Welcome to the fediverse! It doesn't make sense and everyone's very loud.
If you are migrating from Twitter or Tumblr, once you've found people, you may be wondering how to ease your way into Mastodon without worrying about people seeing your toots. (Yes: toots.) Fortunately, this can be accomplished in a few easy steps.
Step One: Toot Security
For the most part, security in Mastodon is driven by individual toots. This has a huge upside once you get used to it – you can toot personal stuff with more privacy than your fandom shit, for example. If you don't want to immediately be exposed to the public on the instance you join, you can simply set your default Posting Privacy in your preferences:
Step Two: Follower Security
Now, if you've updated posting privacy to be "followers only", you'll want to make sure you can approve your followers! You can do this in your Profile Preferences by checking the box that says "Require follow requests":
Step Three: Notifications
In the web app, notifications are sound-on by default. If you don't want the website to yell at you, you can turn these off by navigating to Notifications and toggling off all of the Play Sound options. Note the purple arrow – you want to scroll to make sure you've got them all!
Step Four: App
Eventually you are going to want an app, probably. There are many options for iPhone and Android, including the official Mastodon app as well as options like Metatext. The app will ask for your server. Your server is the website you're on, for example https://federatedfandom.net. If the server doesn't pop up when you search for it, just enter the URL. You'll then be asked to authenticate, and you should be good to go!
Step Five: What about the Nazis, creeps, weirdos, and freaks?
If you're on Federated Fandom, we can guarantee the only creeps you should encounter are your fellow fandom people. Having said that:
- Mastodon supports blocking and muting much like Twitter/Tumblr
- Mastodon supports reporting a user, which kicks their account into your instance's mod queue
- Mods can then silence, suspend, or ban the user
- If the user comes from an instance that isn't moderating them, mods can also ban the entire server. Federated Fandom has a number of "known troll" servers banned already.
Step Six: What about admins reading my messages?
The people who can read your DMs are server admins – meaning, people who log onto the server and root through the database. This is actually true of any service you use that isn't end-to-end encrypted like Signal, but it can be a bigger concern on smaller sites. There is really no way around this – try to join an instance owned by someone you trust, and be cautious of what you post on social media vs Discord, Signal, or another chat-focused app.
Having said that, we've seen a bit of inaccurate information regarding how easy it is to read those messages. They are only accessible in the database, not via the website.
As an admin, I can see all user statistics such as email addresses and IP addresses on the website – this lets me manage the server. Moderators can also see email/IP information. No one can view your direct messages or private posts from the web application.
When in doubt, contact your admin! We set these things up because we're huge nerds and want to help!
