If you have been following the news lately since Elon Musk acquired most of Twitter shares there had been some radical changes in the company. Some of them have been more social changes which could have led to a potential leak of employees as some of them do not align their views with the new owner. This view has been growing with the firing of some of the management and senior developers for one or another official reason.
Some people have called out the possible death that is hoovering over what once was the symbol of free speach and one of the first social media platforms in the web. Data published in November shows how the number of employees of Twitter has been reduced from 8000 to 2000 in less than a month. That is a 75% shrink! The truth is that only time will give us the answer regarding the future of Twitter. Nevertheless, this exodus of users can have some repercussions, not only for the platform but also for the end users.
We wanted to make you aware of some of the challenges that we have seen when migrating to some of these platforms. One of the best examples can be the different vulnerabilities that have been displayed in Mastodon. Growing up also means that you can catch more eyes. In some cases even those that you do not want around like those from pentesters or black hat hackers. So we have seen a number of vulnerabilities being reported regarding the most popular Twitter alternative, mastodon[1].
Also, there is another feature that we want to point out on this new platform. Some people defend that Mastodon is going to be the new norm for the fact that it is decentralized. And therefore, this means that even if someone decides to close their servers there will be many other servers that he will not have control over, and therefore a single person or entity wouldn’t be able to take control of the whole platform to impose it’s ruling or manipulate it on will basis.
On the other hand, this might not be a good thing, or not completely. Mastodon is an open-source platform, which means that its source code is public in the internet for us to be able to read and execute. This is how we can spin as many mastodon servers as we want. But also, this allows security researchers to study the code and find vulnerabilities that would otherwise be hidden until a malicious actor would have exploited them.
When reading the source code from Mastodon there were some details that seemed to us worth mentioning. The way that mastodon is coded, at least in the version running on November 20, 2022, Mastodon stores the direct messages between users in plain text in the servers that host the sender[2], and recipient users. This means that if you joined Mastodon using someone else server the administrators for that server will have complete access to all your direct messages with other users.
To sum up, the future of Twitter is still to be seen but such a big platform, even with 0 push will still carry the load for some time due to its inertia. Also if you are looking for a Twitter alternative (like Mastodon), please make sure you read up on it and you make sure to take preventive measures to avoid your info being spread across the web. And finally, anything you do online take conscience that at some point can end up being public content.
References:
[1]https://www.blackhatethicalhacking.com/news/mastodon-users-vulnerable-to-password-stealing-attacks/?
[2]https://grahamcluley.com/mastodon-what-you-need-to-know-for-your-security-and-privacy/
[3]https://www.eff.org/deeplinks/2022/11/mastodon-private-and-secure-lets-take-look