Nolto (a professional social site) - My Concerns

06 Feb, 2026

Nolto appears to be styling itself as an alternative service to LinkedIn, but connected to the fediverse.

Quoting some of their own text:

A professional social network that runs on the ActivityPub federation protocol, focusing on privacy, accessibility, and a healthy user culture.

Recently, on my own social media account on the fediverse, I spotted a post from someone who was initially interested in Nolto, but quickly felt it was a little odd. This piqued my own interest so I did some research.

(I did post some of the below as a reply on socials, but I felt it required a more permanent standing in the world, so I've blogged about it too).

Initial observations

Who is behind the venture? There are no details on who is operating it. Users are providing some very sensitive, and personal information (example: work employment), this causes me concerns.

• The Privacy Policy is dated 16 June 2025 but their domain name was only registered on 30 January 2026. (maybe not the end of the world, but you think you'd review around go live)
• The only contact email listed is on the Policy and is a (free?) Protonmail account
• The database is located in Germany, according to their policy docs. Under EU GDPR, and the German Federal Data Protection Act (Bundesdatenschutzgesetz – "BDSG"), they are required to identify their entity
• "Nolto does not use: Analytics tracking" -- They do have some kind of analytics loading

Vibe Coding

Nolto openly admit they are using vibe coding.

Nolto is a federated platform developed using Lovable, a vibe coding tool registered in Sweden (EU)".

Don't get me started on the use of AI for coding. Let alone the fact they may well be using automated decision making, which is another issue under GDPR and you must be able to opt out (I'm obviously guessing that they have automation).

The pitfalls of vibe coding

There are too many to discuss here, but let's take a real life example which surfaced yesterday. It's not related to Nolto, but another vibe coded product.

The product is not important -- it's the process that is worrying.

It would appear that an AI product for the masses has got out of control. The website suggests it was partially created using vibe coding to provide users with their own AI assistant. Ironic, AI creating AI!

This assistant allows people to develop add-ons (skills). From what I can read, a few hundred malicious add-ons were created and can be downloaded by unsuspecting users.

People have raised concerns about this issue. The developer has openly admitted he is struggling with demand, and "people should use their brain when finding skills"

This further demonstrates the lack of checks, balances, and security being applied to vibe coded apps.

Hopefully this particular mess gets resolved soon.

As for Nolto

It's an interesting idea and I don't wish to stifle it, but we need a bit more transparency.

It looks a nice looking site, and I really like the idea. It suggests it is designed to be hosted by anyone (similar to other fediverse servers). Most of the above needs considered if someone else decides to run a copy of Nolto (they'd need their own policies).

I'm genuinely concerned as there is the potential for people to store personal information on the site, with no real understanding as to its safety.

NOTE: Interestingly, Nolto has been down as I type this blog post!

I will keep an eye on progress. 👀

#AI #security