Tag Archives: Fediverse Safety

Importing ready-made server blocklists on your own Mastodon server

by

Mastodon servers can choose to block other servers, and by default this is done manually one at a time. However, this can get cumbersome if there are lots of servers you need to block quickly, especially if you’re running a new server with no blocks at all yet.

To make the process easier, servers admins can import pre-written server-level blocklists from sites such as oliphant.social ⧉. Once you have a blocklist downloaded, here’s how to add it to your own server:

  1. Log in on your server’s website using your admin account.
  2. Go to Preferences > Moderation > Federation
  3. Click the Import button at the top
  4. Browse for the blocklist’s .csv file, then click Upload
  5. You will be presented with a list of servers to block. If there are servers with existing connections to your server, they will be automatically unticked. If you want to include these in the block, tick them.
  6. When you want to implement the blocklist, click Import in the top right corner of the list and click OK to confirm.

Once the list is successfully imported, the blocks will appear alongside your existing blocks. If necessary, you can remove blocks from the list just like any manually added block.

Will it block people that have already followed me, or that I already follow?

Before any blocks happen, the blocklist import process will highlight servers on the list that your server already has connections to. You will be given the option of either going ahead with blocking those servers, or leaving them off the blocklist. By default it will leave them off the blocklist, unless you choose to add them back in.

If you block a particular server, then all the follows and followers from that particular server will lose their connections to your server.

How reliable are ready-made blocklists?

Different blocklists have different methods for compiling them, which are usually stated next to their download links. You as admin need to judge which blocklist best suits your server. The blocklist links at oliphant.social ⧉ are a good starting point for discovering ready-made blocklists.

Typically a ready-made blocklist might be compiled through some sort of vote by a pool of admins trusted by the blocklist compiler. Minimal blocklists might demand a very high number of admin votes before adding a server to the blocklist, while broad lists might block servers even after just a few votes.

If a blocklist doesn’t state any methodology, it might not be the most reliable blocklist.

↩ Back to the front page

Creating an isolated Mastodon server

by

Mastodon servers don’t have to communicate with other servers. They can be run in “Limited Federation” mode, where all other servers are blocked by default. This can be left as it is for a totally isolated community, or an “allowlist” can be introduced which allows specifically selected servers to communicate.

If you want to do this with Mastodon, there’s a web page with instructions and tips on Limited Federation mode here ⧉ and there’s a technical description of Limited Federation mode ⧉ in the official documentation.

Allowlists vs Blocklists: How do they differ?

In normal mode, Mastodon servers can communicate with other servers unless the server admin blocks them. This is known as a “blocklist” system, because it depends on the admin telling their server which other servers to block.

In Limited Federation mode, it’s the opposite way around. No servers can communicate with the server unless the server admin specifically allows them. This is known as an “allowlist” system, because it depends on the admin telling their server which other servers to allow connections with.

How do I set my server to Limited Federation mode?

You’ll need to be a server admin to change your server’s federation.

If the server is on a managed hosting company, the admin will need to ask the hosting company to switch the server over to Limited Federation mode.

If the server has been set up manually by the admin, they will need to make the adjustments manually by consulting the official Mastodon documentation on federation ⧉.

Will the apps work with a server in Limited Federation mode?

The server’s website and the web apps should work fine.

There may be problems with some app store apps working with servers in Limited Federation mode. You might want to have a look at the guide linked to above ⧉ for more info on which apps work.

↩ Back to the front page

Adding user safety through Authorized Fetch on Mastodon

by

This is a bit technical, but there’s a little-known feature on Mastodon called “Authorized Fetch”, aka “Secure Mode”. By default it is switched off as it uses more resources and can cause compatibility problems with servers running older software.

When it is switched on, it makes all blocks more effective, including both server-level and user-level blocks. This empowers users to fight abusers and trolls more effectively, and makes the server’s own blocks more powerful too.

Which kind of posts does this affect? Can abusers see followers-only or mentions-only posts?

Posts using follower-only or mentions-only visibilities are already protected from unauthorised interaction. Authorized Fetch only makes a difference on public or unlisted posts. If you never use public or unlisted posts, you don’t need Authorized Fetch.

Please see the post visibility guide for all the kinds of visibilities that a post can be, and how to set your defaults.

I am a server admin, how do I find out more about this?

There’s an official technical description of Authorized Fetch here ⧉ and a detailed unofficial article here ⧉ which might be useful.

