediverse Follows (there’s a brief explanation on his projects page). Stefan also has a collection of typographical experiments around the Fediverse. Onwards, with thanks The Mastodon team is deeply grateful to everyone for their support of what we’re building. We do this thanks to your donations. If you’re able to help us, please consider adding a recurring donation. Thank you! Thank you for supporting Mastodon We develop and maintain the free and open source software that powers the social web. There is no capital behind this — we rely entirely on your support. Donate to the project View our sponsors

Mastodon 4.5 has arrived, with enhanced conversations across communities, expanded moderator tools, and new ways for admins to showcase their server communities. Read on for more details. As always, if you use mastodon.social, you may already have seen some of the updates as they gradually showed up across the user experience. Rolling out a new stable release enables us to share all of that goodness across the whole Mastodon community. We encourage all server operators to upgrade to Mastodon 4.5, starting today. 🔍 If you’re a developer building on Mastodon, you should check out our Mastodon 4.5 for Developers post, for all the additions and changes in the Mastodon API. 🛠 Quote Posts: Consent and Conversation Quoting has been integral to deepening discussions online, and it’s now available in Mastodon 4.5. This release not only introduces authoring capabilities but also mechanisms prioritizing user safety and privacy. Authors can limit and disable quoting, both globally on the new Posting Defaults page, and individually on specific posts. Also, when quoted, they can easily revoke the use of their post. Learn more about Quote posts in our previous blog post, our FAQ, and our developer implementation guide. Fetch All Replies: Completing the Conversation Flow Users on servers running 4.4 and earlier versions have likely experienced the confusion of seeing replies appearing on other servers but not their own. Mastodon 4.5 automatically checks for missing replies upon page load and again every 15 minutes, enhancing continuity of conversations across the Fediverse. Enhanced Features for Server Administrators For server operators, especially those running smaller, organisational instances, we continue to deliver new tools that enable greater instance customisation: Feed Management The ability to disable some of the content feeds for either visitors or logged-in users, offering greater control over content flow. Visitor Homepage In addition to trends or about pages, administrators can now set the local feed as the home page for visitors. This is useful for small organization servers where there are seldom any trending posts, allowing visitors to see local activity immediately. Targeted Blocking Server owners now have tools to block specific usernames. This process can be configured with options for partial matches or character variations, or to mark a potential user match as needing review by a moderator. Moderation Context The moderator interface has received improvements to display crucial context, such as link previews and quote posts in messages, supporting more rapid and informed decision-making. Native Emoji support The web interface now includes support for displaying native emoji. A new setting is available to manage how emoji appear to you. Looking ahead Our team is already working on Mastodon 4.6 (tentatively planned for the first quarter of next year). We shared our early explorations around Packs and are planning to include the first parts of this feature in our next version. It will also include improvements to onboarding, and some features targeted toward institutions with a presence on Mastodon, thanks to a grant by NLNet and NGI Zero Commons Fund. We just updated our public roadmap to provide better transparency on what is currently in the works, and what we are planning to focus on next. Support Mastodon Thank you to everyone that contributed to this release, including our team, our community, and the many contributors from across the Fediverse. We’re excited to continue building Mastodon together with you. We’re going through a formal process of setting up a new European non-profit organisation (more update on this topic very soon!) so that Mastodon remains free, open, and not owned by any single individual . We depend on your support as we build, support, and advocate for decentralised and non-commercial social media. We don’t take venture capital, we don’t sell ads, and we don’t sell your data - unlike many other platforms out there. Please support our mission, so that we can continue to make Mastodon better. Thank you for supporting Mastodon We develop and maintain the free and open source software that powers the social web. There is no capital behind this — we rely entirely on your support. Donate to the project View our sponsors

Update October 31: Added a missing section about new timeline settings. Mastodon 4.5 is almost ready. We just released the first (and hopefully only) release candidate, and the final release should be coming along very soon. This is once again a good time to highlight some of the new features and changes that are important to anyone building on top of Mastodon and its APIs. This post has two major sections: updates that are likely to be most relevant for developers of Mastodon client applications, and updates that are more applicable to the broader Fediverse and other ActivityPub-compatible services. Remember that we also post a monthly engineering update (our Trunk and Tidbits series). If you’ve been reading them every month, some of these changes may be familiar. You’ll see below that there are a lot of useful new additions that have arrived during this development cycle. Let’s have a look at what’s new here. Client apps Quote Posts Mastodon 4.4 included the ability to verify and display consent-respecting quote posts, as defined by a Fediverse Enhancement Proposal that we shared: FEP-044f. We previously introduced two new API entities to represent quotes, Quote and ShallowQuote. Mastodon 4.5 improves these by adding new states: blocked_account, blocked_domain, and muted_account. These are cases where the quote is authorized, but should not be displayed by default to the user currently viewing the post. Mastodon 4.4 returned a state of unauthorized in those cases, but we decided that applications should be able to offer a way to see the quoted posts anyway. See the documentation of the entities above, and this PR. The biggest change compared to 4.4 is of course that we now allow authoring of quote posts! In the REST API this can be as simple as adding a quoted_status_id attribute when creating a new status. As a minimum however, clients should make sure that quoting the status in question is allowed. To help you get acquainted with all of the relevant changes to the API, we added an “Implementing quote posts” guide to the developer documentation. Fetch all replies, and AsyncRefresh Mastodon 4.4 introduced a new feature to fetch missing replies to a remote status. This was not enabled by default, and had no immediate effect in any user interfaces. Mastodon 4.5 enables the feature by default, and also includes some user-facing changes in the web UI that support it. The challenge here is that finding out whether replies are missing, and the actual fetching of missing replies, both happen in asynchronous background jobs; tasks that are independent of the client’s API request. We face this problem in a number of places across the Mastodon code base, so we wanted to come up with a generic solution. To support the pattern, we added a new API called AsyncRefresh. When an endpoint has an associated background refresh job, its response may include the Mastodon-Async-Refresh HTTP header to indicate that there are additional tasks being performed. Clients can then poll the AsyncRefresh endpoint to check the status of the job, and decide when to re-request the original resource. This is covered in the new documentation linked above. We decided to make “Fetch all replies” the first use-case to try out this new API. When querying the /api/v1/statuses/:id/context endpoint you might now encounter the new custom HTTP header. Please note that the new AsyncRefresh API is still marked as being experimental. We want to ensure that it works for at least one other use-case before declaring it final. We commit to keeping the experimental endpoint around for one Mastodon version after releasing the final endpoint, to help ease the transition. New timeline settings Mastodon 4.5 offers server administrators granular options to decide which timelines can be accessed by everyone, only by signed in users or not at all. See the documentation of the Instance entity, specifically this attribute and all the following for what is possible and how to detect a server’s current settings. When you request a timeline through one of the timeline endpoints without an access token you can now get a 401 response, meaning either a signed-in user is required or the feed has been disabled altogether. If you use a valid access token and the user is authenticated successfully, you will receive a successful response, 200, just like before, but the result will be empty in the case that the feed has been disabled completely. When in doubt, always check the new settings mentioned above. There is one notable exception: Even if access to timelines is disabled completely, they might still be useful as a tool for moderators to scan for new statuses proactively. That is why there is a new role permission to override the settings. See the Role entity documentation. You will still be able to request timelines on behalf of users with this permission, even when access is disabled for everyone else. Fediverse ecosystem Mastodon is part of a much larger constellation - the Fediverse, powered by ActivityPub and related open standards. We want to contribute to the whole system, and integrate well with other apps and services in the Fediverse. Quote Posts We released the specification for consent-respecting quote posts (aka FEP-044f) a little while ago now. At this point, there is a fully featured implementation in Mastodon. This means it could be a good time to implement the FEP in other Fediverse software. The FEP itself allows some leeway for implementation - for example, when defining the audience in quote policies. If you are interested in the choices that Mastodon made in those cases, the content of the FEP itself has been updated with additional clarifications. You may also want to have a look at our “Implementing quote posts” guide to get a more complete picture how this works inside of Mastodon, even if you are not planning on using our APIs. HTTP Signatures Mastodon 4.4 added experimental support for receiving HTTP Message Signatures (RFC9421) behind a feature flag. The feature flag has been removed in Mastodon 4.5. Servers running Mastodon 4.5+ will accept incoming HTTP Message Signatures that can be verified. See our documentation for additional details. Keep on building with us! It means a lot to us that developers want to spend their time working on apps for the Mastodon community, and the broader Fediverse as a whole. Thank you. Finally, this is blog post is only a summary of the developer-centric features in the new release. We encourage you to have a dig into the changelog for 4.5 for full details of all the updates.

Last year, we launched our first batch of plushies, and our community has embraced the #Plushtodon literally and figuratively. It sold out in Europe within a few weeks. Sadly, that means a lot of you missed out on the chance to get one. We’ve listened to your feedback and decided to bring the creature back with a few amendments: Size and color. For the first time, the #Plushtodon will be available in two flavourful colors, and half the size, making it much easier to fit within every household or mode of transport, while maintaining the delightful softness and squishiness that it’s come to be known for. Our plushies are made in an ICTI Ethical Toy Program and Intertek WCA certified factory in China, are surface-washable, and are suitable for children 3+. The materials are super soft velboa on the outside, and polyester fiberfill on the inside. It is worth noting that due to the challenges associated with tariffs in the US, this time, the #Plushtodon will only be available in Europe (EU, Norway, Switzerland, and the UK). Like before, there will be a limited number available. We expect them to go on sale at the end of November. If you would like to be notified ahead of the public, you can join our merch-specific mailing list below. We only send updates about new merch through it, and your membership helps us gauge interest for future products. Of course, you can also expect us to post about the launch on our official Mastodon account. If you want to ensure that you don’t miss a post from us, click the bell button next to the follow button. Along with our new line of plushies, you can expect reprints of our winter and summer mugs, along with two brand new seasonal designs for spring and autumn, so keep an eye on our store over the coming months! Join the mailing list Get notified when the toy becomes available for sale Subscribe privacy policy

