Importing ready-made server blocklists on your own Mastodon server

Mastodon servers can choose to block other servers, and by default this is done manually one at a time. However, this can get cumbersome if there are lots of servers you need to block quickly, especially if you’re running a new server with no blocks at all yet.

To make the process easier, servers admins can import pre-written server-level blocklists from sites such as oliphant.social ⧉. Once you have a blocklist downloaded, here’s how to add it to your own server:

  1. Log in on your server’s website using your admin account.
  2. Go to Preferences > Moderation > Federation
  3. Click the Import button at the top
  4. Browse for the blocklist’s .csv file, then click Upload
  5. You will be presented with a list of servers to block. If there are servers with existing connections to your server, they will be automatically unticked. If you want to include these in the block, tick them.
  6. When you want to implement the blocklist, click Import in the top right corner of the list and click OK to confirm.

Once the list is successfully imported, the blocks will appear alongside your existing blocks. If necessary, you can remove blocks from the list just like any manually added block.

Will this block accounts that already have follows or followers with my server?

Before any blocks happen, the blocklist import process will highlight servers on the list that your server already has connections to. You will be given the option of either going ahead with blocking those servers, or leaving them off the blocklist. By default it will leave them off the blocklist, unless you choose to add them back in.

If you block a particular server, then all the follows and followers from that particular server will lose their connections to your server.

How reliable are ready-made blocklists?

Different blocklists have different methods for compiling them, which are usually stated next to their download links. You as admin need to judge which blocklist best suits your server. The blocklist links at oliphant.social ⧉ are a good starting point for discovering ready-made blocklists.

Typically a ready-made blocklist might be compiled through some sort of vote by a pool of admins trusted by the blocklist compiler. Minimal blocklists might demand a very high number of admin votes before adding a server to the blocklist, while broad lists might block servers even after just a few votes.

If a blocklist doesn’t state any methodology, it might not be the most reliable blocklist.

How do I keep up to date with the latest version of a pre-made list?

At the moment you have to manually upload the latest version of a pre-made list to get the updated version. However, the official Mastodon roadmap ⧉ mentions plans for an optional blocklist subscription system (MAS-139) so that this would happen automatically if you want it to.

↩ Back to the front page

Using allowlists on Mastodon servers through Limited Federation Mode

There are two ways for Fediverse servers to communicate with each other, blocklists and allowlists:

  • Blocklists are by far the more common option, and mean your server will connect with any other server that isn’t on your server’s blocklist. Your server can make connections with other servers more easily, but will be more at risk of receiving abusive posts from nasty servers that haven’t been added to its blocklist yet.
  • Allowlists are less common, but many people prefer them due to their greater safety. If your server uses allowlists, all other servers are blocked by default and are only unblocked if they’re added to an “allowlist” by your server’s admin. Allowlists prevent the danger of rogue servers posting abuse, but they also make it harder to make connections with nice servers that haven’t been added to the allowlist yet.

By default Mastodon servers use blocklists. However, there is an optional setting on Mastodon called “Limited Federation Mode” where the server uses allowlists instead.

It is up to the admin of each Mastodon server to decide whether blocklists or allowlists are right for their particular server. Only server admins can adjust this setting.

I am a Mastodon server admin. How do I find out more about Limited Federation Mode?

If you’re an admin and want to find out more, there is a web page with instructions and tips on Limited Federation mode here ⧉ and there’s a technical description of Limited Federation mode ⧉ in the official documentation.

Allowlists vs Blocklists: How do they differ?

In default mode, Mastodon servers can communicate with other servers unless the server admin blocks them. This is known as a “blocklist” system, because it depends on the admin telling their server which other servers to block.

If a server runs in Limited Federation Mode, it’s the opposite way around: no other servers can communicate with the admin’s server unless the server admin specifically allows them. This is known as an “allowlist” system, because it depends on the admin telling their server which other servers to allow connections with.

Blocklists are better for building up connections with other servers, but worse for user safety. Allowlists are better for user safety, but worse for building up connections with other servers.

There may also be compatibility issues when using some apps with servers in Limited Federation Mode, because this is currently a rarely used setting that the app may not have been tested with.

How do I set my server to Limited Federation mode?

You need to be a server admin to change your server’s federation.

If a server is on a managed hosting company, the server’s admin will need to ask their hosting company to switch the server over to Limited Federation mode.

If the server has been set up manually by its admin, the server admin will need to make the adjustments manually by consulting the official Mastodon documentation on federation ⧉.

Will the apps work with a server in Limited Federation mode?

The server’s website and the web apps should work fine.

There may be problems with some app store apps working with servers in Limited Federation Mode. You might want to have a look at the guide linked to above ⧉ for more info on which apps work.

Can admins set their server to be totally isolated and not communicate with anyone?

Yes. If an admin sets a server to Limited Federation Mode and leaves the allowlist blank, the server will be totally isolated and have no connections with any other server.

↩ Back to the front page

Adding user safety through Authorized Fetch on Mastodon

This is a bit technical, but there’s a little-known feature on Mastodon called “Authorized Fetch”, aka “Secure Mode”. By default it is switched off as it uses more resources and can cause compatibility problems with servers running older software.

