Frequently Asked Questions

1. 1. Click the "Sign Up" button in the top navigation
2. 2. Choose a username (3-32 characters, letters, numbers, underscores, and hyphens only)
3. 3. Provide your email address
4. 4. Create a strong password (minimum 8 characters, must include uppercase, lowercase, and numbers)
5. 5. Check your email immediately for the verification link
6. 6. Click the verification link within 10 minutes of signing up

• • Minimum 8 characters
• • Must contain at least one uppercase letter
• • Must contain at least one lowercase letter
• • Must contain at least one number

Email can be changed with password verification. However, usernames are permanent to maintain accountability. Profile information like bio, website, and location can be updated at any time.

• • Two-factor authentication (2FA) for additional account security
• • Secure session management
• • IP-based security monitoring
• • Account activity tracking

• • Bio (text description)
• • Location
• • Website link
• • Profile avatar
• • Profile banner
• • Email address (requires verification)

• • Username
• • Bio and optional information (if provided)
• • Post and comment history
• • Communities you moderate
• • Follower/following counts
• • Join date

Yes, you can:

• • Pin your favorite communities
• • Customize the order of pinned communities
• • Access pinned communities quickly from the sidebar
• • Pin/unpin communities at any time

• • Text posts with titles (up to 120 characters)
• • Post content up to 20,000 characters
• • Comments up to 10,000 characters
• • Images (up to 10 per post, 3 per comment)
• • Videos (up to 10 per post, 3 per comment)

Please note that all markdown text counts toward your limit, so  will count as multiple chars toward your limits!

Posts and comments cannot be edited or deleted after posting. This policy ensures accountability and maintains conversation integrity. Consider carefully before posting as content is permanent.

Yes, to maintain quality discussions:

• • 1 post per 30 seconds
• • 1 comment per 30 seconds
• • Comment nesting limited to 1024 levels deep
• • Maximum file size for uploads: 15MB

You can star posts to save them for later reference. Starred posts are private to your account. You can view all your starred posts from your profile. Stars don't affect post visibility or ranking.

Users can bump posts they find interesting. Bumps help maintain visibility for important discussions. Each user can bump a post once. Bump count and last bump time affect post visibility.

Yes, posts can be pinned in two ways:

• • Community moderators can pin posts to the top of their communities
• • Administrators can pin posts platform-wide

Pinned posts remain at the top of their respective feeds.

Browse available Pochas through the directory. Click the "Join" button on any Pocha. You can leave a Pocha at any time.

Yes! You can:

• • Create a unique Pocha name (3-32 characters)
• • Set a description (up to 512 characters)
• • Establish community rules (up to 4096 characters)
• • Customize with avatar and banner images

• • Community creation: 1 per second
• • Community settings updates: 2 per 5 seconds
• • Membership actions (join/leave): 3 per 5 seconds

There are two community posting modes:

• • Open posting: Any member can create posts
• • Moderator-only posting: Only moderators can create posts

Members can still comment in both modes. Moderator-only posting mode is only available to site admins at this time.

Communities have a hierarchical moderation system:

• • Multiple moderators per community
• • Moderator ranks determine privileges
• • Moderators can:
  • - Pin/unpin posts
  • - Remove posts and comments
  • - Ban users from the community
  • - Update community settings
  • - Set community rules

• • Community moderators can manage their Pochas
• • Platform-wide moderation for serious violations
• • User reports help identify problematic content
• • IP-based abuse prevention
• • Account bans for serious violations
• • Moderators are in charge of their Pochas.

• • Illegal content
• • Harassment or abuse
• • Nudity
• • Content that violates intellectual property rights
• • Spam or excessive self-promotion

Use the report button on posts/comments. The report limit is 5 reports per minute. Provide specific details about the violation. Moderators will review and take appropriate action.

Moderators are responsible for:

• • Enforcing community rules and platform policies
• • Reviewing reported content
• • Managing community settings and appearance
• • Handling user disputes and appeals
• • Maintaining community health and engagement

soj.ooO has a strong commitment to free expression. All legal speech is protected and allowed. There is no censorship based on personal or political preferences. Content is only removed if it violates U.S. law.

Only speech that is illegal under U.S. law is prohibited, including:

• • Direct incitement to violence
• • Unlawful harassment or threats
• • Defamation
• • Content that violates protected categories under U.S. law

The platform leaves moderation to its moderators. The platform itself does not moderate based on ideology or opinion. Content reported as illegal is reviewed against U.S. law. The focus is on protecting legal expression regardless of controversy, period.

• • Secure session management
• • Rate limiting and abuse prevention
• • No sharing of personal information
• • Optional two-factor authentication

• • Username
• • Post and comment history
• • Community memberships
• • Optional profile information (bio, website, location)
• • Account creation date
• • Anything you do that notifies someone else.

• • Comments on your posts
• • Bumps on your posts or comments
• • Replies to your comments
• • @mentions in posts or comments
• • New followers
• • New posts in communities you moderate
• • Reports (for moderators)

Yes! You can enable or disable notifications for:

• • Post comments
• • Post and comment bumps
• • Comment replies
• • @mentions
• • New followers
• • New posts in moderated communities
• • Reports (for moderators)

Yes. Create a video channel from your profile, then use the upload button on the channel page. You can also upload directly from the Studio dashboard.

