How to get maximum privacy & security on Mastodon:
-Hide your follows/followers by going to Preferences > Other > Hide Your Network (tick box) > Save Changes (click button)
-Select appropriate toot privacy (the 🌎 button) each time you post
-Use a unique password you don't use on any other site
-Use an email address you don't use on any other site
-Log in via VPN, so your IP address isn't visible
-Use 2FA (Preferences > Account > Two-factor Auth > Set up)
@feditips
Direct/private messages are NOT end to end encrypted on #mastodon, don't use it for anything sensitive - https://microblog.shivering-isles.com/@sheogorath/105374055398321836
You'll have to manually encrypt messages using pgp or something if you want #privacy on DMs. If you're concerned about this, just try to let the #devs know. An ideal solution would be to implement e2ee on the #activitypub protocol itself, so that all #fediverse platforms and future platforms get it. This way, even cross-platform DMs would be encrypted.
Note sure if the latter is a good approach as E2EE is notoriously difficult to implement and comes with a massive pain-in-the-ass requirements such as key verification. I would let Mastodon do one thing - ActivityPub - well and leave E2EE to projects that specialise in direct secure comms.
@kravietz
I said this cause e2ee is pretty much basic these days. Especially when mastodon advertise itself as a privacy friendly alternative, people would think that DMs are e2ee - this is misleading. Also I don't think the unix philosophy applies to security features.
And like I said, e2ee should be implemented on activitypub protocol itself. So that every platform that uses the protocol gets it. Encryption should also work in cross platform DMs this way.
@feditips