FAQs

All questions answered by @matt

Sonata is pioneering a concept we're calling a 'Source of Trust', in which we put ourselves forwards as a validator of users that are real people. By holding this information, we are then able to allow users to carry this validation with them, to be used on other websites and services.

So, being trustworthy is at the core of our organisation and one of our highest priorites.

Sonata is fully open as to who we are, where we're based and who we're owned by (@matt holds 100% ownership)

We also present a comprehensive set of polices on how we use your data. To summarise, we do not sell or share it, we don't keep it for longer than necessary and you carry the right to reverse your licensing of your content to us.

All content will be available to view without login over the website and with login on the mobile apps.

The only exception will come in July 2025, users in the UK will need to be logged in and verified before we can show them content flagged as sexual due to the 2023 Online Safety Bill. We'll also need to roll this out for certain states in the US.

When child users are logged in, they will have their settings for certain content flags set to "Don't Show", with no ability to change this until they are 18.

In a future update, users will be able to choose if a viewer needs to be signed in, following them, or followed by them in order to view their profile and content, along with a few more privacy options.

Currently Sonata is being funded privately by myself. Through income from my other websites and savings I can afford to keep it running indefinitely. I designed the platform to run as cheaply as possible on bare metal servers, so this will carry the platform quite far - likely to around 250k active users.

After this, and especially when video is enabled, my plan is to add:

• A paid membership system
• Expansion on verification - many countries are beginning to require sites to verify their users, which is a privacy nightmare and very expensive, with costs of at least 0.30c per user from existing services. I plan to introduce the ability for websites to get a green light from Sonata on whether a user is 18+ (with their explicit permission), and charge them a tiny amount for this (I calculate that Sonata can undercut the market by about a significant amount), making privacy protected verification ecomonically viable for any website.
• Other services that build on Sonata's 'source of trust' concept. For example, domain registration, as I think there is a gap in the market for domains that you value higher than €10 per year, as all registrars just compete on price and subsequently slip on customer support.
• (I'm really hoping to avoid it but if that's not possible) display ads. Anything that is potentially a risk to users will be disabled, including policical ads and gambling.

As an Icelandic company, Sonata will ignore any US subpoenas. Any private requests for information will be denied to the fullest extent of our legal ability and state / police requests will be considered only if they relate to illegal content defined in our Schedule 1 prohibited content policy (the most serious stuff like child abuse). Under the Hague convention (to which Iceland is party, along with around 60 other states), a request for information may be sent to the Icelandic courts, which must be ratified by a judge before being issued to us. This is a slow and convoluted process and we expect very few cases to get that far. However if they do, we will continue to do everything in our power to prevent personal data from being released. If this proves impossible still, we will open another company in a country that is not subject to the Hague convention, and move verification data there.

We will release a transparency report each year, detailing the requests and results.

That's fine! It's not a requirement to use the platform. If you only verify your phone number and email you'll be able to reach level 1 amplification (out of 3 max), which is enough to give a strong indication that you are a real person.

You can also consider verifying on Sonata and transferring this out to Mastodon (soon), which can be as minimal as us giving them the thumbs up that you are a real person and 18+.

Currently closed source, but we're planning on opening it up. Sonata is split into around 20 sub projects and run as part of a network of microservices, many of which could be very useful for other platforms. For example:

• Sonata Images: A distributed image hosting service that allows for horizontal scaling and eliminates the need to use cloud services. Images are uploaded, hash checked, resized and made available within seconds. They are then securely stored, backed up and hash checked through Project Arachnid. A future update will include perceptual hash checks to automatically discover repeat similar image uploads.
• Sonata Key Mail: A system that hooks in to multiple email inboxes over IMAP and downloads them into an SQL database. From here, they are scanned according to the sender and pattern regexes, before generating an API call if a match is found. Useful to add takedown requests to a SQL database, or support requests to a helpdesk service. A planned extension will allow for automated replies to emails.
• Sonata External Data: A web crawler that fetches preview text and images from any given link. Uses RabbitMQ to queue requests and caches data for faster future responses.
• Sonata External Icons: a file storage based system that fetches and caches icons from any given link, to be presented alongside the link on a page. It uses raw NGINX static file serving as its cache, allowing for a small VPS to reach huge benchmarks, in the range of 50k icons served per second.
• Sonata Crawl Intentions: A cache management tool for users to influence the cached data held by Sonata within the two previous tools.