Hello! September was an exciting month, as we started to enable the ability to create Quote Posts on mastodon.social and mastodon.online (and, they also started to show up on other servers that run nightly builds of Mastodon). Coming to stable releases, very soon now! Releases In September, we made two sets of releases: version 4.4.4 / 4.3.12 / 4.2.25, followed by version 4.4.5 / 4.3.13 / 4.2.26. These addressed issues identified with display of quote posts (in v4.4), as well as various other smaller updates and fixes. If you run a Mastodon server, we recommend that you upgrade to the most recent minor update level for your major version. Looking ahead, we plan to release version 4.5 during October! Expect to see the first beta version in the next few days. After that, we’ll start to work on version 4.6 during November; we just shared our initial thoughts on a Fediverse-friendly format for “Starter Packs”, which would be a focus in that release. Backend and Web We reviewed and merged 195 Pull Requests (123 with translation and dependency updates removed) from 16 contributors. All three metrics up over August! 🚀 We appreciate the contributions. new feature Lots of changes relative to quote posts to finish the work around this feature, which we enabled on our own servers. They are available on nightly releases without a feature flag now. interface Recent quote posts change: you can now view the list of quotes on other people’s posts. — PR #36291 (by ClearlyClaire) — PR #36301 (by ClearlyClaire) api Changes to how we create new conversation URIs. — PR #35959 (by jesseplusplus) — PR #36064 (by ClearlyClaire) new feature Added schema.org markup to posts, so they can appear with more information in search engines. — PR #36075 (by Gargron) interface Changed the UI to notify the user that new replies are available. — PR #36172 (by diondiondion) interface Refactored the emoji-related code to modernise it, and allow using native emojis in the future — PR #36165 (by ChaosExAnima) — PR #36293 (by ChaosExAnima) api Change the identifiers used in ActivityPub to numeric IDs (instead of their username) for new users. This is a first step towards allowing account renaming. — PR #32724 (by ClearlyClaire) Android The big changes in September were around Quote Post authoring. We also shipped the 2.11.1 release. iOS We put the finishing touches on 2025.06, which is now available in the App Store. This brings an all-new timeline layout throughout the app, including support for quote posts. This has been a major chunk of work that puts us in a better position to move forward with additional UI improvements from here. We hope you enjoy the new look (and, the bunch of bug fixes made along the way). Fediscovery The Fediscovery project is the initial implementation of a broader specification, Fediverse Auxiliary Service Providers, aka FASPs. We’re happy to see that our friend James aka @Floppy has been working on creating a client / non-provider side implementation of the FASP interface. In fact, he also added support for federated search based on Fediscovery into version 0.123.0 of Manyfold, an application for organising 3D print models that is also part of the Fediverse. If you’re interested in Fediscovery - or in creating FASP implementations - then we’d be curious to know what you’re working on… 🧐 Community We have a couple of important discussions to highlight in our GitHub community this month: We plan to update our Code of Conduct for the Mastodon community and GitHub projects to the Contributor Covenant, version 3. The proposal for comment is open for the next month. Participants in our community look at this discussion, as this is an opportunity to comment on new Code of Conduct. We just posted a community consultation on new Terms of Service to be applied to the Mastodon servers hosted by Mastodon gGmbH (mastodon.social and mastodon.online) in the coming month. If you have an account on these servers, please take a look at this. Apart from these discussions, we love to discover new projects being built on the Mastodon API! 🔍 Best-o-Masto is a new single-purpose iOS client app for highlighting the top posts from the people you follow. Feditag is a JavaScript-based embed to pull in hashtagged posts from a specific Mastodon account, for display on a web page. Thank you for your support We’re always grateful for your support, and we’re committed to building a better social web. Please donate if you are able. Thank you! Thank you for supporting Mastodon We develop and maintain the free and open source software that powers the social web. There is no capital behind this — we rely entirely on your support. Donate to the project View our sponsors

Background Mastodon’s timeline doesn’t rely on dopamine-driven algorithms – it is chronological and consent-based, showing only posts from accounts you (the person using Mastodon) have followed. This focus on privacy and conscious consumption is what leads many people to join the Fediverse in the first place. It also places an unfair ultimatum on incoming users: You’ll have to make an effort to figure out who to follow, or your timeline will mostly be empty. Bluesky pioneered a brilliant solution to this “empty feed problem” in 2024, with the introduction of “Starter Packs”, a feature that allows users to curate and share their own collections of recommended accounts. We believe that these kinds of user-generated, curated collections could help people to find their tribe more quickly when they join the Fediverse. At the same time, envisioning a similar feature that prioritises user consent, and works across a constellation of independent servers, is no small feat. In this blog post, we want to talk about bringing a similar concept to Mastodon and the Fediverse. We’ll use the word “Packs” to refer to the shareable collections of identifiers throughout, but we’ve not yet landed on final terminology - so, consider this word a placeholder, and not what this will definitely be called in Mastodon. Challenges and considerations We know that there have been existing efforts to make it easier to discover curated collections of users (for example, fedidevs.com offers “Starter Packs”). We’ve been happy to see these being shared, as they can help people discover interesting individuals and organisations to follow. We’d be equally happy to have the creators of these tools provide feedback on our own ideas 🙂 We believe that there are several ways to improve on the existing examples, that are more aligned with the values we try to bring to the Fediverse, and that offer more to the decentralised ecosystem as a whole. Firstly, it’s important to us that users have control over whether they appear in Packs on Mastodon. Early design explorations with our concept of Packs led us to the following possibilities: Packs will become an extension of discovery. Users who wish to opt out entirely from Packs will be able to do so by disabling the existing setting, labelled “Feature profile and posts in discovery algorithms”. This will signal that an account cannot be added to a Pack. Users will be notified when they are included in a Pack. Unlike on Bluesky, where users wishing to remove themselves from a Starter Pack must either report the Starter Pack, or block the user, users on Mastodon will have a more neutral mechanism to remove themselves from a Pack they do not wish to be part of. (note: we implemented something similar with the Quote Posts feature, where an original post can be removed from a quote post; this same idea would flow through to Packs). As always, federation presents its own challenges. Just as Mastodon users can follow people on other Fediverse servers, our goal is for them to also be able to find and interact with Packs created elsewhere in the Fediverse. When Alice creates a Pack on her server example.com, how does Bob on example.online get to know about it, and come to interact with it? What if example.com and example.online run different ActivityPub-compatible software? These questions can be addressed via established Fediverse discussion processes. Next steps We’re in the process of collaborating with other Fediverse developers on a Fediverse Enhancement Proposal (FEP), so that a common implementation for Packs can be made available to developers of any ActivityPub software. The initial work is now available on GitHub. The FEP process will be the place to direct any technical questions. Meanwhile, we’re also conducting broader research to understand overarching themes related to user onboarding, and how we can make things easier for people to get started on Mastodon. We expect to release an initial version of Packs, plus other minor improvements to onboarding, in Mastodon 4.6. In the meantime, the next stable release (Mastodon 4.5) is right around the corner! We want to hear your thoughts We want to make Packs a great feature for discovery and onboarding! If you have thoughts on the ideas described above (beyond the technical aspects that will be part of the FEP), contact us at feedback@joinmastodon.org. We may not be able to respond to every individual message, but we’ll be reading every piece of feedback to learn more about your ideas.

In a recent post, we shared that one of our priorities for 2025 is to establish a more sustainable financial base for the Mastodon organisation. In 2024, Mastodon gGmbH took over hosting of the European Commission’s Mastodon service. We also signed a support contract with the state of Schleswig-Holstein in Germany. More recently, we started working with the city of Blois, in France. While all of these are public institutions, we’re also very proud having added AltStore as a customer in the last few weeks. At the time, each of these were one-off opportunities. They also added some much-needed predictable elements to our income. Continuing towards our goal of financial sustainability, we’re now ready to expand on the success of providing these services to organisations. Institutions with an interest in operating their own Mastodon servers can contact us via the new page on our website, to discuss options. This could be a fully operated server under the organisation’s own domain run by our team (with moderation included, on request); or, we can work with an organisation’s in-house operations team, via a support contract. We’re taking this step of offering paid hosting, moderation, and support for larger organisations to establish a reliable recurring revenue stream. It is vital that we broaden our income - but, our aspiration remains that Mastodon should be predominantly funded through community contributions in the future. It is also fundamental that Mastodon as a network must not be centrally hosted or managed. The Fediverse is decentralised, by design. This makes it resilient to change, and it means that people have a free choice to join communities that match their interests, needs, and cultural expectations. To be clear, we’re extremely grateful to everyone that runs a Mastodon server as part of the network, including all the companies that manage Mastodon services for groups, communities, organisations, and individuals. Your support is invaluable. These new commercial offerings will not be a singular focus for Mastodon. We’ll continue to build the software, alongside operating our own server that can act as an entry point to the Mastodon community for anyone who wants to join. We want to work together with everyone in the ecosystem, in order to ensure that a range of Mastodon servers support the community, and that the Fediverse as a whole remains diverse, free and open to all.

Over the years, we’ve learned just how essential quoting is to many of you. When done responsibly, quoting allows us to expand discussions, make new connections, and amplify underrepresented voices. Quoting is a powerful tool, and like any tool, it can be misused. That’s why we’ve taken time to introduce quotes in a way that aligns with Mastodon values, focusing on safety and mental health – not just on engagement. We shared our thinking about bringing quote posts to Mastodon earlier in the year. Found something inspiring? Quote your favourite posts from where you typically boost them. Don’t want to be quoted? Disable quoting by default for all posts, or turn off quoting for a specific post. Want your thoughts to inspire a wider audience? Keep the default setting enabled to ‘Anyone’. You’re in control of how much or how little you engage. Quote post functionality will arrive on mastodon.online and mastodon.social next week, and will be available in Mastodon 4.5 soon thereafter. Read on for a more detailed look at how quote posts will look and function in Mastodon 4.5. Quote anyone who wants to be quoted Quoting from the Boost menu If an author of a post has enabled quoting, you’ll see an option to quote their post under a new menu accessed from the Boost button. Your post will then appear within the composer window, where you can add your comment and post to continue the discussion. Power booster? You can still boost quickly using Shift + Click on the Boost button or using the B hotkey. Quote responsibly. Authors can remove their post if they’re uncomfortable with the way you’ve quoted them. See Notifications and Revocation for more details. Quoting across the Fediverse Mastodon shares space in the Fediverse with other software that may behave differently. In practice, it means it’s possible that when you quote a post from another Fediverse platform, it may take some time for the quote to appear. When the content is available, it will automatically update on your post. We worked on a technical specification for the Fediverse that offers the concept of consent-respecting quote posts. We’ve also collaborated with other apps and services to make this work between platforms. We expect that not every platform will update to use this specification right away, but we hope to see more of them do so in the future. You’re in control of who quotes you Default settings Disable or limit quotes by navigating to Settings -> Preferences -> Posting Defaults. These defaults will apply to all future posts you create. (Note: if your server is running Mastodon 4.4.x, you will find this setting under Settings -> Preferences -> Other instead) Your visibility setting controls options for who can quote. When you make a followers-only post, others (including followers) won’t be able to quote it – this ensures that your post remains visible to only your followers. Post-level settings Override your global settings for an individual post by navigating to Visibility and interaction settings within the composer. Notifications and revocation When someone quotes one of your posts, you’ll be notified. You can easily remove your original post from theirs, using the ••• Options menu. Sometimes, removing your post from a single quote may not be enough. If you believe someone is abusing the ability to quote you, you can also take the following actions: Block the user. While this action won’t retroactively remove your post from posts the user has already published, it will prevent the user from quoting you in future posts. Change the quote settings for your published post. The next section outlines how to do this. Changing quote settings on a published post On your own published posts, edit the quote settings from the ••• menu. Changes will prevent users from quoting your post in the future, but will not apply retroactively to quotes already published. Only public and quiet public posts can be edited this way; your followers-only posts and direct mentions can only ever be quoted by you. Stay tuned As we mentioned at the start, quote post functionality will arrive on mastodon.online and mastodon.social next week. If you use a third-party app, the feature may not show up right away, and you may need to wait for the author to add it. It will be available more widely when Mastodon 4.5 is released in the near future. Developing a Mastodon client? Visit our draft developer implementation guide and documentation. For more information on how to use quote posts, have a look at the FAQ section of the documentation. If you’d like to preemptively opt out of being quoted, you can do so on Mastodon 4.4 under Settings -> Preferences -> Other. We’re committed to making quote posts a tool for meaningful discourse. If you have thoughts on our quote post feature, contact us at feedback@joinmastodon.org. We may not be able to respond to every individual message, but we’ll be reading every piece of feedback to learn more about your ideas. Gratitude We’d like to thank the NGI Entrust Fund and NLNet for their support towards building this feature for Mastodon and ActivityPub.

