Mastodon's a cool place, but it's private like a local coffee shop, not a home bathroom.

Remember that the admin of your instance can see EVERYTHING you post, including direct posts. They can even disable 2 factor authentication, if you have it enabled (and you should. No really, enable that stuff now.)

Bottom line: Find an instance where you feel you can trust your admin, and don't send direct toots unless you trust the admin at the recipient's instance as well.

Now I’m imagining this site as a coffee shop and it’s just a hilarious image

@sociable If Alternate Universe fanfiction has not already been written I will be very surprised.

It's important to note that Twitter, tumblr etc could also read your dms. No matter what site you are on you should be cautious what you dm.

@Vopo @theartguy & at least here you're a /lot/ less likely to have some impersonal ai trolling it for marketting data, sentiment analysis, and negative mood event detection.

@theartguy honestly direct toots are only to be used as a way to send a series of messages without cluttering the main feed, use encryption if you want privacy.

@theartguy show me a local coffee shop that knows what the fuck two factor authentication means

@theartguy Better yet, for anyone who can, self host and for those who can't, privacy policies tell your users what they should expect.

@A_Grain_Of_Salt Two factor authentication is when you combine something you know (your password) with something you have (your phone, usually).

There are free authentication apps for phones that use math to prove that, yes, you are holding that device at that moment.

The idea is that someone might guess or steal your PW, but they're less likely to have your phone at the same time.

I use the one from Google, but Authy is also quite popular.

@theartguy don't forget that you need to trust the admin of the recipient also.

@ratamacue Which is why I included that in the "Bottom line" paragraph, yes.

@theartguy Isn't here an option to encrypt the message?

@zajo There might be forks of Mastodon where that is possible, but to my knowledge end-to-end encryption isn't a thing on here.

Consider Mastodon to be for communication in public (hence the "coffee shop" reference). For guaranteed private communication, one would have to look elsewhere.

@theartguy @merce com admin m’ofen el que diu. Ho enfoca malament per que és al inrevès, vull dir, posa en la “bottom line” trobar admins confiables, com si fos difícil. Estic convençut que el 99,99% ho son.

Sign in to participate in the conversation
Aaron Smith

This instance set up just for one person, but you don't have to make one for yourself. Visit to find the instance that's right for you. Are you an academic? Try