The news of Elon Musk buying Twitter has put Mastodon into the public spotlight as an alternative social network, rapidly exploding our growth with over 30,000 new users in just a single day. This is because at Mastodon, we present a vision of social media that cannot be bought and owned by any billionaire, and strive to create a more resilient global platform without profit incentives. We believe that your ability to communicate online should not be at the whims of a single commercial company. Mastodon is used to publish 500-character messages with pictures, polls, videos and so on to an audience of followers, and, in turn, to follow interesting people and receive their posts in a chronological home feed. Unlike Twitter, there is no central Mastodon website – you sign up to a provider that will host your account, similarly to signing up for Outlook or Gmail, and then you can follow and interact with people using different providers. Anyone can become such a provider as Mastodon is free and open-source. It has no ads, respects your privacy, and allows people/communities to self-govern. Funnily enough one of the reasons I started looking into the decentralized social media space in 2016, which ultimately led me to go on to create Mastodon, were rumours that Twitter, the platform I’d been a daily user of for years at that point, might get sold to another controversial billionaire. Among, of course, other reasons such as all the terrible product decisions Twitter had been making at that time. And now, it has finally come to pass, and for the same reasons masses of people are coming to Mastodon. We’ve been steadily working towards the ultimate goal of providing a viable alternative to Twitter since 2016, and have proven the scalability and resilience of the platform through organic growth over the years. However, without doubt the sudden and explosive success is putting strain on our resources, specifically the public Mastodon servers that we, the non-profit, maintain ourselves: mastodon.social and mastodon.online. While there are over 2,400 Mastodon servers out there operated by independent individuals and organizations, we provide these two servers as a fallback option for those who don’t know which other server to sign-up on. We have been working non-stop to maintain quality of service on mastodon.social and mastodon.online, but you may have noticed issues such as confirmation e-mails not arriving or home feeds being delayed. We apologize for the inconvenience and continue to work on addressing these issues. We recommend using joinmastodon.org or our official iOS and Android apps to choose a Mastodon server to sign-up on, and to tell others to do the same when talking about Mastodon insteading of promoting our own servers directly. All Mastodon servers interoperate, allowing you to follow and be followed by other users from other servers seamlessly. And if you don’t like your choice afterwards, you can create another account and move all your followers to it. Distributing users across different servers is what makes Mastodon more scalable, socially and technologically. In the future, we plan to add end-to-end encrypted messaging and an exciting groups functionality to our software, together with further updates to our well-received official apps. Mastodon is a German non-profit organization and we create free, open-source software. You can support us through our Patreon, our custom sponsorship portal, or by contributing to the code directly. If you have any questions reach out to hello@joinmastodon.org.

With the release of our Android app on the Play Store we are now present on both major mobile platforms. The apps are gaining overwhelmingly positive reviews, some even going so far as to claim that our onboarding is smoother than any other social media platform’s; our iOS app is rising through the ranks of top social networking apps on the App Store; and for the first time in Mastodon’s history, server admins are seeing ever increasing numbers of new sign-ups from mobile apps instead of the web interface. We hope the trend continues now that people can easily find the app and sign-up by simply searching Mastodon on their app store of choice, and now that Mastodon can take advantage of the app stores’ own discovery features. We’ve put a lot of care and resources into developing these apps, counter-acting the stigma that open-source projects do not prioritize ease of use and visual design by working with world-class UX designers that had prior experience working on major commercial social networks. As a result, we have apps that are extremely slick and visually pleasing and do not look out of place on their respective platforms. This is an opportunity to take a closer look at some of the design considerations. Onboarding Signing up in the Android app One of the challenges of Mastodon adoption is the onboarding process, because it’s not enough to capture a person’s desired username and e-mail and let them create an account, which is what people are used to from major websites; instead, you need to first choose a Mastodon server where you will make the account (comparable to e.g. choosing an e-mail provider). The implications of choosing the server are primarily in who is the entity responsible for the server, what moderation policies they enforce, what language and jurisdiction they operate in, and which domain name will be part of your username. We approached this problem with a multiple-step sign-up flow that begins with choosing a server, then requires to agree to summarized moderation policies of the server, and finally goes on to the more familiar username, e-mail and password form. We maintain our own directory of servers that people submit to us after agreeing to some basic rules that guarantee data and user safety and quality of service; those are the servers we display on the first step by default. Still more consideration has been given to how to display them. Our user studies have shown that retention drops off dramatically if the user has to wait for moderator approval before being able to log in (exception being experienced Mastodon users who are already invested in the network and know exactly what they are getting into by requesting an account from an invite-only server); people lose interest and never login even after being approved. Therefore we do not show invite-only servers in the app, focusing instead on the ones that allow people to get started immediately. The determining factor in a user’s experience on a server is the number of other active users on the server. All discovery features are ultimately powered by user activity, and the first user on a server would have to do a lot of exploration off-site (through word of mouth, browsing other servers, or other channels) to fill their home feed. But cultivating a decentralized social network, we do not want power to concentrate on just a few ever-growing servers. Therefore, rather than simply putting the most active servers on the top, our algorithm pushes medium-sized servers higher. We also provide a search field that allows inputting the server domain directly. The last step in onboarding, after the user has confirmed their e-mail address, they are presented with the options to follow a selection of accounts popular on the server that predominantly post in the user’s language, or to head to the explore tab to look at what’s trending on the server. Discovery Explore tab in the Android app While designing the official apps we got an opportunity to reconsider some Mastodon features. The federated timeline, also known as the public timeline, firehose, or “whole known network”, is a view into a Mastodon server’s real-time database of public posts; and the local timeline is that, but filtered by only posts originating from your Mastodon server. While some people came to rely on those tools, there were a few reasons to (at least initially) omit them from the apps. The federated timeline has too low of a signal vs. noise ratio to be effective as a discovery tool. Due to the way Mastodon pulls down content to provide more detailed profiles and conversations, the federated timeline becomes unmanageable on servers of all sizes, even single-user ones. Unsurprisingly, most content is not actually worth looking at, and in some cases, actively undesirable. This real-time view into everything that’s published on the server is a platform for all sorts of abuse that can only be stopped after the damage has been done. Normally, if someone posts spam or nudity, it would not be seen by anyone but themselves. Local and federated timelines instantly turn that into an issue affecting everyone. This puts extra strain on moderators. With Apple and Google historically holding apps accountable for content users can access through the app, even when the app could be reasonably classified as a browser, showing unfiltered content is a ticking time bomb for the app’s presence on the major app stores. Especially considering our goal of attracting new users, those users are of-yet less invested in Mastodon as a platform and less likely to use in-app reporting and blocking tools instead of giving up on the app. Instead, we offer a new explore tab that highlights, among other things, currently popular posts. It is a much more efficient way to find interesting content and follow users on Mastodon without scrolling through many low-quality posts and unfamiliar languages. All data that Mastodon uses for calculating rankings is locally sourced so it’s heavily skewed towards things that are popular on your server, and everything goes through your server’s moderators before appearing on the explore tab, making it much less prone to abuse. We also have a vision of a new feature to eventually supplant local timelines: groups. We imagine a group as a place with an actually separate timeline that you can post to, without the post also going out to the public, your profile, and your followers’ home feeds. This timeline could be made visible for group members only. You could join it from your account on any other server, thus alleviating concerns of infrastructure centralization while giving people everything they’ve ever wanted from local timelines. We’re set to complete this feature this year. Going forward We are not done! While we have decided against including the local timeline in our apps initially, understanding that this feature is important for many community servers on Mastodon in the absence of still theoretical and not yet proven groups, we will be adding it to the explore tab. And while the apps support all core functionality of Mastodon, there are still missing features like lists, pinned posts, new post notifications (“bell icon!”), editing, phrase filters management and so on that will be gradually added as we continue development. Plus the aforementioned groups feature in Mastodon itself!

Work on multiple features in this release has been kindly sponsored by the German Federal Ministry of Education and Research through the Prototype Fund. We’ve added one of the most requested functions among our competitors, the ability to edit posts. Since older Mastodon versions would not understand the edits, the function is disabled in the web app until more Mastodon servers upgrade to 3.5, but all parts are already included in the release. The original and previous versions of the posts are saved and remain accessible through a history view. And people who have previously shared the post get notified about any edits, so they can un-share if there’s foul play. Coincidentally, the order of media attachments in a post is no longer dependent on the order in which they were uploaded. Discoverability has always been a hot topic on Mastodon. Discoverability makes or breaks a platform, as there is nothing more important to retain a new user than to let them find something interesting to stay for, as soon as possible. In 3.5, we bring a new explore page which features currently popular posts, news stories that people share a lot, trending hashtags and follow recommendations. Furthermore, for the first time, we attempt to bring people content in their own language. As we value safety, these new features come with their own moderation tools–nothing will show up in trends unless reviewed by one of the server’s moderators first. A new, multi-step report flow improves the quality of information for moderators and highlights available self-help tools in Mastodon to the user. On the topic of moderation, any action taken by a server moderator against a user’s account, such as deleting their posts or suspending the account, will now be viewable through account settings, by default accompanied by an e-mail notification, and permit the user to submit an appeal. Since actions such as deleting posts or marking posts as sensitive did not use to generate any kind of notification, this should make them more viable precursors to harsher punishments like suspensions; and being able to handle appeals within Mastodon should reduce the burden of out-of-band e-mail communication for moderators and increase user trust in Mastodon. There is a brand new moderation dashboard that shows the development of various key metrics over time and shines some light on where new users come from, which languages they speak, and how many of them stay active months later. A completely new look for the report screen reduces the time and effort required to handle reports, and multiple selections on the accounts page offer a way to clean up spam and bot accounts in large batches. Conclusion The 3.5 release consists of 887 commits by 23 contributors between June 3, 2021 and March 30, 2022. For line-by-line attributions, you can peruse the changelog file, and for a historically complete list of contributors and translators, you can refer to the authors file, both included in the release. Contributors to this release: Gargron, ClearlyClaire, tribela, noiob, mayaeh, mashirozx, noellabo, baby-gnu, MitarashiDango, chandrn7, Brawaru, aquarla, zunda, rgroothuijsen, ykzts, HolgerHuo, helloworldstack, r0hanSH, kgtkr, heguro, matildepark, weex, truongnmt Translators for this release: Kristaps_M, Cyax, Sveinn í Felli, Kimmo Kujansuu, Jeong Arm, xatier, Thai Localization, spla, NCAA, Emanuel Pina, GunChleoc, Xosé M., Hồ Nhất Duy, T. E. Kalaycı, ケインツロ space_invader, e, Jeff Huang, Besnik_b, Nurul Azeera Hidayah @ Muhammad Nur Hidayat Yasuyoshi, koyu, Ramdziana F Y, calypsoopenmail, Alessandro Levati, Bran_Ruz, Tigran, Allen Zhong, Daniele Lira Mereb, Zoltán Gera, Martin, Gearguy, Marek Ľach, Eshagh, Asier Iturralde Sarasola, Takeçi, Roboron, Ihor Hordiichuk, xpil, Tagomago, Rojdayek, Ondřej Pokorný, Kristoffer Grundström, Alexander Sorokin, Joene, ButterflyOfFire, Balázs Meskó, Catalina, Manuel Viens, LNDDYL, Danial Behzadi, Vik, GCardo, enolp, NadieAishi, Just Spanish, bilfri, VaiTon, Frontier Translation Ltd., Mastodon 中文译者, rondnunes, Edward Navarro, ClearlyClaire, Kahina Mess, GiorgioHerbie, ManeraKai, හෙළබස, retiolus, stan ionut, Filbert Salim, ahangarha, Rex_sa, Sokratis Alichanidis, axi, Delta, Ali Demirtaş, Michael Zeevi, SarfarazAhmed, Mo_der Steven, Remito, Maya Minatsuki, Врабац, Dženan, FreddyG, Alix Rossi, cruz2020, Adrián Graña, vpei, Ryo, AlexKoala, 1Alino, Michał Sidor, Vedran Serbu, Yi-Jyun Pan, Y.Yamashiro, al_._, Matthías Páll Gissurarson, KcKcZi, xsml, cybergene, mynameismonkey, Rikard Linde, strubbl, 北䑓如法, Hexandcube, abidin toumi, serapolis, Diluns, 游荡, megaleo, arielcostas3, sanser, Imre Kristoffer Eilertsen, Yamagishi Kazutoshi, MODcraft, Marcus Myge, Yuval Nehemia, Amir Reza, Percy, Marek Ľach, Nemuj, revarioba, Oymate, Ifnuth, 森の子リスのミーコの大冒険, Algustionesa Yoshi, Artem Mikhalitsin, gnu-ewm, Tatsuto “Laminne” Yamamoto, filippodb, Maciej Błędkowski, tunisiano187, Timur Seber, Mélanie Chauvel, Jona, Ka2n, atriix, eorn, Lagash, Chine Sebastien, Exbu, A A, Goudarz Jafari, Cirelli, ギャラ, siamano, Siddharastro Doraku, asnomgtu, Saederup92, damascene, dbeaver, Overflow Cat, rikrise, zordsdavini, ThonyVezbe, Slimane Selyan AMIRI, coxde, Maxine B. Vågnes, tzium, Umi, Youngeon Lee, Nikita Epifanov, DAI JIE, X.M, ZQYD, v4vachan, boni777, Rhys Harrison, Stanisław Jelnicki, iVampireSP, nua_kr, SteinarK, Paula SIMON, CloudSet, Adam Sapiński, Zlr-, papayaisnotafood, Linnéa, Parodper, César Daniel Cavanzo Quintero, Artem, EzigboOmenana, Mt Front, mkljczk, Lalo Tafolla, Yassine Aït-El-Mouden, frumble, ronee, lokalisoija, Jason Gibson, María José Vera, codl, Tangcuyu, Lilian Nabati, Kaede, mawoka-myblock, Mohd Bilal, Ragnars Eggerts, thisdudeisvegan, liffon, Holger Huo, Pukima, HSD Channel, pullopen, hud5634j, Patrice Boivin, Jill H., maksutheam, majorblazr, 江尚寒, Balázs Meskó, soheilkhanalipur, Vanege Thank you to everyone who contributed to this release, to everyone who sponsors the project through Patreon or through our new sponsors portal, and to everyone who uses the network! 🐘 Mastodon for iOS P.S. We just released a new version of our official iOS app, adding iPad support and many visual improvements, and just started beta-testing our official Android app with our Patreon supporters.

