Count the identities a mainstream family device actually juggles: the platform account, the store account, the mail login, the messaging registration, the photo service, the weather app's "optional" profile, the notes sync — a dozen vendors, each with its own password, privacy policy, settings page, and update whims. Now count the governance implied: who audits twelve privacy policies at every update? Who reconciles twelve notification postures, twelve data-sharing defaults, twelve sync behaviors? The honest answer in every household on earth: nobody. The drawer of strangers is ungovernable by design — and the family's standards live at the mercy of its least-audited tenant, per the boring-apps lesson.
What one identity actually unifies
One policy surface. The household's decisions — the child's tier, the quiet hours, the visibility scoping — set once, inherited by every room in the house. On the drawer-of-strangers model, each policy is re-implemented per app to the extent each app deigns to offer it; on the suite, policy is a property of the person, enforced by the platform beneath every app, which is the only place enforcement ever actually works, per the tamperproof architecture.
One data covenant. A single answer to "where does the family's data live and who profits from it" — instead of twelve answers that change quarterly. The local-first photos, the unprofiled search, the unarchived conversations are one posture, stated once, auditable once.
One update rail. Security patches and feature changes arrive on the platform's schedule for everything at once — the update story that keeps protection current without twenty consent dialogs. The drawer's alternative is the update-diff treadmill, run forever, per app.
One family view. The parents' management surface sees the household whole: devices, tiers, policies — not twelve dashboards with twelve logins. The per-person architecture that runs the family's addresses and contacts extends to everything: one identity per person, one view per household.
“Twelve vendors means twelve privacy policies nobody reads. One platform means one covenant everybody can — and that difference is the entire governance model of a family's digital life.”
kolbo.life
The seams, revisited from the login
The suite argument named seams as surfaces; the login is where seams get their permissions. On the mainstream model, "share to" and "sign in with" are identity bridges between strangers — each one a data-flow negotiated between two vendors' interests, with the family as the traffic. On the one-login model, every seam is internal: the photo shares to the gallery under the same identity, the note attaches to the mail under the same policy, and the "sign in with" question simply never arises because there is no stranger to sign into. The maintenance revolution hiding in this: the family stops being its own systems integrator. Nobody in the household reconciles account states, chases sync conflicts between vendors, or debugs why the calendar's account differs from the mail's. The twenty-two apps behave as one product because, at the identity layer, they are one product.
The failure-mode arithmetic seals it: on the drawer model, each vendor is an independent point of compromise — one breached utility leaks whatever it saw, one acquired vendor's policy change re-opens a closed question. The suite's blast radius math is different in kind: one covenant to defend, defended at the platform layer, with the household's compartment principles running inside one trustworthy house rather than across twelve negotiable ones.
Frequently asked questions
Isn't one login a single point of failure?
It is a single point of defense — one credential set to protect properly instead of twelve to protect nominally. Concentration with real protection beats distribution with none; the crown-jewel discipline above is the honest cost, and it is one hour.
What happens to the family's setup if one app has a problem?
The platform model contains it: the app's issue is fixed on the shared rail, the identity and policies unaffected — versus the drawer model, where a vendor's crisis (breach, acquisition, shutdown) orphans that app's data and settings on its own schedule.
How does one login work across the family's different tiers?
One identity per person, policies per tier, household view for the parents — the login unifies each person's apps, not the family into one account. The postal-map principle: shared infrastructure, personal identities, scoped visibility.
Does one login mean the platform sees everything about us?
It means exactly one party's covenant governs instead of twelve — and that covenant is the platform's whole proposition: family data stays in the family, stated once and auditable, per the privacy-by-architecture posture. The question was never whether someone runs your infrastructure; it is whether their business model needs your life. This one doesn't.
Protection for the device already in your pocket
KolBo Secure protects any iPhone or Android — tamper-resistant enforcement, a self-service portal, and real human support. Starting at $14.99/month.
Secure a deviceEnrollment, configuration, and billing in one portal — minutes, not appointments.