The name came from our parent company Moss Piglet (water bears, tardigrades) and the idea of a Mosslet being like a little Moss Piglet.

Do you know what caused it? I run into it myself sometimes (using Petal).

Yes, in my case it was a silly mistake. I sent load testing requests to the production server (rather than test machine) coupled with my plug_attack settings that went beyond the limit I’ve allowed and caused it to start sending 403 responses.

Just an update, we’ve added a few more regions. Hopefully this will improve the latency for anyone visiting from the surrounding areas:

New regions

• 1 server, 1 read-replica each in Brazil, Germany, Mexico, Texas

They shutdown when not in use, so you may see your first request take a bit longer as a machine spins up.

Hi, just tried to load Metamorphic but I’m getting: ERR_SSL_PROTOCOL_ERROR

(If it helps I’m loading from Mexico)

Ah, thank you for the report! The areas (qro, dfw, fra, gru) should be connecting successfully now, you should be able to try again @mau013.

Nope. Still getting it.

Nevermind: just read your edit.

It’s up now, thanks for your patience. Another thing I’m noticing is that it will time out sometimes while waiting for the machine to start, but I’m currently connected to it from qro. Are you still having connection issue? I’m assuimg you’re connecting to https://mosslet.com and not (metamorphic.app?)

Yup, it is working!

hooray!

Update for September 2025

Happy weekend! I’ve been busy updating the UI to finally have a consistent style across our service (in progress) and I couldn’t be more excited! We’re also in the submission phase for our first MOSSLET app for ios. So, lots in store

But I think I wanted to share this update while we’re still in the middle of it because for the first time I’ve been using tidewave to help. It’s been, honestly, an incredible experience. And I’m seeing how it is shifting the way I work into more of a “managerial” or “architectural” role (at least in feeling) as my time has shifted to be a majority of communication and review. I still have to go in and do some code writing myself but before that used be all of my work.

I’ve tried agents on-and-off before with pretty poor results. Our MOSSLET codebase is fairly complicated with our encryption (and my learn-as-I-go coding over the years ), but my latest experience is teaching me that I can find ways to “wrangle” the agent to my specific codebase — and I think the result has been phenomenal.

In practice, I’ve found that it has helped to create “plans” like a DESIGN_SYSTEM.md file to ensure consistency with the agents.

Here’s a mockup of what our timeline is going to look like soon (currently developing):

MOSSLET_timeline_mockup1200×2932 144 KB

As a solo developer, this latest tool from Dashbit (and the Elixir community) feels like another super power. It has me excited to work from scratch on future projects (for our moss piglet company).

Anyway, lots of awesome improvements coming to MOSSLET. Thanks for following along and the support as I make this privacy-first social alternative. Someday we’ll be out of beta

I found your idea fascinating and read the entire thread. I wish you success in your endeavor. I admire how you pursue your ideal without expecting anything in return; I’m sure it transforms the world. At least it inspired me.

If I may offer one suggestion, while I love the idea, I think there’s too much friction in joining Mosslet. I think a public facade can help drive conversions, like Twitter and Bluesky do/did. People access the platform and are ALREADY on the network. They don’t need to register or be convinced.

Another important thing is that a social network builder needs to have a quality similar to that of judges: speaking in court. The very structure of your social network already demonstrates what you want to convey. I believe there are many opinions in the attempt to convince, and while I agree with all of them, I believe it makes “joining” the social network a very difficult decision. It’s not just that I want a nice, safe place for my friends, it’s that I need to align myself with a worldview of political activism, and not everyone wants that. If you were building an activism platform, then I think it would make a lot of sense.

Furthermore, congratulations on your efforts.

I super appreciate you taking the time to check us out and read through everything, along with your opinions! I agree with you that one of the (many) challenges here is the considerable friction. Hopefully, it’s clear that I don’t profess to have any of this “figured out”, but I am actively and continually working on it.

Some of the hardest things I’ve encountered so far that seem to be very big friction points:

• “in-your-face” payment
  • existing networks obfuscate their costs
  • I’ve struck, I think, a solid balance in a 1-time relatively inexpensive payment (with options in the US to spread those payments out) — no subscriptions
• network effects
  • people want to be where their people already are
  • the platforms people are currently on are designed to be able to control you and your future behavior (regardless of whether they’re successful or not), in theory I could see how this could present a possible barrier
• educating and selling
  • most people I’ve encountered don’t think about these issues/topics and are unaware of the reasons why I would be motivated to make something like MOSSLET
  • marketing becomes a balancing act between getting the product out there and educating as to why it matters (without getting lost in the technical weeds — Shoshana Zuboff is my go-to favorite reference, she explains things so well, but her book is quite a book and a lot of people don’t feel like they have the time)
• market availability and performance/feature set
  • we simply lack the robust amount of features that you might find on an entrenched platform
  • running on minimal hardware for cost (effects the speed/performance of our service vs others)
  • we currently don’t have apps in the stores so that limits our availability to a lot of people

On a positive note, most people I talk to immediately think MOSSLET is awesome. Now whether they’re just being polite to me or not, I don’t know, but I do think that it’s a pretty common feeling to want to be able to preserve your privacy and dignity online. So, again, I am finding that the network effects is a big friction point alongside the feeling of “isolation” of a small network like MOSSLET.

