Frédéric JacobsApr 19, 2017

The Mastodon "Remote follow" feature could be so easily used to phish the average Mastodon user into signing into a fake instance.

⚠️ Important security reminder: Always make sure the URL shows your "home instance" when logging in.

Show threadNolan LawsonApr 19, 2017
@fj Better yet – don't use the "remote follow" flow. It's faster to paste the URL into the search bar on your home instance anyway.
Show threadMaiyannah Bishop
@nolan @fj Now that qvitter has this too (pasting the account into the people search), the old remote follow flow remains there mostly as a backup.
Apr 19, 2017 at 5:25pmWeb