How to activate Authorized Fetch on Mastodon

Only server admins can activate it, so if you’re not an admin you’ll need to contact your server’s admin and ask them to do this.

The latest version of Mastodon includes controls in the graphical interface for activating it:

  1. The admin should sign onto the Mastodon server’s website or web app using their admin account
  2. Click ⚙️ Preferences
  3. Click Administration (on the left of the screen or in ☰ on the mobile site)
  4. Click Server Settings
  5. Click the Discovery tab at the top
  6. Tick the box marked Require authentication from federated servers
  7. Click Save changes

On some managed hosting services this option may be greyed out. If so, ask the managed hosting company to switch it on for you.

Why isn’t this on by default?

Authorized Fetch uses more server resources as the server has to do a lot more checks for each post to prevent unauthorised interactions.

However, the costs of these extra resources may be worth it for the extra level of user safety the feature brings.

Does this stop website scraping?

No, nothing can stop scraping of public posts on a public website. However, scraping a website and copying its contents is not the same thing as interacting directly with a thread on a social network.

Compatibility with other Fediverse servers

Authorized Fetch is an official feature of Mastodon and it should work fine when federating with servers that are running Mastodon 3.0.0 or higher. It should also work with GoToSocial (which uses Authorized Fetch by default), Pixelfed, PeerTube and most other Fediverse server types.

↩ Back to the front page

Is Mastodon end-to-end encrypted?

by

No. Mastodon isn’t E2EE. Some work has been done ⧉ on building an encrypted messaging system into Mastodon, but it isn’t finished yet.

What does this mean? Can my server’s admin read my DMs?

In theory, the owner of your server could read at your DMs in the server’s database. However, it’s not as simple as that in practice.

An admin would need a certain level of technical skill, as there is no way to view DMs in Mastodon’s admin interface. The server owner would have to manually look through their server’s database directly to read a DM, and bypass Mastodon’s admin interface completely. It’s not something they could do casually.

Is this normal?

Social networks typically don’t encrypt messages by default. For example, on Twitter/X all DMs and posts are visible to moderators.

Can everyone see my DMs on Mastodon?

No, they would need direct access to your server’s database, which is restricted to the server owner and their hosting provider.

What should I use if I want to send sensitive information?

If you want to send something sensitive, the best option is to use a dedicated messaging system with end-to-end encryption.

There’s a very popular encrypted messaging system called XMPP (also known as Jabber). XMPP is structured like Mastodon, with lots of connected servers, but it is designed entirely for private messaging and calling. There’s a website to help non-technical people sign up on existing servers at JoinJabber.org ⧉ and there’s a managed hosting service to help non-technical people set up their own server at Snikket.org ⧉.

Is XMPP compatible with Mastodon? Is it part of the Fediverse?

No. XMPP is designed entirely for messaging, calling and real time chatting. It isn’t intended as a social network, and doesn’t use Fediverse protocols like ActivityPub. However, the server structure of XMPP is very similar to Mastodon and has the same advantages, which is why it’s recommended on this website.

Some Fediverse server admins also run XMPP servers too. If you’re happy with how your Fediverse server is run, it might be worth asking your server admin if they have an XMPP server too.

How do I make sure XMPP is encrypted?

Modern XMPP apps use a standard called OMEMO for end-to-end encryption. As long as everyone taking part in a conversation has the OMEMO feature switched on, then the conversation will be encrypted. If you’re unsure, you should be able to find OMEMO in your XMPP app’s settings page, and you can check which XMPP apps have OMEMO-compatibility at the Are we OMEMO yet? ⧉ website.

XMPP? Jabber? Which is it?

XMPP and Jabber are the same thing. “Jabber” was the original name, but unfortunately a commercial company bought the trademark for it. A new name was required and it was decided to use “XMPP” officially, though unofficially many people still call it Jabber as it’s easier to remember.

Who controls XMPP?

No one controls it, it’s decentralised and federated. The XMPP network is made up of many indpendent servers that talk to each other.

XMPP is a free open standard maintained by the non-profit XMPP Standards Foundation ⧉. Anyone can use the XMPP standard on their server or app, and each server and app is totally independent.

↩ Back to the front page

Using Two Factor Authentication (2FA) on Mastodon

by

To keep your Mastodon account extra secure, you can use a feature called “Two Factor Authentication”, also known as “2FA”. When you have 2FA activated, even if someone finds out your password they still cannot log into your account.