Following the successful launch of our official iOS app, in January we’ve begun the development of an Android version. We continue working with the NYC design agency Lickability and welcome Gregory Klyushnikov, better known as grishka on the fediverse, as the lead Android developer. Gregory is a talented developer with a history of working on social apps like VKontakte and Telegram. Continued development is not limited to Android. Work on the app flows into the main Mastodon software as existing APIs are adjusted and new APIs are added to support new features, and the web app’s UI is improved with ideas from the professional UX designers working on the iOS and Android apps. We are excited to bring an app that takes usability, new user onboarding and visual design seriously to one of the largest mobile platforms. The efforts are sponsored by our generous sponsors on Patreon and our custom sponsorship platform, and by the Federal Ministry of Education and Research through the Prototype Fund (BMBF Förderkennzeichen: 01IS21S29). Thanks to everyone who is already sponsoring Mastodon, and stay tuned for updates! Update: Our iOS and Android apps are now available!

Disclaimer: Since Mastodon is decentralized, different Mastodon servers have a different view of the network depending on user activity, and providing an objective data summary across the entire network is not currently possible. Data provided in this blog post is provided as-seen-from mastodon.social, the oldest and one of the more well connected servers, but it is nevertheless biased towards mastodon.social’s demographic and may not represent other parts of the fediverse accurately. Most shared posts of 2021 “I have encountered more image descriptions on Mastodon […]” (607 reblogs) "🌐 NeoDB 联邦宇宙书影音站 🌐 正式开张了！" (547 reblogs) “Delete Chrome. Now.” (572 reblogs) “SCI-HUB NEEDS YOUR HELP!” (546 reblogs) "#Tusky has been removed from the PlayStore by Google" (455 reblogs) Most shared pictures of 2021 “God I love The Register’s headline writers” (236 reblogs) “The moment when love is first confessed” (243 reblogs) "[…] #Google keeps records of everything you buy […]" (344 reblogs) “Irony” (253 reblogs) “Do not buy NFT made with my art” (441 reblogs) “I […] turned [lion NFTs] into a mosaic of a person right-clicking” (393 reblogs) Most liked posts of 2021 “Not on social media?” (559 favourites) “Police are warning students […] not to access Sci-Hub […]” (559 favourites) “The official #Mastodon app for iOS is now on the App Store!” (448 favourites) "[…] Mastodon gGmbH […]" (396 favourites) “If your cat often […] walks all over your keyboard […]” (362 favourites) Most intensive polls of 2021 “What’s your primary OS?” (4,382 votes) “Do you use any Mozilla products?” (2,280 votes) “Do you use an RSS/Atom reader?” (2,031 votes) “Let’s make a colour together!” (1,918 votes) “THE ULTIMATE BATTLE” (1,772 votes) Top hashtags in 2021 #bot (490,196 posts) #news (391,880 posts) #nsfw (102,157 posts) #india (99,350 posts) #nowplaying (71,498 posts) #abyss_fun (67,213 posts) #bitcoin (55,863 posts) #linux (54,522 posts) #google (54,079 posts) #russia (49,598 posts) Other numbers Disclaimer: We collect aggregate statistics by crawling fediverse servers that identify themselves as running Mastodon. We may not be aware of all Mastodon servers, and aggregate statistics can be disabled for some servers. Temporary service outages across different servers may lead to day-to-day disparities between collected numbers. 2,749,065 total users (+930,724 since January) 244,634 active users (+814 since January) 2,551 active Mastodon servers As for the mastodon.social server, here are some of our numbers for 2021: 65,052 new sign-ups 17,951 active users 3,904 moderation reports handled

From media reports and individual findings that various people have presented to us, it seems that the new social media platform owned by the former president of the United States, Donald J. Trump, so-called Truth Social, is using Mastodon’s source code with various visual adjustments. The platform has not formally launched yet, but it was made accessible ahead of time. Users were quick to note that the terms of service included a worrying passage, claiming that the site is proprietary property and all source code and software are owned or controlled by them or licensed to them: Unless otherwise indicated, the Site is our proprietary property and all source code, databases, functionality, software, website designs, audio, video, text, photographs, and graphics on the Site (collectively, the “Content”) and the trademarks, service marks, and logos contained therein (the “Marks”) are owned or controlled by us or licensed to us, and are protected by copyright and trademark laws and various other intellectual property rights and unfair competition laws of the United States, foreign jurisdictions, and international conventions. Notably, neither the terms nor any other part of the website contained any references to Mastodon, nor any links to the source code, which are present in Mastodon’s user interface by default. Mastodon is free software published under the AGPLv3 license, which requires any over-the-network service using it to make its source code and any modifications to it publicly accessible. We pride ourselves on providing software that allows anyone to run their own social media platform independent of big tech, but the condition upon which we release our work for free in the first place is the idea that, as we give to the platform operators, so do the platform operators give back to us by providing their improvements for us and everyone to see. But that doesn’t only benefit us as the developers – it benefits the people that use these platforms as it gives them insight into the functionality of the platforms that manage their data and gives them the ability to walk away and start their own. As far as personal feelings are concerned, of course we would prefer if people so antithetical to our values did not use and benefit from our labour, but the reality of working on free software is that you give up the possibility of choosing who can and cannot use it from the get-go, so in a practical sense the only issue we can take with something like Truth Social is if they don’t even comply with the free software license we release our work under. On Oct 26, we sent a formal letter to Truth Social’s chief legal officer, requesting the source code to be made publicly available in compliance with the license. According to AGPLv3, after being notified by the copyright holder, Truth Social has 30 days to comply or the license may be permanently revoked. In the media Mastodon’s Founder Says Trump’s New Social Network Is Just Mastodon Trump’s Brand New TRUTH App May Violate Terms Of Open Source Code It’s Built On Pranksters have already defaced Trump’s new social network Donald Trump Accused of Ripping Code From Social Network Mastodon for ‘Truth’ Site Trump’s social network has 30 days to stop breaking the rules of its software license Updates Last updated: Dec 9, 2021 Truth Social added a page (“Legal Docs” → “Open Source”) that links to a ZIP archive of the Mastodon source code, which for now seems to bring them in compliance, though a more detailed analysis will only be possible once their platform publicly launches. In the media: Trump’s social media site quietly admits it’s based on Mastodon

On behalf of the EUNOMIA project, in which I represent Mastodon, I am happy to announce that after nearly 3 years of development there is now a public pilot for the Mastodon community. But first, what is EUNOMIA and who is EUNOMIA? EUNOMIA is a “digital companion” for social media, a set of additional functions that aim to combat the spread of misinformation by helping you critically analyze social media posts before re-sharing them. Currently available functions include: Find who a piece of text originally comes from and how it changed as it travelled to your home feed through the information cascade See when a post is using highly emotive language through sentiment analysis At a glance, see potentially important information about the post author, such as account age See whether other users have flagged the post as untrustworthy, and vote yourself But those functions are only useful when you’re already looking at a post in-depth. You can also configure which criteria and thresholds should make the EUNOMIA indicator flash on a post, prompting you that a deeper look is warranted. EUNOMIA is decentralized and stores its information, such as the aforementioned votes, on IPFS, a decentralized storage network. It is also not a commercial product, but an academic research project spearheaded by the University of Greenwich and financed through the European Horizon 2020 program. The team consists of 10 entities: 3 universities, 3 private software development companies, representatives from two social media companies (one of which is yours truly), and the Austrian public broadcasting company ORF. EUNOMIA should in theory work with any social media platform, but thanks to its already decentralized nature and a fantastic API, Mastodon lended itself as the perfect prototyping environment, since it allows the project to develop with its own Mastodon setup that never touches any live user data. It is important to highlight that as a research project no user data can be processed without explicit user consent and as such EUNOMIA is confined entirely to its own Mastodon servers. One of which is now being opened up for the first public pilot! The public EUNOMIA pilot is now live at mastodon.eunomia.social! The pilot will last one week, unless the developers receive feedback from users that they would want it to stay on for longer. Keep in mind: You must be 18 or above to sign-up for the pilot There is highly complex tech involved so there probably will be bugs The pilot will federate exclusively with another pilot server, decentralized.eunomia.social EUNOMIA is available as an app on iOS and Android There is also a quick-start video: You can learn more about EUNOMIA here: EUNOMIA’s official website EUNOMIA’s blog Follow EUNOMIA on Mastodon

In June, I was able to officially register Mastodon gGmbH after nearly 8 months of legal work (“gGmbH” means “non-profit limited liability company”). A non-profit limited liability company in Germany is structered and operates similarly to a for-profit limited liability company with a few key differences. The founding document of the company is written such that the activity of the company is working towards goals that benefit the public; the shareholders may not receive any revenue from the company’s activities and can at most withdraw the funds that they originally paid in; employees may not receive extraordinarily high wages; and the company can receive donations which are then tax-free, although any other income that does not fit the definition of a donation continues to incur various taxes. To found such a legal entity the founding document must pass a review by the German tax office and the founders must pay in 25,000 EUR of starting capital. Since I am the sole founder and shareholder, the 25,000 EUR are owed by me (with 12,500 EUR having had to be paid in at day of founding, and the remaining to be paid in the future). In terms of day-to-day operations, there are no changes. I will continue all my activities as the CEO of this legal entity. Starting July I’ve transferred everything related to Mastodon’s activities to the ownership of this new legal entity and redirected all sources of Mastodon’s income to it. Unlike the past 5 years that I’ve been running Mastodon operations as a sole proprietor, where Mastodon’s income was my personal income (minus all the expenses), I am now an employee with a fixed wage. My personal income will thus be lower but I was willing to go this route because I want Mastodon to have more resources for things like hiring extra developers, UX designers, developing official apps and so on, and I want there to be a clear boundary between fundraising for that cause and my personal income. Since both Patreon and our custom sponsorship platform are based around rewards to patrons/sponsors, they cannot be classified as donations, so there are no changes to how those are taxed. This would not have been possible without the generous help of the law firm Dentons that assisted in all aspects related to corporate law in the course of the foundation as well as employment law, telecommunications law, and privacy.