To your Twitter/Bsky point, I’m actually currently planning on implementing functionality to support the AT Protocol in conjunction with opening our platform to support more public-facing interactions. My thinking is that when I implement this it’ll enable people to share their profiles publicly (and any public posts), and then they’ll be able to optionally sync that with their AT Protocol accounts (so they can either create new ones, sync a new AT protocol account with their MOSSLET account data, or simply manage their two separate accounts — MOSSLET and AT Protocol, bsky mainly) from within their MOSSLET account. This would be optional so people who want to simply use MOSSLET can keep doing so without opening up any federated accounts/data exchanges.

Then, the second stage of this iteration would be to provide the ability to full-on create/host their own domains as well. The thinking here is to give people another option so they can have the privacy of their MOSSLET account and the continuation of these other more public services (and easily take their data with them if they want to leave MOSSLET). This would also be an option to expand to support the ActivityPub protocol as well for services like Mastodon. This is not set in stone, but it is what I’m actively considering/planning.

I would push back a bit on the idea that there is a political viewpoint specific to MOSSLET (unless I misunderstood that part of your message), though I could see how it may be perceived that way. To me, anyone who gets a MOSSLET account is essentially saying that they don’t want their data used against them. I think that’s more of a personal idea rather than political, though I get that it can easily be a political one.

There’s also the aspect that social networks essentially become political if/once the messaging can be made public, when news/media organizations start to quote them for example, and then all the accompanying challenges that that brings with it. I think there’s so much to discuss around these ideas, but for me it starts with moving off of platforms that are designed to addict, manipulate, and control anyone who goes onto them (in terms of economics, the algorithms favor disinformation which I last read to be valued at $1.1 billion) — and so for me my way of feeling like I might be contributing positively to that is to make an alternative that tries to protect against that.

Then, another challenge, is simply the engineering/coding aspect and that it’s currently just me for better or worse Thank you again, I’m really hopeful that bringing in support to have your MOSSLET account and/or your federated accounts will help alleviate another friction point to making the switch — along with general improvements to ui/ux and making things easier.

This is what has most recently been updated:

Granular privacy controls - Share with specific groups, individuals, or publicly. Your choice, every time.
Community safety tools - Mute, block, and report people/content that violates your boundaries or our terms.

And currently working on:

Privacy-first presence system (launching soon) - Control who sees when you’re online using double-encryption that even we can’t access. Default: completely private.

————

As I reread your last section again, I think I’m understanding more that the marketing of MOSSLET is another friction point, that its perhaps making it feel like joining MOSSLET is doing something political rather than personal (I’m reminded now of the little “join the privacy revolution” copy on the register page). Am I understanding that?

Thank you again for your time and feedback, it goes into everything I think about

URL Previews Are Live

Today’s update brings URL previews to posts—paste a URL and get a rich preview card with title, description, and image. This required solving challenges around encryption, privacy, and security.

Here’s to improving sharing with friends and family on MOSSLET (https://mosslet.com)!

How It Works

Validation & Fetching: When you add a URL, our URLPreviewServer validates it (blocks private IPs, localhost, AWS metadata endpoints), forces HTTPS, then fetches and parses the page with Floki (safe HTML parsing, no JS execution).

Content Sanitization: Metadata is truncated to 1000 characters max and HTML-escaped automatically by Phoenix/HEEx templates.

Image Processing: Preview images are fetched, re-processed server-side (strips malicious code), resized, encrypted with the post’s encryption key, and stored in our object storage provider (Tigris).

Encryption: All preview data (title, description, URLs, images) is encrypted field-by-field with the post’s unique encryption key before database storage. Public posts use the server key; private posts use user-specific keys (follows our asymmetric encryption architecture).

Smart Fetching: Previews only fetch when URLs change—typing more text with the same URL reuses the existing preview, preventing unnecessary rate limit consumption.

Rate Limiting: 10 requests/minute, 100/hour per user with clear error messages.

Caching: ETS cache (keyed by SHA3-512 url_hash) stores encrypted preview data for 24 hours—no re-fetching.

Security

Things I looked to take into account:

SSRF Prevention: Blocks private IPs, localhost, link-local addresses; validates schemes/ports
XSS Protection: Phoenix auto-escapes all content
Image Security: Server-side re-processing, encrypted storage
Encryption: Our same privacy and security model
Rate Limiting: Improving protection against spam/DoS attacks
Safer Links: rel="noopener noreferrer"

Privacy-First Cleanup

I care a lot about making sure that when you delete something, it’s actually gone. So, I needed to make sure that that same rule applied to URL previews.