When it is switched on, it makes all blocks more effective, including both server-level and user-level blocks. This empowers users to fight abusers and trolls more effectively, and makes the server’s own blocks more powerful too.

Which kind of posts does this affect? Can abusers see followers-only or mentions-only posts?

Posts using follower-only or mentions-only visibilities are already protected from unauthorised interaction. Authorized Fetch only makes a difference on public or unlisted posts. If you never use public or unlisted posts, you don’t need Authorized Fetch.

Please see the post visibility guide for all the kinds of visibilities that a post can be, and how to set your defaults.

I am a server admin, how do I find out more about this?

There’s an official technical description of Authorized Fetch here ⧉ and a detailed unofficial article here ⧉ which might be useful.

How to activate Authorized Fetch on Mastodon

Only server admins can activate it, so if you’re not an admin you’ll need to contact your server’s admin and ask them to do this.

The latest version of Mastodon includes controls in the graphical interface for activating it:

  1. The admin should sign onto the Mastodon server’s website or web app using their admin account
  2. Click ⚙️ Preferences
  3. Click Administration (on the left of the screen or in ☰ on the mobile site)
  4. Click Server Settings
  5. Click the Discovery tab at the top
  6. Tick the box marked Require authentication from federated servers
  7. Click Save changes

On some managed hosting services this option may be greyed out. If so, ask the managed hosting company to switch it on for you.

Why isn’t this on by default?

Authorized Fetch uses more server resources as the server has to do a lot more checks for each post to prevent unauthorised interactions. However, the costs of these extra resources may be worth it for the extra level of user safety the feature brings.

I heard this causes compatibility problems and consumes massive amounts of resources?

No, not nowadays. It consumes more resources, but not a huge amount more. There also don’t seem to be compatibility problems any more, as software has been updated to take account of servers with this option activated.

Does this stop website scraping?

No, nothing can stop scraping of public posts on a public website. However, scraping a website and copying its contents is not the same thing as interacting directly with a thread on a social network.

Compatibility with other Fediverse servers

Authorized Fetch is an official feature of Mastodon and it should work fine when federating with servers that are running Mastodon 3.0.0 or higher. It should also work with GoToSocial (which uses Authorized Fetch by default), Pixelfed, PeerTube and most other Fediverse server types.

↩ Back to the front page

Is Mastodon end-to-end encrypted?

No. Mastodon isn’t E2EE. Some work has been done ⧉ on building an encrypted messaging system into Mastodon, but it isn’t finished yet.

What does this mean? Can my server’s admin read my DMs?

In theory, the owner of your server could read at your DMs in the server’s database. However, it’s not as simple as that in practice.

An admin would need a certain level of technical skill, as there is no way to view DMs in Mastodon’s admin interface. The server owner would have to manually look through their server’s database directly to read a DM, and bypass Mastodon’s admin interface completely. It’s not something they could do casually.

Is this normal?

Social networks typically don’t encrypt messages by default. For example, on Twitter/X all DMs and posts are visible to moderators.

Can everyone see my DMs on Mastodon?

No, they would need direct access to your server’s database, which is restricted to the server owner and their hosting provider.

What should I use if I want to send sensitive information?

If you want to send something sensitive, the best option is to use a dedicated messaging system with end-to-end encryption.

There’s a very popular encrypted messaging system called XMPP (also known as Jabber). XMPP is structured like Mastodon, with lots of connected servers, but it is designed entirely for private messaging and calling. There’s a website to help non-technical people sign up on existing servers at JoinJabber.org ⧉ and there’s a managed hosting service to help non-technical people set up their own server at Snikket.org ⧉.

Is XMPP compatible with Mastodon? Is it part of the Fediverse?

No. XMPP is designed entirely for messaging, calling and real time chatting. It isn’t intended as a social network, and doesn’t use Fediverse protocols like ActivityPub. However, the server structure of XMPP is very similar to Mastodon and has the same advantages, which is why it’s recommended on this website.

Some Fediverse server admins also run XMPP servers too. If you’re happy with how your Fediverse server is run, it might be worth asking your server admin if they have an XMPP server too.

How do I make sure XMPP is encrypted?

Modern XMPP apps use a standard called OMEMO for end-to-end encryption. As long as everyone taking part in a conversation has the OMEMO feature switched on, then the conversation will be encrypted. If you’re unsure, you should be able to find OMEMO in your XMPP app’s settings page, and you can check which XMPP apps have OMEMO-compatibility at the Are we OMEMO yet? ⧉ website.

XMPP? Jabber? Which is it?

XMPP and Jabber are the same thing. “Jabber” was the original name, but unfortunately a commercial company bought the trademark for it. A new name was required and it was decided to use “XMPP” officially, though unofficially many people still call it Jabber as it’s easier to remember.

Who controls XMPP?

No one controls it, it’s decentralised and federated. The XMPP network is made up of many indpendent servers that talk to each other.

XMPP is a free open standard maintained by the non-profit XMPP Standards Foundation ⧉. Anyone can use the XMPP standard on their server or app, and each server and app is totally independent.

