Every other software company you sign up for asks the same questions on the way in. Email. Name. Phone, sometimes. A password they will store badly. A confirmation link, then a marketing email, then a "we noticed you haven't logged in" email three weeks later.

We don't want any of that. Not because we are noble about it — because we don't want to be a database of your real identity. The minute we have your email, we are responsible for it. We can be subpoenaed for it. We can leak it. We can sell it, even if we never intend to. The safest thing for you, and for us, is to never collect it in the first place.

So instead of a sign-up form, there is a door. To open it, you sign a short message with MetaMask. Behind the door, we know exactly one thing about you: the public address you signed with. That's a string of characters. It is not your name. It is not tied to your phone, your face, your employer, or your credit card. If you stop using us tomorrow, the only trace you leave is that string.

Why MetaMask, specifically

MetaMask is a browser extension that holds a private key for you and uses it to sign messages. We never see the private key. We never ask for it. The flow is:

  1. You click Connect with MetaMask.
  2. MetaMask asks if you want to share your public address with us. You approve.
  3. We send back a one-time message that says, in plain English, "Sign in to Stoka Software with your Ethereum account, nonce: [random string], issued at: [timestamp]".
  4. MetaMask shows you that exact message and asks if you want to sign it. You approve.
  5. We verify the signature came from the address you claimed. If it does, you're in.

There is no password to remember and nothing for us to lose. The signed message is single-use, expires in ten minutes, and is bound to a specific address — we cannot reuse it, and an attacker who intercepts it cannot reuse it either.

What we actually store

For a signed-in user, our database holds:

  • The lowercase form of your public address.
  • A pseudonymous username we generate for display (you can change it).
  • The last time you signed in.
  • Whatever you create inside Stoka apps that you choose to keep — artifacts, comments, supporter status, etc.

That's the whole row. There is no email column. There is no phone column. There is no real_name. The schema enforces the philosophy: we cannot leak what we do not have.

Anonymous, not invisible

The fair worry about anonymity is: if no one knows me, how do I become known for anything? Do I have to be a stranger forever?

No. Anonymous to us isn't anonymous to everyone. You pick a handle. The work you ship lands under it — comments, artifacts, anything you make on the platform. Other people see the handle, recognize it over time, and trust it for whatever it earns. The reputation is real even if the dossier is empty.

Most of the durable writing on the internet has happened under handles. The work always carried itself. We're making that the default for what you build here, not the exception.

What about payments

Supporter payments are processed by Stripe (card) or by sending USDC on Taiko mainnet to our treasury address. In both cases the payment processor knows things we don't — Stripe sees your card and billing details, the chain sees your transaction. We see only that the supporter address came back marked paid. The boundary stays at the door.

What this costs you

Honestly: a browser extension install, the first time. MetaMask takes about two minutes to set up and works on every modern browser. You don't need to buy any cryptocurrency to use it for sign-in — signing a message is free and never touches a blockchain. You're using MetaMask the way you'd use 1Password: as a credential vault, not as a wallet.

We picked MetaMask because it has the largest install base by a wide margin and the cleanest cross-browser story. Other Ethereum-compatible extensions (Rabby, Frame, Coinbase Wallet) work too — the same eth_requestAccounts and personal_sign methods all behave identically.

What this costs us

A small subset of would-be users will bounce because they don't want to install an extension. We've made our peace with that. The trade is: if you want to be in here, you bring your own credential, and we never become a place worth attacking for personal data.

The longer arc

This is the same idea as everything else we make. Stoka is a platform for AI work you'd like to keep, owned by you, addressable by you, sharable when you choose. That ownership starts at the door. If we asked for your name to let you in, we'd have already broken the rule.

What this unlocks is the part we're really after. When identity isn't on the line, you ship sooner. You publish what you'd otherwise sit on. You build a body of work that earns its own trust instead of borrowing yours. Everything we're shipping next — artifacts you keep, codebases under whatever handle you pick, discovery that runs on what you make instead of who you are — assumes this door is shut behind you.

So — leave your data at the door. The acceleration is on the other side.

Anonymous reputation and credibility → Recognition is easy. Credibility is the hard part. How a handle earns trust without a legal identity behind it — and defends it when someone tries to take it.

Anonymous intellectual property → If a handle can hold the trust, what else can it own? Patents, royalties, copyright, contracts. The case for IP that lives under handles, not legal names.