NOTE TO NEW USERS:
Mastodon's a cool place, but it's private like a local coffee shop, not a home bathroom.
Remember that the admin of your instance can see EVERYTHING you post, including direct posts. They can even disable 2 factor authentication, if you have it enabled (and you should. No really, enable that stuff now.)
Bottom line: Find an instance where you feel you can trust your admin, and don't send direct toots unless you trust the admin at the recipient's instance as well.
Now I’m imagining this site as a coffee shop and it’s just a hilarious image
@sociable If Alternate Universe fanfiction has not already been written I will be very surprised.
It's important to note that Twitter, tumblr etc could also read your dms. No matter what site you are on you should be cautious what you dm.
yup especially media, which goes into a public CDN only obfuscated by a somewhat randomized URL, if you don't want your nudes to leak don't post them, even in DMs!
mastodon isn't unsafe, but it's not totally private, at all. only end to end encryption can get you that and that's just not a thing at the moment.
@theartguy honestly direct toots are only to be used as a way to send a series of messages without cluttering the main feed, use encryption if you want privacy.
@theartguy show me a local coffee shop that knows what the fuck two factor authentication means
@theartguy Better yet, for anyone who can, self host and for those who can't, privacy policies tell your users what they should expect.
What's the two step authentication? Why is it important?
@A_Grain_Of_Salt Two factor authentication is when you combine something you know (your password) with something you have (your phone, usually).
There are free authentication apps for phones that use math to prove that, yes, you are holding that device at that moment.
The idea is that someone might guess or steal your PW, but they're less likely to have your phone at the same time.
I use the one from Google, but Authy is also quite popular.
@theartguy don't forget that you need to trust the admin of the recipient also.
@ratamacue Which is why I included that in the "Bottom line" paragraph, yes.
@theartguy ah yes, somehow I missed that.
@theartguy Isn't here an option to encrypt the message?
@zajo There might be forks of Mastodon where that is possible, but to my knowledge end-to-end encryption isn't a thing on here.
Consider Mastodon to be for communication in public (hence the "coffee shop" reference). For guaranteed private communication, one would have to look elsewhere.