Did you know that Mastodon "private" messages aren't private? Aside from not being end-to-end encrypted (and thus readable by instance administrators), they CC anyone @-mentioned ANYWHERE in the body of the message (not just those listed at the start).

Also, if you "turn off" private messages, anyone can still send them to you. They're just silently ignored by your client, without warning to the sender.

Basically, Mastodon private messages are a dumpster fire.