Welcome to the 17th edition of Trunk & Tidbits: your monthly update from inside the Mastodon core engineering team. Let’s get into what we were working on in August 2025. It has been summertime in the northern hemisphere, and various team members have been taking time away. As a result, things were a little more quiet than usual, but progress continues. Events The main event during August was FrOSCon, held in Sankt Augustin, Germany. Andy and David attended and spoke at the event. Andy’s keynote: Decentralising Freedom - Open Source for Sovereignty David’s talk: Taking a Fresh Look at the Fediverse If you are interested in new features in Mastodon, and our upcoming plans, David’s talk is particularly worth watching. You can also read Andy’s personal blog post about the event. In addition to our own team, shout out to Georg Lukas, who gave a great talk (based on his blog post) about creating a bridge from Samsung NX cameras to post to Mastodon. Pretty detailed, and also very interesting and entertaining! Releases There were no new backend software releases since the previous Trunk & Tidbits ⛱ the current releases of the Mastodon server software are 4.4.3, 4.3.11 and 4.2.24. It is always best to keep your server up-to-date with the current code, as this ensures that you keep up with patches for any pesky bugs, and the community can enjoy the latest features. Backend and Web In August, we reviewed and merged 176 Pull Requests (117 with translation and dependency updates removed) from 14 contributors. Thank you! new feature Lots of work on Quote Posts, now with the ability to create them, change the related settings and retract them. The feature is nearly finished, and you can expect a full blog post on it very soon! If you are a Mastodon client developer, you can already look at this draft implementation guide. performance Our FASP implementation now track the status of every provider, and stops trying to send data to them if they are not responsive — PR #35723 (by oneiros) interface The refactor of the web UI theme colours (implementing our new theme tokens) is well underway. container Our container image is now using the latest Debian release — PR #35768 (by vmstan) Android We finished working on displaying quote posts, and fixed some more minor bugs and crashes. Released version 2.10.1. iOS Furious paddling beneath the surface continues! The new post layout is in good shape, and we are pushing through the todo list to deliver quote posts, as well. Documentation We’d like to say thanks to several folks for their contributions to the documentation repository last month. The docs can be a good place to help out if you’re looking to get involved, but have less knowledge of Ruby or other coding areas (for example). We recently updated the README, and added a DOCSTYLE guide, to work towards better consistency in the documentation. Thanks to iioflow, Tak, cobrachili and joshuajung for helping to improve things for everyone. Community There have been a lot of releases from projects across the developer ecosystem lately 💗 There’s a new release of Mastodon for the Apple II! (and, if you love retro computing, check out the Retro computing category on the third-party apps list) Post by @colin_mcmillen@piaille.fr View on Mastodon If you’re into more modern platforms, the Android app Tusky reached version 30! (and version 31 was just published as well) 👏🏻 Post by @Tusky@mastodon.social View on Mastodon Here are just a couple more highlights of other recent releases: TootSDK, a Swift library, made a number of releases during August. Mastodon.py, a Python library, brought functionality up-to-date with Mastodon 4.4.3 (and made a few more releases in August, as well). Thanks First and foremost: Thank You for using Mastodon, and for believing in a better social web, one outside of corporate interests and without obscure algorithms. We recently ran a small experiment with an in-app donation banner (visible to people on our own Mastodon servers), and appreciated the financial support that it generated. Even without that banner though, you can support us any time: we find recurring donations particularly helpful. If you become a Patreon supporter, you can also follow our updates over there, for even more news about what the team is doing to support the Fediverse! Thank you for supporting Mastodon We develop and maintain the free and open source software that powers the social web. There is no capital behind this — we rely entirely on your support. Donate to the project View our sponsors

It’s time for another recap of project progress, particularly from the engineering side of the team. Welcome! News In July, we announced that we’d be running a donation campaign in our mobile apps, visible to people on the mastodon.social and mastodon.online servers. This is an exploratory step, as we look at different ways to grow our funding. In the future we plan to extend this to the web, and (longer term) we have a plan to make this banner feature available to the operators of other Mastodon servers as well. Releases At the start of August (just before publishing this update) we released version 4.4.3, along with 4.3.11, and 4.2.24. These are the current, recommended releases. These releases contain bugfixes, a fix for a moderate severity rate limit issue, and a fix for a security issue if you use SAML. In version 4.4.3 there are also changes to how quote posts are handled, as we continue to work towards full support for quote posts in the next main release (see below for more on this). During July we also released version 4.4.2, 4.3.10, and 4.2.23. You can find the full list of changes for these by checking their entries in the release notes. We recommend that all server operators upgrade to the latest point release for the main version they are running, to stay up-to-date with fixes and to provide people with the best available experience. We announce new version releases via our @MastodonEngineering account. Backend and Web This month, we made a lot of progress on quote posts. We finalised designs for quote post authoring and settings, considering ways to provide both creative freedom and privacy with this new feature. Backend work on quote posts authoring is underway. We are also working on adding Starter Packs to Mastodon, with early interface and ActivityPub exploration done in the last few weeks. We are planning to publish a feature explainer detailing our decisions (for example, how to let users control if they want to be included in a Starter Pack) in the coming weeks, and will share a Fediverse Enhancement Proposal (FEP) so that they can be implemented in other ActivityPub-based software. Other technical work is moving along. We are refactoring our Emoji code, and beginning a rework of the way we write stylesheets, to make them more tuned for performance, and more future-proof. interface Work is in progress to replace Mastodon’s emoji handling code to improve performance and avoid loading a lot of unused emoji data — PR #35229 (by ChaosExAnima) — PR #35282 (by ChaosExAnima) — PR #35253 (by ChaosExAnima) — PR #35424 (by ChaosExAnima) — PR #35505 (by ChaosExAnima) — PR #35568 (by ChaosExAnima) interface Rewrote the keyboard shortcut code to remove an unmaintained dependency — PR #35425 (by diondiondion) interface Added the ability for the web interface to automatically fetch replies from other servers and show a button if there are new ones — PR #35210 (by Gargron) — PR #35575 (by Gargron) interface Started to add quote posts authoring (behind a feature flag). This is API-only for now, and still being worked on. — PR #35355 (by ClearlyClaire) — PR #35578 (by ClearlyClaire) interface Updated the design of quote posts to align with our latest design — PR #35584 (by Gargron) backend Updated trending statuses criteria to account for quote posts (a post with a quote can only trend if the quoted post is allowed for trending) — PR #35507 (by ClearlyClaire) admin Added the ability to block specific usernames from registering. This handles homoglyphs, partial matches, and either require approval, or deny registration entirely. — PR #35407 (by Gargron) — PR #35614 (by ClearlyClaire) Android Fixed some minor bugs and started working on displaying quote posts. iOS Finished work on 2025.04, including: Navigations should no longer look broken (fixes #1448) Editing a post now gives the same progress indication as publishing a post for the first time (filling up the button) Efficiency improvements to avoid the “too many requests” error (fixes #1449) Behind-the-scenes, there is work in progress to completely rework the way posts and timelines are handled. Community We spotted a couple of interesting new app releases this month. toot, a text-based UI (TUI) for Mastodon, hit version 0.49.0 Tuba, a GNOME / GTK client (Linux), had what OMG Ubuntu called “a huge update” As a reminder: if you’re building something cool, fun, unusual, or useful on Mastodon or using the Mastodon API, let us know, so we can share it here! Wrapping up That’s all for another month of progress. We’re very grateful to everyone supporting us, as we work to make the social web a better place to be. Thank you. Thank you for supporting Mastodon We develop and maintain the free and open source software that powers the social web. There is no capital behind this — we rely entirely on your support. Donate to the project View our sponsors

For too long, the internet has been shaped by platforms funded by venture capital and advertising. The Fediverse is testament to a different kind of social media: one built for its users, not corporate interests. This independence is what makes Mastodon and the wider Fediverse special, fostering a diverse and resilient network of communities. We are showing the world every day, that this model works! Independence comes with its own set of challenges. Running a server, moderating content, and developing the software that powers this network requires resources. We want to make it easier for those who value Mastodon to make donations directly, to “flip the script” from corporations funded by surveillance capitalism, to sustainable support built from many small donations. When the people who use the platform are its primary backers, the platform’s loyalty remains with them. Over the next few days, we will be taking a deliberate and measured step forwards, by making the donation feature more visible. We will be rolling out a campaign on the Mastodon servers that we operate (mastodon.social and mastodon.online). This will allow us to gather feedback and understand the process, so we can learn whether it feels right for our community. The initial campaign will appear via a banner to people that use our Android and iOS apps, if they are signed-in to an account on one of our instances, and only if their account has existed for four weeks or more. The banner will be easy to dismiss, of course, and we will not continually prompt users to donate. This will only show up in our mobile apps for now - in a future campaign, we hope to extend the feature to the web as well. The banner is separate from the existing Donate button that appears in the app settings for users on our instances. If this works well, we would like to make this fundraising option available to all other Mastodon instances. This would empower individual server administrators to receive direct support from their users. Each instance could then choose whether or not to enable this feature, giving them another tool to ensure their long-term viability. We expect this to have a number of detailed requirements, and it would take effort to build out as a broader feature; it is something we consider a medium to longer term concept, rather than an immediate next step. We know that collecting money can present complexities and questions. We’d like to figure out how to do this well, together with the community. This is not a corporate fundraising campaign: it’s an effort to secure the future of a more ethical and independent social web. It’s an invitation to help us build a platform that truly belongs to all of us. Thank you for your support as we take another small step forwards in our fundraising efforts. Thank you for supporting Mastodon We develop and maintain the free and open source software that powers the social web. There is no capital behind this — we rely entirely on your support. Donate to the project View our sponsors