One of the ways Mastodon sets itself apart from current-day Twitter is its API-first approach (every function available through the web interface is available through the API, in fact, our web client is just an API client that runs in the browser). A third-party app ecosystem contributed in large part to Twitter’s success at the beginning, with many innovative features like retweets coming originally from unofficial apps, and it is serving a similarly instrumental role for Mastodon. It is great that Mastodon users can choose from a variety of apps with distinct approaches to user experience. However, there is a gap in this ecosystem, illustrated best by the amount and frequency with which new users ask us where to find the “Mastodon” app, why there is no “Mastodon” app, and when we will release a “Mastodon” app. Irrespective of our efforts of promoting third-party apps at every turn – from joinmastodon.org, from the web interface, from the frontpage of every Mastodon server – the lack of an app that carries our name in the app stores trips up newcomers. This hampers our chances of converting people browsing app stores for a few reasons: We’re less likely to get on trending lists even when Mastodon is in the spotlight, since people either fail to find a native app or are split between multiple ones; most if not all contemporary third-party Mastodon apps do not prioritize first-time user onboarding, with many not offering sign-up functionality; and while it is fair that some of the apps are paid and not free, somebody looking to try out a new social network is not going to take the chance on their credit card. That is all to say, we need an official Mastodon app that is free to download and that is specialized in helping new users get started on the platform. The end-goal is also to reach feature-parity with the web interface and spearhead new API features. The more new users we can successfully convert to Mastodon, the bigger the pool of potential users for all third-party apps will be, and if app developers are motivated to implement previously missing features to stay competetive, all the better. We will focus on developing an official, open-source iOS app first. I have compiled a roadmap of features that a Mastodon app ought to have, with the first milestone being a Minimum Viable Product which we could get out on the App Store by summer. I am teaming up with engineers from Sujitech, who have a long history with the fediverse, and UX designers from the NYC agency Lickability, whose track record includes iOS apps for Meetup and the New Yorker. The work begins on February 8, 2021. To help offset the costs of this undertaking, I have created a new milestone on Mastodon’s Patreon profile. If you’ve got a business, you can now sponsor Mastodon directly without going through Patreon, with much smaller processing fees and tax-compliant invoices. Thanks to everyone who is already sponsoring Mastodon, and stay tuned for updates! Update: Our iOS and Android apps are now available!

It’s Mastodon 3.3 time 🎉 We’ve got security fixes, performance fixes, new moderation tools and quality of life features! Reversible suspensions The main change in this release of Mastodon is our approach to suspensions. Previously, suspending an account deleted all of its associated data immediately, so while an account could be unsuspended technically, the person would have to start completely from scratch. Of course, that wasn’t ideal – everybody makes mistakes. Now, the data is kept for 30 days after suspension, giving a long enough time window to correct mistakes or talk through appeals. The suspended person also gets the ability to download an archive of their account, which was not possible before. If there is a need to delete the data immediately, the option is still there for moderators. But that’s not all: Whereas previously suspended accounts would not show up in the app at all, now, as long as they’re recoverable, they do show up and more clealy communicate that they’re in a suspended state. As Mastodon matures and grows, we’re striving for more transparency and fail-safety around moderation. IP blocks Another missing piece has been added to Mastodon’s moderation toolbox – the ability to control access from specific IP addresses or subnets. As a response to a troll making alternative accounts to evade suspensions or a bot farm creating spam accounts, server administrators can now either fully block access from an IP or send new accounts through the approval queue while letting everyone else sign-up normally. Creating a new IP rule from the admin interface Performance improvements The release includes multiple performance optimizations both on the server-side and on the client-side. On the client-side, lag caused by typing up a new post should be if not completely removed, vastly reduced, and all live updates from the Streaming API now come through a single connection no matter how many different columns you have open, one or thirty. Requests for an account’s media tab, your favourites, bookmarks, or hashtags should be much faster. Operations involving deleting an account’s data are up to 100x faster, reducing delays in the system, and so on. “Bell button” Bell button on the Ruby developer’s profile Are you following an account that only posts once in a blue moon? And it would almost certainly be drowned out in an otherwise active home feed? Perhaps an artist that only posts new artwork, or a bot that posts weather warnings for your area – now you can choose to be notified when a person you follow makes a new post by toggling the bell button on their profile. Pop-out media player Continue watching or listening as you browse As for media, if you scroll away from an audio or video while it’s still playing, the playback will continue in the corner of your screen with convenient buttons to reply, boost, or favourite the post it’s from. You can also finally use familiar hotkeys to control audio and video playback – space to toggle playback, “m” to mute, “j” and “l” to jump backward and forward, and a few others. And finally, media modals got a facelift, now using the average color from the picture for the page overlay and always showing interactive buttons for the post underneath. Conclusion The 3.3 release consists of 619 commits by 21 contributors since July 27, 2020. For line-by-line attributions, you can peruse the changelog file, and for a historically complete list of contributors and translators, you can refer to the authors file, both included in the release. Contributors to this release: Gargron, mashirozx, ThibG, noellabo, aquarla, trwnh, nornagon, joshleeb, mkljczk, santiagorodriguez96, jiikko, ykzts, tateisu, uist1idrju3i, mfmfuyu, zunda, dunn Translators for this release: qezwan, adrmzz, yeft, Koala Yeung, tzium, kamee, Ali Demirtaş, Jurica, Ramdziana F Y, Alix Rossi, gagik_, Hồ Nhất Duy, ᏦᏁᎢᎵᏫ mask, Xosé M., xatier, otrapersona, Sveinn í Felli, Zoltán Gera, Rafael H L Moretti, Floxu, spla, Besnik_b, Emanuel Pina, Saederup92, Jeroen, Jeong Arm, Alessandro Levati, Thai Localization, Marcin Mikołajczak, tolstoevsky, vishnuvaratharajan, Maya Minatsuki, dkdarshan760, Roboron, Danial Behzadi, Imre Kristoffer Eilertsen, Coelacanthus, syncopams, FédiQuébec, koyu, Diluns, ariasuni, Hakim Oubouali, Hayk Khachatryan, v4vachan, Denys, Akarshan Biswas, 奈卜拉, Liboide, cybergene, strubbl, StanleyFrew, Ryo, Sokratis Alichanidis, Rachida S., lamnatos, Tigran, atriix, antonyho, Em St Cenydd, Pukima, Aryamik Sharma, phena109, ahangarha, Isaac Huang, igordrozniak, Allen Zhong, coxde, Rasmus Lindroth, liffon, fragola, Sasha Sorokin, bobchao, twpenguin, ThonyVezbe, Esther, Tagomago, Balázs Meskó, Gopal Sharma, Tofiq Abdula, subram, Ptrcmd, arshat, Scvoet, hiroTS, johne32rus23, Hexandcube, Neo_Chen, Aswin C, Ryan Ho, GiorgioHerbie, Willia, clarmin b8, Hernik, Rikard Linde, Wrya ali, Goudarz Jafari, Pukima, Jeff Huang, Timo Tijhof, Yamagishi Kazutoshi, AlexKoala, Rekan Adl, ButterflyOfFire, Sherwan Othman, Yassine Aït-El-Mouden, Fei Yang, Hougo, Vanege, TracyJacks, mecqor labi, Selyan Slimane AMIRI, norayr, Marek Ľach, mkljczk, marzuquccen, Yi-Jyun Pan, Gargron, dadosch, Orlando Murcio, Ильзира Рахматуллина, shdy, Yogesh K S, Antara2Cinta, Pixelcode, Hinaloe, alnd hezh, Clash Clans, Sébastien Feugère, k_taka, enolp, jmontane, Hallo Abdullah, Kahina Mess, Reg3xp, さっかりんにーさん, Rhys Harrison, GatoOscuro, pullopen, CyberAmoeba, 夜楓Yoka, Xurxo Guerra, Apple, mashirozx, ÀŘǾŚ PÀŚĦÀÍ, filippodb, abidin toumi, tykayn, xpac1985, Ozai, diorama, dashty, Salh_haji6, Ranj A Abdulqadir, Amir Kurdo, Baban Abdulrahman, dobrado, 于晚霞, Hannah, Savarín Electrográfico Marmota Intergalactica, Jari Ronkainen, SamOak, dcapillae, umonaca, ThibG Thank you to everyone who contributed to this release, to everyone who sponsors the project through Patreon or through our new sponsors portal, and to everyone who uses the network! 🐘

An ever growing problem of the modern social media-rich world is misinformation. The trust that was previously placed into government officials and journalism has eroded; the internet gave everyone a voice but with it made it so much more difficult to distinguish truth from fabrication. The consequences of this are very real: Almost eradicated illnesses are making a comeback because people refuse to vaccinate their children, Covid-19 is continuing to spread because people refuse to wear masks and practice social distancing, more and more people start believing that the Earth is flat and descend down a rabbit hole of ever more absurd conspiracy theories. The social media giants have acknowledged the problem: Both Facebook and Twitter are taking measures to try and limit the damage of misinformation. Both take the fact check approach, wherein a dubious claim that has attracted enough attention on the platform is disputed by deferring to one or multiple trusted authorities. It is a step in the right direction but we must consider how well it would fit into the decentralized model, which is what we’re working with. In both cases, Twitter and Facebook unilaterally decide a) which claims deserve a fact check and b) which fact checking authorities to defer to. Facebook has already gotten in trouble for picking some very dubious fact checkers. So we have issues on two layers: The fact checkers selected by the platform may not be the ones that the users actually trust, and only claims that the platform decides to fact check get any treatment. On a decentralized social media platform like Mastodon, there is no central authority that can make those decisions, and while you may argue that its more localized governance structure (where a server’s admins and moderators have fewer users to take care of and users have the freedom to pick the server that fits their needs the best) would be an improvement over this, there is a practical limit to how much micromanagement we can expect independent admins and moderators to perform. While we routinely observe blatant conspiracy theorists being kicked off well-moderated Mastodon servers, the often volunteer staff simply cannot monitor every message for misinformation and link it up with appropriate resources. For the same reason we oppose various upload filter initiatives – manually checking every message on social media does not scale and any automation is so complicated that it inevitably leads to centralized solutions that are equally inaccessible for small players. Regardless, the takeaway is, if we want to tackle misinformation on decentralized social media, we need a solution that does not rely on manual action by server staff. In late 2018 I was approached by someone from University of Greenwich who wanted to investigate potential solutions to this problem and wanted my advice, support, and knowledge of decentralized social networks. It was an invitation to participate in an academic research project EUNOMIA with, among others, three different universities (University of Greenwich, University of Nicosia, and University of West Attica) and a grant from the European Commission’s Horizon 2020 program – an extremely flattering acknowledgement of Mastodon’s importance. Indeed, Mastodon was the perfect choice for this purpose: An extremely easy to use, well-documented, and extensive API that not only allows, but encourages the creation of alternative user interfaces; and the ability to essentially run a fully-featured social network in an entirely sandboxed environment. What EUNOMIA aims to be at the end of its 3-year development road map is a “digital companion” – in essence, an alternative user interface, containing a toolkit that would facilitate the discerning of manipulated or incorrect information. Facilitation is key, here: The user would be the ultimate authority for making a call on what they trust or distrust, what EUNOMIA would provide is easier access to the kind of criteria the user deems important for that decision. Someone might want to be notified if a post uses manipulative wording to distort a claim, someone else might want to see if similar messages have been posted by other people before and the one that you see is less accurate, other people may want to check with the wisdom of the crowd and pay extra heed when lots of people distrust a message. Any one method is imperfect by itself, but in tandem they may make fact checking more accessible. The EUNOMIA “digital companion” is built on Mastodon but they are two completely separate projects. If you would like to follow EUNOMIA’s progress and provide any feedback, please follow its Mastodon account: @Eunomia@mastodon.social EUNOMIA’s official website EUNOMIA’s blog

