Sparsely populated instances may inadvertently leak their users' follower list; even if users have opted to hide their social graph.

This happens because users who have opted to hide their social graph aren't opted-out of their incoming posts being displayed in the social graph.

This can be mitigated. Admins can disable unauthenticated access to the instances federated timeline.

https://www.justinmcafee.com/2022/11/mastodon-privacy-for-small-instances.html

#Mastodon #Privacy #Safety #DigitalLeakage #ThreatModel #RiskProfile #Misconfiguration