Blog
Architecture notes, policy drafts, release stories, and the occasional unvarnished lesson from building a platform where privacy isn't a tagline.
How we collapsed roles, subscriptions, promotions, and verifiable credentials into one composable type — and what it bought us in implementation simplicity.
We can't decrypt what we don't hold keys to. Here's exactly what we can hand over if compelled — and exactly what we can't.
WASM-based programmable actions, a sandboxed mini-app runtime, and the first six community-built apps — polls, events, bookmarks, shops, AV, and analytics.
A community-led conversation with the founder of maker.garage — one of the first Branded App tier spaces — on moderation, monetization, and the parts nobody warned her about.
A full-reserve, Treasury-backed, permanently-pegged credit system designed to make spam expensive and abuse burn real money. The math, the accounting, and the audit model.
Why we reject anonymous moderation and what changed the day we started showing moderator identity on every action.
Document scan, selfie, and liveness via Didit. PII stays on-device; the server holds a boolean flag and a few HMACs. Two-year validity.
Retention, coin burn, moderation patterns, monetization paths. The unsexy numbers from the sponsored-app scholarship's first quarterly cohort.
How space admins hold the only keys that can decrypt their restricted content — and what happens, concretely, when a space is subpoenaed.