• •Containers: MP4, MOV, MKV, WebM, 3GP
• •Video codecs: H.264, H.265/HEVC (including iPhone hvc1), AV1, VP9, VP8, MPEG4, ProRes
• •Maximum file size: 5 GB per video
• •Maximum duration: 2 hours per video
• •User storage quota: 50 GB total across all your videos

Yes. iPhone .mov files uploaded from Safari are fully supported, including HEVC (hvc1) recordings. Vertical videos are automatically rotated correctly during encoding. If a video appears rotated, refresh or try re-uploading.

Uploaded videos are transcoded to adaptive HLS with multiple quality levels. Videos stream smoothly on any connection using an Apple style HLS player with hardware accelerated playback, preview scrubbing via sprite thumbnails, and fullscreen support. Plays, likes, and comments are tracked per video.

• •Format: MP3 only
• •Maximum file size: 30 MB per track
• •Maximum duration: 30 minutes per track
• •User storage quota: 2 GB total across all music
• •Cover art is optional. If your MP3 has embedded ID3 cover art we extract it automatically. Otherwise the site logo is used.
• •Music playback includes a built in audio visualizer with three modes: bars, bouncing cover art, and plasma fractal. All modes are bass reactive.

Yes. Every published video has an embed URL at /embed/v/[id] that works in iframes on any website. The embed player has the same visualizer support for music tracks.

Channel Studio is the creator dashboard for each channel. It shows your uploads, play counts, subscriber growth, pending encodes, reports filed against your content, and tools to edit titles, descriptions, thumbnails, or delete videos. Channel owners can also invite staff members with specific permissions.

Yes. Any channel owner or approved channel staff can go live from the Go Live page on their channel. You have two options: stream directly from your browser with no extra software, or plug in an external RTMP encoder like OBS or Streamlabs.

Yes. The Go Live page has a built in browser based broadcaster with no downloads required. You can stream from camera, screen share, or both at once. It works in Chrome, Edge, and Safari.

• •Camera only, screen share only, or picture in picture (camera overlaid on screen)
• •Switch between sources live without ending the stream
• •Pick your camera, microphone, and quality (up to 1080p) from device selectors
• •Upload custom image overlays (logos, lower thirds, branding) and position them anywhere on the canvas
• •Switch between multiple overlays on the fly
• •Freehand draw on top of your stream in real time (great for whiteboarding or annotating screenshares)
• •Live viewer count, chat, and stream stats in one view

Yes. From the Go Live page you can invite any soj.ooO user by username. They get a join link, and once they accept, their camera and mic appear in the stream alongside yours. The layout rearranges automatically as guests join or leave. Great for multi host podcasts, interviews, or panel discussions, no external software needed.

• •Go to your channel's Go Live page and switch to the RTMP option
• •Copy the RTMP server URL and your stream key
• •In OBS, go to Settings then Stream, choose Custom service, paste the server URL and stream key
• •Set a title and description, then click Start Streaming
• •Your stream will appear live on your channel within seconds

Your stream key is a secret. Anyone who has it can broadcast to your channel as you. If you accidentally expose it, rotate it immediately from the Go Live page. The browser broadcaster does not use a stream key directly, so sticking to browser streaming avoids this risk entirely.

Every live stream has a real time chat. Viewers who are logged in can post messages. The channel host and approved moderators can delete messages or temporarily ban abusive users from the chat. A popout chat window is also available for streamers who want to overlay chat in OBS.

Yes. When a stream ends, the recording is automatically saved to your channel as a video on demand. You can edit the title, description, thumbnail, or delete the recording from Channel Studio.

Every direct message on soj.ooO is end to end encrypted. That means only you and the person or people you are chatting with can read the messages. Not soj.ooO, not our servers, not the database. Even if our infrastructure is fully compromised, the message contents stay unreadable. Both 1:1 chats and group chats are encrypted the same way.

• •Key exchange: X-Wing, a post quantum safe hybrid KEM combining X25519 (classical elliptic curve) and ML-KEM-768 (NIST standardized lattice based)
• •Key derivation: HKDF-SHA256 over the shared secret
• •Message encryption: AES-256-GCM with authenticated encryption
• •Transport: messages are delivered in real time over SSE and cached locally in IndexedDB

Yes. Our X-Wing hybrid key exchange combines classical X25519 with NIST standardized ML-KEM-768. A future attacker with a quantum computer would need to break both algorithms to recover any key, which is currently believed infeasible. AES-256 also has sufficient margin against Grover style quantum attacks.

No. Within a single conversation we do not rotate keys on every message like Signal's Double Ratchet. Every message in a conversation is encrypted with the same symmetric key. This is a deliberate tradeoff. The benefit is that messages can be decrypted on any of your devices, including new devices you add later, without complex ratchet state. The cost is that if an active conversation key is compromised, all past messages in that conversation are also compromised. For group chats we do rotate keys when membership changes, which limits exposure when someone joins or leaves a group.

