Forty percent of our daily generations come from users who've never created an account and never will. This is, on paper, a funnel catastrophe. In practice, it's the single best decision we've made as a product. This post is about why.
I run zsky.ai, a free AI image and video tool. Our architecture allows any visitor to generate without signing up — no email, no OAuth, no credit card, no "confirm you're human" wall on the first try. I'll explain how it works technically below, but I want to start with the philosophy because the implementation follows the intent, not the other way around.
Why anonymous-first, when everyone tells you to gate
Every growth book will tell you to capture the email address. Every YC partner will ask you what the activation metric is and it had better be account-creation. Every paid ads deck assumes you're paying to get people to create accounts, because without an account you can't retarget, can't email, can't measure LTV.
I know all this. I let my ops person beg me for an email wall for six months. I still say no. Here's why.
The product I'm building has a specific moral contract with its users. The contract is: you can try this without surrendering anything. You can make something beautiful without first agreeing to receive marketing. You can test an idea against an AI without the AI's vendor acquiring your identity to sell to someone else.
The reason I care about this contract is specific to my own history. I grew up moving across borders — eight displacements before I was an adult. When you move that much, every institution makes you prove who you are before it gives you anything. I learned to be allergic to "sign up to access." Then I had a TBI at 27, and again I had to prove to every medical system, insurer, and employer that I deserved to be let in.
I will not build that experience into a creative tool. Not for a growth metric, not for an ad retargeting pool, not for an LTV line on a slide deck. The free, no-account generator is the whole product. Everything else is optional.
The counter-argument, taken seriously
"But you can't grow without emails." Let's steelman this.
Growth without owned contact is definitely harder. You can't email a lapsed user back. You can't retarget anonymous traffic cheaply. You can't build the compound email-list flywheel that most consumer SaaS runs on.
My response: we've grown to 52,000+ registered users plus meaningful anonymous volume in eight months, with zero paid advertising and a deliberately broken growth funnel. How?
- Word of mouth. Anonymous generations get shared. Watermarked free-tier outputs travel. People screenshot the URL and text it to a friend. Our top organic referrer is "direct traffic that didn't come from anywhere identifiable" — which I read as someone forwarded a link.
- Search. A product that costs zero dollars and requires zero signup gets a lot of "how to X for free" search traffic. Google has rewarded us for letting users do what they came to do.
- The moral contract converts better than a wall. When people want to save a generation, upscale it, or use a larger model, they sign up happily because they've already experienced the product being good. The signup form is a small cost for something they already know is worth it. Our anon-to-registered conversion has been steady at ~9.3%, which is not bad for users who never saw an email wall.
- Returning anonymous users. We set a device fingerprint cookie that persists anonymous credits across sessions. People come back without signing up. They generate, we don't know who they are, they share, and eventually — maybe — they sign up, or maybe they don't. Both are fine.
The moral of the story is that we traded a legible funnel metric (email capture rate) for illegible quality (product trust). Illegible metrics are harder to defend in a board meeting. I don't have a board. If I did, I'd pick a different one.
How it actually works
Here's the technical scaffolding that makes anonymous-first possible:
1. Daily credits, per-fingerprint
Every anonymous visitor gets N free credits per day, keyed to a device fingerprint (fingerprintjs + IP-range salt). The credits refresh at midnight UTC. The fingerprint is stored client-side and server-side, and we do NOT cross-reference it with any identity data.
This is the whole unit of abuse prevention for anonymous users. It's not foolproof — a determined abuser can rotate fingerprints — but it's enough that the median bad actor gives up before the median good actor notices any friction.
2. Soft-escalation challenge, only on suspicion
A CloudFlare bot score above a threshold triggers a silent challenge. Humans don't see it. Bots see a CAPTCHA and mostly give up. No first-render CAPTCHA, ever. This is a religious rule of mine: if the first thing a new user sees is a "prove you're human" wall, the product has already failed them.
3. Backend: a queue that doesn't care who you are
Our generation queue accepts jobs from registered and anonymous users through the exact same endpoint, with the exact same priority function. Anonymous users' jobs are tagged with their fingerprint hash instead of a user_id. Everything downstream — dispatching, rendering, logging — is identical. This means we can't accidentally deprioritize anonymous users through some middleware layer. The path of least resistance treats them equally, because the paths are the same.
4. Storage: outputs expire if unclaimed
Anonymous outputs live in CDN storage for 72 hours. After that they're garbage-collected unless the user claims them by signing up (at which point they're moved into the user's permanent library). This is the only "conversion carrot" in the whole product, and it's framed as "your work is about to expire, claim it" rather than "sign up to save." The framing matters a lot — we tested both.
5. Analytics without identity
We track product events for anonymous users with a rotating ephemeral ID that resets daily. We can see funnel drop-offs, feature usage, and error rates. We can't and won't see "who specifically" is doing what. This is enough for 95% of product decisions and we've stopped missing the other 5%.
The part that's been hard
Being honest: anonymous-first makes three things genuinely harder.
- Debugging user reports. When someone emails "my generation didn't work," we have to ask them the time and a rough description to find it in the logs. With an account, we'd just grep by user_id. We've accepted this friction.
- Pricing experiments. We can't do a randomized price test on anonymous users because we can't hold them constant between sessions. Fine — we do it on registered users and accept the smaller sample.
- Abuse takes longer to detect. An abuser who rotates fingerprints and residential proxies can slip through for a few hundred requests before our heuristic catches them. On a signup-required product, we'd kill their account in one action. We've accepted this because the alternative is making 40% of our good users sign up to defend against 0.1% of bad ones.
Would I do it again
Yes. Without hesitation. Anonymous-first is the product. The subscription tier exists to support the free tier, not the other way around.
If you're building anything in consumer AI right now, I'd challenge you to justify the sign-up wall. What is it protecting that couldn't be protected otherwise? What is the cost of making a curious, trusting person prove their identity before you show them what you made? For me, that cost was unacceptable. Your answer may be different. I just want you to have the argument, instead of accepting the wall by default.
Try it without signing up at zsky.ai/create. If you hate it, you won't even have to unsubscribe. That's kind of the whole point.
I'm Cemhan Biricik. I have aphantasia, I've recovered from a TBI, and I've been displaced across eight countries. I build free AI tools because creativity shouldn't require you to first prove you deserve it. Find me at hello@zsky.ai.
Top comments (0)