How does 2FA work?

2FA usually works through a special app on your phone, tablet or computer which constantly generates special pass codes, often in the form of six random numbers. These codes are linked to your account, and only your app will generate codes that match your account.

When you want to log into your account, as well as your password Mastodon will also ask you for your 2FA code, which you can find out from your app. It will then log you in.

How do I get a 2FA app?

There are many 2FA apps in all app stores, for example Aegis and Raivo are popular 2FA apps. Apple’s keychain also includes 2FA support. The technical name for these apps is “TOTP” or “Authenticator”.

I’ve got my 2FA app, how do I activate 2FA on Mastodon?

  1. Log into your account on your server’s website or on the web app
  2. Click ⚙️ Preferences
  3. Click Account (on the mobile site click ☰ and then Account)
  4. Click Two Factor Auth (on the mobile site click ☰ again and then Two Factor Auth)
  5. Follow the instructions, including the part about keeping the backup codes in a safe place

After you’ve activated 2FA, the next time you log in on Mastodon it will ask your password and then ask your 2FA code. Go to the app and find the code, then type this into Mastodon.

Do I need to type a 2FA code in every time I use Mastodon?

No. You only need to use a 2FA code when you log in, so if you stay logged in it won’t ask for the 2FA code.

What if someone sees my current 2FA code?

It doesn’t matter, because the current 2FA code changes so frequently. Most people set it to change every few minutes or even every 30 seconds. If someone sees your current 2FA code, it will soon change to something else anyway and the old code will be useless to them.

The only code you need to keep secret is the 2FA’s backup code, which you should print out and put in a safe place. This backup code gives you access to your account if the 2FA app stops working for some reason.

Is 2FA just for techy people, or can non-techy people use 2FA as well?

Setting up 2FA is slightly tricky, and it will require you to keep a permanent copy of a special code in a safe place, preferably printed out and kept at home with your other important documents. This special code lets you access your account if you lose access to your 2FA app. If you’re not technically minded, you might want to get help from a trusted friend or relative in setting it up. Make sure they are people you trust, as the backup code would allow them access to your account.

However, after it has been set up, 2FA is extremely easy to use: the 2FA app displays a code and you simply type this in when Mastodon asks you to. It’s very simple and becomes second nature quickly.

Does the 2FA app know what I’m doing?

No. 2FA apps have no awareness of anything you’re doing.

The apps just passively display a list of security codes generated from the current time and your unique account keys. It doesn’t send any data anywhere, the code generation happens entirely offline on your own phone or computer. The apps have no idea if you’re even using the codes.

At a technical level, 2FA apps are essentially just very elaborate clocks, but instead of displaying the time they display ever-changing access codes. Your account’s server also knows what time it is, and that’s how it knows whether your 2FA access code matches up with what it should be.

Is 2FA just for Mastodon, or can I use it for other things?

It’s not just Mastodon! Most major online services nowadays have an option to activate 2FA. For example most email providers include 2FA support, and using it works just like logging in on Mastodon.

You can use the same app to generate all your codes. Each service uses a different code, and your app will generate a list of different codes if you use it on many services.

↩ Back to the front page

How to prevent your account being suggested to others in Mastodon

by

On Mastodon, there’s a feature that automatically suggests accounts to follow when people first join a server, and when they click on the For You or People tab in Explore or Search. These suggestions are based on how many people on that server follow the account and boost its posts, and server admins can optionally add suggestions manually too.

What if I don’t want my account suggested to others?

You can set whether your account is suggested to others or not.

  1. Log in through your server’s website or the web app.
  2. Click on ⚙️ Preferences
  3. Click on Profile (or ☰ and Profile if you’re on the mobile website)
  4. Click on the Privacy & Reach tab at the top
  5. Go to the box marked Feature profile and posts in discovery algorithms, and UN-tick the box if you do NOT want to be suggested.

Wait a minute… “Feature profile and posts in discovery algorithms”? I thought Mastodon didn’t use algorithms?

The name in this section is a bit misleading. These are not the kind of complex, hidden, dubiously motivated algorithms that cause problems on Facebook, Twitter etc. The “algorithm” in this case is a simple open source mathematical formula that looks at which accounts are most followed and most boosted.