↩ Back to the front page

Using Two Factor Authentication (2FA) on Mastodon

To keep your Mastodon account extra secure, you can use a feature called “Two Factor Authentication”, also known as “2FA”. When you have 2FA activated, even if someone finds out your password they still cannot log into your account.

How does 2FA work?

2FA usually works through a special app on your phone, tablet or computer which constantly generates special pass codes, often in the form of six random numbers. These codes are linked to your account, and only your app will generate codes that match your account.

When you want to log into your account, as well as your password Mastodon will also ask you for your 2FA code, which you can find out from your app. It will then log you in.

How do I get a 2FA app?

There are many 2FA apps in all app stores, for example Aegis and 2FAS are popular 2FA apps. Apple’s keychain also includes 2FA support. The technical name for these apps is “TOTP” or “Authenticator”.

I’ve got my 2FA app, how do I activate 2FA on Mastodon?

  1. Log into your account on your server’s website or on the web app
  2. Click ⚙️ Preferences
  3. Click Account (on the mobile site click ☰ and then Account)
  4. Click Two Factor Auth (on the mobile site click ☰ again and then Two Factor Auth)
  5. Follow the instructions, including the part about keeping the backup codes in a safe place
  6. Seriously, please make sure you do the part about keeping the backup codes in a safe place. This isn’t just nice to do, it’s essential. You will need these backup codes to access your account if you lose your phone.

After you’ve activated 2FA, the next time you log in on Mastodon it will ask your password and then ask your 2FA code. Go to the app and find the code, then type this into Mastodon.

Do I need to type a 2FA code in every time I use Mastodon?

No. You only need to use a 2FA code when you log in, so if you stay logged in it won’t ask for the 2FA code.

If I use 2FA, do I have to use Mastodon on my phone?

No! You can continue to use any device you want even if you have 2FA activated. The 2FA app is only there to provide codes, it doesn’t know or care where you type them in. You can use the 2FA codes when logging in on any device such as computers, tablets or even other phones.

What if someone sees my current 2FA code?

It doesn’t matter, because the current 2FA code changes so frequently. Most people set it to change every few minutes or even every 30 seconds. If someone sees your current 2FA code, it will soon change to something else anyway and the old code will be useless to them.

The only code you need to keep secret is the 2FA’s backup code, which you should print out and put in a safe place. This backup code gives you access to your account if the 2FA app stops working for some reason.

What if I lose the phone that has the 2FA app running on it? How will I access my Mastodon account without the 2FA app?

That’s what the backup codes are for, and why you need to keep them in a safe place. If you lose access to your 2FA app for any reason, you can use the backup codes to access your account and switch off 2FA.

What if someone grabs my phone when it’s unlocked, can they access my 2FA codes?

It depends on the app, but probably not. Even when your phone is unlocked, most 2FA apps are still locked by default. To access the app’s codes after your phone is unlocked, you still need to type your phone’s unlock code again, or use fingerprint or facial recognition again.

Is 2FA just for techy people, or can non-techy people use 2FA as well?

Setting up 2FA is slightly tricky, and it will require you to keep a permanent copy of a special code in a safe place, preferably printed out and kept at home with your other important documents. This special code lets you access your account if you lose access to your 2FA app. If you’re not technically minded, you might want to get help from a trusted friend or relative in setting it up. Make sure they are people you trust, as the backup code would allow them access to your account.

However, after it has been set up, 2FA is extremely easy to use: the 2FA app displays a code and you simply type this in when Mastodon asks you to. It’s very simple and becomes second nature quickly.

Does the 2FA app know what I’m doing?

No. 2FA apps have no awareness of anything you’re doing.

The apps just passively display a list of security codes generated from the current time and your unique account keys. It doesn’t send any data anywhere, the code generation happens entirely offline on your own phone or computer. The apps have no idea if you’re even using the codes.

At a technical level, 2FA apps are essentially just very elaborate clocks, but instead of displaying the time they display ever-changing access codes. Your account’s server also knows what time it is, and that’s how it knows whether your 2FA access code matches up with what it should be.

Is 2FA just for Mastodon, or can I use it for other things?

It’s not just Mastodon! Most major online services nowadays have an option to activate 2FA. For example most email providers include 2FA support, and using it works just like logging in on Mastodon.

You can use the same app to generate all your codes. Each service uses a different code, and your app will generate a list of different codes if you use it on many services.

Does Mastodon support using security keys instead of authenticator apps?

Yes! Mastodon’s two factor authentication settings page also includes a section for adding security keys, just click on Security Keys 🔑 Add and follow the instructions. The security key section appears after you have activated a 2FA authenticator app.

↩ Back to the front page

How to prevent your account being suggested to others in Mastodon

On Mastodon, there’s a feature that automatically suggests accounts to follow when people first join a server, and when they click on the For You or People tab in Explore or Search. These suggestions are based on how many people on that server follow the account and boost its posts, and server admins can optionally add suggestions manually too.

What if I don’t want my account suggested to others?

You can set whether your account is suggested to others or not.

  1. Log in through your server’s website or the web app.
  2. Click on ⚙️ Preferences
  3. Click on Profile (or ☰ and Profile if you’re on the mobile website)
  4. Click on the Privacy & Reach tab at the top
  5. Go to the box marked Feature profile and posts in discovery algorithms, and UN-tick the box if you do NOT want to be suggested.

