UnitedLines Whitepaper

Executive Summary

UnitedLines is a next-generation social platform architected to restore user sovereignty and digital civil liberties through end-to-end encryption, transparent moderation, and expertise verification. Unlike incumbent social networks that monetize user attention through behavioral profiling and targeted advertising, UnitedLines operates as a privacy-first platform with zero tracking, zero advertising profiles, and zero data resale. The platform combines military-grade Signal-based encryption for direct messaging, public moderation transparency logs, voluntary expertise verification, and nested discussions to enable trustworthy, expertise-weighted communication at scale. Built on modern infrastructure with PostgreSQL, Next.js, TypeScript, and Drizzle ORM, UnitedLines targets enterprise, civic, and professional use cases requiring both security and accountability.

Problem Statement and Motivation

Contemporary social networks have devolved into attention harvesting platforms where user behavior, location, social connections, and browsing history are continuously profiled, aggregated, and weaponized for targeted influence. Platform operators monetize user data, externalize privacy risks onto users, and enable state-level surveillance. At the same time, centralized moderation systems lack transparency, generate distrust, and often reflect opaque corporate values rather than community standards. UnitedLines was created to invert this power dynamic: users own their data, encryption prevents platform surveillance, moderation is transparent and auditable, and expertise verification enables signal-to-noise filtering without algorithmic manipulation. Our thesis is that sustainable, trustworthy communication requires privacy by design, user control, and radical transparency in governance.

Encryption Model and Metadata Minimisation

Direct messages between users employ Signal Protocol encryption: asymmetric Elliptic Curve Diffie-Hellman (ECDH) key exchange combined with AES-256-GCM authenticated encryption. Each direct message thread generates unique encryption keys derived from the initial Diffie-Hellman shared secret and user password hashes. Keys are generated client-side, stored locally on user devices, and never transmitted to or stored on UnitedLines servers. The platform architecture is server-blind: UnitedLines servers cannot decrypt message content, cannot derive keys from message metadata, and cannot access user secrets.

File transfers in encrypted threads use the same encryption model: users exchange encryption keys via encrypted messages, then upload encrypted file blobs to object storage. The server stores encrypted content only; content encryption keys never transit through UnitedLines infrastructure. Public posts and comments are not encrypted but do not require it: moderation transparency and abuse filtering operate on plain text, while user privacy is protected through metadata minimisation and no behavioral profiling.

We implement metadata minimisation across all data flows: the platform does not collect IP addresses, device fingerprints, browsing history, referrer data, or temporal access patterns. Connection metadata (message timing, frequency between users, message size) is minimised through padding and time-jittering. Public content is completely decoupled from user identity profiling, preventing algorithmic targeting. Even partially encrypted metadata is avoided where feasible; the platform prioritizes user privacy over server-side convenience.

Moderation Transparency and Enforcement

Every moderation action is logged in an immutable, publicly accessible transparency log: account suspensions, content removal, shadow bans, abuse score changes, and moderator identity are recorded with full justification and timestamps. Community members and researchers can query this log to audit platform governance, detect bias, and hold moderators accountable. This architecture inverts the typical black-box moderation model and creates continuous incentive alignment between moderators and the community.

Shadow banning (where posts from a user remain visible only to themselves) is used sparingly for coordinated abuse campaigns while maintaining transparency: the log notes when a user is shadow banned and why. Content removal decisions cite specific policy violations; moderators must provide evidence-based reasoning. Appeals process is available for all suspension and removal decisions. Abuse scoring is algorithmic but auditable: the platform publishes the rules that trigger abuse score increments so users understand the relationship between actions and consequences.

File Transfer Security Model

Encrypted file transfers in direct message threads use zero-knowledge architecture: the server cannot access file content, cannot analyze file metadata beyond MIME type, and cannot retain unencrypted copies for purposes of advertising, behavioral profiling, or legal discovery. File upload workflow: sender generates AES-256 key locally, encrypts file using AES-256-GCM, uploads encrypted blob to object storage, sends encryption key to recipient via encrypted direct message. Recipient downloads encrypted blob and decrypts locally using the key. The server stores only encrypted objects; the relationship between files and users is logged but content is never visible.

This model provides plausible deniability for server operators: UnitedLines cannot comply with requests to produce unencrypted user files because they do not exist on the server. It prevents casual law enforcement overreach, makes bulk surveillance extremely difficult, and ensures that hacked servers or compromised backups do not expose user content.

Technical Architecture and Data Model

UnitedLines backend runs on Next.js 13.5 with TypeScript, PostgreSQL database, Drizzle ORM for type-safe queries, and Radix UI for accessible frontend components. Client-side encryption is implemented in TypeScript using TweetNaCl.js and libsodium for cryptographic primitives. The architecture strictly separates concerns: authentication (JWT via secure cookies), encryption key management (client-only), and server-side authorization checks on all data access.

Database schema includes users (with premium/admin/moderator flags and privacy settings), posts (with expertise claims, scheduled publish support, and nested replies via reuniteParentId), comments (nested replies to posts), direct message threads (with encrypted payloads), file transfers (with encrypted blobs), reactions (emoji-based), notifications (mention, reply, reaction, follow events), and transparency logs (moderation events with full justification).