Technically even the simplest mathematical process is an algorithm, but in this case it might as well just say “Most followed & most boosted accounts”.

The “For You” tab… is it using my personal data to generate suggestions?

No, it doesn’t use personal data. The For You tab gives the same suggestions to everyone on your server, but it hides accounts you are already following which is why it says “For You”. The tab has been renamed “People” on upcoming versions of Mastodon to make this clearer.

↩ Back to the front page

Filtering your Mastodon timeline to automatically hide posts containing certain words, phrases, hashtags, links or emoji

by

On Mastodon, you can set your timeline to automatically hide or block posts featuring certain words, phrases, hashtags or emoji. You can choose to block them completely, or hide them behind a warning that you can open manually.

This isn’t just about offensive posts, it can be filtering for any reason at all. Some people use filters to hide Wordle posts for example. Your filters are private, and they will apply in the apps as well as on the website. No one will know you have filtered their posts.

To add a filter:

  1. Log in through your server’s website or the web app
  2. Go to ⚙️ Preferences > Filters (On the mobile website click ⚙️ and then ☰ and then Filters, on the desktop website click ⚙️ Preferences and then the Filters link on the left side of the Preferences page)
  3. Click the Add new filter button
  4. Choose the settings you want, then click Save new filter

Some tips which might help with creating filters:

  • The Title section at the start of a filter is just a name you want to give the filter so you remember what it does. It isn’t the actual words the filter uses.
  • You can add the filtered words, phrases or emoji in the Keywords section at the bottom. They aren’t case sensitive.
  • The filter will look for these keywords in entire posts, including the actual content, hashtags, account addresses, alt text descriptions or web addresses mentioned in posts.
  • Filters work retrospectively, so posts made before the filter was created will also be filtered.
  • You can add more words and phrases to the same filter by clicking the + Add keyword link at the bottom of the page. The filter will be triggered if any of the words or phrases are present.
  • You don’t need to include # on filtered hashtags, these will automatically be blocked if they contain a filter’s keyword.
  • You can make filters temporary by setting the Expire after section. By default this is set to “never” which means the filter is permanent.
  • The Filter contexts section lets you apply the filter to specific parts of Mastodon. If you want it applied everywhere, tick all the boxes.
  • If you have the Whole word option on the filter ticked, it means the filter only applies to posts containing exactly that word. If you UN-tick this option, the filter will also apply to posts that have that word with other letters or numbers next to it without spaces, for example within another word, or a different form of the same word.
  • You can edit or delete filters at any time by going back to the Filters section in ⚙️ Preferences.

How do I filter posts that contain a particular link?

Add a filter for part of the text in the link (such as the link’s domain name), then make sure you have UN-ticked the box marked Whole word, then save the filter. This will filter anything that contains that text including links.

↩ Back to the front page

How to use Content Warnings (CWs) on Mastodon and the Fediverse

by

Content Warnings (CWs) are an optional Fediverse feature which hides the content of a post behind a warning message. The post can be revealed by clicking on the warning. Only the person who writes the post can add a CW to it.

What are CWs for?

Content warnings hide any kind of content where the person reading may not want to read it right that minute, but they may want to read later. It could be something serious like upsetting news, or less serious like film spoilers. There’s also a very strong Fediverse tradition that those who are able to should use CWs when talking about emotive topics such as politics or religion. It is also often used for potentially “not safe for work” content such as gore or nudity.

How do I add a CW to my post?

  1. Start writing a new post or edit an existing post
  2. Click on the button at the bottom of the message writing window labelled “CW” or “Warning” or ⚠️ or other similar icons
  3. Write a brief warning giving people a clear idea of what to expect within the post itself, without them having to actually open it
  4. Publish the post

What if I want to open lots of CWs at once?

On Mastodon, if you are using the website or the web app you can make all the CWs in a thread open or close at once by clicking the 👁️ eye icon in the top right corner of a thread. (Note that the eye icon on the official mobile app does something different, it just opens one post at a time.)

I don’t care about warnings, how do I make all posts be visible for me automatically?

If you don’t want to ever see any CWs at all, you can make Mastodon open all CW posts by default:

  1. Log in through the website or the web app
  2. Click ⚙️ Preferences
  3. Scroll down the page and tick the box marked Always expand posts marked with content warnings
  4. Click the Save changes button

Is it compulsory to use CWs?

It depends.

