Closed Registration for a Small Web

I have been running a web service,, with a relatively small active user base, since 2020. I remain happy with it, and administering it takes up a relatively small amount of my time. One reason I am able to sustainably run it, despite having a lot of other obligations and a relatively demanding full-time job, is that I keep its scale intentionally limited. This is through a relatively simple mechanism: closed signups.

If you want to make an account on, you have register with your name and email on this page:

I will ask you for a username and password, and ask you to explain how you came to the site. All accounts are visible on an admin page, where I must approve them before a user becomes active

and able to use the platform.

Through this system, I have had zero issues with spam and only rare issues with inappropriate content. I approve people I know, and people who are friends of people I know. I generally approve people who have a good message in their registration page or email me directly, and occasionally approve others if I feel like volume can handle it at that time.

Signing up for an account on the web is generally pretty low-friction, but I question whether it ought to be. If we think about web infrastructure at its foundational level, signing up for an account puts you into a pretty strong relationship of trust between me (a systems administrator) and you (someone using my system). Your data lives on my computer, and I allow you to put your data on my computer. Is this really something that should be open to anyone?

On massive, web-scale services, the goal is to make this base computational relationship as seamless and invisible as possible, but I question whether it is always a positive thing to obscure this relationship. A closed registration process reminds you that this server is run by a specific person, not a machine

I've been a happy member of the Merveilles mastodon instance (another community with closed signups) for several years, and there are two aspects to their code of conduct that I especially appreciate.

Merveilles Code of Conduct

The first is the four gates of speech. I was (this is embarrassing to admit) an active Twitter user for a long time. I don't feel good about how I acted and behaved on that platform, and in retrospect, I realize much of this is not about some personal moral flaw, but the way in which the platform drew certain traits out of me -- a tendency to be flippant, sarcastic, ironic, sanctimonious, sometimes cruel. Mastodon has a similar interface as Twitter, so it's easy to fall in the same behaviors out of habit, and so the four gates of speech really helped me reconsider. All communities generate a kind of life and experience, and I really believe that large web platforms are almost entirely incapable of producing the kind of values that we want to see in a web community -- we need something smaller, guided by local, community hands.

The second is actually two rules: a black and white avatar, and no posting about meat. These are basically arbitrary, but they remind you that you are not "on the internet", you reside in a specific context with its own community guidelines.

Building a small web service means that you control these standards, not just at a social level, but at a technical one. Since many people, especially developers, are mostly intimately familiar with big web platforms, they tend to reproduce them (intentionally or not) in small web platforms. But I think there's a lot of ways in which technical mechanisms need to adapt to meet the needs of smaller communities, and a lot of exploration that needs to be done in terms of what that technology looks like, and I think some sort of closed-signup mechanism is one key component.