Trust boundary experiment
SteamPanno
SteamPanno was a reminder that the delivery shape is part of the product. A one-time creative tool should not ask for more trust than the output deserves.
Selected evidence
Moved the trust conversation from downloadable executable to browser-first session and server-side secret handling.
Captured the difference between static hosting and auth-backed web tools.
Used public feedback to revise the product surface instead of defending the original package shape.
- Credential
- Steam OpenID
- Secret
- Server only
- Output
- Poster image
- Trust ask
- Browser session
The mistake
A small tool can still ask for a large trust decision if the package shape is wrong.
The better shape
Put the sensitive parts on the server, make the browser path obvious, and ask only for the trust the output needs.
The carryover
That same instinct applies to customer tools, AI integrations, and support systems: the trust boundary is a feature.