The new Mastodon release brings you a much better audio player and improved support for different audio and video formats, as well as some additional security mechanisms. The audio player has been completely reworked to have a more eye-catching design. It will extract album art from the uploaded audio file automatically, or allow you to upload a thumbnail of your own choosing to be displayed in the center. Dominant colors from the artwork or thumbnail will then be used to give the player a unique look. Whereas previously video thumbnails were automatically taken from the first frame of the video, you now also have the ability to upload a custom thumbnail that will be displayed before the video starts playing. Simply click on “Edit” on a newly uploaded media file and then choose a new thumbnail! Mastodon audio showing up on Twitter When you share links to video or audio on Mastodon on other platforms, for example Twitter, your friends will be able to open Mastodon’s video or audio player right on that platform (assuming the platform supports the twitter:player tag). To better protect your accounts when you’re not there, there’s a new security mechanism guarding new login attempts. When you don’t have two-factor authentication setup, have been away for at least two weeks, and someone tries to login to your account from a previously unseen IP address, they will be required to enter a token sent to your e-mail address. It’s a feature more meant to guard those who forget to setup two-factor authentication, so if you are reading this, remember that it’s good practice to use two-factor authentication (Mastodon’s does not require a phone number or a Mastodon app, any TOTP app works), and to use a password manager to generate random and unique passwords for each account you have! Adding a personal note Have you ever blocked or muted someone but forgot why? Or have you followed someone but then forgot who they are? Now you can add personal notes to other accounts to keep track of who’s who. Visible only to you! Conclusion The 3.2 release consists of 380 commits by 27 contributors since May 14, 2020. For line-by-line attributions, you can peruse the changelog file, and for a historically complete list of contributors and translators, you can refer to the authors file, both included in the release. Contributors to this release: OmmyZhang, ThibG, Gargron, noellabo, Sasha-Sorokin, dunn, highemerly, tateisu, ariasuni, bclindner, cchoi12, leo60228, mfmfuyu, mayaeh, lfuelling, ykzts, angristan, BenLubar, trwnh, arielrodrigues Translators for this release: Duy, stan ionut, Besnik_b, Emanuel Pina, regulartranslator, ButterflyOfFire, adrmzz, FédiQuébec, GiorgioHerbie, Marcin Mikołajczak, ariasuni, Thai Localization, 奈卜拉, Mentor Gashi, Xosé M., axi, Selyan Slimane AMIRI, Alix Rossi, Jeroen, SteinarK, ThonyVezbe, Hrach Mkrtchyan, Gwenn, ᏦᏁᎢᎵᏫ mask, Danial Behzadi, spla, Rafael H L Moretti, Jeong Arm, koyu, Yi-Jyun Pan, norayr, Alessandro Levati, Sasha Sorokin, gagik_, lamnatos, Sveinn í Felli, Zoltán Gera, cybergene, Tagomago, Michal Stanke, borys_sh, Ramdziana F Y, Osoitz, Maya Minatsuki, Willia, BurekzFinezt, Evert Prants, ThibG, Dewi, Emyn-Russell Nt Nefydd, vishnuvaratharajan, tolstoevsky, Diluns, Falling Snowdin, Marek Ľach, Balázs Meskó, Ryo, Roboron, StanleyFrew, PPNplus, Heimen Stoffels, Andrew, Iváns, Carlos Solís, Sokratis Alichanidis, TS, SensDeViata, AzureNya, OctolinGamer, 北䑓如法, Laura, Imre Kristoffer Eilertsen, Rikard Linde, Ali Demirtaş, diorama, Daniele Lira Mereb, Goudarz Jafari, psymyn, v4vachan, Sebastián Andil, Khóo, ZiriSut, strubbl, Reg3xp, AlexKoala, VSx86, Mo_der Steven, musix, ギャラ, Saederup92, mynameismonkey, omquylzu, Miro Rauhala, 硫酸鶏, siamano, Viorel-Cătălin Răpițeanu, Pachara Chantawong, Balázs Meskó, Steven Tappert, Unmual, Zijian Zhao, Skew, enolp, Yann Aguettaz, Mick Onio, r3dsp1, Tianqi Zhang, piupiupiudiu, Padraic Calpin, るいーね, Belkacem Mohammed, Miquel Sabaté Solà, serubeena, Solid Rhino, Rintan, 林水溶, Tagada, shafouz, Tom_, OminousCry, ALEM FARID, Nathaël Noguès, Robin van der Vliet, twpenguin, Paz Galindo, 夜楓Yoka, mkljczk, kiwi0, Esther, Renato “Lond” Cerqueira, igordrozniak, Philipp Fischbeck, GaggiX, Allen Zhong, Albatroz Jeremias, Nocta, pezcurrel, Aditoo17, 森の子リスのミーコの大冒険, Doug, Fleva As always, huge thanks to everyone who contributed to this release, to everyone who sponsors the project on Patreon, and to everyone who uses the network! 🐘 Happy tooting!

New REST APIs Profile directory The profile directory is a way to discover users who want to be discovered. To fetch the profile directory, access GET /api/v1/directory with the possible params local (boolean) and order (new or active). Pagination is accomplished using offset and limit params. Trends Hashtags that are used more than usual (and above a small minimal threshold) are “trending”. To fetch trending hashtags, access GET /api/v1/trends. Only 10 results are returned maximally but you can request fewer with limit param. Managing featured hashtags Users can feature hashtags on their public profile, which allows visitors to easily browse their public posts filed under those hashtags. These cannot yet be arbitrarily retrieved through the API, but there is now an API for managing the featured hashtags of the current user: GET /api/v1/featured_tags to retrieve current user’s featured hashtags POST /api/v1/featured_tags to create a new featured hashtag, specified by the param name DELETE /api/v1/featured_tags/:id to delete a featured hashtag GET /api/v1/featured_tags/suggestions to retrieve the user’s 10 most commonly used hashtags A featured hashtag contains the attributes id, name, statuses_count and last_status_at. Timeline position markers Apps can now synchronize their position in certain timelines between each other. Currently these are the home timeline and the notifications timeline. The web UI already implements this API and will save its position when closed. To retrieve a map of markers with timeline names as keys, access GET /api/v1/markers . You must specify the desired timelines with the array param timeline. This is a slightly unusual structure in Mastodon’s REST API so it deserves an example: { "home": { "last_read_id": "123...", "updated_at": "2019-10-04...", "version": 1 }, "notifications": { ... } } To create a new marker, pass a map to POST /api/v1/markers with timeline names as keys (home and/or notifications), and an object containing the last_read_id for each timeline. Essentially, you pass it something like this, either encoded as JSON or using nested form/query params: { "home": { "last_read_id": "567..." } } Hashtag autocomplete If you are using the GET /api/v2/search API for showing the user autocomplete for hashtags, you can now pass the exclude_unreviewed boolean param to limit the results to only those hashtags that have been looked at by the server’s staff. This is a way to reduce junk and harmful results. Sign-up API in approval-required registrations mode You can now pass the reason param to POST /api/v1/accounts, containing the user’s reason for wanting to join the server, which is useful when the server is in approval-required registrations mode. You can detect when that mode is active by the approval_required boolean attribute returned from GET /api/v1/instance (in conjunction with the registrations boolean attribute). Custom emoji categories New attribute category on custom emojis returned from GET /api/v1/custom_emojis contains a string with which emojis are supposed to be grouped when displayed in a picker UI. Displaying user’s own votes in polls New attribute own_votes on polls contains an array of the user’s choices (as indices corresponding to the options array). New search syntax support When ElasticSearch is enabled, you can use the following syntax to fine-tune your search: Surround keywords with double quotes (") to search for the exact phrase Prepend a keyword (or phrase) with minus sign (-) to exclude it from results It should be noted that the default operator has been changed from “and” to “or”, so by searching for “foo bar” you will get results that contain both “foo” and “bar” at the top, but also those that only contain “foo” and only contain “bar”. For this reason, there is also another new operator, the plus sign (+) which you can prepend to a keyword or phrase to make sure the results definitely contain it. Health check There is now GET /health endpoint for the web process which you can use with a monitoring service. The endpoint measures not only that the web process responds to requests but can successfully connect to the database and the cache as well. New deployment settings Reply-to header on e-mails If you want e-mails to be sent with a reply-to header, i.e. redirecting replies to those e-mails to a particular address, use the new SMTP_REPLY_TO environment variable. Mind that the reply-to header on moderation warning e-mails is set to the contact address configured in the admin UI. Secure mode Normally, all public resources are available without authentication or authorization. Because of this, it is hard to know who (in particular, which server, or which person) has accessed a particular resource, and impossible to deny that access to the ones you want to avoid. Secure mode requires authentication (via HTTP signatures) on all public resources, as well as disabling public REST API access (i.e. no access without access token, and no access with app-only access tokens, there has to be a user assigned to that access token). This means you always know who is accessing any resource on your server, and can deny that access using domain blocks. Unfortunately, secure mode is not fully backwards-compatible with previous Mastodon versions. For this reason, it cannot be enabled by default. If you want to enable it, knowing that it may negatively impact communications with other servers, set the AUTHORIZED_FETCH=true environment variable. Whitelist mode Taking a step further than the secure mode, whitelist mode is meant for private servers. Our aim here are educational uses, such as schools and universities, where Mastodon could be used to provide a safe learning environment. When whitelist mode is enabled, no page is available without login, and any incoming or outgoing federation is ignored except for manually whitelisted domains. Domains can be whitelisted in the federation part of the admin UI. When whitelist mode is enabled, secure mode is also enabled. To enable whitelist mode, set the WHITELIST_MODE=true environment variable. Please mind that this option was not designed for being switched on on already running servers. To clean an existing database of content that is not whitelisted, run tootctl domains purge --whitelist-mode Because whitelist mode essentially creates a silo, not unlike Twitter, Facebook, and other centralized services, we do not recommend running public servers in whitelist mode. New command-line tools Please mind that if you find any of the below descriptions insufficient, you can always append --help to whichever command you’re interested in and receive the most detailed information about the usage of that command and the available options. Parallization and progress Commands that used to accept a --background flag for Sidekiq-based execution have been changed to instead support a --concurrency (or -c) flag specifying the number of threads to use for parallel execution. Instead of printing dots to signal progress, real progress bars are now displayed, with the number of processed items and estimated time to completion. Cleaning up old link preview cards To remove thumbnails from older link preview cards, run tootctl preview_cards remove, specifying age with --days just like for media removal. Re-downloading removed media attachments If you need to re-download media attachments, run tootctl media refresh. You can either re-download media attachments from a specific --status, from a specific --account, or from an entire --domain. Re-counting counters Sometimes various counters in Mastodon get out of sync with reality. To fix account counters (e.g. followers, following, toots), run tootctl cache recount accounts. This should not take very long. To fix status counters (e.g. reblogs, favourites, replies), run tootctl cache recount statuses. This may take a lot longer. New admin UIs Trends Hashtags will not trend without your approval. Whenever a hashtag is beginning to trend, you receive a notification e-mail asking to review it. You can disable those e-mails from your personal e-mail notification preferences. You can disable the trends feature altogether from admin settings. Or you can choose to auto-approve hashtags instead, which may be suitable for trusted communities. The hashtags area in the admin UI has been updated. When looking at hashtags that are pending review, you can approve or reject them in batches. From individual hashtag view, you can control whether the hashtag can trend, whether it can appear on the profile directory and in searches, or whether it can be used at all. You will also see which servers you know about are contributing how much to that hashtag’s usage to help you determine whether to let it trend or not. Including reported toots in warning e-mails If you want to perform an action or warning against a user related to a report, you can choose if the toots that were in that report should be included in the e-mail the user will get about that action or warning. This will provide more clarity to the user about how they broke your rules. Table of contents on about page The about page of your server will now auto-generate a table of contents based on the structure of your extended description HTML. It is recommended to have a h1 tag, which will not be reflected on the table of contents, to give the entire page a title, then h2 and h3 tags for the different sections. Make sure your HTML is valid, otherwise the table of contents may not work as expected. Public and private domain blocks information You can now add comments to domain blocks. Private comments are for other staff members only. From the admin settings, you can choose if domain blocks should be disclosed publicly or to logged-in users only, or not at all. If you choose to disclose them, they will appear on the about page, below your extended description. You can use the public comments to give public reasons for your decisions. Custom emoji categories The custom emojis area in the admin UI has been updated. You can now assign emojis to custom categories and perform batch actions on them such as copying, deleting, or unlisting. Spam checks When a user mentions someone who isn’t following them and it’s not a reply to something directed at that user, their message is run through a simplistic spam check which detects repeating messages. When spam is detected, a new report is created automatically. If that was a mistake, you can mark the report as resolved and it will exempt that user from future spam checks. You can disable the spam check feature from admin settings.