Wait a minute… “Feature profile and posts in discovery algorithms”? I thought Mastodon didn’t use algorithms?

The name in this section is a bit misleading. These are not the kind of complex, hidden, dubiously motivated algorithms that cause problems on Facebook, Twitter etc. The “algorithm” in this case is a simple open source mathematical formula that looks at which accounts are most followed and most boosted.

Technically even the simplest mathematical process is an algorithm, but in this case it might as well just say “Most followed & most boosted accounts”.

The “For You” tab… is it using my personal data to generate suggestions?

No, it doesn’t use personal data. The For You tab gives the same suggestions to everyone on your server, but it hides accounts you are already following which is why it says “For You”. The tab has been renamed “People” on upcoming versions of Mastodon to make this clearer.

↩ Back to the front page

Filtering your Mastodon timeline to automatically hide posts containing certain words, phrases, hashtags, links or emoji

On Mastodon, you can set your timeline to automatically hide or block posts featuring certain words, phrases, hashtags or emoji. You can choose to block them completely, or hide them behind a warning that you can open manually.

This isn’t just about offensive posts, it can be filtering for any reason at all. Some people use filters to hide Wordle posts for example. Your filters are private, and they will apply in the apps as well as on the website. No one will know you have filtered their posts.

To add a filter:

  1. Log in through your server’s website or the web app
  2. Go to ⚙️ Preferences > Filters (On the mobile website click ⚙️ and then ☰ and then Filters, on the desktop website click ⚙️ Preferences and then the Filters link on the left side of the Preferences page)
  3. Click the Add new filter button
  4. Choose the settings you want (see the rest of this guide below for more details on what all the options mean)
  5. Click Save new filter

Does the filter’s title need to match the words in the filter?

No. The title can be anything you want that makes it memorable, it doesn’t have to match the actual filtered words.

Can I filter for words, phrases or emoji? Are they case sensitive?

Yes, you can put one word, one emoji, or a phrase, or some mixture of these, into the filter. The contents of the filter is not case sensitive.

Which parts of posts does the filter look at?

The filter will look for its keywords in entire posts, including the actual content, hashtags, account addresses, alt text descriptions or web addresses mentioned in posts.

Does the filter work retrospectively?

Yes. Filters work retrospectively, so posts made before the filter was created will also be filtered.

Can I add more words, phrases or emoji to the same filter?

Yes. You can add more words and phrases to the same filter by clicking the + Add keyword link at the bottom of the page. The filter will be triggered if any of the words or phrases are present.

Do I need to include # if I want to filter posts with a particular hashtag?

No. You don’t need to include # on filtered hashtags, you just need to include the actual word or phrase. Posts with such hashtags will automatically be blocked if the tags contain a filter’s keyword(s).

How do I set a filter to be temporary?

You can make filters temporary by setting the Expire after section. By default this is set to “never” which means the filter is permanent, but if you set a value it will stop filtering after it reaches its time limit.

How do I apply the filter to just specific parts of Mastodon?

The Filter contexts section lets you apply the filter to specific parts of Mastodon. If you want it applied everywhere, tick all the boxes.

What does the “whole word” option mean?

If you have the Whole word option ticked, it means the filter only applies to posts containing exactly that word. (If you have this active, plurals or variations of a word will NOT activate the filter, because they are not exactly the same as the word.)

If you UN-tick the Whole word option, the filter will also apply to posts that have that word within other words (such as plurals), or if a word has other letters or numbers next to it without spaces.

How do I edit or delete my existing filters?

You can edit or delete filters at any time by going back to the Filters section in ⚙️ Preferences.

How do I filter posts that contain a particular link?

Add a filter for part of the text in the link (such as the link’s domain name), then make sure you have UN-ticked the box marked Whole word, then save the filter. This will filter anything that contains that text including links.

How do I block Wordle posts that don’t contain the word “wordle”?

Wordle posts sometimes are just blocks of coloured squares without the actual word “Wordle”. You can block these by creating a filter for one of these coloured squares, for example either 🟩 or 🟨. Make sure you have UN-ticked the Whole word option.

(If you’re wondering what Wordle is, it’s a very popular word guessing game. The squares indicate how close the person came to guessing that day’s word.)

↩ Back to the front page

How to use Content Warnings (CWs) on Mastodon and the Fediverse

Content Warnings (CWs) are an optional Fediverse feature which hides the content of a post behind a warning message. The post can be revealed by clicking on the warning. Only the person who writes the post can add a CW to it.

What are CWs for?

Content warnings hide any kind of content where the person reading may not want to read it right that minute, but they may want to read later. It could be something serious like upsetting news, or less serious like film spoilers. There’s also a very strong Fediverse tradition that those who are able to should use CWs when talking about emotive topics such as politics or religion. It is also often used for potentially “not safe for work” content such as gore or nudity.

How do I add a CW to my post?

  1. Start writing a new post or edit an existing post
  2. Click on the button at the bottom of the message writing window labelled “CW” or “Warning” or ⚠️ or other similar icons
  3. Write a brief warning giving people a clear idea of what to expect within the post itself, without them having to actually open it
  4. Publish the post

What if I want to open lots of CWs at once?