It was another busy month in June, as we moved into the final stretch of the 4.4 release process. We also covered a lot of events during the month. Here’s what was happening. Team We welcomed Imani to the team, as our new designer. Very excited to have Imani join us! We also said goodbye to Inga, who has been instrumental in building the team. Thank you, Inga 🙏🏻 Post by @inganomads@mastodon.social View on Mastodon Events Beyond the work of the engineering team: Andy spoke at PublicSpaces in Amsterdam and at ECAS Day in Brussels; Felix was at the Internet Governance Forum in Oslo; Hannah spoke about Mastodon being recognised as a Digital Public Good, at the UN Open Source Week; Renaud represented us at the NGI Forum in Brussels; Zora co-hosted a Mastodon workshop at the Publix day in Berlin. Relatedly, we were happy that our most recent grant application to the NGI0 Commons fund was approved. This means that we will have some funding to work on institutional features over the next year. Releases In June, there were two beta releases and one release candidate for version 4.4.0. As we slid over into July, we released 4.4.0 and then 4.4.1 in quick succession. We recommend that server owners upgrade directly from 4.3.x to 4.4.1, and check the release notes for 4.4.0 in detail for important migration information, particularly around versions of other software that Mastodon depends on. What’s new in version 4.4? We got you covered! Here’s a blog post for developers, and our 4.4 launch blog post that covers some of the most visible new features. We also released patch versions 4.3.9 and 4.2.22, for server owners that remain on the 4.3.x or 4.2.x branches. We’re already hard at work on version 4.5 🧑🏻‍💻 Bonus releases 🎉 We released a pack of stickers for Signal users to use when talking with friends and contacts. Help share Mastodon via our cute mascot! Post by @Mastodon@mastodon.social View on Mastodon We shipped an improved donation widget for the website. It is now easier to donate directly to the project (although you are free to use Patreon, GitHub sponsors, and others if you wish). Backend and web In June, we reviewed and merged 189 Pull Requests (137 with translation and dependency updates removed) from 11 contributors. backend Add support for receiving RFC9421 HTTP signatures (under an experimental flag for now) — PR #34814 (by oneiros) interface Update the navigation layout on small screens — PR #34910 (by Gargron) interface Replaced the dropdown menu near the composer with a “More” button in the main navigation — PR #34987 (by Gargron) interface Renamed “Explore” to “Trending” — PR #34985 (by Gargron) admin Reordered the items in the main navigation panel — PR #35029 (by Gargron) backend Added Fediscovery support to follow recommendations — PR #35218 (by oneiros) backend Added Fediscovery support for account search — PR #34033 (by oneiros) admin Added support for writing moderation notes for instances — PR #31529 (by ThisIsMissEm) admin Added support for a second set of SMTP credentials for non-transactional emails — PR #35203 (by oneiros) backend interface Many small fixes to the backend and interface, to polish the 4.4 release Android No updates of note in June. iOS Version 2025.03 is now available on the App Store for all users, bringing an improved iPad layout and support for the 4.4 updates to server rules display, including translations. Fediscovery Our reference discovery provider has become easier to install as we added documentation and an official helm chart. We started testing this in a production setting with a few select servers. On the Mastodon side, we merged support for account search and follow recommendations. Both are in 4.4, but still behind a feature flag (server administrators need to enable these features). The integrations do not have immediate user-visible effects, but should help smaller servers to fill their local database with remote accounts. Once available, these then improve account discoverability across the Fediverse. Although the additions do not have an instant effect, we already have an experimental API in place to help track the fetching of those remote accounts (and other things). Next steps will be to figure out an acceptable user experience to make the results available as they come in. Community news In June, we spotted that the excellent Robb (maker of EchoFeed) created a plugin for TRMNL, an e-Ink display device, to show Mastodon profile information. A fun little display! 📊 There’s ➡ more space here ⬅ for another one or two projects 😉 As a reminder, if you are building on Mastodon and our API, we’d love to hear about your project. Let Andy know about it, so we can include a shout-out and tell the community about it. Thank you Thanks for reading, and apologies that this update was shared a little later than usual and intended - we’ll get them back on track. One of our key strategic goals for 2025 is to make Mastodon more sustainable, and we really want to grow both the number of people using Mastodon, and the number of people who donate to help us. We depend on your support - no ads, no venture capital, fully independent: better social networking, for the people. Thank you for supporting Mastodon We develop and maintain the free and open source software that powers the social web. There is no capital behind this — we rely entirely on your support. Donate to the project View our sponsors

Mastodon 4.4 is here, bringing you new ways to showcase yourself, manage your growing network, and enjoy what’s in your timeline. Administrators and moderators also gain new tools for keeping communities safe. As always, if you use mastodon.social, you may already have seen some of the updates as they gradually showed up across the user experience. Rolling out a new stable release enables us to share all of that goodness across the whole Mastodon community. We encourage all server operators to upgrade to Mastodon 4.4, starting today. 🔍 If you’re a developer building on Mastodon, you should check out our Mastodon 4.4 for Developers post, for all the additions and changes in the Mastodon API. 🛠 Profiles, and managing your network Your profile is the main way that people find out more about you on Mastodon, and we want to make it easier to navigate it and highlight what you’re about. Do you post all of your cat pictures under #CatsOfMastodon? Simply tap “Feature on my profile” on the hashtag page, and people will be able to browse all of your #CatsOfMastodon posts specifically from the new “Featured” tab on your profile. Do you want to promote cool and interesting accounts? Tap “Feature on my profile” on a person’s profile, and they will likewise appear on your “Featured” tab. On Mastodon, you can pin up to 5 posts on your profile, so you can feature your best work, or plug your latest project. The downside is that if you wanted to see someone’s most recent post, it introduced a bit of scrolling to get there. No more! We’ve reduced the amount of scrolling you have to do, by combining all pinned posts in a single carousel at the top of the profile. To make it easier to see at a glance if the profile belongs to someone you might know, we’ve added a little widget showing how many of the people you follow are following that person to the top of their profile. This also shows up in the profile preview that appears when you hover over their name somewhere else. Don’t want someone to follow you anymore? You don’t have to block them, simply tap “Remove follower” in the dropdown menu on their profile. Enhanced list management Lists in Mastodon allow you to declutter your home feed by organising accounts you follow into arbitrary alternative feeds. Creating and managing lists has been significantly streamlined, and it’s easier than ever to add and remove accounts from your lists both directly from profiles and from your own follows and followers listings. Media controls Mastodon doesn’t just support pictures and videos—you can upload audio on the platform. Since every Mastodon profile comes with an RSS feed, some people actually publish their podcasts this way. We’ve just given our audio player a facelift, making it a bit more visually pleasant and a lot easier to use by putting the play and pause front and centre and adding quick shortcuts for skipping forward and backward. We’ve also expanded hotkey controls for audio and video: left and right arrow to skip around, up and down arrow to control the volume, “m” to mute, “f” for full screen, and so on. If you like to pixel-peek images, or admire the pleasant grain of scanned in analogue photos, we’ve made zooming in more intuitive: simply double tap the image once you’ve clicked to open it. Panning around has also been made smoother. On touch devices, you can now pinch the image with your fingers to zoom it to the desired level, and swiping up when the image is zoomed out will close it, like you would expect from your native photo app. We are proud of Mastodon’s strong accessibility and inclusivity culture, which has fostered a larger presence of vision impaired users. To support this community, we’ve added a new reminder to add alt text when posting images or video. Alt text isn’t just helpful to those who use screen readers: it can provide extra context to sighted users, and as it’s indexed in Mastodon’s search system, it can help you and others find your post better. Of course, this reminder can be disabled from preferences. We’ve also added some tips on writing good alt text into the user interface. Navigation enhancements We’ve revamped the mobile web interface to mimic native apps, with important actions easily accessible in a bottom toolbar that frees up more space for your timeline. We’ve also begun experimenting with ways to make navigation more consistent across devices, and to make relevant content (like followed hashtags and trending content) more easily discoverable. The Explore item has been renamed to Trending, to reduce the need for banners within the Explore page to explain each feed. The navigation sidebar is divided into three sections. At the top is a section for the main navigation areas, which mirrors the bottom navigation bar on smaller screens. Next, a “Library” section, which contains your own curated content - bookmarks, favourites, and lists, and your followed hashtags, now in a more visible location (in response to community feedback). Finally, other elements are in the last section. This brings all the navigation elements into a single place. We’ve also streamlined the onboarding flow for new users. What used to be a list of four items you could check off as part of onboarding, has become a simpler two-step process where you first fill out your profile, and then follow a few users of your choosing. Importantly, we’ve made search an integral part of this process so people don’t feel confined to the list of recommended accounts we’ve generated for them, but can feel free to immediately begin searching for people they might know. Features for Administrators We’ve made a range of updates and improvements for people who operate their own Mastodon servers. Some of these are legal compliance features, such as adding and managing Terms of Service, offering translations of server rules into different languages, and optionally setting a minimum age requirement for new user sign-ups. Our earlier blog post covers each of these topics in more detail. As well as the legal features, there are a couple of other useful items that administrators should look at. Server owners can now send important announcements to all users via email, for critical communications that cannot be opted out of (essential for emergency notifications, or major policy changes). There is also a new system for moderators to keep internal notes about moderation decisions and user interactions. This should help to improve coordination across moderation teams, and help to keep track of decision making. Quote Posts (part one) Earlier in the year, we shared our thought process about bringing the much-requested Quote Posts feature to Mastodon. We’ve worked hard on bringing this capability to the platform while maintaining the strong safety principles that Mastodon is known for. Since Mastodon runs on over 8,000 independent servers that together form the platform you know, releasing features like this requires a two-pronged approach: first we release code that supports processing and displaying this new format, and then release code that allows our users to actively use the feature. This ensures all of our users can see this new type of content before anyone can create it. As part of our 4.4 release, you will be able to see quotes from compatible Fediverse platforms (including future Mastodon releases), but you will not yet be able to quote posts yourself. That capability will come in 4.5. Looking ahead We’re really happy that this is the first version released by our expanded team as a whole! We have some exciting plans, and will get moving towards version 4.5 right away. Key items for the next few months include: enabling anyone to create Quote Posts; some new features for organisations that run their own servers (for example, greater instance customisation); and, the ability to fetch replies to posts from many different instances, to improve the ability to follow conversations that include people your server is not yet aware of. We plan to have 4.5 ready for everyone later in the year, and we have a lot of other exciting things to work on once the next release is ready. Stay tuned! Support Mastodon Thank you to everyone that contributed to this release, including our team, our community, and the many contributors from across the Fediverse. We’re excited to continue building Mastodon together with you. We’re going through a formal process of setting up a new European non-profit organisation so that Mastodon remains free, open, and not owned by any single individual (more updates on our progress, very soon). We depend on your support as we build, support, and advocate for decentralised and non-commercial social media. We don’t take venture capital, we don’t sell ads, and we don’t sell your data - unlike many other platforms out there. Please support our mission, so that we can continue to make Mastodon better. Thank you for supporting Mastodon We develop and maintain the free and open source software that powers the social web. There is no capital behind this — we rely entirely on your support. Donate to the project View our sponsors

