Don't just say you are sorry and you regret the error. Tell me exactly what you are going to do going forward to not have this happen again.

What safeguards are you putting in place to prevent this? What policy, technical, or cultural changes are you putting into place? What have you learned?

Also let's note that #mastodon servers store more than just _your_ users data. You need to be doing due diligence to inform _them_ as well, and posting as an admin on your own server isn't it.

If it sounds like I am angry it is because I am.

The way this was handled was deeply fraked up but the response makes it worse not better.

I handle data professionally. I am deeply professionally offended by this conduct, but it isn't the _conduct_—itself bad—that bothers me nearly so much as how it was framed and how the apologia was presented.

#Kolektiva

Some positive remediation steps:

1. Do due diligence on a notification. Go through your logs and find every DM that was involved and message or email every participant. By hand if you have to

2. Recognize the scope and scale of the problem. Don't minimize it as a "small mistake" or talk about the security of mastodon generally. Talk about _your_ systems and decisions

3. Run a full postmortem. Publish it.

4. Take action from the results of that postmortem to prevent recurrence

#Kolektiva