Some servers have specific rules about when to use CWs, while others ask you to use your initiative.

When exactly should I use CWs? What if I see someone not using CWs when they should be?

CWs are an accessibility feature for many people, as they allow those who have traumas triggered by certain topics to read potentially triggering posts when they are mentally prepared to do so. It’s important to emphasise the point that for many people CWs are not about avoiding topics, it’s exactly the opposite: CWs make triggering posts accessible to people who would otherwise have to avoid them, in the same way that text descriptions make images accessible to blind people. They can widen your post’s audience.

Having said that, it is a bad idea to call people out for not using CWs! Some people will have legitimate reasons for not using CWs, for example someone who is currently going through a serious personal trauma, or perhaps is being persecuted or under threat of violence. It is not appropriate to demand CWs from someone who is going through something really horrific in their real world life. They may have much bigger things to worry about than social media, and we should help them deal with these bigger things however we can.

Even if someone should be using CWs, having public arguments about rules is not necessarily the best way to get someone to obey them, especially if they’re new to the Fediverse.

If there’s a post you think should be CWed and there’s no obvious reason why it isn’t, check the rules on your server and then ask your server admin for advice on what to do. They set the rules, and they are ultimately the ones that decide what is allowed on there.

In short, CWs are a balancing act, and require a lot of social skill (that’s why this section is so long!). The existence of CWs brings the Fediverse a tiny bit closer to the complexities of everyday life in the real world, where reading the room is essential to getting on with people. No one is going to get this right all the time, but simply being aware of CWs as an option and using them when you feel appropriate and able will make the Fediverse a much more accessible and pleasant place to be.

How do I add a CW to a post I want to share?

You can’t add CWs to someone else’s post. The reason for this is such a feature could be mis-used to quote the post, which is deliberately not available on Mastodon.

A workaround is to do a reply to the post with a CW telling people to read the post above, and then share your reply.

↩ Back to the front page

Hiding your posts from search engines on Mastodon and the Fediverse

by

If you use a public visibility setting on a post, it will be visible to everyone, even people who aren’t Fediverse members. This means the post may be indexed by search engines.

You can either make your posts invisible to search engines, or ask search engines not to index your public posts.

Prevent a post being visible to search engines

The surest and safest way to prevent a post ending up on a search engine’s index is to use a non-public visibility setting. Followers-only and Mentioned settings cannot be seen by search engines, so they will not be indexed.

Ask search engines not to index your posts

Mastodon also has an option to request that search engines don’t index your public posts:

  1. Log in through your server’s website
  2. Go to Preferences > Other > Opt out of search engine indexing
  3. Tick the box and click Save changes

However, bear in mind it’s up to a search engine to decide if it wants to honour this request, and less honest search engines may decide to ignore your request. If you want a post to remain off search engines, it’s much safer to use a non-public setting.

↩ Back to the front page

How to hide your follows and followers in Mastodon

by

If you’re on a Mastodon server, you can keep your lists of follows and followers hidden on your profile if you want to:

  1. Log in through your server’s website
  2. Click on Edit profile if you’re on the desktop website. If you’re on the mobile website click on your profile icon in the top right corner, then Edit profile.
  3. Click on the Privacy & Reach tab
  4. Scroll down to the Show follows and followers on profile option and make sure it is un-ticked
  5. Click the Save changes button

You will still be able to see your follows and follower lists when you look at your profile while logged in, but other people will not be able to see them.

If you change your mind, repeat the process above but tick the box instead.

↩ Back to the front page

Restricting who can follow you on Mastodon

by

On Mastodon, you can use a follow request system to restrict who can follow you. When it’s switched on, no one can follow you unless you manually approve their request. This can be used to screen who follows you.

To switch on the follow requests system:

  1. Log in through your server’s website or through the Mastodon web app
  2. Click on your profile image to go to your profile page
  3. Click on Edit profile
  4. Click on the Privacy and reach tab
  5. UN-tick the box marked Automatically accept new followers
  6. Click the Save changes button at the bottom of the page

After you’ve done this, a padlock icon 🔒 will appear next to your username on your profile. Anyone who clicks follow will send a follow request that you have to approve before the follow is activated.

If you change your mind about using follow requests, do the same thing again but tick the box instead of unticking it.

Don’t reject followers just because they don’t have a picture

Don’t screen followers out just because they have blank profile pictures. Many blind users don’t use profile pictures, but they will have text in their profile. The best way to screen potential followers is to read what they have written about themselves and what they have posted.

