How to get maximum privacy & security on Mastodon:

-Hide your follows/followers by going to Preferences > Other > Hide Your Network (tick box) > Save Changes (click button)

-Select appropriate toot privacy (the 🌎 button) each time you post

-Use a unique password you don't use on any other site

-Use an email address you don't use on any other site

-Log in via VPN, so your IP address isn't visible

-Use 2FA (Preferences > Account > Two-factor Auth > Set up)

#MastoTips #FediTips #Mastodon


Direct/private messages are NOT end to end encrypted on , don't use it for anything sensitive -

You'll have to manually encrypt messages using pgp or something if you want on DMs. If you're concerned about this, just try to let the know. An ideal solution would be to implement e2ee on the protocol itself, so that all platforms and future platforms get it. This way, even cross-platform DMs would be encrypted.

@futureisfoss @feditips

> Don't use [DM's] for anything sensitive

In addition don't use DM's and expect them to hang around as an archive of past conversation.

If people you DM'ed with clean up & delete messages on their side, they also disappear from your inbox, breaking the conversation threads.

It can be really confusing if you are not aware of this.

Yeah, this have happened with me before. I DMed someone and then later they deleted their account and moved on to a different instance. Now I can only see the messages I sent, their reply is gone.

@futureisfoss @humanetech @feditips

Another reason for offline archival of your conversations.

Do the tools exist for this?

Yes, i do know that Copy'N'Paste works, but is there a FLOSS automated version? :D

@futureisfoss @feditips

Note sure if the latter is a good approach as E2EE is notoriously difficult to implement and comes with a massive pain-in-the-ass requirements such as key verification. I would let Mastodon do one thing - ActivityPub - well and leave E2EE to projects that specialise in direct secure comms.

I said this cause e2ee is pretty much basic these days. Especially when mastodon advertise itself as a privacy friendly alternative, people would think that DMs are e2ee - this is misleading. Also I don't think the unix philosophy applies to security features.

And like I said, e2ee should be implemented on activitypub protocol itself. So that every platform that uses the protocol gets it. Encryption should also work in cross platform DMs this way.

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.