1 points | by timeproofs a day ago ago
2 comments
That’s exactly the right framing — those questions matter.
In many cases, a secure hash alone is enough to prove integrity (“this file hasn’t changed”). The gap usually appears around time and independence.
A hash answers what, but not always:
when the hash existed,
who can verify that claim later,
or whether the timestamp depends on the same system that controls the data.
In practice, people handle this today with a mix of:
hashes stored in internal systems,
logs,
emails,
screenshots,
or third-party platforms.
These work operationally, but during disputes or audits they often collapse back to “trust the system that says so”.
The approach I’m interested in is minimal:
hash the data locally,
bind that hash to a point in time via an external, neutral timestamp,
keep verification possible long after the fact, without access to the original system or data.
Not as a legal silver bullet, but as a technical primitive: integrity + existence at time T, independently verifiable.
Curious to hear what you’ve seen work reliably when trust in the original system is no longer assumed.
Proving to who, where, with what standard of proof, and how long after the fact?
Secure hashes of files can cover many of the use cases.
That’s exactly the right framing — those questions matter.
In many cases, a secure hash alone is enough to prove integrity (“this file hasn’t changed”). The gap usually appears around time and independence.
A hash answers what, but not always:
when the hash existed,
who can verify that claim later,
or whether the timestamp depends on the same system that controls the data.
In practice, people handle this today with a mix of:
hashes stored in internal systems,
logs,
emails,
screenshots,
or third-party platforms.
These work operationally, but during disputes or audits they often collapse back to “trust the system that says so”.
The approach I’m interested in is minimal:
hash the data locally,
bind that hash to a point in time via an external, neutral timestamp,
keep verification possible long after the fact, without access to the original system or data.
Not as a legal silver bullet, but as a technical primitive: integrity + existence at time T, independently verifiable.
Curious to hear what you’ve seen work reliably when trust in the original system is no longer assumed.
Proving to who, where, with what standard of proof, and how long after the fact?
Secure hashes of files can cover many of the use cases.