yes, especially for the API because there's no cost relative to hosting the docs

whcich blockchain? Is it a blockchain accessible to anyone to verify?

Hello Peter! This article presents the solution but to explain a little bit more, the general configuration for eSignature in Woleet Sign is the platform generating keys for each signer (generated randomly in each request) and then send private links by email and OTP SMS if a phone number is provided. So in the end Woleet timestamps a proof that the person controlling a specific email and a specific phone number had a specific document in his possession and agreed to sign. It's also possible to use our signature system with your own keys associated with people with verified identities (KYC), to comply with "advanced" eSignature regulation in Europe.

we do not reinvent the wheel here the proof generated is downloadable in the chainpoint format (https://w3id.org/chainpoint/v2) and we also support Opentimstamps format. The verification tool allows you to download the chainpoint V2 format only though

hi, I'm woleet's ceo. I can give you all the details you want. To explain it simply, for each signleFile export we "anchor" the hash in Bitcoin. It means each hash is link to one particular bitcoin transaction. Feel free to ask any question I'll be happy to answer

Actually, I also cannot find any information how this is actually achieved by your service. As OP mentioned, if "just" a browser extension is used to create a hash of the html page, one could use dev tools to modify the dom inside the browser and then create the hash...

I think the OP is thinking in a scenario where if the proof is generated locally, it just proves the existence of that file, not that the file was public on the internet, you could use a proxied network (or just hosts file ?) to fool the browser extension. I'm not implying this is the case, but if you could explain how it is implemented would be great.

I think kwantam's point is that you are merely storing a hash of the resulting file, it proves it existed at a certain datetime, but it doesn't guarantee it wasn't modified (which TLSNotary does, albeit with a trusted third party required)

This wasn't clear from the link, as there was very little technical information provided.

I get it, and no, nothing proves you didn't modify it. Maybe a solution is to create some king of "witness community" stamping the same page at the same time. It will have diferent hashes each time and the evidence could be stronger in the end

If the website uses SSL, would it be possible to prove that the server signed the particular sequence of bytes you received? That doesn't prove that nobody modified the data but it does prove that anyone who did was able to sign things with a key that nobody else should have access to.

My understanding is that with usual SSL, it seems that one cannot make a proof based on your interaction with the server that you could use to convince a skeptic at some undetermined later time, However, others here have mentioned the tlsnotary idea which, if you are interacting with the person you want to prove it to live while you get the info from the server, then you can. And, if the server supports the TLS-N extension, then you can instead make a proof that should convince arbitrary people later.

That is actually a problem. It should be usable inside the deep web.e.g. to proof that i made a purchase at a website and as a second step that my review of thepurchase is real.

This sounds extremely expensive due to the cost of bitcoin transactions. What ZeroNet is doing seems much more feasible. https://zeronet.io/

If they are using Merkle trees to aggregate pages, they can have many page proofs in one transaction.

We use layer 2 technology, the main idea of woleet is to stamp many hashes (possibly millions of hashes in one bitcoin transaction) our service is running for years and we produce thousands of proofs daily.

what do you mean with layer 2 technology? If you're talking about the data link layer of the OSI model I am not sure how that applies here..

"Layer 2 refers to a secondary framework or protocol that is built on top of an existing blockchain system."

from https://www.binance.vision/glossary/layer-2

Layer 2 is essentially an application layer abstracted on top of a blockchain. Among other things it is a way to allow for better scalability.

It basically means off-chain, so I'm not quite sure where the accomplishment is. Sorry for the bluntness, not trying to be an asshole. Open to further explanation.

How do you prove that the user did not modify the page before computing the hash?

Do you have documentation of how this is done?

There are some, many even, instances where the kind of fraudulent modifications you might want to do could not realistically be done at the time the page is saved, but could be done at a later date.

So for that, it's useful.

Could you describe such scenario? I fail to find one where this would be useful.

this tool does not guarantee that you've not modified the export before you stamp it. The main protection is the timestamp and the fact that the hash is calculated by the extension itself. This proof just guarantee that this particular file existed at this date. I personnally believe that even if it's not a siver bullet, the certain date is the main protection it provides. If you want to make some fraud with a bitcoin timestamp, you need a proper timing and preparation. In conclusion it just makes things harder

Being able to prove that a certain webpage exists locally at a given date is rather useless. The only utility there is if the page contains confidential information and you want to prove that you had that information at that time, but you could do that just as easily without saving a whole web page in the process.

Yeah, ironically the whole point of SingleFile for me is that I can locally edit webpages to strip out ads and other crap so I can send them to friends or family who might not have ad blockers.