Greg Pak is a user on You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
Greg Pak @gregpak

Wrote up some thoughts about my last few weeks on Mastodon! And now I'm tooting about it!

· Web · 23 · 32


thx for sharing :)
Here'll add some comments

> But I’m unclear on whether administrators have the ability to view private messages

mastodon is NOT build for that. There is no encryption. It's *only for microblogging purpose.
But some imstance offer xmpp, used together with tor, and end to end encryption, one the most secure chatting tools available.
Twitter is also NOT secure in the same sense as mastodon. If it has no e2e enryption nothing is really private.

that will propably be existing as long as mastodon does guess is true, but it's important to keep the federation aspect in mind. If most pll just choose one big instance it kills the concept, and brings in similiar issue as twitter has.

Introducing the concept of content waring might be also usefull.
As it's something specifc for mastodon in might be a bit confusing for newcommers.
Some are espacialy cause of the cw function using mastosdon

@paulfree14 @gregpak I'd like to point out that spinning up your own instance for yourself (and a few friends?) doesn't cost that much, makes it easy enough :)

@gregpak @slipstream
...then one can make ashure it exists at least as long oneself exists.
And I bet no one needs an account longer then that.

@david_ross you mean those offering xmpp? I never tested one that was offering xmpp.
Have just head ppl sayn their instance also offers xmpp and connects your mastodon adress with your xmpp adress.

Some might also have integrated this:

@paulfree14 Thanks!

I've seen many privsec friends create accounts and not actively use Mastodon. I was asking about the Mastodon instance alternatives as those people would be more likely to adopt with that data security issue solved.

They'll likely roll their own instances.

@david_ross @paulfree14 @gregpak WhatsApp uses OpenWhisperSystems' encryption protocol by default, though its implementation is a bit flawed. It's optional in Allo and the UI for it sucks, but it's there. Not sure what Google's excuse is for putting it in Allo and not in Hangouts, though. I wouldn't say no progress.

@david_ross @gregpak @paulfree14 Sorry, didn't realize who this "Jack" person was who Snowden was tweeting at.

@david_ross @paulfree14 @gregpak Of course for all of these systems a company controls the software and can be forced to insert backdoors or to compromise messages in real time. They cannot compromise messages sent before the force was applied, though.

@gregpak @paulfree14 @david_ross But if that's what bugs you then the problem isn't the lack of E2E encryption but the fact that all the mainstream messaging software is controlled by companies.

@seanl @gregpak @paulfree14 my personal issue is that I don't have a smartphone. So most of those openwhisper type options are simply not an option right now. I'll root for any e2e option that just lets me in!

@david_ross @gregpak @paulfree14 Tox seems to be the most popular of the encrypted chat clients that are usable on desktop (if you don't want to use FB messenger, Allo, or WhatsApp's web interface), but XMPP seems to be picking back up again.

@gregpak By the way, the delete account option is in Settings, under "Security". It's a plain link, rather than a highly visible button, probably to make it harder for people to delete their account by mistake.

@slipstream Oh, thanks so much! I'll update the article and credit you for the info! Much appreciated!

@gregpak Thanks much, that does a great job of explaning some things I still can't quite get my head around. One that's a sticking point now, used to working with TweetDeck—you can't, say, add a column for an Instance … right?

@BramMeehan Yeah, that would be AWESOME if it were possible, but I don't think there's any interface that allows you to see multiple instances like that yet. Closest I've seen is the Tootdon iOS app, which lets you switch between instances pretty easily. But you can't see 'em on the same page in different columns like that.

@gregpak @BramMeehan The Kurotodon Chrome extension lets you do this too.

@BramMeehan @gregpak By which I mean, the Kurotodon Chrome extension lets you open a window/tab of another instance's local timeline.

@slipstream @gregpak Thanks—installing it right now and will be trying it out.

@gregpak @BramMeehan That's something a bit of a bummer I've found--I'd like to look at an instance's local timeline before joining to see how active it is and what the community is like, but all I can seem to find is the federated timeline for instances, which isn't the same.