On Mastodon, if you are using the website or the web app you can make all the CWs in a thread open or close at once by clicking the 👁️ eye icon in the top right corner of a thread. (Note that the eye icon on the official mobile app does something different, it just opens one post at a time.)

I don’t care about warnings, how do I make all posts be visible for me automatically?

If you don’t want to ever see any CWs at all, you can make Mastodon open all CW posts by default:

  1. Log in through the website or the web app
  2. Click ⚙️ Preferences
  3. Scroll down the page and tick the box marked Always expand posts marked with content warnings
  4. Click the Save changes button

Is it compulsory to use CWs?

It depends.

Some servers have specific rules about when to use CWs, while others ask you to use your initiative.

When exactly should I use CWs? What if I see someone not using CWs when they should be?

CWs are an accessibility feature for many people, as they allow those who have traumas triggered by certain topics to read potentially triggering posts when they are mentally prepared to do so. It’s important to emphasise the point that for many people CWs are not about avoiding topics, it’s exactly the opposite: CWs make triggering posts accessible to people who would otherwise have to avoid them, in the same way that text descriptions make images accessible to blind people. They can widen your post’s audience.

Having said that, it is a bad idea to call people out for not using CWs! Some people will have legitimate reasons for not using CWs, for example someone who is currently going through a serious personal trauma, or perhaps is being persecuted or under threat of violence. It is not appropriate to demand CWs from someone who is going through something really horrific in their real world life. They may have much bigger things to worry about than social media, and we should help them deal with these bigger things however we can.

Even if someone should be using CWs, having public arguments about rules is not necessarily the best way to get someone to obey them, especially if they’re new to the Fediverse.

If there’s a post you think should be CWed and there’s no obvious reason why it isn’t, check the rules on your server and then ask your server admin for advice on what to do. They set the rules, and they are ultimately the ones that decide what is allowed on there.

In short, CWs are a balancing act, and require a lot of social skill (that’s why this section is so long!). The existence of CWs brings the Fediverse a tiny bit closer to the complexities of everyday life in the real world, where reading the room is essential to getting on with people. No one is going to get this right all the time, but simply being aware of CWs as an option and using them when you feel appropriate and able will make the Fediverse a much more accessible and pleasant place to be.

How do I add a CW to a post I want to share?

You can’t add CWs to someone else’s post. The reason for this is such a feature could be mis-used to quote the post, which is deliberately not available on Mastodon.

One workaround is to do a reply to the post with a CW telling people to read the post above, and then share your reply.

An alternative workaround is to create a new post with a CW that contains the web link to the post you want to share.

↩ Back to the front page

Hiding your Mastodon posts and profile from search engines like Google, Bing etc

If you use a public visibility setting on a post, the post will be visible to everyone, even people who aren’t Fediverse members. This means the post may be indexed by search engines, but there is something you can do to stop it.

Also, by default Mastodon profiles can be indexed by search engines as they are public too.

How to prevent a post being visible to search engines

The surest and safest way to prevent a post ending up on a search engine’s index is to use a non-public visibility setting. Followers-only and Mentions-only settings cannot be seen by search engines, so they cannot be indexed by them.

How to ask search engines not to index your profile

Mastodon has an option to request that search engines don’t index your profile page:

  1. Log in through your server’s website or web app
  2. Click on your profile image to go to your profile page
  3. Click on Edit Profile
  4. Click on the Privacy & Reach tab at the top of the page
  5. Scroll down to the box marked “Include profile page in search engines”, and UN-tick this box
  6. Click the Save changes button at the bottom of the screen

However, bear in mind it’s up to a search engine to decide if it wants to honour this request. Some search engines may decide to ignore your request. For that reason, it’s best not to put sensitive information on your profile.

What does the other option “Include public posts in search results” do?

There is another option in the settings just above the one about profiles. However, despite the similar wording this other option is nothing to do with search engines. If you tick the box marked “Include public posts in search results”, it will allow your public posts to appear in search results within Mastodon rather than external search engines. See the guide to full text search for more info on this.

↩ Back to the front page

How to hide your follows and followers in Mastodon

If you’re on a Mastodon server, you can keep your lists of follows and followers hidden on your profile if you want to:

  1. Log in through your server’s website or web app
  2. Click on your profile icon, then Edit profile
  3. Click on the Privacy & Reach tab
  4. Scroll down to the option marked Show follows and followers on profile, and UN-tick it
  5. Click the Save changes button

You will still be able to see your follows and follower lists when you look at your profile while logged in, but other people will not be able to see them.

What if I change my mind?

If you change your mind and want to show your lists to others, repeat the process above but tick the box instead of un-ticking it.

Will this stop people seeing me on other people’s follow/follower lists?

No, it will just stop people browsing your profile’s follow and follower lists. You may still show up on the follow/follower lists of other profiles.

↩ Back to the front page

Restricting who can follow you on Mastodon

On Mastodon, you can use a follow request system to restrict who can follow you. When it’s switched on, no one can follow you unless you manually approve their request. This can be used to screen who follows you.