Mastodon 4.4 is just around the corner: the release candidate is now available, and the final release should be coming along very soon. Just before the final version arrives, we wanted to shine a spotlight on some of the new features and changes that will be particularly important to anyone building apps or integrations. As a reminder, we also share a monthly engineering update (our Trunk and Tidbits series) and if you’ve been following those, some of these changes may already be familiar. You’ll see below that there are a lot of useful new additions that have arrived during this development cycle. We’ve divided this post into two broad sections: updates that are likely to be most relevant for developers of client applications, and updates that are more applicable to the broader Fediverse, other integrations, or contributors to Mastodon itself. Let’s dive in. Client apps Quote Posts We wrote about our approach to implementing Quote Posts earlier in the year. Mastodon 4.4 brings the first element of this implementation - support for verifying and displaying remote quote posts that conform to FEP-044f, a Fediverse Enhancement Proposal we shared with the broader developer community. In practical terms, this means that incoming quote posts can now be displayed in the web UI. We expect to update our own mobile apps to display quote posts in the coming months. Being quoted and quoting other people is not implemented yet (this is coming in Mastodon 4.5). In the REST API, quote posts are represented by a new quote attribute on Status and StatusEdit entities. The special CSS class quote-inline is used to represent backward-compatible information that is redundant with the display of quote posts, and can be safely hidden by clients which display quote posts. Read more about this in the FEP. Authentication changes There have been a number of improvements to the security (authentication and authorization) model in version 4.4. The older (and much less-secure) OAuth password grant type was removed during this development cycle. There was also a fix for OAuth Client Auth with HTTP Basic Auth with SSO (#34501), and a fix to prevent user tokens being used on the account creation API (#34828). There is a new userinfo endpoint for retrieving OpenID Connect claims. Note: Mastodon is not an OpenID Provider, but we are providing a standard userinfo endpoint when using the profile scope. We strongly recommend that developers make use of the /.well-known/oauth-authorization-server metadata endpoint, available since Mastodon 4.3, to discover how the server is configured. Many thanks to Emelia for continuing to help us improve these security features in Mastodon. Account management Version 4.4 brings some updates to the featured content tab on user profiles on the web. There are related new REST API endpoints for managing that content: Add and manage endorsed accounts Add and manage featured hashtags There is also now an API for managing attribution domains for shared links, via the accounts/update_credentials endpoint (thanks @c960657). Media There’s a new filter action to blur media (filter_action: blur attribute). There are new APIs for deleting media attachments that are not in use, and also for deleting associated media when deleting a status. It is now possible to query the instance metadata endpoint for the configured length for media descriptions. Server Rules and Terms of Service We recently shared some changes that are being implemented to provide additional legal features. From an API perspective, there are several changes here: About, Privacy Policy and Terms of Service URLs are now returned via /api/v2/instance. Rule entities now have a new translations attribute. Servers with a reason required with a reason required for registration now return this in their instance metadata. A breaking change in the sign-up API which enables the addition of an age check for new users. Server administrators now have a setting to set a minimum age requirement when creating a new server, asking users for their date of birth. The date of birth is checked against the minimum age requirement server-side, but not stored. If you are building a client app that supports account creation, you should be aware of this change and ensure that your app handles the date of birth field correctly. registrations.min_age has been added to the Instance entity. the date_of_birth parameter has been added to the account creation API. Miscellaneous API updates Deprecated API endpoints now have Deprecated headers. It is now possible to access /api/v2/instance without authentication if limited federation mode is enabled. Favorite and boost counts will now match those provided by the remote server, if available. Fediverse ecosystem We have also been working on improvements to how Mastodon interoperates and interacts with the rest of the Fediverse. Here are a couple of the most important things you should know about. HTTP Signatures We’ve added experimental support for receiving HTTP Message Signatures (RFC9421). For now, this needs to be explicitly enabled through the http_message_signatures feature flag (EXPERIMENTAL_FEATURES=http_message_signatures). This currently only covers verifying such signatures (inbound HTTP requests), not issuing them (outbound HTTP requests). Fediverse Auxiliary Service Providers We’re working on providing more useful services to the Fediverse as a whole, beyond just Mastodon. You can read the Fediverse Auxiliary Service Provider specification on GitHub. We’re excited about the idea of shared, decentralised services that expand the scope of individual servers, help to balance the load between groups of instances, and provide augmented capabilities across diverse platforms. For example, there could be FASP implementations that provide link preview generation, anti-spam services, or improved search and discovery. None of these are limited to supporting Mastodon, so they offer some interesting possibilities for greater collaboration between different Fediverse software implementations. Curious to learn more? Take a look at this session from FOSDEM 2025. In version 4.4, we’ve enabled initial support for FASPs in Mastodon, via the fasp feature flag. This is mostly of interest to developers who would like to implement their own FASP. In this initial step, it also includes the capability to share data with a discovery provider and use discovery providers to discover accounts through search and follow recommendations(see https://www.fediscovery.org). Let us know if you’re interested in trying out our existing discovery provider, or if you plan to work on additional FASP ideas. Contributing features to Mastodon One more interesting update, is for developers who wish to contribute to the Mastodon core code. We now have a simple feature flag system, configured via the EXPERIMENTAL_FEATURES environment variable. This supports a comma-separated list of feature flags for configuring experimental features. In version 4.4, the supported feature flags are fasp and http_message_signatures. In the future, if you want to contribute a significant new feature, then you may wish to discuss with the team to potentially have it behind an experimental feature flag. There’s no specific requirement for new features to be marked as experimental, but it can be useful to have a way to selectively test, before they are fully integrated into the core codebase. This sets a foundation for doing so in the future. Thanks for building on Mastodon! We love to see all of the great apps and creative integrations that developers build on Mastodon and contribute to the Fediverse! Take a look at the changelog for 4.4 for full details of all the updates - it also includes links to relevant issues, pull requests with commits, and documentation.

This week is UN Open Source Week, and we’re happy to share that today, Mastodon was added to the Digital Public Goods Alliance’s DPG Registry. A goal of the DPGA is to promote digital public goods in order to create a more equitable world. Being recognised as a DPG increases the visibility, support for, and prominence of open projects that have the potential to tackle global challenges. To become a digital public good, all projects are required to meet the DPG Standard to ensure that they truly encapsulate open-source principles and what it means to be a digital public good. Digital public goods are defined as open source software, open standards, open data, open AI systems, and open content collections that adhere to privacy and other applicable best practices, do no harm, and are of high relevance for attainment of the United Nations 2030 Sustainable Development Goals. Mastodon’s mission is to ensure that our online social spaces belong to the people forever, and provide a safe place for public discourse. Our vision is an open and safe social internet that encourages everyone to connect, create, feel welcome and be free to dream. We are part of the Fediverse, built on common shared standards, and an important element of digital public infrastructure (DPI). As concerns continue over the centralising power of legacy Big Tech platforms, Mastodon’s status as a recognised digital public good underscores the crucial role our project and software play in fostering democratic online spaces across the web. You can follow the Digital Public Goods Alliance on Mastodon at @DPGAlliance@mastodon.social. For any enquiry regarding this announcement, please contact press@joinmastodon.org. For more information on the Digital Public Goods Alliance please reach out to hello@digitalpublicgoods.net.

We’re already well into 2025, and it has been a huge start to the year for Mastodon. We want to bring you an overdue update on exactly what we’re working on, from a strategic perspective. Mastodon’s mission is to ensure that our online social spaces belong to the people forever, and provide a safe place for public discourse. In February, a few members of the team met in person to discuss next steps. Here are the three priorities we set for this year. Restructure the organisation Grow the user base Reach financial sustainability Restructuring In January, we shared a bold announcement: Mastodon must never be owned by a single individual, and serves the community. To that end, we said that we are going to create a new non-profit organisation based in Europe, to own the Mastodon assets; and, that we will be reorganising our team. We’re not yet fully through this process, and this remains a core goal and activity for 2025. There will be more news to share on this topic very soon. Related to the organisational changes, we have grown the team over the past year, reflecting the broader range of conversations that have been going on around the project. We also assessed and improved contracts for as many of the team as possible, within budget constraints. Growth Another element to our strategy is to grow the number of users of the Mastodon network (and the Fediverse as a whole). Mastodon has always been about more than growth itself - we want to build better social spaces for people, and help people to leave legacy platforms. All of that remains true: this is a plan to work towards growth that aligns with our values. We’re thinking about this in three main ways: user growth, institutional growth, and ecosystem growth. There’s an element here of how we’re building and adding features to Mastodon, to make it more approachable and useful to more people - to that end, we’ve got new members of the team focused on user interfaces, user experience and design. We also plan to work on features that we’ve heard organisations ask us about, such as greater customisation for their instances. Finally, we’ve greatly increased our presence at community events and conferences, to talk about the broader Fediverse story. Sustainability Over the past few years, we’ve shared annual reports that describe where our funding comes from: donations largely from individual / grass roots supporters (currently starting at $8 per month on Patreon), with an occasional substantial gift from an organisation or individual; and, some grants from EU programmes and institutions. We’ve always relied on these to sustain our small core team. In 2024, we were able to provide commercial services for the first time, by hosting the European Commission’s Mastodon instance, and by signing a support contract with the German federal state of Schleswig-Holstein. 2024 was also the first year we were able to raise donations from wealthy individuals, which gave us more financial freedom to make large changes to the organisation. A diverse range of incomes is great, because it reduces the risk of being dependent on a single source. We intend to build on the regular income channels, and in 2025, we will be offering additional services. We’ll be sharing more about these commercial offerings, as well as the restructuring, in the coming weeks. We will continue to rely on and appreciate your donations and support as we move forward. Thank you for supporting Mastodon We develop and maintain the free and open source software that powers the social web. There is no capital behind this — we rely entirely on your support. Donate to the project View our sponsors