When you delete a post, all encrypted preview images are automatically deleted via background jobs. Only the post UUID is stored in job args—no sensitive data.

The result? Rich URL previews that respect your privacy and work seamlessly with our encryption model.

DuckDuckGo - Timeline MOSSLET - 19 November 2025 - Watch Video

Quick update that we now have a ~15min video walkthrough of some of our core features (connecting and sharing). I’ve also made updates to our marketing, switching the tone to better reflect our service: more focus on positivity and connecting simply with friends and family (less focus on negativity and the ills of Big Tech/surveillance capitalism).

You can find the link to our demo through either option below:
MOSSLET
~15 min demo

Hey everyone!

I wanted to share something we just shipped at MOSSLET — a referral program that maintains our privacy and encryption architecture.

The privacy-first approach:

• Referral codes are encrypted asymmetrically and at rest (using Cloak + our enacl-based encryption layer)
• No tracking cookies or pixels — attribution happens via URL parameter (?ref=CODE) stored in the encrypted Phoenix session
• The code travels with the user through registration → checkout, all server-side
• Commission tracking integrates with Stripe Connect for direct payouts
• The whole thing runs through our existing LiveView stack — no separate microservice needed

The business side:

• 30% recurring on subscriptions / 35% on lifetime (beta rates)
• Friends get 20% off their first payment
• Real money via Stripe, not points

Would love to hear how others have approached affiliate/referral systems in Phoenix. Any gotchas we should watch out for as we scale?

Cheers, Mark

Updated our demo video to include our new Journal, moderation (community protection for sharing), and referral features:

Exploring the New Features of Moslet: Social and Journal - Watch Video

Our latest updates with AI integration using req_llm while maintaing our same privacy-first design:

Privacy-First Community Health

v0.13.0 • January 2026 Latest

Building a healthier community with privacy-first moderation. Content and image checks for public posts, image-only checks for private content, plus automatic AI-generated image detection.

• Privacy-first moderation — public posts are checked for harmful content and images, keeping the community safe
• Image safety checks — all images (public and private) are screened while respecting your privacy
• Non-public privacy — private posts only have image checks, your text content stays between you and your connections
• AI-generated badge — automatically detect and label AI-generated imagery for full transparency
• Community health — building trust through transparency and protecting what makes MOSSLET special

Private Journal

v0.12.0 • January 2026 Feature

Your private space for reflection — write freely with end-to-end encryption, track moods, build streaks, and even upload handwritten entries.

• Private journal entries — write freely, everything is encrypted with your personal key
• Journal books — organize entries into themed collections like travel logs or gratitude journals
• Writing streaks — build consistency with daily streak tracking
• AI mood insights — get gentle reflections on your emotional patterns over time
• Handwritten upload — snap a photo of your paper journal and we’ll digitize it
• Favorites — star meaningful entries to revisit later

Discover & RSS Feeds

v0.11.0 • January 2026 Feature

Explore public posts from the community and subscribe via RSS — plus GIF support and UI polish throughout.

• Discover page — browse public posts from the MOSSLET community
• RSS feeds — subscribe to public posts and our blog in your favorite feed reader
• GIF support — upload and share animated images in your posts
• Image upload improvements — better handling and format support
• Mobile polish — improved password inputs, tooltips, and image viewing
• UI refinements — updated user dropdown, circle UI, and more

Referral Program & New Pricing

v0.10.0 • December 2025 Feature

Get paid for sharing MOSSLET with friends and family. Real money, not points — plus a refreshed pricing structure with more options.

• Referral program — earn 30% recurring on subscriptions and 35% on lifetime purchases (beta rates)
• Friend discount — your referrals get 20% off their first payment
• Direct payouts via Stripe — real cash to your bank, not confusing points
• Privacy-first referrals — encrypted tracking with no creepy pixels or third-party data sharing
• New pricing tiers — monthly, annual, and lifetime options to fit your needs
• Beta bonus — lock in higher commission rates by joining during beta

In development

• native apps for desktop and mobile (active)
• federation support (tbd)

Now with Journal, you can use MOSSLET to connect with friends and family, or simply yourself.

Hi, congratulation! I really like Mosslet’s design. Do you do everything yourself with Tailwind?

Thank you Yes, and tailwind (I’ve been a paid member of what’s now tailwind plus). The biggest change I made recently was adopting tidewave into my development flow and making a design markdown file that the AI agent can follow — that’s helped a lot with quickly creating and maintaining the design (and make a11y improvements).

Mosslet was featured on BetaList today! And recently released our initial interoperability with Bluesky via oauth. Lots more to do, but excited for the progress and working toward making a space online to support privacy and open-social.