To switch on the follow requests system:

  1. Log in through your server’s website or through the Mastodon web app
  2. Click on your profile image to go to your profile page
  3. Click on Edit profile
  4. Click on the Privacy and reach tab
  5. UN-tick the box marked Automatically accept new followers
  6. Click the Save changes button at the bottom of the page

After you’ve done this, a padlock icon 🔒 will appear next to your username on your profile. Anyone who clicks follow will send a follow request that you have to approve before the follow is activated.

If you change your mind about using follow requests, do the same thing again but tick the box instead of unticking it.

How do I approve or reject follow requests?

Follow requests will appear in your notifications and (on some interfaces) in a special section for follow requests. Click the ✔️ tick icon to approve a request, or the ❌ cross icon to reject it.

Don’t reject followers just because they don’t have a picture

Don’t screen followers out just because they have blank profile pictures. Many blind users don’t use profile pictures, but they will have text in their profile. The best way to screen potential followers is to read what they have written about themselves and what they have posted.

How do I stop non-followers seeing my posts?

You can set your posts to the Followers-only visibility setting, either manually or by default. When this is combined with the follow requests system, it means only people you choose can see your posts.

↩ Back to the front page

Blocking and muting accounts on Mastodon

(If you want to block or mute entire servers, please see the Blocking and Muting Servers on Mastodon guide.)

Is it rude to mute or block people?

It is totally fine to block or mute people on Mastodon and the Fediverse. It is not considered rude or unusual to do so. Use it as freely as you want!

There are lots of reasons why someone might block or mute an account, it’s not necessarily any kind of judgement against that account.

To block or mute someone on Mastodon:

  1. Either click ⋯ on one of their posts, or go to their profile and click the ⋯ or︙ button at the top
  2. Select Mute or Block depending on what you want
  3. If you change your mind, do the same thing again but select Unmute or Unblock

Here’s what these options mean:

  • Mutes are the softest option. When you mute someone you will no longer see their posts and you won’t see posts that mention them. You can also optionally set a timer so that the mute expires after a certain period, and there’s also an option for muting or not muting notifications from them. People who are muted will not know they are muted, and they will still be able to follow you, see your posts and interact. From the muted person’s point of view, everything will seem normal.
  • Blocks are the harder option. When you block someone, it does everything a mute does but also prevents them following you and hides your posts from them while they are logged in.

⚠️ Important: If you are posting public posts they will still be visible to the blocked person when they log out, because public posts are visible to everyone on the internet. To restrict the audience for a post, use followers-only or mentions visibilities.

What about the “Block Domain” option? What does that do?

It mutes all accounts from that person’s server, but does not block them (yes, the name is very misleading!). Please see the blocking and muting servers guide for more details.

How do I keep track of who I’ve muted and blocked?

To view lists of all of your blocks and mutes:

  1. Log in through your server’s website or the web app
  2. Go to your profile page and click ︙
  3. Select Muted Users, Blocked Users or Blocked Domains
  4. If you want to remove a mute or block, click the icon next to a name on the list

How do I do a temporary mute?

To have a temporary mute on Mastodon, log in through your server’s website or web app and it will offer you the option of setting a duration when you’re confirming the mute. Set the duration to however long you want the mute to last.

How do I mute just someone’s boosts?

On Mastodon, if you follow someone and you want to see their posts but not their boosts, you can hide just their boosts without blocking or muting them. This doesn’t affect their normal posts, and they have no way of knowing you’re doing it.

  1. Open your Mastodon app or log in through your server’s website
  2. Go to the profile of the person whose boosts you want to hide
  3. Click on the ︙or ⋯ button at the top and select Hide boosts from… (or Hide reblogs on some apps)
  4. If you change your mind, go back to their profile and select Show boosts from… (or Show reblogs)

This only works on accounts you follow.

Can I hide posts that contain particular words, phrases or hashtags?

Yes, you can do this by using Mastodon’s filter system.

What happens to DMs sent by someone I’ve muted or blocked?

If you mute or block someone, you won’t see any DMs from them by default. However if you decide to browse their profile you will see any DMs sent to you in their profile timeline.

If you remove a mute or block, DMs will start arriving as normal, but any DMs sent during the mute or block will only be visible by going to their profile.

Is there any way to allow DMs and mentions to work while muting someone?

Yes! If you mute someone through your server’s website or web app, there will be an option to allow notifications. If you allow notifications, then DMs and mentions by the muted account will still show up normally in your notifications.

How do I block DMs from people I don’t follow?

  1. Log onto your server’s website or web app
  2. Click ⚙️ Preferences
  3. Click Notifications (on the mobile website click ☰ and then Notifications)
  4. Tick the box marked “Block direct messages from people you don’t follow”
  5. Click the Save Changes button

If you change your mind, repeat these steps but untick the same box.

Also, if you are blocking DMs from strangers, you might want to mention this on your profile description to avoid any misunderstandings. (This avoids situations where people are trying to contact you for legitimate reasons but think you’re ignoring them.)

Another thing to bear in mind is it will also block private replies in threads from people you don’t follow, as these are technically the same as DMs on Mastodon.

Someone I’ve blocked on another server still seems to be able to interact with my posts, what’s going on?