A group conversation uses a single symmetric AES-256-GCM key. When the group is created the creator generates a random key and distributes it to each invited member by wrapping it with that member's public X-Wing key. When members are added or removed, a new epoch begins with a new key. Old epochs stay readable only to members who were present at the time, so a new joiner cannot read older messages and a kicked member cannot read newer ones.

Your private encryption keys are derived from a 12 word recovery phrase (BIP39 style). This phrase is shown to you once when you first enable messaging. Save it somewhere safe. If you lose access to all your devices, the recovery phrase is the only way to decrypt your conversations again. soj.ooO does not keep a copy. Never share it with anyone.

Yes. Your identity keys are themselves encrypted under a key derived from your OPAQUE login. The encrypted key bundle is stored on the server but only you can decrypt it by logging in with your password. That means any device where you log in can read your conversations, including new ones you add later.

No. Every message is encrypted in the sender's browser before it leaves their device, and is decrypted only in the recipient's browser. Our servers only see opaque ciphertext. We also cannot read images shared in DMs because they are encrypted with the same conversation key before being uploaded.

No. soj.ooO uses OPAQUE, a zero knowledge password protocol. Your actual password never leaves your browser and never touches our servers. Not even during login. Even a full database dump would not reveal your password.

OPAQUE is an IETF standardized asymmetric password authenticated key exchange. Instead of the client sending a password or its hash, both sides engage in a cryptographic protocol. At the end the server proves knowledge of a password verifier you registered, and the client proves knowledge of the original password. Neither side learns the other's secret directly.

OPAQUE produces a high entropy shared export key as a byproduct of login. That export key is used to encrypt your private X-Wing keys before they are stored on the server. So logging in with your password gives you access to decrypt your DM keys, without the server ever seeing either your password or your private keys.

Because we never see your password, we cannot reset it for you in the traditional sense. You can request a password reset via email to replace your account credentials, but your DM recovery phrase is the only way to restore your end to end encrypted conversations. Losing both means losing access to old encrypted messages. New messages after a reset will work normally.

Yes. Enable TOTP based two factor authentication from your settings. Any standard authenticator app (Google Authenticator, Authy, 1Password, etc.) works. We strongly recommend enabling 2FA to protect your account and your DM keys.

Every post and comment you submit is cryptographically signed in your browser before it leaves your device. The signature covers the title, body, attachment hashes, your user id, the community id, and the timestamp. Anyone reading your post later can mathematically verify that the bytes they are seeing are the exact bytes you signed and were not modified by anyone, including soj.ooO itself.

• •Hybrid signature: every signature is the concatenation of an Ed25519 (classical elliptic curve) signature and an ML-DSA-44 (NIST standardized lattice based, post quantum) signature
• •Both halves must verify for the post to count as signed. An attacker would have to break both algorithms at the same time to forge a signature
• •Signing happens entirely in your browser via WebAssembly. Your private signing seeds never leave your device unencrypted

Click the small green badge next to a post or comment's signature line. A modal opens showing the signer, the timestamp, and a "Verify locally" button. Clicking it pulls the signer's public keys, downloads the signature blob, rebuilds the canonical bytes in your browser, and runs hybrid_verify locally. You see ✓ Verified or ✗ does-not-match without trusting the server's word for it. If the post has image attachments, your browser also re-hashes the image bytes and confirms each one matches a hash that was signed.

• ✓Green: the signature is present and was verified on submit. The bytes you are seeing are byte for byte what the author wrote and signed.
• ×Red: either the post was edited (and the original signature was invalidated) or the signature is missing entirely. We surface this state to every reader rather than hiding it.

No. We do not have your decrypted signing seeds, so we cannot produce a valid signature in your name. We could in principle modify the title, body, or attachment list of a post stored in our database, but doing so would invalidate the signature, and every reader would see the red ✗ badge on that post immediately. There is no path that lets us silently rewrite signed content.

You may edit your own post or comment within five minutes of submitting. Your browser re-signs the new content and the post stays green-badged. After that window closes, the content is locked. This is deliberate: signed content that other users have already read or replied to stays on the record as written, so nobody can rewrite history after a thread has played out.

Your signing seeds are derived deterministically from your account secret, the same one that backs your DM keys and your 12 word recovery phrase. The server stores your public keys (so anyone can verify your signatures) and your encrypted private seeds wrapped under your OPAQUE login key (so you can sign from any device after logging in). The server cannot decrypt the seeds.

If you forget your password and your recovery phrase, you can Start Fresh: generate brand new signing keys for future posts. The old key is closed out and the system records the time window during which it was valid. Posts you signed in the past still verify against the historical key (we keep the public-key history, not the secret), so your old content stays green-badged. New posts use the new key.

Not at this scale. Some federated networks use signatures internally for transport, but no major social platform exposes per post hybrid post quantum signatures that any reader can verify on their own. Combined with end to end encrypted DMs and OPAQUE login, the soj.ooO crypto stack is unique among consumer social platforms. We think it should be the default.