phildini.dev
A Brief Guide to Locking Down Your Mastdon Account
Mastodon is currently my favorite social network. I love it so much, I started my own server with some friends, and I’m proud to say it’s still going strong. You can read about The Wandering Shop in my previous post about why I started it.
Part of the reason I love Mastodon and The Wandering Shop is that it’s a social community where we get to define the rules, and we get to control who is and isn’t allowed in our neighborhood. Myself and the other shopkeeper, Annalee, do a good job keeping out the riff-raff as per our Code of Conduct. That said, if you aren’t on our server, or if you want a tighter grip over who you share with, Mastodon provides some of the most comprehensive options I’ve seen for privacy in a social network.
So here are 6 things you can do to lock down your Mastodon account.
1. Develop a good relationship with your server admins
While Mastodon provides some excellent options for blocking people and servers just for your account, involving your server admins will help keep bad actors and bad instances off everyone’s feed, and help the neighborhood feel better as a whole. This is tougher on a large server like mastodon.social, but the admins there still try to respond to reports as they can. That “personal relationship” is one reason why I prefer the smaller servers.
2. Lock your account
The next steps in this guide are going to be found in your Mastodon preferences, which you can find under the “Gear” tab in the Mastodon web interface. This guide, and all the screenshots, assume your server is on Mastodon 2.0, which many servers have moved to by this point.
In Mastodon, locking your account means that you must manually approve every follower. The Mastodon default is anyone can follow anyone else, without approval. Setting this setting will require action from you every time someone wants to follow you, but it also means no-one can follow you without your permission. This is especially important if you want to…
3-4. Set privacy defaults on toots and unlist from search results
The default for toots that you post in Mastodon is “Public”, meaning everyone can see them and re-toot them. The next level of privacy is “Unlisted”, meaning anyone can see them if they go looking for them, or if they follow you, but they won’t show up on the public timelines, like the “Local” feed or the “Federated” feed. The final level of non-direct-message privacy is “Followers-only”. When a toot is followers-only, only your followers can see it, they CANNOT re-toot it, and it won’t show up in any public feeds.
All of these options are available on a per-toot basis in every client I’ve seen, but if you’d like your toots to be more restricted by default, you can change that here. However you are most comfortable using Mastodon is the right way to use Mastodon, but it’s worth noting that interesting toots in the public timelines is how people find other interesting people on Mastodon, and removing your toots from that by default may limit how many people get to appreciate what you have to offer.
On this same preference page is “Opt out of search engine indexing” option, which will translate to your public profile and status pages not being crawled by search engines that respect things like robots.txt files.
5. Set up 2FA for your account
This falls under “Good internet hygiene”, but it’s a good idea to set up two-factor authentication for your account, and Mastodon has made it easy to do so. Accounts getting hacked sucks, turning on 2FA makes that less likely.
6. Donate to Mastodon development and encourage more privacy features
Mastodon is created and run by volunteers, and you can help support the lead developer through the Mastodon Patreon Page. Additionally, suggestions for more privacy features come up all the time in the Mastodon Github, and you can help make them a reality by pitching in your time and expertise.
open-source tech wandering-shop security privacy