“All the News That’s Omg Lol”

Online Edition
As if we’d actually use ink for this?

Vol. 22 of 35
April 14, 2023 1:24 AM UTC

Introducing Proven (dot lol)

Proven is a new omg.lol service, available today in beta. Proven gives you a way to demonstrate that you own or control things on the internet. If you’ve ever used Keybase, you’ll be familiar with the general idea: you claim that something (a web page, for example) belongs to you, and then you prove it by doing something that can only be done by someone who really does control that item (add specific content to the page, or add a DNS record). The end result is a confirmation that the thing in question is, in fact, bound to you.

Unlike Keybase, Proven doesn’t use cryptography, nor does it require you to maintain your proof indefinitely. Instead, your proofs are tied to the timestamp of when the evidence was captured. This means that you’re proving that you had control over a specific resource at a certain date and time, as opposed to continuous ownership. Because of this, you can add a verification snippet to something, prove it, and then remove the snippet if you’d like. (Though leaving it in place is a nice way to show an ongoing connection to the proof.)

I’m not going to beat around the bush here—this service is meant to be fun and convenient, but it’s not government-level verification or anything remotely close to that. If you’re looking for something more serious, Keyoxide is worth looking into for sure.

As of today Proven is in a somewhat rough beta state, with the roughest part being the automated web page verification process. It uses a headless Chromium instance to load pages and examine the content for the proof verification snippet, including checking the rendered DOM after the page loads (so if the remote resource assembles page content with JavaScript, we can still find the snippet). This works reasonably well, but it’s not perfect, and I’m actively working on an improved process for checking page content. There’s also an issue with some services that block requests from our datacenter, so that’s an issue to iron out as well.

When you check a proof, three different things are checked (in this order):

  1. The headers. If the remote resource emits a header that contains the proof snippet, it’ll be verified and the header will be retained as evidence. (Example)
  2. DNS TXT records. If the remote resource has a TXT record that contains the proof snippet, it’ll be verified and the DNS record will be retained as evidence. (Example)
  3. Content. If the remote resource includes the proof snippet in its content, it’ll be verified and the content will be retained as evidence. (Example)

Soon, for proofs that can’t be verified automatically due to some of the page-checking issues shared above, there will be a way to request manual validation. Also coming soon: negative assertions (a way to say “you won’t find me on Twitter!”) and proofs for other types of internet resources (such as email addresses).

Read more about the service, consider giving it a spin, and share your questions, comments, or bug reports!

— Adam