|
Mastodon: What you need to know for your security and privacy If you’re leaving Twitter for Mastodon, here are some things you should know. https://grahamcluley.com/mastodon-what-you-need-to-know-for-your-security-and-privacy/ Please reblog/boost if you think this would help folks you know who are new to Mastodon. (Likes are appreciated, but won't help spread the advice) 32 comments
@jprxts cheers! I appreciate it. It's great to see such a swell of cybersecurity folks here on the elephant. @gcluley and for more advanced users, put your blog on Mastodon! I don't mean share your content through your account. Actually make your blog it's own instance! I wrote a blog post which I'm not going to link to, but you can find it at @donncha@odd.blog to see how it looks in Mastodon. :) @donncha@mastodon.ie @donncha@odd.blog Thanks, I'd heard about this - but haven't explored it yet. Sounds interesting. :) @gcluley @gcluley w/r/t the DM issue i think it's really meant to be a regular fediverse post directed to one (or more) mentioned users rather than an inbox-type thing @violet_cerue Yes, I understand. The problem is that many users will be used to the idea of "direct messages" working rather differently on other sites, and so won't realise that Mastodon direct messages are quite a different thing. Ideally they'd be called something else to avoid confusion. Actually, ideally there would be real direct messages between users rather than the current hodge-podge. @gcluley I agree that it can be made more clear. I only point it out because a lot of writeups and complaints about this feature also give the impression that it's a badly-implemented private messaging system, rather than just another privacy setting for posts. I personally don't care about having an inbox-style messaging system at all; other tools (Signal, Jami, etc) seem more appropriate that. But YMMV. @gcluley the DM situation is going to be a change for most birdapp refugees. It’s really meant for directing a toot towards one person via toot permissions and there should be no expectation of privacy. @agent0x0 Yes, I can see a lot of people accidentally goofing up with this on Mastodon. :( @gcluley Thank you Graham. Will you cover it on smashing security? I listen to it every week, its my lissen on the Thursday commute @erikwarming Thanks for being a regular listener Erik. Yes, I just got off the recording with Carole for Thursday's episode of the podcast - where we'll discuss this in some more detail. :) @eingfoan I do mention hardware-based authentication keys in passing - but maybe i should expand that. @gcluley I would not call it hardware so much since passkey is also syncing in software right? Or do I misunderstand sth @eingfoan I apologise, I misread your response. I was talking about YubiKeys and their ilk. @gcluley @gcluley Please may I ask: does the 'verification' link have to be on the home page of the website or can it be on the Links page? @MichaelLeuty It has to be on the page that you link to. But it doesn't have to be a visible <a> link - a <link> tag in the <head> section also works. @jmorahan Many thanks for the advice. The site is WordPress and I don't know how to edit the <head> section, but I put the link tag right at the bottom of the home page with no text between <a> and </a>. It's invisible and the site is now verified. Thanks again. @gcluley Good intro — thanks. Particularly appreciated the more nuanced discussion of DM risks. @gcluley i didn’t know about the #greentick #Mastodon #verification of websites (pointing at Mastodon profile & vice-versa), that’s neat, thanks! |
Gregory's Server
@gcluley Reposting over Twitter as it'd make more sense to my few followers there!
That's a pretty handy guide, thanks for that!