How do I stop non-followers seeing my posts?

You can set your posts to the Followers-only visibility setting, either manually or by default. When this is combined with the follow requests system, it means only people you choose can see your posts.

↩ Back to the front page

Blocking and muting accounts on Mastodon

by

(If you want to block or mute entire servers, please see the Blocking and Muting Servers on Mastodon guide.)

Is it rude to mute or block people?

It is totally fine to block or mute people on Mastodon and the Fediverse. It is not considered rude or unusual to do so. Use it as freely as you want!

There are lots of reasons why someone might block or mute an account, it’s not necessarily any kind of judgement against that account.

To block or mute someone on Mastodon:

  1. Either click ⋯ on one of their posts, or go to their profile and click the ⋯ or︙ button at the top
  2. Select Mute or Block depending on what you want
  3. If you change your mind, do the same thing again but select Unmute or Unblock

Here’s what these options mean:

  • Mutes are the softest option. When you mute someone you will no longer see their posts and you won’t see posts that mention them. You can also optionally mute notifications from them, and set a timer so that the mute expires after a certain period. People who are muted will not know they are muted, and they will still be able to follow you, see your posts and interact.
  • Blocks are the harder option. When you block someone, it does everything a mute does but also prevents them following you and hides your posts from them while they are logged in.

⚠️ Important: If you are posting public posts they will still be visible to the blocked person when they log out, because public posts are visible to everyone on the internet. To restrict the audience for a post, use followers-only or mentions visibilities.

What about the “Block Domain” option? What does that do?

It mutes all accounts from that person’s server, but does not block them (yes, the name is very misleading!). Please see the blocking and muting servers guide for more details.

How do I keep track of who I’ve muted and blocked?

To view lists of all of your blocks and mutes:

  1. Log in through your server’s website
  2. Go to your profile page and click ︙
  3. Select Muted Users, Blocked Users or Blocked Domains
  4. If you want to remove a mute or block, click the icon next to a name on the list

How do I do a temporary mute?

To have a temporary mute on Mastodon, log in through your server’s website or web app and it will offer you the option of setting a duration when you’re confirming the mute. Set the duration to however long you want the mute to last.

How do I mute just someone’s boosts?

On Mastodon, if you follow someone and you want to see their posts but not their boosts, you can hide just their boosts without blocking or muting them. This doesn’t affect their normal posts, and they have no way of knowing you’re doing it.

  1. Open your Mastodon app or log in through your server’s website
  2. Go to the profile of the person whose boosts you want to hide
  3. Click on the ︙or ⋯ button at the top and select Hide boosts from… (or Hide reblogs on some apps)
  4. If you change your mind, go back to their profile and select Show boosts from… (or Show reblogs)

This only works on accounts you follow.

What happens to DMs sent by someone I’ve muted or blocked?

If you mute or block someone, you won’t see any DMs from them by default. However if you decide to browse their profile you will see any DMs sent to you in their profile timeline.

If you remove a mute or block, DMs will start arriving as normal, but any DMs sent during the mute or block will only be visible by going to their profile.

How do I block DMs from people I don’t follow?

  1. Log onto your server’s website or web app
  2. Click ⚙️ Preferences
  3. Click Notifications (on the mobile website click ☰ and then Notifications)
  4. Tick the box marked “Block direct messages from people you don’t follow”
  5. Click the Save Changes button

If you change your mind, repeat these steps but untick the same box.

Also, if you are blocking DMs from strangers, you might want to mention this on your profile description to avoid any misunderstandings. (This avoids situations where people are trying to contact you for legitimate reasons but think you’re ignoring them.)

Another thing to bear in mind is it will also block private replies in threads from people you don’t follow, as these are technically the same as DMs on Mastodon.

↩ Back to the front page

How do I contact the people who run my server? How do I find out what my server’s rules are?

by

If you have any problems with the server which can’t be addressed through the reporting system, you can email the administrator (or “admin”) of your server directly.

On Mastodon, you can find the public email address of your server admin on the server’s About page. The same page also lists the server’s rules. To find it, go to your server’s website and click on “Learn More”. You don’t need to be logged in. The email address will be listed in the top half of the About page, just above the list of rules. It is worth reading the rule list as it varies from server to server, and it is usually written in plain language that is easy to understand.