Hello again! Thank you for reading our monthly engineering team update, we’re happy to share what we’ve been working on. Events We had a busy May, with several events that we participated in, or organized. The biggest one was re:publica in Berlin, where several members of the Mastodon team were able to meet with the community, talk about the project, and share our plans for the future. In particular, the team hosted a community meetup at the Wikimedia offices, to discuss the latest developments in Mastodon. At re:publica itself, Philip was on stage for a conversation about Mastodon as open infrastructure, and Felix joined a discussion about large scale adoption of independent social media platforms. There is a range of very active conversations about the Fediverse happening right now, particularly (but not exclusively) in Europe, and we are grateful to be taking part in them. Releases At the very beginning of May (just before last month’s blog post) we released Mastodon versions 4.3.8 and 4.2.21 - hopefully you’ll already have updated to one of these stable versions. We’ve now released the first beta of Mastodon 4.4.0. Post by @MastodonEngineering@mastodon.social View on Mastodon The plan is to release a second beta in the next few days, with a release candidate to follow. We hope to make the final release by the end of June. There are a lot of great new features in this release, so take a look at the release notes. We will be sharing more details for developers and for users in the coming weeks as we get towards the final release. Backend and web In May, we reviewed and merged 180 Pull Requests (114 with translation and dependency updates removed) from 17 contributors. interface New pinned / featured content design for user profiles, with carousel. — PR #34858 (by ChaosExAnima) — PR #34754 (by ChaosExAnima) interface New Followers you know widget, and relationship info on hover cards. — PR #34652 (by diondiondion) — PR #34792 (by diondiondion) — PR #34769 (by diondiondion) admin Server owners can now set whether a Referer header should be set — PR #34731 (by ChaosExAnima) Multiple compatibility updates ahead of 4.4 beta release: devops Bumped minimum Redis version to 6.2 — PR #30413 (by ClearlyClaire) Also dropped Redis namespace support. See the migration details if your instance is using Redis namespaces. — PR #34581 (by ClearlyClaire) — PR #34664 (by ClearlyClaire) — PR #34665 (by ClearlyClaire) devops Update to Sidekiq 7 — PR #34745 (by mjankowski) devops Drop support for PostgreSQL 12 — PR #34744 (by ClearlyClaire) devops Update rack to version 3 — PR #34816 (by mjankowski) devops Change minimum Node.js version to Node 20 — PR #34390 (by renchap) devops Libvips is now the default image processing library. ImageMagick support is deprecated,and will be removed in a future version. — PR #34741 (by ClearlyClaire) interface Major migration from Webpack to Vite — PR #34469 (by ChaosExAnima) — PR #34454 (by ChaosExAnima) — PR #34450 (by ChaosExAnima) new-feature Add initial support for sharing data with Fediverse Auxiliary Service Providers (i.e. Fediscovery) — PR #34415 (by oneiros) admin Legal feature updates as described in a recent blog post - ability to set Terms of Service, create rule translations, and set age requirements. — PR #34527 (by ClearlyClaire) — PR #34494 (by ClearlyClaire) backend Support for displaying incoming quote posts based on FEP-044f — PR #34584 (by ClearlyClaire) — PR #34773 (by ClearlyClaire) — PR #34772 (by ClearlyClaire) — PR #34771 (by ClearlyClaire) — PR #34738 (by diondiondion) interface Refreshed audio player design for the web UI — PR #34520 (by Gargron) Android No significant updates shipped in May. iOS On iOS, work continues on overhauling the basic post layout (currently only available to beta testers). A few smaller fixes will likely be coming soon. Fediscovery We implemented the follow_recommendation capability in our discovery provider reference implementation, fediscoverer. In May, work began to get fediscoverer closer to production readiness. There is still a way to go, but we are making steady progress. Community news We are always happy to see the community building on Mastodon, and this month we have a few interesting tidbits to share: Tom Casavant shared a post about using Meshtastic to post to Mastodon from over a mile away! Oliphaunt is a native macOS app for Mastodon that can be tried via TestFlight. Splinter is a tool for Mastodon threads - it turns long articles into threads and posts them for you automatically. Beej shared a blog post with a method for using Mastodon to add comments to a static blog. Masto2RSS creates RSS feeds containing links shared on Mastodon timelines. Thank you - and, we need your help If you appreciate the work we do, and want to support the project, consider becoming a patron or making a donation. We are a non-profit organisation, and we rely on your contributions. The team is grateful for your support. Thank you for supporting Mastodon We develop and maintain the free and open source software that powers the social web. There is no capital behind this — we rely entirely on your support. Donate to the project View our sponsors

Mastodon’s core purpose is to connect you with your friends and communities, to have conversations that matter to you. Communities need some ground rules; and, on the internet, we also need to be aware of any regulations that are relevant where our services are being operated. In the upcoming release of Mastodon (version 4.4), there are three key updates to our legal features that support server administrators in meeting these requirements. Terms of Service Mastodon servers already have Server Rules and a Privacy Policy, that owners need to define when they create their instance. There will also now be an optional Terms of Service. To help you get started, in the future (post-4.4 final release) we will be providing a generator for the Terms of Service. The effective change date of the Terms of Service will be included, to allow users to review them before taking any action. If you operate a Mastodon instance, you should decide whether you need a Terms of Service - it may not apply if you run a single-user instance where you are the only user, for example. If you do need one, you should look through the text that is provided by the generator, and decide whether this is appropriate for your server and jurisdiction (i.e. for the laws of the country where your server is located). On the client side, there is a new API for developers to fetch and display a server’s Terms of Service (including versions and effective dates) inside their apps. We’ve also enhanced the information provided in the instance data, to provide the URLs for the Terms of Service and Privacy Policy. Server rules translations We’re providing the ability for server rules to be translated into multiple languages. This means that the rules which apply to everyone that uses your Mastodon instance, will now be able to be read in different languages, as appropriate for your community. Administrators will now be able to optionally provide translations for each rule in the server settings. If no translated version is provided for a given language, the default text for that rule will be used instead. The API has been updated in version 4.4, and rules will now be returned with translations where these apply. Developers will need to update their apps to use translations where available (our own apps will be updated soon). Setting age requirements We are introducing a new option for server administrators to set a minimum age requirement for user sign-up. When the option is enabled, the Mastodon instance will require a date of birth to be provided when a new account is created. This value will be validated against the minimum age setting, and then discarded. It is important to note that Mastodon is not implementing age verification. This minimum age check data is not being stored. The feature only enables administrators to specify a baseline age requirement for new accounts on their servers, potentially to comply with local laws, or per their own preferred operating processes. There’s a change to the sign-up API to support this new feature (previously announced here). Our own mobile apps already support servers that have a minimum age specified. Next steps The two Mastodon servers that we operate (mastodon.social and mastodon.online) run preview nightly releases of the next version, and we’ve started to enable these features there already. If you have an account on one of these servers, you will receive an email in the coming weeks notifying you about the new Terms of Service. We plan to publish these by 9th June 2025, with at least 30 days from the date of publication before they become effective. Note: as at 20th June 2025 this process is on hold, as we are revising the Terms of Service text. We will update this post when we have a new date for publication. Rules translations into a number of major languages have been added to these servers. An age requirement on sign-up (with a minimum age of 16) for these servers is enabled from today, 23rd May 2025. A beta release of Mastodon 4.4 will be available in the next couple of weeks, and we’ll be looking for feedback ahead of the final release. If you’re interested in testing the beta, please keep an eye on our GitHub repository. If you operate a Mastodon instance, we want to point out that there are some recent regulatory changes in different places around the world, that may affect your service depending on where you are located. We’re grateful to our friends at IFTAS for sharing information on these changes - be sure to take a look at their resources if you need some guidance around these. Finally, and very importantly - we want to thank you, for being a part of the Mastodon community. Unlike the legacy centralised networks, Mastodon is not “one size fits all”. It is important that there are many different Mastodon servers, reflecting the diverse groups and cultures around the world. We appreciate your support. Thank you for supporting Mastodon We develop and maintain the free and open source software that powers the social web. There is no capital behind this — we rely entirely on your support. Donate to the project View our sponsors

This edition of Trunk & Tidbits marks the one year anniversary of our monthly development updates 🎉 Back at the beginning of 2024, we discussed how regular communication needed to be a part of our team’s culture, as a commitment to the people who help to make Mastodon what it is - everyone that uses Mastodon daily, the administrators who run servers, the moderators that help to manage community discussions, and the people that donate to the project to help us to keep moving forward. We hope you’re finding the updates and behind-the-scenes insights useful. We’re interested in your feedback, so please let us know if you have any suggestions for future posts. We’re in the Fediverse, and should be easy to find… 🙂 Team news Last week, we published a blog post sharing an update on the team as a whole, particularly with some news about a change to our 501(c)(3) fundraising board, and some non-engineering roles. Post by @Mastodon@mastodon.social View on Mastodon One new member of the team was not included in that post, as it was just before they started - we’re very happy to welcome Dion to the core team this week, as our second full-time front-end developer. It’s not all about the code, so we’re also sharing what we’re doing to help the Fediverse, outside of the work in our repositories. Interest in independent, non-commercial social platforms continues to grow, and we’re working to share the message about Mastodon and the Fediverse with a wider audience. During April, members of the team were at the International Journalism Festival in Perugia, and also visited The Hague and Amsterdam, to meet with policymakers and media organizations. We’ve even been on the radio in Germany (well, Felix was interviewed there!). You can also watch Andy’s participation in a panel at Fediverse House from March, on Flipboard’s PeerTube channel. In each Trunk & Tidbits post this year, we’ve mentioned some events that the team has been at. We want to share our future plans as well, and as an initial step, we’ve added a new section to the Discord server for our Patreon supporters. This lists upcoming events, as well as the people from the team who will be there. In the future, we’re planning to add some of this information on the main project website as well. We’re also going to be using our main Mastodon account, posting on LinkedIn, and using other channels to share our plans and broaden the ways we reach people. Releases There were no new releases of the Mastodon server code in April, but we just released 4.3.8 and 4.2.21 as we rolled over into May. These contain a few small bug fixes, and a minor security fix. We encourage administrators to update to the most recent release for their instances. Last month, Mastodon 4.1.x reached the end of support. If you are running a version of Mastodon on the 4.1 series (or earlier), please upgrade. We are unable to help you if you hit issues while running older releases of the code. Looking ahead to future releases, there are a couple of upcoming technical changes that administrators and developers should know about. Firstly, for administrators, David has provided some next steps towards the removal of Redis namespaces in version 4.4.0. This is a change that was mentioned in the last Trunk & Tidbits post, and it will be a breaking change for some instances. If you are running a Redis server with multiple Mastodon instances, please take a look at the discussion on GitHub. The second change is that we’re moving to implement the final version of RFC9421 HTTP Signatures in Mastodon (originally mentioned back in February) Renaud has put out a call for feedback with other ActivityPub implementers. This is a change that will affect how Mastodon interacts with other ActivityPub servers, and we are looking to test with other developers in the community. Backend and web The team is hard at work finishing the few items left before the first Mastodon 4.4 release. We are planning for the first beta version to be released later in May. In April, we reviewed and merged 142 Pull Requests (77 with translation and dependency updates removed) from 12 authors. Thank you to everyone who contributed to the project this month! interface Added a dropdown menu to list of accounts with quick actions. — PR #34391 (by Gargron) interface Added a new “Featured” tab on profiles, to showcase featured posts (previously pinned posts), hashtags and accounts, and allow those to be featured or unfeatured from the web UI. — PR #34405 (by ChaosExAnima) — PR #34490 (by Gargron) — PR #34568 (by Gargron) interface Added a dropdown menu on hashtags to browse the posts for the hashtag or mute it directly. — PR #34393 (by Gargron) interface Added a way to remove a follower when browsing their profile (previously you could achieve this by blocking then unblocking them). Issue #34473 from thisismissem new feature Added support for incoming quote posts (ActivityPub + backend). — PR #34370 (by ClearlyClaire) — PR #34479 (by ClearlyClaire) Documentation admin Changed DEFAULT_LOCALE setting to not override unauthenticated users’ browser language, and introduce FORCE_DEFAULT_LOCALE to restore this behaviour. — PR #34535 (by ClearlyClaire) new feature Updated account search to be more forgiving of spaces. — PR #34455 (by Gargron) api Added an API for fetching a user’s endorsed accounts. — PR #34421 (by Gargron) Documentation Android In April, there were two releases of the app, with mostly minor changes. The most noticeable update is that you can now see which post you’re replying to in the compose screen. Also, the top bar in the Explore tab now scrolls away. The other changes were fixes for some rare crashes. iOS Release 2025.02 brought improvements to new account registration, including support for the new minimum age server option and a less aggressive field-invalidation marking experience. Also, several types of notifications that had not previously been visible in the app will now appear. Admins have the option to filter out the potentially high-volume admin notifications. Fediscovery We published a first draft of the follow_recommendation capability specification. This API allows personalized follow recommendations to be fetched from a discovery provider. Around the community The Discourse team announced support for ActivityPub and the Fediverse. Welcome! Looking for a fun Mastodon web client with themes and animations? Hai! Some Mastodon components for Svelte. Mastodon for n8n = Mastodon functionality for n8n, a workflow automation tool. We don’t have an algorithm, but some other people have built some. A new release of FediAlgo was announced. Built something cool on Mastodon? Let us know! We love to see what the community is building, and we want to share it with everyone. We appreciate you The team has evolved, and we’re working hard to make Mastodon even better for you. We can only do this with your help - we’re not taking venture capital, and we don’t have a big company behind us. We are a small team, and we need your help to keep going. If you like what we’re doing, please consider supporting us. Thank you to everyone who contributes to the project, and who uses Mastodon every day. Thank you for supporting Mastodon We develop and maintain the free and open source software that powers the social web. There is no capital behind this — we rely entirely on your support. Donate to the project View our sponsors