Since Mastodon 2.7, it is actually possible to let users sign up through your app, instead of asking them to go to a Mastodon website directly and then return. Let’s go over how this can be done. First, not all Mastodon servers accept new users. If you perform a request to GET /api/v1/instance, you will see this in the boolean registrations attribute. To proceed, your app must already be registered / self-register with the given server, and obtain a “client credentials” grant, which is an API access token that is not connected to any particular user, just to your app. The app must have the write:accounts (or above) scope. As a refresher, given that you have already registered the app to get a client_id and client_secret, to obtain a “client credentials” grant, you just have to perform a POST /oauth/token request with the params grant_type=client_credentials, your client_id and client_secret, and scope=write:accounts (or whatever scopes you need). You then need to collect the following information from the new user: username email password You must ask the user to agree to the server’s terms of use and privacy policy, and record that agreement in the boolean agreement param. The URLs for the terms and privacy policy are /about/more and /terms so you can just let the user open them in a browser, or render them in a web view. If you know what the user’s language is, you can pass that information in the locale param (but make sure the locale is something Mastodon supports, otherwise the API request will fail with a HTTP 422 error). If the GET /api/v1/instance API has returned a true approval_required attribute, there is an additional piece of information you should ask from the user: reason. Because the user’s sign-up will be reviewed by the server’s staff before being allowed, you must give the user an opportunity to describe themselves and why they should be allowed onto the server. You must then submit those params to POST /api/v1/accounts (authenticated with the app’s access token). You will need to handle a potential HTTP 422 response from the API in case the user has entered invalid information (like an already taken username). On success, what you will receive in return will be an access token, identical to what you would get from a standard OAuth authorization procedure. The access token allows your application to use the API of the server on behalf of the registered user. However, the token will be inactive until the user confirms their e-mail. The link in the confirmation e-mail will actually redirect them back to your application when possible. Of course, if staff approval is required, the token will remain unusable until the account has been approved. Trying to use an inactive access token will result in a HTTP 403 error.

It’s finally here! Mastodon 3.0 is live! The team has been hard at work on making sure that this release is one of our most user-friendly yet with some exciting new features! Here are just a few: Stronger anti-harassment tools We’re always looking for new ways to provide users and admins with the most robust and comprehensive tools to combat harassment on the fediverse. We take a lot of pride in excelling where Twitter, Tumblr and Facebook have continuously failed in this regard. As such 3.0 introduces some powerful new features: whitelist mode, and an optional public list of blocked domains. With the whitelist feature it’s now possible for private, semi-private, and secured networks to be deployed. Want to deploy mastodon for educational institutions, networked between a couple schools? Or do you want to build a secured, user-first network within the fediverse itself? The choice is yours. This protects servers and their users from stalkers, intrusive web crawlers, and other malign agents by creating the tightest security on a server yet. Additionally, server admins now have the option of making their domain blocklists public, with optional comments clarifying why a domain was blocked. Security on the fediverse relies in part on admins working together to enforce safe community standards, and this allows for the most robust way of sharing information about bad actors in the fediverse. We want you to not just see who was blocked, but why. Transparency lets you see how yours, and other, servers are being run, so you can make informed decisions. Moving accounts You spoke, we listened! Here is the completely revamped account migration system! Easier than ever, and with 3.0 comes the ability to bring your followers with you like magic! Point the old account to the new one, and the new one to the old one, using the new interface, and your followers will be transferred over! Moving followers to another account Additionally, your old account will no longer show up in searches and will have limited functionality (that, of course, can be undone by re-activating it). This process is streamlined and straightforward, and we hope that it makes moving between servers even easier than before! A more powerful search Searching is now more flexible and more powerful than before. You can now search using “phrase matching” and by excluding words from a search by including a minus sign before a term. For example: if you wanted to search for Cute Doggos (I know what you like) but didn’t want to include cats, you’d just search for cute doggos -cat to get to get those puppies. 💁 Working with custom emojis just got easier! 😸 Admins can now create custom emoji categories! No more worrying about having too many, or thinking ‘oh jeez now I have 40 thounking emojo, where will I put them??’ No more scrolling through hundreds of custom emojis on the web UI to find that perfect way to express yourself! 🐣 Categories! They’re here! Custom custom emojis categories Goodbye OStatus; You’ve been deprecated! Mastodon will no longer support OStatus. For most users this means that there will be no change whatsoever. For the extremely slim margin of people this affects, please refer to the discussion on the bug tracker to see how we got here. We’re a 100% ActivityPub household now! The hashiest hashtags 3.0 brings support for auto-suggestions for hashtags and shows you how many times each tag has been used in the past week! This makes it easier to see what the fediverse is talking about and what tags are most popular during the week! Hashtag auto-suggestions Even better, you can see trending hashtags now, making it easy to follow along with current events and the lightning-fast world of memes on the fediverse. Hashtag trends aren’t blind though; they’re reviewed by your admin to ensure they aren’t being gamed as a vector for abuse. Trust your admin? Use those hashtags! Trending hashtags The timeline’s alive, with the sound of music We thought the old media player was pretty disappointing, so we did something about it! Introducing the new and improved audio player for web UI! Sharing audio on Mastodon is now much more user-friendly, with a vastly improved experience over the old player. All new audio player for web UI Changes to the UI Single-column mode now supports scrolling from anywhere on the page! This makes viewing the timeline easier than ever and makes mastodon even friendlier to use on laptops and touchscreens. Slow mode! It’s a slower mode! Pop into the preferences pane and toggle this mode to disable livestreaming in the timeline. Instead, you’ll see a manual link to refresh the feed, with a counter letting you know how many new toots there are for you to catch up on. Having a lot of followers doesn’t mean you aren’t able to keep up anymore: stay in the loop with slow mode! Lastly, new users see a minimal UI and can change their email address before their account is acivated! Less worrying about typos in the sign-up phase just makes it easier for new friends to join, which is good news for everyone! Conclusion The 3.0 release consists of 563 commits by 23 contributors since June 22, 2019. For line-by-line attributions, you can peruse the changelog file, and for a historically complete list of contributors and translators, you can refer to the authors file, both included in the release. Contributors to this release: abcang, ahangarha, brortao, cutls, danhunsaker, Gargron, highemerly, hugogameiro, ichi-i, Kjwon15, koyuawsmbrtn, madmath03, mayaeh, noellabo, nzws, Shleeble, ThibG, trwnh, tsia, umonaca, ykzts, zunda Translators for this release: 101010, Abijeet Patro, Aditoo17, Adrián Lattes, Akarshan Biswas, Alessandro Levati, Alix Rossi, Andrea Lo Iacono, Anunnakey, ariasuni, atarashiako, AW Unad, Benjamin Cobb, borys_sh, ButterflyOfFire, carolinagiorno, Ch., christalleras, Cutls, cybergene, d5Ziif3K, Daniel Dimitrov, Dewi, diazepan, Diluns, dragnucs2, Dremski, dxwc, eichkat3r, Emyn Nant Nefydd, EPEMA YT, erikstl, Evert Prants, Evgeny Petrov, filippodb, frumble, FédiQuébec, Hinaloe, hiphipvargas, Hugh Liu, hussama, Jack R, JackXu, Jaz-Michael King, Jeong Arm, Jeroen, Johan Schiff, Juan José Salvador Piedra, juanda097, JzshAC, Karol Kosek, kat, KEINOS, koyu, Kristijan Tkalec, lamnatos, liffon, Lukas Fülling, MadeInSteak, Marcepanek_, Marcin Mikołajczak, Marek Ľach, Masoud Abkenar, Maya Minatsuki, mmokhi, Muha Aliss, Oguz Ersen, OpenAlgeria, Osoitz, oti4500, oɹʇuʞ, PPNplus, Rakino, Ramdziana F Y, Ray, Renato “Lond” Cerqueira, Rhys Harrison, Rikard Linde, Rintan1, Roboron, ruine, Ryo, sabri, Saederup92, Sahak Petrosyan, SamitiMed, Sasha Sorokin, sergioaraujo1, SHeija, shioko, silkevicious, skaaarrr, SnDer, Sokratis Alichanidis, spla, Stasiek Michalski, taoxvx, tctovsli, Thai Localization, Tiago Epifânio, Tradjincal, tykayn, umelard, Unmual, Vanege, vjasiegd, waweic, Xosé M., Yi-Jyun Pan, Zoltán Gera, Zoé Bőle, さっかりんにーさん, 唐宗勛, 森の子リスのミーコの大冒険, 硫酸鶏 As always, huge thanks to everyone who contributed to this release, to everyone who sponsors the project on Patreon, and to everyone who uses the network! 🐘 Happy tooting!

After crowdfunding millions of dollars, social media platform Gab abandoned its own code and switched to the freely available Mastodon software in early 2019 as a way of circumventing Google’s and Apple’s ban on their own app from their app stores, since offering Mastodon’s client-side API would allow any existing Mastodon app to be used to access Gab. We have never had any sympathy for their thinly (if at all) veiled white supremacist platform so that was not a welcome move on our part, however the license that we publish our software under (AGPLv3) allows anyone to use it as they see fit as long as they keep the same license and make their modifications public. While we gave up the ability to choose who can and cannot use our software by publishing our source code using this Free Software license, we can still choose who we as a project associate with. We are opposed to Gab’s philosophy, which uses the pretense of free speech absolutism as an excuse to platform racist and otherwise dehumanizing content. Mastodon has been originally developed by a person of Jewish heritage and first-generation immigrant background and Mastodon’s userbase includes many people from marginalized communities. Mastodon’s decentralized approach that allows communities to self-govern according to their needs has enabled those marginalized communities to create safe spaces for themselves where previously they were reliant on big companies like Twitter to stand up for them, which these companies have often failed to do. While the Mastodon software is free for everyone to use and modify, our world view could not be further from Gab’s. As a truly decentralized network, each Mastodon server operator has to make the call on their own. Many have already opted to block communication from Gab’s servers. On our side, we have blocked them from the Mastodon server that we operate, mastodon.social. We have also recently introduced a more strict policy for which Mastodon servers we promote through our official website joinmastodon.org, listing only such servers that commit to standing up against racism, sexism, homophobia and transphobia. Updates Last updated: Oct 28, 2021 On Mar 1, 2021, following a breach that likely resulted from Gab’s own modifications to the code and a failure to merge important security fixes from the upstream Mastodon code base, Gab changed the way it published its source code. First, the public source code repository was taken offline, replacing the code with a message stating that the source code would be provided upon request by e-mail only. Whether this was compliant with the AGPLv3 license was quickly put into question. At least as soon as the following day, a password-protected archive of the source code was uploaded to the repository, with the password provided in a separate README file. However, despite changes evidently being made to Gab’s interface and functionality in the following months, that password-protected archive was not updated once in the following 7 months, prompting us to investigate a case of AGPLv3 violation. On Oct 21, 2021, our legal team sent a Cease & Desist letter to Gab’s legal team, informing them that Gab is in breach of the AGPLv3 license. In response to the letter, the same day the password-protected archive of Gab’s source code was updated.