↩ Back to the front page

Reporting problematic content to moderators on the Fediverse

by

Reporting anti-social accounts is a good idea as it’s the main way server administrators find out about nasty behavour. Once admins are made aware of a problem, they can take action using special blocking tools that are not available to ordinary users.

How do I report posts or accounts on Mastodon?

  • To report a post click ⋯ on the bottom of the post and select Report.
  • To report an account, go to its profile and click ︙ or ⋯, then select Report.

In both cases, this will start a reporting wizard that narrows down specifically what kind of problem you’re reporting.

Remember to include examples!

Whatever you’re reporting, it’s really important to include examples of what the account has done wrong. Simply reporting the account with no examples creates a lot of work for the moderators, and it may make it impossible for them to moderate effectively.

On Mastodon, the reporting wizard includes options to select posts from that account, and if you’re reporting via a post then that post will be automatically selected as an example to include on the report.

If possible, tell the account’s own server too

Mastodon reporting forms include the option to also send an anonymous report to the server of the account that wrote the post. This is usually a good idea, because only a user’s home server has the power to suspend or delete their account. Other servers can block accounts, but in the worst cases it may be better that a nasty account is deleted at source.

However, there is a caveat to this: if the problematic user’s entire server is also problematic, it may be best not to include them in the report. Such servers tend to lash out when people report their behaviour. Your own server admin will be able to block problematic servers completely, which is usually the best way of dealing with such servers. If you notice the entire origin server is problematic, mention this in your report to your own server’s admin.

What do I do about accounts that just boost nasty stuff?

If there’s an account that just boosts lots of problematic posts without actually posting anything itself, this can seem trickier to report as they aren’t giving you any of their own posts to click on. However, it is possible to report them too!

Go to their account’s profile page and report them from there (by clicking ︙ or ⋯). If you do this though, remember to mention in the comments section of the report the boosts that are problematic and why, so that the moderator can locate them more easily.

What exactly ARE the rules on the Fediverse?

Each server is totally independent and sets its own rules for acceptable behaviour. If you go to a server’s about page you should see a copy of its rules. If possible, it’s worth reading this before you sign up on a server, as it can tell you a lot about their approach to moderation.

If there’s something bad happening and it isn’t covered by the rules, report it. There will often be bad situations that could not have been anticipated by the admin when writing the rules, and they depend on user reports to find out about them.

If you’re in any doubt about what is acceptable, ask your server’s admin for advice. If there’s something wrong with their approach or attitude, you might want to consider transferring your account to another server.

↩ Back to the front page

Do I need to use my real name or real photo?

by

No.

You don’t need to reveal any kind of personal information about yourself on the Fediverse. Use any name you want, and any picture (or no picture at all).

The only information you need to give when signing up on a Fediverse server is an email address, and you can use an email alias if you want to keep it secret. The only other data a Fedi server might see is your computer’s or phone’s IP address, but this is hidden if you’re using a VPN or Tor.

Revealing personal information on the internet is a bad idea in general, as it makes unwanted tracking and identity theft much more likely.

What if I want to impersonate someone else?

Whatever name you choose to use, don’t impersonate other people, it’s not very nice and would break the rules on many servers, possibly getting you banned. Impersonation may also be illegal in some countries.

Can I leave the profile picture blank?

Yes, if you want. A lot of blind people on the Fediverse don’t use profile pictures, and there is no obligation to have a picture.

↩ Back to the front page

Who can see my posts and replies in Mastodon? How do I send DMs in Mastodon?

by

The visibility of a post or reply on Mastodon depends on its visibility setting. These settings decide which other accounts have permission to see that particular post or reply.

On Mastodon there are four types of post visibility. You can set the visibility of a post by clicking the icon that represents it in the row below the message editing window. It’s usually a 🌐, 🔒, 👥 or @ icon, but some apps may use slightly different icons.

Some more details about each setting:

  • Public – Anyone can see it, even people who aren’t on the Fediverse, and the posts will be visible in searches on Mastodon. If you go to a person’s public profile page you will see all their public posts. This is normally indicated by a globe icon 🌎.
  • Unlisted (aka Quiet Public) – Anyone can see it, but it won’t appear in the trending posts list or the Local or Federated timelines, and it won’t show up in search results. This can be useful for replying in threads, so that you’re not filling people’s timelines unnecessarily. Normally indicated by an open lock icon or a crescent moon.
  • Followers-only – Only your followers can see these, normally indicated by a closed lock 🔒 or people 👥 icon. If you use this setting, it’s a good idea to switch on follower requests, otherwise anyone could follow you to see your followers-only posts.
  • Mentioned – Only people you @ within the message can see the post, normally indicated by an @ symbol. Be really careful who you @ because they will see the post.