Under certain circumstances people on certain other servers may be able to see and reply to your posts even if you block them. You won’t see their replies, but other people might. This isn’t the situation on most servers, but it can happen.

If this happens, contact your admin and ask them for help. They have more powerful tools available, and you might want to specifically suggest they activate “authorized fetch”. Authorized fetch is a special mode which makes blocks more effective. If the admin thinks it will break stuff, send them a link to the article as it works pretty well nowadays.

↩ Back to the front page

How do I contact the people who run my server? How do I find out what my server’s rules are?

If you are having problems with your server, you might want to contact the person who runs your server, usually known as the server’s administrator or “admin”.

On Mastodon, you can find the public email address and account profile of your server admin on the server’s About page. This is visible without logging in, and it provides a way to contact the admin even if you lose access to your account for some reason. To find the About page:

  1. Go to your server’s website, the website address is usually the same as the name of the server
  2. Click on the Learn More link at the left (if you’re on desktop) or the ⋯ icon on the right (if you’re on mobile)
  3. The admin’s public email address (labelled “CONTACT”) and a link to their profile page (labelled “ADMINISTERED BY”) will be near the top of the page

How do I find my server’s list of rules?

Go to the About page using the method above, but scroll down the page a bit until you get to the part marked Server Rules. Click this to reveal the rule list.

Each server is totally independent and sets its own rules, so it is worth reading this before joining a server. It is usually written in plain language that is easy to understand.

↩ Back to the front page

Reporting problematic content to moderators on the Fediverse

Reporting anti-social accounts is a good idea as it’s the main way server administrators find out about nasty behavour. Once admins are made aware of a problem, they can take action using special blocking tools that are not available to ordinary users.

How do I report posts or accounts on Mastodon?

  • To report a post click ⋯ on the bottom of the post and select Report.
  • To report an account, go to its profile and click ︙ or ⋯, then select Report.

In both cases, this will start a reporting wizard that narrows down specifically what kind of problem you’re reporting.

Remember to include examples!

Whatever you’re reporting, it’s really important to include examples of what the account has done wrong. Simply reporting the account with no examples creates a lot of work for the moderators, and it may make it impossible for them to moderate effectively.

On Mastodon, the reporting wizard includes options to select posts from that account, and if you’re reporting via a post then that post will be automatically selected as an example to include on the report.

If possible, tell the account’s own server too

Mastodon reporting forms include the option to also send an anonymous report to the server of the account that wrote the post. This is usually a good idea, because only a user’s home server has the power to suspend or delete their account. Other servers can block accounts, but in the worst cases it may be better that a nasty account is deleted at source.

However, there is a caveat to this: if the problematic user’s entire server is also problematic, it may be best not to include them in the report. Such servers tend to lash out when people report their behaviour. Your own server admin will be able to block problematic servers completely, which is usually the best way of dealing with such servers. If you notice the entire origin server is problematic, mention this in your report to your own server’s admin.

What do I do about accounts that just boost nasty stuff?

If there’s an account that just boosts lots of problematic posts without actually posting anything itself, this can seem trickier to report as they aren’t giving you any of their own posts to click on. However, it is possible to report them too!

Go to their account’s profile page and report them from there (by clicking ︙ or ⋯). If you do this though, remember to mention in the comments section of the report the boosts that are problematic and why, so that the moderator can locate them more easily.

What exactly ARE the rules on the Fediverse?

Each server is totally independent and sets its own rules for acceptable behaviour. If you go to a server’s about page you should see a copy of its rules. If possible, it’s worth reading this before you sign up on a server, as it can tell you a lot about their approach to moderation.

If there’s something bad happening and it isn’t covered by the rules, report it. There will often be bad situations that could not have been anticipated by the admin when writing the rules, and they depend on user reports to find out about them.

If you’re in any doubt about what is acceptable, ask your server’s admin for advice. If there’s something wrong with their approach or attitude, you might want to consider transferring your account to another server.

↩ Back to the front page

Do I need to use my real name or real photo?

No.

You don’t need to reveal any kind of personal information about yourself on the Fediverse. Use any name you want, and any picture (or no picture at all).

The only information you need to give when signing up on a Fediverse server is an email address, and you can use an email alias if you want to keep it secret. The only other data a Fedi server might see is your computer’s or phone’s IP address, but this is hidden if you’re using a VPN or Tor.

Revealing personal information on the internet is a bad idea in general, as it makes unwanted tracking and identity theft much more likely.

What if I want to impersonate someone else?

Whatever name you choose to use, don’t impersonate other people, it’s not very nice and would break the rules on many servers, possibly getting you banned. Impersonation may also be illegal in some countries.

Can I leave the profile picture blank?

Yes, if you want. A lot of blind people on the Fediverse don’t use profile pictures, and there is no obligation to have a picture.

↩ Back to the front page

Who can see my posts and replies in Mastodon? How do I choose post visibility settings? How do I send DMs in Mastodon?

The visibility of a post or reply on Mastodon depends on its visibility setting. These settings decide which other accounts have permission to see that particular post or reply.

On Mastodon there are four types of post visibility. You can set the visibility of a post by clicking the icon that represents it in the row below the message editing window. It’s usually a 🌐, 🔒, 👥 or @ icon, but some apps may use slightly different icons.

