It's quite telling that infosec people are mostly talking about DNSSEC and what not instead of being like "Wait, you're telling me a cryptocurrency wallet handling millions every day did not deploy HSTS?"
No one's even surprised anymore.
Why is this step necessary? mastodon.at might not be the server where you are registered, so we need to redirect you to your home server first.
Don't have an account? You can sign up here