One of the biggest obstacles for new users to Mastodon has been the multi-column UI. For users accustomed to the single-column layouts of Twitter or Tumblr, Mastodon’s multi-column layout can be overwhelming. At Mastodon, we want users’ first-day experience with us to be a positive and accessible one! A UI that feels cluttered or that leaves users confused dramatically reduces the chances that they will come back to Mastodon as a regular user. It was clear to us that the multi-column layout was impeding this accessibility. So, we are happy to introduce the new single-column layout. Instead of seeing multiple columns side by side the new single-column layout turns the Home, Notifications, Local, and Federated timelines into their own tabs within the single column that you can easily access by clicking on the tab name or—if you are on a tablet—swiping left and right. The new single-column layout reduces visual clutter and lets you focus on the specific part of Mastodon you want to engage in. We also hope that by reducing visual clutter the new single-column layout also makes the relationship between the Home, Local, and Federated timelines clearer. For new users this new interface provides an easier and more familiar way to join the fediverse without sacrificing the special features of the fediverse itself. For returning users it provides a new way to use Mastodon that provides greater accessibility in general. Notably, we haven’t cut any features with this new layout. Everything you love about Mastodon is still accessible, just in a new user-friendly interface. But for those users who prefer the old layout it can still be enabled on the Appearance Preferences page by clicking “Enable advanced web interface”—it’s not going away anytime soon. Learn more: Check out the full changelog and credits for v2.9.0 on GitHub Try out Mastodon by signing up on any server listed on our server picker See who sponsors the development of Mastodon on our sponsors page Support the development on Patreon

With the sad news that KNZK was shutting down we thought it might be useful for people to have a refresher on the features that Mastodon has built in that make moving instances easy and painless. Backing up Your Data Data export If you are moving to a new instance the first thing you will want to do is to get a backup of all of your data. Thankfully this process is painless with the Data Export tab under the “Import and Export” page. Here you can download your followers list, your muted users list and your blocked users list. Keeping users safe is one of our top priorities and we highly recommend that anyone moving instances backs up their muted and block lists. We’ve made this as straightforward as possible to ensure that moving instances is a seamless experience and free from having to block those accounts that you do not want to see or interact with. On this page you can also download a copy of your archive that can be read by any ActivityPub software. This archive includes all of your posts and media. So even if the instance that you are moving from shuts down, as is the case with KNZK, you will still have a copy of all of your posts! Importing Your Data Data import Once you have backed up the data that you wish to bring over to your new account (we recommend all of it!) it’s easy to import these into your new account under the “Import” tab of the “Import and Export” page! Here you will simply select the type of data that you are importing and then choose the CVS file that you exported earlier before hitting upload! The CVS files are by default clearly labeled with what kind of data they contain to make it easier to know which file to upload. Depending on your new instances size and the size of the lists that you have imported it will take a few minutes for all of the new data to be properly imported. When the data has finished upload your home TL should look like it did before! Announcing the Move Setting up profile redirect As a final step in moving your account, something you may want to do is to let people know that you have moved your account to a new instance! Scrolling to the bottom of the “Appearances” tab of the Profile edit page you will find the option to announce that you have moved accounts under the helpfully titled “Move to a different account” header! What this will do is make it so that when people visit your old profile it is grayed out and people are redirected to your new account. Moving instances is painless and straightforward with Mastodon and we’re happy to have developed tools that give users the greatest possible control over their own data while also keeping them safe! In the future we are planning to expand the account migration functionality beyond a mere redirect message. The system will support notifying followers of the move and have them automatically re-follow the new account, with safety precautions. Stay tuned!

Although Mastodon has no central authority, we as a project still want to provide a safer experience than found on Twitter or Reddit. One of the things that gave impetus to the creation of Mastodon was a lack of moderation on Twitter against hate groups. The “no nazis” rule of the original mastodon.social server not only continues to serve as a major attraction of the project, but has also been adopted in the majority of subsequently founded communities as well. We thought long and hard about how to best provide people new to Mastodon a safe and friendly experience without compromising the federated and free nature of the project. Thus, we are proud to announce the creation of the Mastodon Server Covenant. By highlighting those communities that are high quality and best align with our values, we hope to foster a friendly and better moderated online space. Any server that we link to from joinmastodon.org commits to actively moderating against racism, sexism, homophobia and transphobia. Additionally, servers listed on joinmastodon.org are those that have committed to having daily backups, more than one person with emergency access (“bus factor”) and promise to give people a 3 month warning in case of potential closure. While there have always been server listings on joinmastodon.org, this is a break from our previous practice of listing servers. Before the Server Covenant we pulled a list of servers from a 3rd party provider called instances.social. However, instances.social was a 3rd party and automated service. The one thing that it could not do was any kind of quality control as it simply listed every instance submitted–regardless of stability or their code of conduct. As Mastodon has grown it has become increasingly clear that simply listing every possible server was not in our interest as a project, nor was it in the interest in the majority of the communities running Mastodon. We want people’s experience with the Mastodon to be safe and consistent and we believe in highlighting those communities that best embody our values. Mastodon is released as free software and that is where our obligations of neutrality end. We do not believe that moderation is a crime, and we do not have to support or promote those who would choose to use Mastodon to spread intolerance and hate. For those interested in learning more, or learning about including their community in the Mastodon Server Covenant, can find out more here.

The latest point release of Mastodon adds a small new feature that might have a significant impact on all adult content creators on the platform. The feature has a fancy, memorable name: Blurhash. But first, let’s talk about how adult content works on Mastodon. Mastodon allows you to put content warnings on posts. These can be textual, hiding the text content, for example if you want to talk about spoilers or something uncomfortable for other people. Images and videos can be hidden as well, even while leaving the text visible. When the images and videos are hidden, you only see a black box where they would be, that can be clicked to show them. Beyond providing visual protection against say, co-workers looking over your shoulder to see something inappropriate on your screen, Mastodon also does not load said images or videos at all until you choose to unhide them, which helps if it’s important that inappropriate content is not stored in your browser’s cache. But there is a drawback. Every post with hidden media looks the same. They all blend together. Especially in public timelines, which provide a stream of all public posts that people use to explore Mastodon outside of their friend circle. As a result, posts with hidden media usually get less interactions. Side-by-side comparison of the original picture of Doris (cat) and the generated blurhash, which is the string KJG8_@Dgx]_4V?xuyE%NRj Here comes Blurhash. Developed by Dag Ågren, who is behind the popular iOS app for Mastodon, Toot!, it is an algorithm that compresses a picture into a short string of letters. The string is so small that there is no problem with saving it in the database, instead of as an image file, and conversely, sending it along with API responses. That means that string is available before any image files are loaded by the browser. You can see where this is going… When you decode the string back into an image, you get a gradient of colors used in the original image. So little information is transmitted through blurhash that is is safe to display even if the underlying content is inappropriate, and the resulting gradient is pleasant to look at. Even more importantly, it’s different for each image, making posts with hidden media look different from each other, which should hopefully increases their chances of getting noticed. But that’s not all! Even for posts where images and videos are not supposed to be hidden, it provides a pleasant placeholder while the much heavier image files are loaded by the browser. If you would like to use Blurhash in your project, there is a Ruby port on RubyGems and a JavaScript port on NPM. More are to be published by Dag Ågren in the future!

In this long-awaited release: Polls, new tools for managing followers, new frontpage design, new admin features, Keybase integration, and more. A poll Mastodon now has a poll feature. Instead of attaching images or video to your post, you can ask your followers to choose an answer to your question. You can choose how long a poll will remain open for. Polls in private posts are accessible only to your followers. Featured hashtags on an artist’s profile You can now choose which hashtags to feature on your profile. They will be displayed on the sidebar and allow visitors to browse your posts specifically under those hashtags. A new server setting will allow communities to grow without worrying about spammers, trolls, or unexpected traffic spikes: Instead of allowing everyone to sign up, or allowing nobody to sign up, a server owner can choose to let people apply for an invite and manually approve sign-ups. The new landing page The landing page has been simplified to its essence: Sign up form, quick access to a login form for returning users, short and to the point information about the server, and links to ways of exploring the server. The design of profiles within the web app has been changed to match the design of public profiles more closely, making better use of space and showing the header image without obscuring it. Manage follows and followers There is a new powerful UI for managing your followers and follows. It allows you to filter them by various criteria, such as your mutuals, or who hasn’t been active in a long time, and you can unfollow them in batches, as well as remove them from your followers in batches. In a similar vein, the import tool for follows, mutes, and blocks now allows you to choose whether the imported data will merge with what you already had in your account, or replace it. Among other things, Mastodon now supports Keybase’s new proof system, allowing you to connect your Keybase account with your Mastodon account to affirm your identity across the web. Keybase is slowly rolling this feature out on their side, and it will eventually be available to all Mastodon servers. Conclusion The 2.8 release consists of 392 commits by 32 contributors since January 28, 2019. For line-by-line attributions, you can peruse the changelog file, and for a historically complete list of contributors and translators, you can refer to the authors file, both included in the release. Contributors to this release: Aditoo17, armandfardeau, aurelien-reeves, BenLubar enewhuis, Gargron, hinaloe, jeroenpraat, Kjwon15, koyuawsmbrtn, m4sk1n, mabkenar, marek-lach, mayaeh, noellabo, nolanlawson, palindromordnilap, Quenty31, renatolond, rinsuki, salvadorpla, sascha-sl, Shleeble, Slaynash, slice, ThibG, xgess, yagizhan49, ykzts, ysksn Translators for this release: Aditoo, Albakham, Alessandro Levati, Ali Demirtas, Alix D. R., Amrz0, Andrew Zyabin, Angeles Broullón, Antonis, arshat, Austin Jones, Becci Cat, Besnik Bleta, Burekz Finezt, ButterflyOfFire, dxwc, Einhjeriar, Eirworks, Evgeny Petrov, goofy-mdn, Hinaloe, Ivan Pleva, Jaz-Michael King, Jeong Arm, jeroenpraat, Joseph Nuthalapati, João Pinheiro, Kaitian Xie, Kevin Houlihan, koyu, Kristijan Tkalec, Kumasun Morino, Leia, lilo, Maigonis, Marcin Mikołajczak, Marek Ľach, martialarts, Masoud Abkenar, Max Winkler, mayaeh, Mikko Poussu, Mélanie Chauvel, Osoitz, Owain Rhys Lewis, pan93412, parnikkapore, Peter, Quenti2, Quentí, Rasmus Sæderup, Renato “Lond” Cerqueira, Sarunas Medeikis, Sergio Soriano, spla, Thai Localization, Vanege, Xose M., Павел Гастелло, 森の子リスのミーコの大冒険 As always, huge thanks to everyone who contributed to this release, to everyone who sponsors the project on Patreon, and to everyone who uses the network! 🐘 Resources Full changelog User documentation

We have published a 1-click install image on DigitalOcean. This reduces the initial time investment in self-hosting Mastodon substantially. You create a new droplet, choose the Mastodon image, and once it boots up, you are taken through an interactive setup prompt. The only necessary information for the prompt is a domain name (it should already be pointing at the IP address of your droplet!) and credentials to some e-mail delivery service, like SparkPost, Mailgun, Sendgrid, or something similar. Once you enter them into the setup prompt, your brand new Mastodon server boots up, ready to go. Optionally, the setup prompt can also take Amazon S3, Wasabi or Google Cloud credentials for storing user uploads in the cloud instead of the local filesystem on the droplet. What you get in the droplet is a standard installation of Mastodon, exactly as if you simply followed installation instructions in our documentation. This means that the documentation already covers everything you might want to know!

Can you imagine Facebook closing registrations and saying “Sorry, we have too many users already, you can go sign up on Twitter instead”? And yet, this sort of situation comes up with Mastodon every so often, in regards to the mastodon.social server. You see, Mastodon is decentralized. That means there is no “main” server. If mastodon.social actually disappeared from the face of the Earth, it would not bring down the Mastodon network at all. But it is one of the biggest servers, meaning that if you look at the registered userbase, it is “effectively centralized”. 300,000 is not a small chunk of 2,000,000, after all. No other social network has a problem like that, or rather, they would not consider it a problem, at all. But some believe that the Mastodon project should actively enforce decentralization in terms of user distribution, and that presents a unique challenge. Frankly, the only precedent that I can think of, obscure as it is, and on a much smaller scale, is Blizzard’s distribution of World of Warcraft players on different realms. The challenge lies herein: Since most other social networks are centralized, there is an expectation in people’s minds that “sign up on Mastodon” is equal to “sign up on mastodon.social”. Explaining the difference, the importance of the difference, and making the reader consciously choose a server out of an incredibly wide selection, all within the limited attention span of a just mildly curious person, is not simple. I have been trying to deal with this issue for most of Mastodon’s existence. There are many benefits from not having everyone use the same server, that I have described in a different article. There are two dimensions to the problem. One, when a person arrives at the mastodon.social address directly, instead of joinmastodon.org, there is no way to ensure that they sign up somewhere else, you can only ensure that they don’t sign up here. You can close registrations, put up a message linking back to joinmastodon.org. Sorry, we’re full! The other dimension is when people arrive at joinmastodon.org, as is expected. It has a large, filterable list of Mastodon servers ready to accept new members, that people are supposed to scroll through to find the one that will fit them. Here, you can just hide mastodon.social from the list, to not make it an option for people to choose. Problem solved! But… These solutions solve one problem, while creating another. When you close registrations and put up a link to go somewhere else, the reality of the situation is that there will be a non-zero amount of people who will just drop out and lose interest at that point. And if they don’t, and they navigate through the link to joinmastodon.org? Choice is difficult. Most Mastodon servers out there are themed around specific interests or identities. You’re in academia? scholar.social. You’re a photographer? photog.social. Video games? elekk.xyz. But what if you don’t feel like you belong in any particular category like that? Twitter didn’t force you to decide on your interests upfront. General-purpose servers seem to be a rarity. And even the ones that are around, not all of them have the benefit of having “mastodon” in the domain name. It does feel like the growth of the fediverse slows down when mastodon.social is unavailable. It is a hard call to make. I have closed and re-opened registrations on mastodon.social multiple times in the course of its history. There is definitely a danger in effective centralization, and I am for example worried about GMail’s hegemony in the e-mail ecosystem. But I also believe that growth is key to the network, as it won’t be able to compete with centralized alternatives otherwise. A musician won’t ask themselves if every of the 4,000 servers has an equal number of users, they will pick the network where they see the best perspective to reach fans or make connections with fellow musicians. It’s worth mentioning that many people who are now running large and active Mastodon servers have started with a mastodon.social account. It is the easy choice to sign up on without knowing anything else, and it is much easier to educate someone on Mastodon about decentralization, than say, educate someone who lost interest in Mastodon because they were turned away and went back to Twitter. Today, I am re-opening registrations on mastodon.social after nearly three months. I don’t know if I’ll always be able to keep them open, or if someone will come up with more effective ways of onboarding new users, but this here is an explanation for the past and the future of why it is such a contested topic.

