on your side, all the way down
you’ll never see most of the work we do to keep your solstone life journal yours.
that’s on purpose. tracking protection shouldn’t be something you have to think about. but it should be something you can check, not just something we say. so here’s some of it: the quiet work, one layer at a time, of making sure nothing about you ever leaks out to anyone.
your digital memory is yours. the company’s covenant, filed with the state, makes that binding. this is what honoring it looks like in the places you’ll never look.
the website you’re reading this on. it used to load a font from Google Fonts, which handed your address to google every time someone opened the page. we serve our own fonts now, so opening it reaches no one but us. our host, Cloudflare, adds a small beacon to every page that tells your browser to send reports back to them; we strip it from every domain we own, because “no one but us” has to mean no one. we run no analytics, so nothing here is watching how you read. and you won’t get a cookie banner from us: we set nothing that needs your consent, and that pop-up everyone clicks through exists only to ask permission for tracking we don’t do. open your browser’s developer tools and watch what this page talks to. the answer is nobody.
the mac app. the framework that installs updates on a mac (Sparkle) can, on its own, send a profile of your computer to the update server on every check: your operating system, your hardware, your language. we turned that off, in three separate places to be sure. now the check sends none of it. it asks one question, what the latest version is, and nothing about your machine goes along with it. it also talks only to us, so no outside company learns you run solstone at all.
the windows app. the tool we use to install windows updates (Velopack) stamps every copy with its own unique number and sends it on every check, a tag that amounts to this machine, again. it had closed off every clean way to switch that off, so we erase the number at startup, on every launch, before it can ever be used. then we went one further and stripped the version it sends too, so the windows check now works exactly like the mac one above: it asks for the latest version and carries nothing about your machine. and because we don’t trust our own future selves to remember, the software refuses to build at all if any kind of tracking creeps back in. the protection isn’t a rule someone has to keep in mind. it’s built in.
your phone. phones are built for tracking. advertising identifiers, the big analytics kits (like Firebase), crash reporters: each is one line of code away, and each switches on the moment it’s added. so on android, the app won’t even build if one of them slips in. there’s no advertising identifier, no analytics, and android’s habit of copying your data up to google is switched off. on iphone, a check reads the part of the app that listens and refuses to build if that code can so much as reach the network, so it can’t call out at all. your diagnostics stay on your phone. if you ever want to send them to us for help, you hand them over yourself; we never reach in. and we say it plainly, right where you grant permission: nothing is shared with sol pbc. the first screen you see says the same.
the code underneath. solstone is open source, top to bottom. the AI tools most apps are built on (Hugging Face and the like) phone home by default, pinging a server every time they load a model. we don’t call them at all: the models solstone needs live inside the software itself, so there’s nothing to fetch and nothing to report when it runs. there’s no analytics anywhere in the code. and because every line is open, none of this is something you have to take on faith. the project includes a plain-language page that spells out exactly what leaves your machine and what never does, and you can check it against the code yourself.
everywhere, the move is the same: build the protection in, rather than count on anyone, us included, to remember it. the page can’t beacon. the update check carries nothing about you. the code that listens can’t reach out. none of it depends on good intentions.
you won’t notice any of this, and that’s the point. but you can verify all of it, because it’s open. read it, and hold us to it.