@whirlingnerdish I guess you could always check out the Kurotodon Chrome extension, which lets you do that..?

@whirlingnerdish @gregpak @BramMeehan it was an intentional decision to show right from the beginning that it is a federation (also small instances look better)

@gregpak Another notable thing: you can't search for just text in mastodon--that's apparently intentional to avoid people keyword searching to harass users. If you want a toot part of a larger conversation, you have to use hashtags more reliantly here.

I've been trying to use #comics more to start conversations across instances.

@gregpak FYI about private messages: Yes, admins *can* ready your private messages. I found this out when the admin of an instance I used to have an account on suddenly (and without warning or notification) deleted my account. Apparently it was because I had been PMing with a user from another instance that my admin was feuding with -_-

@slipstream @gregpak no...and like, I understand it was their instance, but I would have at least appreciated a heads-up so I could get my following/blocked/muted lists exported :-/

@gregpak Great post! A few comments:

1. You can back up your statuses with I haven't tested it though.

2. Yes, private toots are visible to admins. There's no e2e encryption, so if you want that, Signal is a better choice.

In its defense, though, private toots need to be visible to admins/moderators in order to effectively moderate. It's a tradeoff.

3. You can set GIFs to auto-play in the settings. 😎

@gregpak You should follow the folks I follow. they're a great crowd and my timeline is plenty fast! :)


@gregpak Great write up. I agree on all of your points, especially about the desire to have one universal logon, that would be great.

I notice that you didn't mention me in the write up. But then I'm a complete stranger so why would you? But still . . . A fella likes to be mentioned. 😀

@gregpak "Mastodon doesn’t currently play gifs automatically" <- turn on "Autoplay GIFs" in your preferences. This is an a11y default

@Gargron Oh, sweet, thanks! Didn't know that! I'll update the article to reflect that!

@gregpak "Mastodon also doesn’t display a preview of pages you link to or playable videos" <- it does in detailed view

@Gargron Thanks so much for the note! I'm not sure what "detailed view" is -- is that what appears in the far right column when I click on the text of a toot in my timeline? Not seeing a preview of a linked webpage there... or is there somewhere else I should be looking? Thanks!

@Gargron Ah, nice! Weirdly, it's not working for my own website, which is a Wordpress-run site. 😟

@gregpak I'm gonna check why the code could be choking on your wordpress later tonight, from cursory glance OpenGraph tags are there so it should show up

@Gargron Oh, thanks so much! I'll do another test post now to see if it was just a momentary glitch -- will let you know!

@Gargron Okay, yep, same issue with this post:

The preview does show up in Twitter.

Thanks for taking a look!

@gregpak Hey the problem is the "Upgrade: h2,h2c" header returned by your Apache, this is a known bug with the HTTP library we use

@Gargron Oh, wow! Is that something I can address? Or that you can address?

@gregpak I can't fix it but you can disable the http2 module on your Apache if it's under your control

@gregpak For the preview to work, you need extra metadata in your page. Check out the source on this page. Particularly search for "og:image":

@gregpak oops, it's resolved now, nevermind

@gregpak this post convinced me to try out mastodon! Feeling my way around now lol

@gregpak I believe account migration is a major priority for the next point release or two?

@deutrino Yeah, the page seems to indicate you should be able to hit a button to get your data, but there's no button. Crossing my fingers it's in the works!

@gregpak hi greg! just wanted to note that the reason you can't claim a single username across all of the fediverse is that it's, well, federated. there is no central authority and there should not be. think of it like email... you can claim "" just like claiming "", then why would you also need ""?

@gregpak nice! this was super helpful and comprehensive (and will help me lure my friends over to mastodon ✨🐘)

@gregpak Re: the quote+RT thing, you might want to check the thread about it on the dev site. The comments there might give some insight as to why it hasn't been implemented yet:

@gregpak So would that make you a... Pak-a-derm? 😋

Are you going to blog about tooting it? And toot about blogging about tooting... 😛

@gaidheal I did! And I tweeted about blogging about it!