Word by Word Stories is a multiplayer game where a group of people build a story together, one word at a time. Each player takes a turn, adds a single word, and the story grows in whatever direction the group takes it. There was also a mode for short sentences, up to a set number of characters, for when one word wasn’t quite enough.

To keep track of who wrote what, each contribution was highlighted in the author’s colour, so at any point you could look back at the story and see exactly who had steered it in which direction. The backend was a Spring Boot application that used WebSockets to detect when players were actively in a game and when they’d dropped out. The frontend was built with Expo and React Native. I’d even put together Terraform scripts to spin up the backend on AWS EKS or ECS. Login worked. The highlighting worked. The game worked.

I never released it.

The reason isn’t what most people assume when a side project dies quietly. It wasn’t a technical problem. I’ve worked at companies that handled user data at scale and I knew what securing PII looked like, both in transit and at rest. That part didn’t intimidate me.

The problem was liability. The moment you store user credentials, you’re responsible for them. And no matter how well you secure the data, a breach is always a non-zero possibility. When I looked into what that meant for me personally, the advice was clear: you’d want a legal entity, a company, to hold that liability rather than yourself as an individual.

Starting a company to shift legal risk for a side project I wasn’t sure would gain traction was a step too far. So the app sat, and stayed sitting.

I still think the concept is good. A game that produces genuinely unpredictable collaborative stories has real potential, and the mechanics were fun enough to be worth finishing properly. What I’ve come to realise since is that the PII problem had more solutions than I gave it credit for. Using OAuth means you never touch a password in the first place. Anonymous sessions with no persistent identity removes the problem entirely. The liability concern was real, but I’d probably stopped looking for a way around it before I’d fully exhausted the options.

Whether I’ll go back to it, I don’t know. But it isn’t dead. Just waiting.