In the first part of this series, we introduced Mastodon, how it works and why it’s important for researchers. In the second part, we will explore the Mastodon interface and how to search this platform to gather information about users and instances.
Once you have gained familiarity with the architecture of Mastodon's open-source platform and its unique instances, the next crucial aspect to delve into is understanding how to search for information within its instances.
Finding Mastodon user handles
The first step to researching on Mastodon is finding the correct user. A Mastodon user account is composed of two parts: the username on Mastodon and the Mastodon server name, shown as @username@instance.
When your Mastodon account is on the same instance as the user you are accessing their profile, then there is no need to add the @instnace. It is enough to write target user @handle only to access their profile.
In Figure 1, I’m accessing Eugen Rochko’s Mastodon profile. If I already have a Mastodon account on the same instance (@mastodon.social), then I can access target profile using their @username only.
Figure 1 -We can access a user’s Mastodon profile using their @username only if we are both on the same instance
To view the Mastodon profile of a user on a different instance than you, such as if you are on @techhub.social and the user is on @mastodon.social, you will need to mention both their Mastodon username and instance name. For example, you would mention the user as @Gargron@mastodon.social (see Figure 2).
Figure 2 – To access users who are not in your current instance, you need to use their instance name along with their username
Mastodon user interface
There are two ways to use Mastodon, via mobile app or web browser. For OSINT collectors, accessing Mastodon via a web browser is always advisable to simplify the gathering activity and protect your research by remaining anonymous. After signing into your Mastodon account, you will see a page divided into three columns (see Figure 3).
Figure 3 - Mastodon default user interface has three columns
Here is the layout of the page and what you need to navigate:
- The first column has a search box to search Mastodon (you can search for user profiles, posts and hashtags), a link to edit the user profile, and a text box to write a new “Toot.” (Please note that, unlike Twitter which uses the term “Tweet” or post, Mastodon uses “Toot” instead.)
- The second column contains the timeline where other users’ “Toots” appear and is updated automatically as new content appears. Toots are displayed chronologically, unlike by algorithm in many other platforms, such as Twitter, Instagram or Facebook.
- The last column contains links to the following:
- Home: (will display “Toots” from users you follow on all instances)
- Notifications: (receive notifications such as mentions and follows)
- Explore: (link to Toots from the current Mastodon instance and other servers in the decentralized network, which is currently gaining traction on the current instance.)
- Local: (display the most recent public Toots from people whose accounts are hosted by the current instance)
- Federated: (display the most recent public Toots from people on this and other servers of the decentralized network that this instance knows about)
- Direct Messages: – messages sent directly to the user
- Bookmarks: (all bookmarks – Toots marked by the user)
- Favorites: (all user Toots favorites appear here – similar to Twitter likes)
- Lists (user stored lists)
- Preferences: (manage and customize your Mastodon account)
- Trending Now: (show all hashtags that are trending right now on this instance and other connected instances of the decentralized network)
The Mastodon basic search functionality (located on the left-hand corner of the page) will search within all Mastodon instances. Unlike Twitter, there are no advanced search operators supported. Mastodon limits its search capability for privacy reasons.
For example, let us search for the keyword “OSINT” The returned results will come from different Mastodon instances (see Figure 4).
Figure 4 - Mastodon search results come from different Mastodon instances
As displayed in the figure above from the search result, the default Mastodon search functionality is limited to searching within user accounts and hashtags. It will not search for that keyword within Toots text.
Some Mastodon instances provide the capability for users to perform full-text search. This feature is enabled by installing the ElasticSearch feature by the logged-on Mastodon instance. With this capability, users can conveniently search for results from their own Toots, favorites, bookmarks and mentions. Still, Mastodon intentionally restricts the ability to search for arbitrary strings throughout the entire Mastodon database.
Hashtags have # at the beginning and contain no spaces within them. You can use hashtags as a search keyword which might help you to find Toots containing that specific hashtag.
When following a specific hashtag, you will find more Toots in your timeline from users you are not following and posting content related to that particular hashtag.
Mastodon provides the functionality to track different hashtags in real time; this allows OSINT gatherers to track specific hashtags in real-time, proving useful in many instances. To do this, follow these steps:
- To begin, you'll need to switch your Mastodon interface to an advanced mode. Access the "Preferences" option located on the lower right-hand side.
- Under the "Appearance" tab, select the "Enable advanced web interface" option.
Figure 5 - Enable Advanced web interface in Mastodon (web interface)
3. At the top left of the screen, type in the hashtag you wish to monitor into the search bar. For instance, in my case, I would like to track and search for Toots with the #leaked hashtag.
4. A results list will appear below the search bar once you've searched. These results are interactive, so you can click on them. For example, if you want to follow the #leaked hashtag, click on it.
5. Upon clicking the hashtag, a new column will appear on the right-hand side of the screen. You will see a plus sign at the top of this column, which you can use to start following the hashtag (see Figure 6).
Figure 6 - You can follow one or more hashtags in real-time in Mastodon
6. We can track multiple hashtags simultaneously and include them in the same feed as the #leaked hashtag column we've already created. To add additional hashtags, click on the "Settings" button located on the #leaked column and adjust the hashtag preferences (add or exclude as desired) (see Figure 7).
Figure 7 - Add/Exclude hashtags to track them across the Mastodon servers
Finding More Information About Mastodon Servers
As mentioned above, the official Mastodon website does not list all Mastodon servers available worldwide. Some services help us find additional Mastodon instances and discover their technical information.
A great service for discovering the Mastodon ecosystem. It displays various information about each Mastodon instance (see Figure 8), such as:
- Signups (Yes or No)
- Users (Number of users)
- Country (instance registered country)
- Language (instance language)
Figure 8 - https://mastodon.fediverse.observer/list display various information and stats about Mastodon instances
Selecting any Mastodon instance from the list will display more information about it (see Figure 9).
Figure 9 - Viewing detailed information about selected Mastodon instance
The Fediverse Observer website provides a live map showing available Mastodon instances globally (see Figure 10).
Figure 10 - Mastodon Live Map available at:https://mastodon.fediverse.observer/map
With comprehensive insights into the Mastodon platform, OSINT practitioners can conduct searches on the platform, track hashtags and obtain diverse technical data regarding Mastodon instances.
Even while conducting OSINT and SOCMINT, researchers need to be aware of how their digital fingerprint could be affecting their investigation. Learn more about why and how to manage attribution while conducting OSINT and how to manipulate your point of presence to find key data.Anonymous research OSINT research Social media