Sending DMs in Mastodon

You can send people messages by setting a post’s visibility to @ Mentioned, then @ the people you want to receive the DM. If you use your server’s website or the web app, there’s a Private Mentions option in the menu which lets you see all your mentioned posts in a separate inbox.

⚠️ If you @ someone they will be able to see it, even in DMs or Followers-Only modes

In all modes including DMs and Followers-Only, if you @ someone in a post they will see that post! Because of this, you need to be really careful who you @ in a post.

If you absolutely have to mention an account but don’t want them to see it, try replacing the @ symbols with the word “AT” instead and make sure you’re using a visibility they don’t have access to such as Followers-Only (if they don’t follow you) or Mentions. Removing the @ symbol will break the address, and prevent the account holder seeing the mention.

I can’t see Unlisted as an option on my app?

Unlisted is available as a visibility option on almost all versions of Mastodon including the website, the web app and the third party apps. However, for some strange reason it is not included on the official apps.

If you want the official apps to support Unlisted and you’re comfortable using Github, you can let the developers know you want it added on the iOS version ⧉ and the Android version ⧉.

How do I set my default visibility for new posts?

To set the default visibility on new posts:

  1. Log onto your server’s website or the web app
  2. Click on ⚙️ Preferences (or ⚙️ on mobile web) at the right of the screen
  3. Click on Other at the left of the screen (or ☰ and then Other on mobile web)
  4. In the Posting Privacy dropdown menu, choose the default visibility you want
  5. Click the Save changes button in the top right

NOTE: This is only a default setting. You can always set it to a different visibility for individual posts or replies by clicking their visibility icon when you’re writing them.

Is it possible to edit post visibility after it is published?

You cannot edit the visibility of a post or reply after you’ve published it, so make sure you choose the correct visibility when writing it.

If you absolutely have to change the visibility, your only option is to delete the post and start again, which is most easily done by clicking ⋯ below the post and then Delete & re-draft. If you use this option, the original post will cease to exist, its boosts and bookmarks will disappear, links to it will break and its replies will be orphaned.

Who can see my boosts?

When you boost a post, it will immediately appear in the home timelines of all your followers. The original author of the post will also get a notification to say that you boosted their post.

When do replies appear in the Home timeline?

Replies will appear in your Home timeline if any one of these are true:

  • The reply mentions you
  • You wrote the reply
  • The reply is by someone you follow AND mentions someone else you follow
  • Someone you follow is replying to themselves to create a thread
  • Someone you’re following has boosted the reply

When do Unlisted posts and replies appear in the Home timeline?

In Home timelines, Unlisted posts and replies will appear exactly like public posts and replies. Unlisted posts will only be hidden in the Federated and Local timelines, in search results and in the trending posts list.

What about visibility in searches? How do I set the searchability of posts?

Posts and replies will only show up in search results if they have a Public visibility setting. If you want a post or reply to be searchable, you need to set its visibility to Public.

You also need to decide if you want your public posts and replies to be searchable by full text or just by hashtags. By default it’s just hashtags, but you can also allow the entire contents to be searched by opting into the full text search system.

What about Local-only visibility? How do I make a post only visible to people on my server?

Servers running the standard version of Mastodon do not have a Local-only visibility setting. However, servers running forks of Mastodon such as Hometown Mastodon ⧉ or Glitch Mastodon ⧉ may include a fifth visibility setting called “Local” or “Local only”.

Posts or replies using the Local visibility setting can only be seen by people whose accounts are on the same server.

If I’m replying to someone else’s post, do I have to use the same visibility setting on my reply? How do I send a private reply?

You can adjust your reply to have any visibility setting you want, regardless of the original post’s setting. Bear in mind though that some settings may exclude the author of the original post from seeing your reply.

If you want to send a post’s author a private reply, use the @ Mentioned visibility and make sure you @ them in the reply.

What about federation? How widely can my posts be seen by people on other servers?

Have a look at the guide to which posts can be seen from servers.

↩ Back to the front page