API endpoints follow REST patterns with Zod schema validation, automatic rate limiting per user/IP, and error wrapping via typed responses. All database mutations include session validation and abuse score checks. Rate limiting thresholds are configurable; defaults are designed to prevent spam without limiting legitimate use.

Scalability and Infrastructure Strategy

UnitedLines is designed for horizontal scalability across geographic regions. The stateless API layer runs on containerized infrastructure (Kubernetes or equivalent), allowing traffic to be distributed across multiple zones. PostgreSQL operates in primary-replica configuration with automatic failover; read replicas serve feed queries and search requests. Object storage for encrypted file uploads uses cloud provider S3-compatible storage with regional replication.

Redis is used for rate limiting, session token cache, and real-time notification delivery. WebSocket connections for real-time features are multiplexed through stateless servers to avoid sticky session dependencies. This architecture enables single-region deployment in early stages and multi-region deployment as traffic grows, with automatic traffic rerouting on regional outages.

Encryption operations are entirely client-side, preventing the server from becoming a bottleneck for cryptographic processing. This design choice enables linear scaling: server throughput depends only on authentication checks, abuse filtering, and data storage operations, not on encryption/decryption cycles.

Business Model and Revenue Streams

UnitedLines revenue model does not depend on user data exploitation. Premium features generate sustainable revenue without compromising privacy: enhanced moderation controls, custom community branding, analytics dashboards, export tools, and priority support. Enterprise licensing targets organizations (civic bodies, educational institutions, corporations) that require self-hosted or managed instances with custom moderation policies and audit trails.

Base platform is free for individual users. Premium tier ($8-15/month depending on region) unlocks scheduling, analytics, community creation, and custom verification workflows. Enterprise licensing is priced per seat with volume discounts. This approach aligns incentives with users rather than advertisers: we succeed when users find the platform valuable, not when we maximize engagement or exploit attention.

Regulatory Compliance and Jurisdiction

UnitedLines Ltd is incorporated in the United Kingdom and complies with GDPR, UK Data Protection Act 2018, and equivalent privacy regimes. GDPR compliance is built into architecture: user data is minimised by design, encryption prevents profiling, and user rights (access, deletion, portability, objection) are implemented through API endpoints and admin tools. Data subject access requests are fulfilled within 30 days with complete export of personally identifiable data.

The platform implements data processing agreements for enterprise customers. Subprocessors (cloud providers, CDN operators) are disclosed and contractually bound to equivalent privacy requirements. Data is retained for the minimum necessary duration: deleted account data is purged within 90 days; moderation events are retained for 7 years to prevent re-offense; temporary operational data (session tokens, rate limit counters) expires automatically.

End-to-end encryption raises specific compliance questions: UnitedLines does not retain decryption keys, cannot comply with demands for plaintext intercepts, and does not have technical capability to monitor encrypted content. This is disclosed upfront to users, regulators, and law enforcement. We cooperate fully with legal process on metadata and account information within our technical capability; we default to user privacy where encrypted content is involved.

Competitive Landscape and Differentiation

Incumbent social networks (Meta, X, TikTok) compete on engagement and attention monopoly; their revenue model depends on behavioral profiling and targeted advertising. These platforms are fundamentally incompatible with privacy-first architecture. Messaging platforms (Signal, Wire, ProtonMail) prioritize encryption but lack social features, feed algorithms, or community building. Mastodon, Bluesky, and Nostr offer decentralization but lack moderation transparency and expertise verification.

UnitedLines differentiates through combining end-to-end encryption, transparent moderation, expertise verification, and social features (nested comments, feed, communities, reactions) into single platform. This combination is unique: no existing platform prioritizes all four simultaneously. Our competitive advantage is alignment of incentives with users rather than advertisers, technical transparency, and commitment to user digital rights.

Privacy by Design Principles

UnitedLines implements privacy by design across all product decisions: personal data is minimised (no profiling, no behavioral tracking, no IP logging), encryption is default for sensitive communications, user control is maximized (block users, mute threads, customize notification settings), transparency is radical (open moderation logs, published privacy policies, public API specifications). Defaults favor privacy: new accounts do not share followers or following lists publicly unless explicitly enabled; users must opt-in to community visibility.

Data protection impact assessments are conducted before implementing features that may affect privacy. Privacy-affecting changes are documented and communicated to users in advance. No dark patterns are used to coerce data sharing or increase engagement metrics at the expense of privacy.

Future Roadmap and Vision

Phase 1 (Current): Launch private beta with core features (messaging, posts, comments, expertise badges, transparency logs). Phase 2 (Q1 2026): Public launch with communities, full federation support, and enterprise licensing. Phase 3 (Q2 2026): Expertise-weighted feed algorithms allowing users to subscribe to expert-curated rankers maintained by institutions rather than algorithmic black boxes. Phase 4 (Q3 2026): Decentralized verification through integrations with professional societies and educational institutions for credential verification.

Long-term vision is building the first expertise-weighted social graph at global scale: a platform where authority derives from voluntary credential verification and community consensus rather than engagement metrics or algorithmic ranking. This requires shifting power from platform operators to communities and enabling competing authority structures to coexist. If successful, UnitedLines could demonstrate that high-trust, low-manipulation social platforms are economically sustainable and technically feasible at scale.