Polish translation is available: Mastodon 2.7 The fresh release of Mastodon brings long-overdue improvements to discoverability of content and the administration interface, as well as a large number of bug fixes and extra polish. The 2.7 release consists of 376 commits by 36 contributors since October 31, 2018. For line-by-line attributions, you can peruse the changelog file, and for a historically complete list of contributors and translators, you can refer to the authors file, both included in the release. Profile directory on mastodon.social One of the new features is a profile directory that people can opt-in to. The directory allows you to see at a glance active posters on a given Mastodon server and filter them by the hashtags in their profile bio. So you can find people who share your interests without reading through the public timelines, and you can even find out who to follow from a different Mastodon server without needing to sign up and lurk there! Tutorial explaining the timelines The tutorial that new people see after signing up has been completely reworked. It has a tighter narrative: Rather than explaining the minutea of the default user interface, it focuses on the main concepts of Mastodon, from which the interface is a derivation. And it is accompanied by colorful illustrations. It also has the benefit of loading a bit faster, since it’s not a modal window laid over the interface, but rather it loads before the interface. Public hashtag page for #catstodon The public hashtag page now makes better use of screen estate by arranging toots in a masonry grid instead of a narrow column. The public hashtag page is the page outside the columnized web interface that logged in users see and use–it is a page oriented primarily towards anonymous viewers. 2.7 includes a new moderation warning system for Mastodon. Whereas previously people would learn that their account was suspended or disabled only through a generic error page when trying to access their account, now moderators can choose to notify users about any actions taken against them. Even without specific actions, moderators can send official warnings that get delivered over e-mail and are reflected in the moderator interface, allowing other moderators to stay updated. Moderators can write any additional information in those e-mails. Because many moderation cases are similar, there is a system for saving presets, that moderators can very easily choose from instead of typing messages from scratch every time. Of course, because it’s hard to generalize, and some trolls and spam bots are best contained when they don’t realize they are being contained, that notification system can be overriden on a case by case basis. Admin interface for a remote account The moderation interfaces for accounts and instances has also been reworked. Accounts now display the most important numbers in an easy to skim grid. Some useless information has been removed, and some useful information has been added, such as when the user signed up, or who sent them an invite. For accounts from other servers, you can now see which local users follow them at a glance. Administration interface for known servers The administration interfaces for known servers and domain blocks have been unified into a common area. Besides displaying how many accounts are known from a particular server, you can now also see how many accounts are followed from your server, how many of their accounts are following your users, how many have been individually blocked or reported, and how much disk space that server’s media attachments are taking up. App developers will be delighted to learn that 2.7 introduces a registration API. By implementing that API, apps will be able to accept new registrations from their users, instead of having to send them to a web browser. When a user signs up through an app, they still receive a confirmation e-mail which they have to open before their account is activated, but the e-mail contains a link that can open the app, and once the account is activated, the app is already authenticated and ready to go. The command-line utility for managing a Mastodon server, tootctl (pronounced “toot control”) has received a few new commands. Over the course of Mastodon’s existence, some people built websites collecting statistics from known Mastodon servers. However, their numbers always differ a little, and it’s difficult to inspect how they function. Now, you can scan the Mastodon network from your own machine to discover servers and aggregate statistics about Mastodon’s usage with tootctl domains crawl. By running that command from my machine, I was able to gather these figures: 2251 active Mastodon servers, 1,882,838 registered users, 172,041 active users and 21,537 new sign-ups in the first week of January 2019. The other new command is tootctl accounts follow and it allows you to make the users on your server follow a specified account. As a reminder, users on Mastodon follow their administrator by default, both for important announcements as well as to kickstart their home feed with something when they’re new. So that command is useful in those rare cases where the administrator needs to change their account. To learn more about a tootctl command, append --help to it, for example: tootctl domains crawl --help This is far from everything included in the release–there are many smaller improvements, like CSV export for lists and domain blocks, volume sliders for videos, ability to follow multiple hashtags from the same column, improved emoji support, better defences against spammers with MX checks, and more. Conclusion Contributors to this release: 0xflotus, Aditoo17, ariasuni, ashleyhull-versent, BenLubar, chr-1x, Esteth, fwenzel, Gargron, hinaloe, jomo, kedamaDQ, Kjwon15, m4sk1n, mayaeh, mbugowski, moritzheiber, noellabo, nolanlawson, pawelngei, pointlessone, Quenty31, remram44, renatolond, Reverite, shrft, Sir-Boops, sumdog, tachyons, ThibG, tmm576, ykzts, ysksn, yukimochi, zunda Translators for this release: adrianbblk, Alix D. R., Antonis, avndp, azenet, Branko Kokanovic, Burekz Finezt, ButterflyOfFire, carl morris, codl, Daniel, Eirworks, Enol P., Ivan Pleva, Jaz-Michael King, Jeong Arm, jeroenpraat, koyu, Kristijan Tkalec, Kumasun Morino, lilo, Lorem Ipsum, Marcin Mikołajczak, Marek Ľach, Masoud Abkenar, mayaeh, Muhammad Nur Hidayat (MNH48), Mélanie Chauvel, osapon, Osoitz, Quenti2, Quentí, Ranjith Tellakula, Rasmus Sæderup, Renato “Lond” Cerqueira, rscmbbng, spla, Vanege, Xose M., 小鳥遊まりあ As always, huge thanks to everyone who contributed to this release, to everyone who sponsors the project on Patreon, and to everyone who uses the network! 🐘 Resources Full changelog User documentation

Japanese translation is available: なぜ脱中央集権（decentralization）が重要なのか？ I’ve been writing about Mastodon for two whole years now, and it occurred to me that at no point did I lay out why anyone should care about decentralization in clear and concise text. I have, of course, explained it in interviews, and you will find some of the arguments here and there in promotional material, but this article should answer that question once and for all. decentralization, noun: The dispersion or distribution of functions and powers; The delegation of power from a central authority to regional and local authorities. fediverse, noun: The decentralized social network formed by Mastodon, Pleroma, Misskey and others using the ActivityPub standard. So why is it a big deal? Decentralization upends the social network business model by dramatically reducing operating costs. It absolves a single entity of having to shoulder all operating costs alone. No single server needs to grow beyond its comfort zone and financial capacity. As the entry cost is near zero, an operator of a Mastodon server does not need to seek venture capital, which would pressure them to use large-scale monetization schemes. There is a reason why Facebook executives rejected the $1 per year business model of WhatsApp after its acquisition: It is sustainable and fair, but it does not provide the same unpredictable, potentially unbounded return of investment that makes stock prices go up. Like advertising does. If you are Facebook, that’s good for you. But if you are a user of Facebook… The interests of the company and the user are at odds with each other, from which the old adage comes that if you are not paying, you are the product. And it shines through in dark patterns like defaulting to non-chronological feeds (because it’s hard to tell if you’ve seen everything on the page before, it leads to more scrolling or refreshing, which leads to more ad impressions), sending e-mails about unread notifications that don’t actually exist, tracking your browsing behaviour across the internet to find out who you are… Decentralization is biodiversity of the digital world, the hallmark of a healthy ecosystem. A decentralized network like the fediverse allows different user interfaces, different software, different forms of government to co-exist and cooperate. And when some disaster strikes, some will be more adapted to it than others, and survive what a monoculture wouldn’t. You don’t have to think long for recent examples–consider the FOSTA/SESTA bill passed in the US, which turned out to be awful for sex workers, and which affected every mainstream social network because they are all based in the US. In Germany, sex work is legal, so why should sex workers in Germany be unable to take part in social media? A decentralized network is also more resilient to censorship–and I do mean the real kind, not the “they won’t let me post swastikas” kind. Some will claim that a large corporation can resist government demands better. But in practice, commercial companies struggle to resist government demands from markets where they want to operate their business. See for example Google’s lackluster opposition to censorship in China and Twitter’s regular blocks of Turkish activists. The strength of a decentralized network here is in numbers–some servers will be blocked, some will comply, but not all. And creating new servers is easy. Last but not least, decentralization is about fixing power asymmetry. A centralized social media platform has a hierarchical structure where rules and their enforcement, as well as the development and direction of the platform, are decided by the CEO, with the users having close to no ways to disagree. You can’t walk away when the platform holds all your friends, contacts and audience. A decentralized network deliberately relinquishes control of the platform owner, by essentially not having one. For example, as the developer of Mastodon, I have only an advisory influence: I can develop new features and publish new releases, but cannot force anyone to upgrade to them if they don’t want to; I have no control over any Mastodon server except my own, no more than I have control over any other website on the internet. That means the network is not subject to my whims; it can adapt to situations faster than I can, and it can serve use cases I couldn’t have predicted. Any alternative social network that rejects decentralization will ultimately struggle with these issues. And if it won’t perish like those that tried and failed before it, it will simply become that which it was meant to replace. Digging deeper: How Mastodon uses decentralization The nature of the self in the digital age

Inspired by a joke post I decided to go ahead and compile a list of the most shared things on Mastodon in 2018. Of course, given the federated nature of the platform, this list may be incomplete, as I can only query information known to the mastodon.social server. I’ve also curated the list a little by excluding toots that were asking to be boosted, toots from me and the official Mastodon account, as well as most things that could be considered merely announcements to current users. Happy holidays!

After Apple has delisted the Tumblr app from its store citing a large amount of adult content on the site, artists and other creators are reporting having their blogs deleted, and are now looking for alternatives. Before choosing another commercial solution like Twitter, let me outline why Mastodon is the better choice: 1. Mastodon has a flexible approach to adult content. Unlike Tumblr and Twitter, your entire account isn’t either safe-for-work or not-safe-for-work. Each individual post can be marked as not-safe-for-work, with the media attachments conveniently hidden behind a spoiler until you choose to view them. You as a viewer can, of course, opt in to skip the spoilers automatically. Bonus round: You don’t need to be logged in to view sensitive content. 2. Artists have more control over how their art is displayed. Different screens and apps may show thumbnails in varying sizes, so to ensure that the thumbnails make sense and show the most appealing parts of the picture, you can set a focal point on each uploaded image. No more unfortunate crotch thumbnails! The thumbnails also have a lot less quality loss compared to e.g. Twitter. 3. Mastodon offers extensive customization options for your profile. Along with the expected custom display name, avatar, header image and “about me” text, you can set up to 5 featured posts at the top, and up to 4 custom link or text blurbs. For example, a link to your Patreon, your commission status and your preferred pronouns. But that’s not all – you can promote your friends or accounts you’re a fan of by endorsing them so they are featured on your profile in a random rotation. 4. Mastodon is decentralized. Why does this matter? Because if you host your own Mastodon server (as you easily can, it’s open source and there’s even hosting providers specifically for it!), literally nobody except yourself has control over your posts. No more getting deleted off Tumblr. Of course, not everybody is interested in running their own server, but it still matters – you can use a server that somebody you personally know runs, or that a community that you trust runs. 5. Mastodon is not commercial. It doesn’t track your every move. It doesn’t interrupt your home feed with ads and promoted posts. It’s just you, and people you choose to follow. Because of its decentralized nature, individual servers are smaller and cheaper than Twitter or Tumblr as a whole, and can be maintained with earnest crowdfunding rather than advertising/marketing schemes. And last but not least, Mastodon is big, and getting larger, approaching an audience of 2 million users spread over 2,000 servers. If that sounds convincing to you, navigate to the server picker and select the “I am an adult content creator” option to see a list of servers you could sign up on. More resources: Mastodon quick start guide How to become a successful artist on Mastodon Why ActivityPub is the future