As Mastodon continues to evolve and grow, we’re excited to announce several changes to our team (and also, to offer a brief update on our restructuring). Restructuring Progress We’re currently forming a new foundation in Europe as a new home for the project and its assets. The terms papers have been finalised, and the process is underway. We’ll have more concrete information to share in the near future, but for now, we wanted to provide a short update that the transition we previously announced is happening. Board Updates Our U.S.-based 501(c)(3) organization continues to serve as both a fundraising entity, and as a resource in sharing its board members’ advice and experience. We’re deeply grateful to Amir Ghavi for his legal guidance during our structural transition. With his formal support of this process, Amir has recently stepped down from his board responsibilities. We’re delighted to welcome Hannah Aubry as a new 501(c)(3) board member! Hannah was a great partner and champion of the project during her time running the Fast Forward program at Fastly, and as part of our outreach team. She brings her valuable experience in community, communications, and free and open-source software to share with our leadership team. Recent Team Changes We’ve made some additions and change to the team. If you’ve been following our Trunk & Tidbits series, you will already know that David, Shannon and Echo joined the core engineering team in the past year. We’re also very happy to share that Scott Jenson has joined the organisation on a part-time basis, as Product Strategy Adviser. We have a couple of additional folks joining shortly, so watch this space. In addition, there are some updates to the operational side of the organisation: Andy Piper is now Head of Communications. Andy was previously working to support our Developer Relations efforts on a freelance basis, and transitioned to lead communications across the project. Philip Schröpel has taken on the role of Chief of Staff. Philip joined the Mastodon team as a Finance Associate in 2024. He is now leading a range of projects across Mastodon’s operations and partnerships. Zora Steiner is joining us on 2 May as a Junior Project Manager, to support the team with a wide range of projects within Business Operations, like fundraising, grant applications, marketing and more. We’ll have more to share about specific roles on the team as the transition to the new structure is finalised. Looking Ahead These changes reflect a commitment to building a stable organisation while maintaining our core mission: creating tools and digital spaces for authentic, constructive online communities free from ads, data exploitation, and corporate monopolies. While the team has grown substantially over the past 2 to 3 years, we’re still a small team of 15 people (with only 3 part-time/freelance team members). That’s a big change considering less than 2 years ago, we were a team of just 3 full-time engineers - however, it also reflects the diverse range of tasks we’re working on. There is a lot more to the project than just the code! Mastodon has taken the strategic decision not to accept venture capital investments for growth, but rather restructure to a European non-profit organisation. This means that we’re reliant on your support to build a team to work full-time on new product features, maintain mastodon.social and mastodon.online, and represent Mastodon and the broader Fediverse to policy makers and to media organisations. The elements of our mission related to an open internet, privacy, and data ownership are more important than ever. We’ll share more news on all of these topics - our restructuring, people, and mission - in the coming months. In the meantime, be sure to follow us on Mastodon, where you’ll start to see us share a broader range of updates - including news about events we’re attending, and other initiatives. Thank you for supporting Mastodon We develop and maintain the free and open source software that powers the social web. There is no capital behind this — we rely entirely on your support. Donate to the project View our sponsors

Greetings! We’re back, with our monthly update from the Mastodon engineering team. Remember how last month was a bit lighter for news? Well, this time, we are making up for it and have a lot to share! Take a look below for team updates, some significant new features, and updates to the mobile apps. We also have very important information about changes with new (and old) software versions. Finally, there’s a bumper round-up of community news, and some fun projects you may have missed. Events and team news We are very excited to welcome Echo to the core team as a front-end developer. We extended our recruitment to include a second front-end developer, and found another great individual who will be joining us soon as well. Also on the team side, we opened a role for a designer to join the team, after we said goodbye to Sam recently. In March, Andy was on stage at Fediverse House, a side event at SXSW run by our friends from Flipboard. This was a fun space which created opportunities to finally meet some of the members of our community in person (hi, @box464!) and to talk about Mastodon and the Fediverse. Andy was also a guest on the Fireside Fedi podcast, which you can watch as a video, or listen to in audio. Members of the team took part in more panels and events in March - for example, Felix was part of an EFF “Effecting Change” livestream that you can also check out. We aim to continue our outreach and communication over the coming months as the new organisation comes into focus. If you have an account on one of our hosted instances (mastodon.social and mastodon.online), you may like to know that we now have an account that is run by the team that operates them - @staff@mastodon.social is where you can find updates and announcements related to these services. As noted in the account bio, you should continue to use the existing process for any account support and appeals requests. Don’t forget that we also post technical and team updates on @MastodonEngineering@mastodon.social. You’re also free to check out our LinkedIn page for non-engineering updates. It doesn’t federate, but, we’re there too. Releases and updates In March, we released a number of bugfixes, and a security fix. You should take a look at the most recent version for the Mastodon level you are running, but also check the release notes for any versions you may also have missed. In total, we shipped: 4.3.5, 4.3.6, and 4.3.7 4.2.18, 4.2.19, and 4.2.20 IMPORTANT: Mastodon 4.2.17 dropped support for Ruby 3.0 (this is no longer supported upstream). If you are running Mastodon 4.2 and Ruby 3.0, you can update as far as Mastodon 4.2.16 which contains the latest security fixes, but please note that this version has a known vulnerability if you are using SAML authentication with Mastodon. If you are running Mastodon 4.2.x with Ruby 3.0, we strongly encourage you to update to Ruby 3.2, and then use Mastodon 4.2.17 or above. 4.1.24, and 4.1.25. If you are running Mastodon 4.1.x, note that it only supports Ruby 3.0 (which is no longer supported upstream) and is subject to the above SAML security issue. Mastodon 4.1.25 is the final version of the Mastodon 4.1.x lifecycle. As of April 8, 2025 this version of the software is end of life and will no longer receive updates (including for security issues). You should upgrade to a supported version as soon as possible. Looking ahead, we posted a notice about future versions of Mastodon (from 4.4 onwards), that will retire the use of Redis namespaces and the REDIS_NAMESPACE environment variable. If you have questions related to this future change, there’s a discussion post on GitHub. Post by @MastodonEngineering@mastodon.social View on Mastodon Backend and web In March, we reviewed and merged 167 Pull Requests (106 with translation and dependency updates removed) from 14 authors. Thank you for all of the contributions! api Added new fields in the instance endpoint to get the instance’s about, terms of service and privacy policy pages, so apps can display them (including during signup). — PR #33849 (by ClearlyClaire) api Added an attribute to the instance endpoint to understand whether a reason is required for sign ups. — PR #34280 (by ClearlyClaire) new feature Updated the Terms of Service feature to add a publication date, allowing users to review the ToS before they take action. — PR #33993 (by Gargron) new feature Added a way for admins to do basic age verification to help with local law compliance. It achieves this by asking for the user birth date when signing up and checking it against the configured age. The birth date is not stored anywhere. Right now, it will reject sign ups where the birth date is not provided (for example, from API clients that do not support entering it), but we plan to properly handle this case before the feature is released. — PR #34150 (by Gargron) interface The Emoji picker now supports Emojis from Unicode 15.0 (and a PR is in the works for 15.1). — PR #33395 (by eramdam) admin Add a way for admins to send an announcement by email to all users. — PR #33928 (by ClearlyClaire) new feature Jonny has been working for several months to add a way to fetch replies from other servers, to solve the common issue of only seeing a part of conversations. The first part of this work has been merged. It is not enabled by default for now, as we need to ensure that it behaves correctly and does not significantly increase the requests made to other servers - but, this is a huge first step. Further PRs will be required to update the interface, and ensure that apps can support this as well. — PR #32615 (by sneakers-the-rat) — PR #34147 (by ClearlyClaire) — PR #34151 (by ClearlyClaire) api The API now supports the Deprecation header from RFC9745. We recommend that application developers look for this header in responses, and display a warning when it is present in development mode, to detect usage of deprecated APIs. See the documentation for more information. — PR #34262 (by ClearlyClaire) new feature A new v2 filter action has been added: blur. It is similar to warn, but only applies to attached media. If you’ve implemented v2 filters according to our documentation, your client should be handling unknown types as warn, which is a reasonable fallback for blur. Documentation: Create a filter and filter action entity — PR #34256 (by ClearlyClaire) new feature Support for Fediverse Auxiliary Service Providers has been merged. No capabilities are implemented yet, but this is the first step towards supporting Fediscovery in Mastodon, and opens the door for many other exciting features. — PR #34031 (by oneiros) interface The media modal behaviour on mobile has been improved, with better gesture support. — PR #34210 (by Gargron) admin admin.sign_up notifications can now be grouped. — PR #34298 (by ClearlyClaire) Android Version 2.9.5 was released, with some minor bug fixes and tweaks. We’re also working on support for the age verification on sign-up changes mentioned above. iOS With the release of 2025.01, grouped notifications are now available on iOS! Favorites, boosts, and follows that occur close together are grouped with similar notifications, as they are on the web. Also, follow requests can be approved or rejected right from the notifications list. You’ll also see a bunch of improvements around post visibility (“Public”, “Unlisted”, etc.) throughout the app. When composing a new post, the visibility setting is now just below the publish button, making it much more obvious. When viewing your timeline, private mentions and replies are now marked with headers similar to those on the web, and posts that are not public now show an icon to indicate their visibility. Several other long-standing issues around post visibility have also been resolved. Quite a few other fixes are included in this update as well, and we’re hard at work on a follow-up to address additional issues. Fediscovery We merged the first Fediscovery-related PR into Mastodon (see above). This includes basic support for managing FASP (Fediverse Auxiliary Service Providers), of which Discovery providers will be the first kind. This is still behind a feature flag and does not provide any user-visible functionality, but it enables a couple of things. Expect to see more in the coming months. We also started work on the next discovery capability: “Account Recommendations”. A first specification draft will be published in April. Testing of an initial Fediscovery implementation is ongoing. Demonstrating that this is not a Mastodon-only service, the Smithereen project has been working with the current code. Post by @grishka@mastodon.social View on Mastodon Community news This was a big month across the community. The Nivenly Foundation - stewards of the Hachyderm.io instance - announced their Fediverse Security Fund, which will sponsor contributors who responsibly disclose security vulnerabilities in popular open source Fediverse software. This is a great initiative, and we are happy to see it. There was a big update to Phanpy, a progressive web app client for Mastodon. Fedi Archive is an iOS app that allows you to open and browse Mastodon account archives directly on device. The great @halcy, maintainer of the Mastodon.py client library for Python, shared some fun posts, including a FUSE filesystem built on Mastodon (!), demos of Mastodon.py with client-side PyScript, and a series of fun and silly examples built on the Mastodon API. Take a look, you may get inspired! … Andy did get inspired, and ran with the FUSE idea, but it is still not something we recommend as a way to use Mastodon 😊 Tom Casavant continues to contribute to getting Mastodon into all the right places, and submitted a pull request to add Mastodon trends as a widget for Glance. A new iOS app called Sabertooth appeared. If you use Discord, then you should find that embeds of Mastodon posts just got much nicer. by the way, if you support us on Patreon, you can get access to our Discord server. Fred Rocha wrote a blog post about how he uses Mastodon in 2025. That was a lot of news! We are excited to see the community continuing to share interesting apps and examples. Let us know if you’re building something cool, and we may feature it in a future post. Thank you Mastodon is a platform that empowers communities and fosters connections. It thrives when people contribute! We appreciate all of the support. Please consider donating to help us to keep improving the software. Thank you for supporting Mastodon We develop and maintain the free and open source software that powers the social web. There is no capital behind this — we rely entirely on your support. Donate to the project View our sponsors

