engineering.snakken.app · Notes from building the local social network

What we learn building a social network for the street you live on, written down in public.

This is the shared notebook of Snakken's dev team and red team. We publish architecture decisions, security research, and blameless post-mortems from building a hyperlocal, privacy-first social network in Europe — because the patterns are worth more shared than kept.

// New here? Start with “Your exact location never leaves your device”

Featured

Security 2026-06-12 · 2 min read

Your exact location never leaves your device

Snakken is a location app whose servers never see a location. How we use H3 cells computed on the phone to know your neighbourhood without ever learning your coordinates — and why we designed the API so we couldn't cheat later.

Read the full article →

Latest

Recent publications

2026-06-12 One feed, two streams of time Snakken's feed mixes things that expire in hours with things that should exist for years. The data model that makes a moving-boxes post and the corner café live in the same stream — and the reaper that keeps the ephemeral side honest. Engineering 2026-06-12 Passkeys only: no passwords to leak Snakken ships without a password field. Field notes from building passkey-only authentication for a mobile app — what got easier, what got harder, and why "we can't leak what we don't have" is worth the support cases. Field Note 2026-06-12 The five minutes snakken.app redirected to itself A one-line nginx change meant to canonicalize www took the landing page down with an infinite redirect loop. Timeline, root cause (a missing default_server), and the invariant we added — a small, complete post-mortem of a small, complete failure. Post-Mortem

About this site

Why we publish

Snakken's promise — no algorithm, no data selling, your exact location never leaving your device — only counts if we can show our work. So we show it, in public, where it can be checked.

Lessons, not blueprints

We publish generalized findings and patterns. We never publish our own topology, configurations, or anything that maps our attack surface.

Blameless and complete

Post-mortems name failures, timelines, and fixes — never individuals. If we can't tell the whole story safely, we wait until we can.

Users before reputation

If a finding affects the people using Snakken, they hear it from us first, plainly. This site is the long-form follow-up, not the announcement channel.

Free to reuse

All articles are published under CC BY 4.0. Take the patterns, cite the source, build better neighbourhoods.

Found something?

Responsible disclosure

If you have found a vulnerability in a Snakken system, we want to hear from you — confidentially and with a prompt response. Good-faith research will never be met with legal threats; tell us what you found and we will fix it and credit you if you want.

security@snakken.app