After more than a month of work, I am happy to announce the new version of Mastodon, with improved visuals, a new way to assert your identity, and a lot of bug fixes. Verification Verifying identity in a network with no central authority is not straightforward. But there is a way. It requires a change in mindset, though. Twitter teaches us that people who have a checkmark next to their name are real and important, and those that don’t are not. That delegates a lot of the decision making to Twitter, the authority. Without a central authority, that decision making cannot be delegated. So, how does identity verification work on Mastodon? This account is definitely run by whoever owns joinmastodon.org! The answer is links. If you have a personal website called johndoe.com, and you link from your site to your Mastodon profile, then people know you are the real John Doe – the link appears verified on your profile. This option is accessible to everyone, not just celebrities. Having a verified link does not confer any special features like it does on Twitter. All safety and convenience features are always available to everyone. Some people don’t need or want to have a recognizable and verified identity, and that is valid, too. Of course the caveat is that people have to trust the linked website to be able to infer the identity. It’s certainly a more useful feature when you have a recognizable website. However, it does also work with Twitter profiles, so you can at least confirm that you are the same person as you are on Twitter, if that’s something you need. Check the “Edit profile” page for instructions on how to do that! Direct messages remaster The direct messages functionality of Mastodon has been remastered. You can now browse your direct messages grouped by conversations with specific people and conversations you haven’t opened will be highlighted, just like you would expect from other services. This should make keeping up with important messages easier. In-stream link previews This has been requested for a long time – link previews and interactive players from sites like YouTube and Vimeo will now appear in-stream, and not only in detailed view. Interactive players have a play button which loads the actual content – no third-party scripts are loaded until you press it, so there is no privacy cost to the convenience. Reports grouping and blocking For server administrators and moderators, the reporting system has been improved. Reports are now grouped by the target account visually, so even many reports about one person do not obfuscate others. Reports originating from a specific domain can be blocked if they are impractical. All staff members have a way to opt out of notification e-mails about reports. This should greatly reduce the effects of mass-reporting, so moderators can focus on the quality of reports over their quantity. Command-line tools The command-line interface for Mastodon, tootctl (as in “toot control”), has been expanded. Many commands were added for managing accounts, generating account backups, and performing various maintenance tasks. For example, to give someone moderator privileges from the command line, you could do: bin/tootctl accounts modify alice93 --role moderator To give a username that was previously used by someone who deleted their account to a new person, with a randomly generated password: bin/tootctl accounts create alice93 --email new@email.com --reattach To queue up a backup for someone’s account and have them receive a link to the download via e-mail: bin/tootctl accounts backup alice93 You get the idea! Everything except mastodon:setup has been moved from the rake interface to the tootctl interface. Use bin/tootctl --help to learn more about what it can do! Conclusion As always, huge thanks to everyone who contributed to this release, to everyone who sponsors the project on Patreon, and to everyone who uses the network! 🐘 Resources Full changelog User documentation

Mastodon was first announced to the public through Hacker News, a link aggregator site for programmers, on October 6, 2016. Now we’re celebrating the 2 year anniversary! 🎉 Network growth From 45 registered users on mastodon.social, the only Mastodon server at the time, the network grew to 1,627,557 registered users on 3,460 servers. That’s not counting people on non-Mastodon servers that are compatible with Mastodon via ActivityPub! There are a lot of small servers: The median user number per server is 8 people. The biggest server hosts 415,941 accounts. The 3 largest servers combined host 52% of the network’s users, the 25 largest servers host 77% of all users *. This is natural as the largest servers are more known and therefore attract a lot of new people. However, for many people who stick around, they act as gateways, wherein once they learn more about Mastodon, they switch to a different, usually smaller server. The oldest servers that are still around today are mastodon.social, awoo.space, social.tchncs.de and icosahedron.website. Most exciting new server growth events: In April 2017, mstdn.jp was created by nullkal in his apartment. The first Japanese server of Mastodon went viral and saw a growth of tens of thousands accounts within a few days, and served as a catalyst for Mastodon’s popularity in Japan. In May 2018, after the SESTA/FOSTA laws were passed in the US and forced many sex workers into exile from mainstream social media websites, Assembly Four founded switter.at, a Mastodon server for sex workers. It grew rapidly towards a hundred thousand accounts. To this day, mastodon.social, mstdn.jp, switter.at, pawoo.net and friends.nico are the largest servers. Development milestones From 332 commits by a single developer, the GitHub repository grew to over 6,140 commits by 513 people. Since the start of development in March 2016, 102 versions of Mastodon have been released, beginning with v0.1.0 up to the latest v2.5.2. 4,343 pull requests were merged, and 2,851 issues were closed. This is what Mastodon looked like in October 2016: Here is a time table of Mastodon’s most notable features, that is, features that Mastodon is most known for today: October 2016 The interface becomes responsive for mobile screens November 2016 Hashtags are implemented Search for accounts is implemented Notifications Marking media as sensitive is added The “unlisted” visibility setting is added The publish button is renamed to “toot” December 2016 The reblog button is renamed to “boost” Public timeline now excludes boosts and replies First admin interface is added Locked accounts are implemented The “private” visibility setting is added January 2017 Viewing one’s own favourites is implemented Remote follow dialog is added The “boop” sound for notification appears Content warnings are implemented Two-factor authentication is added February 2017 The Streaming API appears Reporting accounts and toots is implemented The public timeline is split into “local” and “whole known network” March 2017 An emoji picker is added April 2017 The “direct” visibility setting is added The coyote stops rotating as new GIF autoplay preferences are added June 2017 The columns in the web interface can be moved, added and removed Deleting own account is implemented August 2017 The Mastodon logo is updated Web Push is implemented, allowing the web interface to receive push notifications September 2017 The entire Mastodon network is successfully upgraded from OStatus to ActivityPub Pinning toots is implemented MySpace Tom lives on as Mastodon begins making new users follow their admin by default October 2017 Custom emoji are implemented Alternative text for media attachments is added Hotkeys in the web interface are implemented December 2017 Lists are implemented Invite system is added January 2018 The e-mails sent by Mastodon become pretty March 2018 Search for toots is implemented Account backup download is implemented Focal point selection for thumbnails is implemented The frontpage is redesigned May 2018 Profile metadata can now be customized Up-to-date privacy policy is included September 2018 Support for federation relays to improve content discovery is added Public pages of profiles and toots are redesigned Featuring friends on public profile is implemented Press coverage In the two year span, Mastodon was covered by: The New York Times The Washington Post Esquire The Verge Motherboard Wired NPR The Outline Autostraddle Forbes I was interviewed on three different podcasts: Software Engineering Daily If Then The Changelog One piece of coverage stands out particularly as the source of a running joke on Mastodon. Lance Ulanoff from Mashable opened his April 2017 article “Six Reasons Mastodon Won’t Survive” with the words “William Shatner couldn’t find me on Mastodon. This was a problem.” Since then, Mastodon was known as the Shatner-free space, where you are safe to hide from his gaze. Of course, that article was wrong on many accounts, and severely underestimated Mastodon’s survivability. There were many opinion pieces titled things like “Mastodon is dead in the water” predicting its timely demise. In the end, Mastodon out-survived App.net and Google+, a multi-million dollar project. Other Since beginning as a single repository on GitHub, Mastodon has got: A beautiful, dedicated homepage describing the project A dedicated blog, the one you are reading right now A new documentation website A GitLab server hosting many orbiting code repositories Fazit I’m very happy with Mastodon’s accomplishments. Overseeing such a large project has its ups and downs, as it’s impossible to keep everyone happy all the time when people have conflicting desires. Regardless, I consider these to be the two best years of my life, as work on Mastodon is incredibly fulfilling and interacting with all the interesting people on the platform is very fun. Would I have done something differently if I was starting from scratch now? Mostly, no. I still receive comments about the name “Mastodon” not being suitable, or “toot” being too silly. I wouldn’t change it. I think there is nothing wrong with being less serious, and if it alienates more corporate-minded users, that’s fine. I don’t wake up every day wishing to interact with my favourite brand. As for the future, development continues: The v2.6.0 version of Mastodon is currently in the works, containing many quality of life improvements, bug fixes, improved administrative tools and a decentralized version of identity verification. Mastodon has proved itself sustainable and has accomplished a lot in taking a foothold in mainstream consciousness. With more and more people become disillusioned with the tech giants, Mastodon will become ever more appealing. Let’s get to ten million users next.

Mastodon 2.5 is the 100th released version of Mastodon since the project’s inception almost 2 years ago. It brings a variety of improvements to the software, the full list of which is available in the changelog. Public profile page The public areas of the web interface have been redesigned. The color scheme and design is now more consistent with the logged-in interface. The new profile layout makes better use of space for bio text and increases the value of header images. Prominent follow buttons ensure that even people new to Mastodon understand quickly what they can do on it. But that’s not all: The public pages now also display reply, favourite and boost buttons that open a remote interaction dialog that can take you back to your home server where you can actually interact with the toot from your account. That’s a lot simpler than having to copy & paste the toot permalink into your server’s search bar! Remote interaction dialog The other thing on the new profiles: You can choose to feature some of the people you follow on your profile, to be displayed in random order as a sort of recommendation to anyone who is visiting it. Your favourite cat owners, important voices or your associates, it’s up to you. Like the MySpace Top 8 without the “top” and the “8”, or even more like the WordPress blogroll. Some of the smaller changes: The number of replies to toots is now stored and displayed so you can know straight away if a question you see has already been answered or if a lively discussion is happening. Mastodon now accepts MOV videos from iOS, and larger video files in general, and is smarter about resizing images. Administration and moderation For those who moderate Mastodon servers, a new dashboard provides an overview of important weekly numbers such as new sign-ups, user activity and liveliness. The number of e-mail notifications generated from reports has been reduced: reports for the same person do not generate a notification if one of the reports is currently unresolved. Additionally, you can now disable report notifications for yourself. Admin dashboard Suspensions in Mastodon are a harsh measure: You no longer have to fear misclicking and suspending the wrong person with a new confirmation screen that tells you how many toots and followers the suspension will affect before asking you to re-type the name of the account to make sure you didn’t click on the wrong one. But that’s not all: The temporary account lock-out function has been made available to moderators as a softer, and completely reversible alternative to suspensions. Deployment and scaling For those who run Mastodon servers, the database schema has been adjusted to reduce disk write operations and CPU load of PostgreSQL. And for those who need to scale big, support for read-replicas is now baked into the software: it’s just a matter of changing configuration. A new command-line interface is supposed to make working with Mastodon from the terminal easier, in place of the clunky rake tasks system. For example, there is a new way to import a pack of custom emojis. Let’s say we have an archive stored under /home/alice/Downloads/hackerman.tar.gz with the hackerman set of letter emojis saved as PNG files like a.png, b.png and so on, it could be imported with: bin/tootctl emoji import \ --unlisted \ --prefix hacker_ \ /home/alice/Downloads/hackerman.tar.gz This will create custom emojis in Mastodon with shortcodes like :hacker_a: that will not clutter up the emoji picker but will be autocompleted. Federation relays If your Mastodon server does not have enough activity to be interesting to new users, that chicken-and-egg problem can now be solved by subscribing to a so-called federation relay. Federation relays are separate servers that act as a, well, relay between participating Mastodon servers, that is, every participating server receives every public toot from every other participating server. It has to be mentioned that the core design of Mastodon where a server receives only toots from users it follows, rather than all toots from any one server, is more scalable long-term. However, servers that don’t yet follow a lot of people can often feel like ghost towns, and federation relays fix that. To get started with Mastodon, you can sign up for free here or here, or dive into the deep end of choice by browsing the list of servers here. Or, use the bridge tool to find where your Twitter friends are and sign up there. Huge thanks to everyone who contributed to the recent releases (see the full changelogs for accreditation), to everyone who sponsors the project, and to everyone who makes the network worth using by being awesome tooters! 🐘