Hello again. Thanks for checking out our latest engineering updates. We hope that our monthly updates help you follow what we’ve been working on, and where we’re headed. This is a slightly lighter entry in the series, although there was plenty happening. At the start of the month we were recovering from our trip to FOSDEM (that was covered in the previous edition), and we also spent time responding to community feedback in a number of areas. Beyond the repositories Just after Trunk & Tidbits was published last month, we also shared our thinking and plans around Quote Posts. Since then, there has been active discussion on SocialHub (a forum for ActivityPub and Fediverse developers) about the proposal. We appreciate the engagement! On the events and outreach side, it was a busy month: two of the team were at RightsCon in Taipei, where they had the opportunity to talk to a range of digital rights activists and experts; and our CTO, Renaud, took part in a number of interviews with media organisations in France. We shared some of these in posts on our LinkedIn page, in case that is a site where you’d like to follow non-engineering news updates. Now, let’s turn to the code! Releases We released Mastodon 4.3.4, 4.2.17 and 4.1.23. IMPORTANT: Mastodon 4.2.17 drops support for Ruby 3.0 (which is no longer supported upstream). If you are running Mastodon 4.2 and Ruby 3.0, you can update as far as Mastodon 4.2.16 which contains the latest security fixes, but please note that this version has a known vulnerability if you are using SAML authentication with Mastodon. If you are running Mastodon 4.2 with Ruby 3.0, we strongly encourage you to update to Ruby 3.2, and then use Mastodon 4.2.17 or above. If you are running Mastodon 4.1, note that it only supports Ruby 3.0 (which is no longer supported upstream) and is subject to the above SAML security issue. Countdown to the end of life for Mastodon 4.1.x - this version will no longer receive updates (including for security issues) after April 8, 2025. If you are running an instance on 4.1.x, you must update to 4.2.x or 4.3.x within the next ~30 days, in order to remain on a supported version of the software. In related news, administrators of instances that are currently on our servers list - that are not running supported versions of the software - will soon be asked to upgrade if they would like to remain on that list. We are also working on updates to the Mastodon Server Covenant that will include a requirement to stay up-to-date on software levels. We also hope to streamline the process for adding new instances to the list… unfortunately we are backlogged on updating it in general, due to various process changes; apologies if this applies to your submission. Thank you for your patience, and look out for more on these changes in the coming weeks. Backend and web In February, we reviewed and merged 119 Pull Requests (61 with translation and dependency updates removed) from 8 authors. We usually do a round up of more major backend and web UI changes in this section, but these were fairly light during the past month. The security releases, and the responses to feedback on Quote Posts, were the focus of the team’s efforts. Additional news from behind-the-scenes: We are growing the team! We are working on adding two front-end developers to the team, and have talked to some very strong candidates. We are at the end of the process at the moment, so you can expect to see some new faces in our repositories soon. As well as growing, we have also said goodbye to Sam, who has been our designer for the past four years. Thank you, Sam! The plan is to open a position for a full-time designer to join us soon, so stay tuned for news on this opportunity. Mobile No major updates in our mobile apps in the past month. On Android, there were some minor UI tweaks, and some bug fixes. On iOS, work continued on grouped notifications (which are coming very soon), along with a few additional bug fixes. There’s a lot of work happening, but less to discuss in terms of visible changes. Fediscovery As a short reminder: Fediscovery is a project we’re working on independent of Mastodon itself, to explore decentralized search and discovery for the Fediverse as a whole. It defines a Fediverse Discovery Provider as one type of potential Fediverse Auxiliary Service Provider (FASP) that can offer additional functionality to any Fediverse service. We published a first draft of the account_search capability specification. We opened up the GitHub repository of our reference implementation, fediscoverer. It is still (very) early days, but all of the different draft specifications have been implemented in some way. One of the next steps in the coming months is getting this production-ready. We published several draft PRs for Mastodon itself to integrate with a discovery FASP (1, 2, 3). Community contributions We’re always on the lookout for interesting uses of the Mastodon API. Here are some that we spotted this month. Monkedo is no-code automation software designed for a range of users, both technical and non-technical. There is now a Mastodon integration available over there (thank you Deniz and team for letting us know about this!). If you build anything with Monkedo and Mastodon, let us know what you think. Congratulations (and thank you!) to @halcy for releasing the major new version 2.0.x of Mastodon.py. This powerhouse of a Python library is now fully updated with all the current core Mastodon API methods, and modernised for current Python versions. pip install it today, and tell us what you build. Relatedly, with the ability to run Python in a web browser… there’s a blog post about using this to build web apps, and here is a Mastodon API Explorer. Pretty nifty! Do you use Sphinx for a website? If you do, you can try sphinx-fediverse to use Mastodon as a comments system. Please let us know if you’re creating something interesting on top of Mastodon, so that we can help other people hear about your projects. Got something we should know about? Don’t forget to use the #MastodonAPI hashtag when you share it in the Fediverse. Thank you for supporting us We’re grateful for every user of the platform, and every donation that we receive helps to sustain the project. As an independent project with a small team, Mastodon continues to depend on your support. We believe in authentic human connection, and we’re creating a social platform for everyone. Every contribution helps to keep Mastodon moving forward. Thank you. Thank you for supporting Mastodon We develop and maintain the free and open source software that powers the social web. There is no capital behind this — we rely entirely on your support. Donate to the project View our sponsors

Quote Posts are a popular feature of many social media platforms. They offer the ability to share another person’s post to one’s own followers, while adding a comment. We want to share our thinking process in implementing Quote Posts in Mastodon, and explain why it has taken us some time to do so. Background In the past couple of years, as Mastodon has grown, we’ve spent time meeting with community leaders across a spectrum of interests, to understand their needs. We have learned that many groups use Quote Posts as their primary means to build consensus and community on other platforms. Quote Posts used in this way convey trust and respect for the original post, building on or enhancing an original idea. On the other hand, back when Mastodon was first developed, we had seen the feature used for malicious purposes on other platforms, for example, to intentionally quote someone out of context, to direct hate speech and harass people. At that time, it was an easy decision for us: Mastodon would not have quote posts. The continued popularity of requests for us to implement the feature has shown that their absence prevents many people from joining the Fediverse. We want to add Quote Posts to help people to transition away from proprietary, billionaire-owned social media to the open social web. If you’ve been following our project, we first mentioned that we were considering bringing Quote Posts to Mastodon back in 2023. During 2024, we applied for a grant from the NGI0 Entrust Fund, to support our research and implementation efforts. With that support, we have done a lot of research and thinking, and we are sharing the outcomes of this work with you here. Challenges There are two primary elements to bringing Quote Posts to Mastodon: user-centric, and technical. As explained above, the team started out with a shared view that Quote Posts can be misused. Many people simply do not want their content to be reframed by others; or they may find that if it is reposted, they receive unwelcome attention. In order to mitigate these issues, we plan to include several features in our implementation: You will be able to choose whether your posts can be quoted at all. You will be notified when someone quotes you. You will be able to withdraw your post from the quoted context at any time. We also want to build a tight integration for Quote Posts with the reporting functionality, to help people to feel more safe. On the technical side, the concept of Quote Posts is not standardised - there is no agreed way to build this feature into a W3C ActivityPub implementation so that it is automatically interoperable with the other applications in the Fediverse. Today, some third party Mastodon clients approximate quote posts, by showing a preview if a post contains a link to another post - but those efforts do not come with any of the features that we want to include. We want to collaborate to create a specification, so that we can encourage a better (and safer) way for all clients to have this functionality. We’ve spent time talking with users, with other Fediverse software developers (which include user facing applications), and with the developers of our own client apps, about how they might expect to see or implement Quote Posts. The output from this will be concrete proposals to help everyone building on the Fediverse. The process We are in the process of writing ActivityPub extensions (which we will publish as Fediverse Enhancement Proposals), in collaboration with other developers, to cover these features for any ActivityPub software that chooses to use them. These specifications can allow everyone to efficiently implement this same feature in an interoperable way. We’ve shared initial work on this for ActivityPub developers, and we’re also posting the background research we performed, that was discussed with others - in both cases, these are being posted as deeper-dives for technical audiences and other implementers; they do not represent final outputs and choices. In addition to these proposals, this feature will impact many parts of the Mastodon codebase, including the ActivityPub-handling code, the public API, web user interface, moderation panel and capabilities, the administration panel, and the official iOS and Android applications. We’re working on it, but Quote Posts will still take more time to develop. The future We know that Quote Posts are a source of concern for some members of the community, and highly-requested by others. We’re committed to sharing our progress, and listening to your feedback. Thanks for being a part of the federated open social web, and for using Mastodon. Thank you for supporting Mastodon We develop and maintain the free and open source software that powers the social web. There is no capital behind this — we rely entirely on your support. Donate to the project View our sponsors