Some more details about each setting:

  • Public – Anyone can see it, even people who aren’t on the Fediverse, and the posts will be visible in searches on Mastodon. If you go to a person’s public profile page you will see all their public posts. This is normally indicated by a globe icon 🌎.
  • Unlisted (aka Quiet Public) – Anyone can see it, but it won’t appear in the trending posts list or the Local or Federated timelines, and it won’t show up in search results. This can be useful for replying in threads, so that you’re not filling people’s timelines unnecessarily. Normally indicated by an open lock icon or a crescent moon.
  • Followers-only – Only your followers can see these, normally indicated by a closed lock 🔒 or people 👥 icon. If you use this setting, it’s a good idea to switch on follower requests, otherwise anyone could follow you to see your followers-only posts.
  • Mentioned (aka Specific People) – Only people you @ within the message can see the post, normally indicated by an @ symbol. Be really careful who you @ because they will see the post.
  • Local – Only people on your server can see it. This option is only available on servers running Hometown Mastodon ⧉ or Glitch Mastodon ⧉. Most people are on servers running standard Mastodon and will not have this option.

Sending DMs in Mastodon

You can send people messages by setting a post’s visibility to @ Mentioned, then @ the people you want to receive the DM. If you use your server’s website or the web app, there’s a Private Mentions option in the menu which lets you see all your mentioned posts in a separate inbox.

⚠️ If you @ someone they will be able to see it, even in DMs or Followers-Only modes

In all modes including DMs and Followers-Only, if you @ someone in a post they will see that post! Because of this, you need to be really careful who you @ in a post.

If you absolutely have to mention an account but don’t want them to see it, try replacing the @ symbols with the word “AT” instead and make sure you’re using a visibility they don’t have access to such as Followers-Only (if they don’t follow you) or Mentions. Removing the @ symbol will break the address, and prevent the account holder seeing the mention.

I can’t see Unlisted as an option on my app?

Unlisted is available as a visibility option on almost all versions of Mastodon including the website, the web app and the third party apps. However, for some strange reason it is not included on the official apps.

If you want the official apps to support Unlisted and you’re comfortable using Github, you can let the developers know you want it added on the iOS version ⧉ and the Android version ⧉.

How do I set my default visibility for new posts?

To set the default visibility on new posts:

  1. Log onto your server’s website or the web app
  2. Click on ⚙️ Preferences (or ⚙️ on mobile web) at the right of the screen
  3. Click on Other at the left of the screen (or ☰ and then Other on mobile web)
  4. In the Posting Privacy dropdown menu, choose the default visibility you want
  5. Click the Save changes button in the top right

NOTE: This is only a default setting. You can always set it to a different visibility for individual posts or replies by clicking their visibility icon when you’re writing them.

Is it possible to edit post visibility after it is published?

You cannot edit the visibility of a post or reply after you’ve published it, so make sure you choose the correct visibility when writing it.

If you absolutely have to change the visibility, your only option is to delete the post and start again, which is most easily done by clicking ⋯ below the post and then Delete & re-draft. If you use this option, the original post will cease to exist, its boosts and bookmarks will disappear, links to it will break and its replies will be orphaned.

Who can see my boosts?

When you boost a post, it will immediately appear in the home timelines of all your followers. The original author of the post will also get a notification to say that you boosted their post.

When do replies appear in the Home timeline?

Replies will appear in your Home timeline if any one of these are true:

  • The reply mentions you
  • You wrote the reply
  • The reply is by someone you follow AND mentions someone else you follow
  • Someone you follow is replying to themselves to create a thread
  • Someone you’re following has boosted the reply

When do Unlisted posts and replies appear in the Home timeline?

In Home timelines, Unlisted posts and replies will appear exactly like public posts and replies. Unlisted posts will only be hidden in the Federated and Local timelines, in search results and in the trending posts list.

What about visibility in searches? How do I set the searchability of posts?

Posts and replies will only show up in search results if they have a Public visibility setting. If you want a post or reply to be searchable, you need to set its visibility to Public.

You also need to decide if you want your public posts and replies to be searchable by full text or just by hashtags. By default it’s just hashtags, but you can also allow the entire contents to be searched by opting into the full text search system.

What about Local-only visibility? How do I make a post only visible to people on my server?

Servers running the standard version of Mastodon do not have a Local-only visibility setting. However, servers running forks of Mastodon such as Hometown Mastodon ⧉ or Glitch Mastodon ⧉ may include a fifth visibility setting called “Local” or “Local only”.

Posts or replies using the Local visibility setting can only be seen by people whose accounts are on the same server.

If I’m replying to someone else’s post, do I have to use the same visibility setting on my reply? How do I send a private reply?

You can adjust your reply to have any visibility setting you want, regardless of the original post’s setting. Bear in mind though that some settings may exclude the author of the original post from seeing your reply.

If you want to send a post’s author a private reply, use the @ Mentioned visibility and make sure you @ them in the reply.

What about federation? How widely can my posts be seen by people on other servers?

Have a look at the guide to which posts can be seen from servers.

↩ Back to the front page