Error 404 Learning Guide

Social Media Safety

A practical guide for safer posting and account protection on social media.

Social media is public by nature. Even when an account is small, posts can be copied, searched, screenshotted, boosted, archived, or shared outside the original platform.

The goal is not to stop posting.

The goal is to post with awareness.

Why social media safety matters

Social media can reveal:

  • location
  • daily routine
  • workplace
  • travel plans
  • home setup
  • family details
  • server details
  • screenshots
  • usernames
  • private messages
  • metadata

Small pieces of information can become useful when combined.

Main goal

The goal is:

  • Protect accounts.
  • Avoid posting sensitive details.
  • Think before posting screenshots.
  • Avoid real-time location exposure.
  • Use privacy settings wisely.
  • Keep admin accounts protected.

Account security

Protect social media accounts like important accounts.

Checklist:

  • Strong unique password
  • 2FA enabled
  • Recovery email checked
  • Recovery phone checked
  • Login sessions reviewed
  • Unknown devices removed
  • App permissions reviewed
  • Backup codes saved

This is especially important for admin or moderator accounts.

Posting location

Be careful with location information.

Avoid posting:

  • home address
  • street signs near home
  • real-time travel details
  • hotel location while still there
  • workplace entrance
  • regular walking routes
  • daily routine patterns

Safer habit:

  • post after leaving
  • remove location metadata
  • avoid showing street signs
  • avoid showing tickets or QR codes

Travel posts

Travel posts can reveal that home is empty.

Risky:

  • Leaving tomorrow for 2 weeks.
  • At the airport now.
  • Here is my hotel.
  • Back home on Monday.

Safer:

  • Share later.
  • Post general impressions.
  • Avoid exact dates.
  • Avoid live location details.

Screenshots

Screenshots often reveal more than expected.

Before posting a screenshot, check:

  • browser tabs
  • address bar
  • bookmarks
  • usernames
  • emails
  • private messages
  • tokens
  • IP addresses
  • server names
  • file paths
  • notifications
  • calendar events
  • terminal output

Good habit:

  • crop first
  • blur private parts
  • read the whole screenshot before posting
  • check the background

Work information

Avoid posting work details.

Do not post:

  • internal hostnames
  • customer names
  • incident numbers
  • internal IPs
  • logs
  • monitoring alerts
  • ticket content
  • VPN details
  • internal dashboards
  • emails
  • screenshots from work systems

Even if the post feels harmless, small details can be sensitive.

Home lab information

It is fine to share learning and projects.

Be careful with operational details.

Avoid posting:

  • real admin URLs
  • public IP addresses
  • private IP addresses
  • tokens
  • .env files
  • SSH keys
  • database passwords
  • Cloudflare tunnel tokens
  • backup locations
  • full Docker Compose files with secrets

Safer content:

  • general architecture
  • sanitized commands
  • fake domains
  • fake IPs
  • lessons learned
  • public-safe diagrams

Photos

Photos can contain private details.

Check for:

  • mail on table
  • ID cards
  • documents
  • screens
  • reflections
  • street signs
  • house numbers
  • car plates
  • QR codes
  • tickets
  • badges

Also remember that photos may contain metadata, depending on the app and platform.

Private messages

Private messages are not always truly private.

Do not send:

  • passwords
  • private keys
  • recovery codes
  • sensitive documents
  • server tokens
  • full personal information

For sensitive documents, use safer sharing methods.

Mastodon and Fediverse notes

On the Fediverse, posts may federate to other servers.

That means a post can be copied to servers you do not control.

Remember:

  • deleting a post may not remove every copy everywhere
  • other servers may cache posts
  • screenshots can still happen
  • visibility settings help but are not magic
  • DMs are not the same as end-to-end encrypted messaging

Use direct messages carefully.

Admin account safety

If you run a social instance or moderate a community, protect the admin account.

Checklist:

  • Strong unique password
  • 2FA enabled
  • Recovery codes saved
  • Admin email secured
  • Login sessions reviewed
  • Separate admin account considered
  • Be careful with third-party apps
  • Do not use admin account casually everywhere

Admin accounts can affect other users, not only you.

Third-party apps

Social media apps and integrations may request account access.

Review:

  • mobile apps
  • desktop apps
  • bots
  • posting tools
  • analytics tools
  • old integrations
  • API tokens

Remove anything you do not use.

Ask:

  • Does this app need access?
  • Can it post as me?
  • Can it read messages?
  • Can it manage my account?
  • Do I still trust it?

Harassment and blocking

Safety also includes mental safety.

Useful tools:

  • mute
  • block
  • report
  • filter keywords
  • limit replies
  • content warnings
  • private account settings
  • instance moderation tools

You do not need to argue with everyone.

Blocking and muting are normal safety tools.

Good posting habits

Before posting, ask:

  • Would I be okay with this being copied?
  • Does this reveal where I am?
  • Does this reveal where I work?
  • Does this expose someone else?
  • Does this show private technical details?
  • Could this be misunderstood without context?

If unsure, wait.

A slower post is usually safer than a rushed post.

Social media safety checklist

  • Strong unique password
  • 2FA enabled
  • Recovery options checked
  • Old sessions removed
  • Third-party apps reviewed
  • No private address posted
  • No real-time travel details posted
  • No work screenshots posted
  • Screenshots checked before posting
  • Admin accounts protected
  • Sensitive technical details removed
  • Blocking/muting tools used when needed

Simple rule

Post what you want to share, not what accidentally leaks from the background.