What's changed? The interface and primitives available for building applications. Rather than having to create a blockchain, we can _use_ a blockchain to do the timestamping.
Our insight is that this is still too hard to have quick access to use the blockchain meaningfully. So this service is a wrapper around those blockchain/cryptography primitives making it easy to create and lookup. It's the indexing part that can make the difference between a useful app in theory and in practice. In theory anyone could read the blockchain and create their own index from certain data on it...in practice that's more work than most will do... hence this kind of service.
They are labeled "fake" and there's a pretty obvious call to action to replace them with human testimonials when we have them. It certainly seems better to call them out as not real than have them try to pass as real. What they're trying to convey though is valid and hopefully helpful to the reader. It's a good question though and I'd certainly be willing to learn from it if there's an obvious violation.
Happy to show everyone Dibs ... a new data fingerprinting/notary service that writes to a public blockchain so you can prove you had a file at a point in time.
The recent chapter of this story starts on a train to Fosdem, the open source convention in Brussels at the start of February. I wanted something not related to my main work and so I started hacking together a Finder extension for the Mac to fingerprint data with a right-click interface suggested by my lawyer a few years prior. By the return trip I had the sketch of something working.
But the back story–not quite chapter one but close enough–happened a very long time ago. Let's call it 1999. I had a service called digitalpostmark.com that was an email server that would "postmark" the messages coming through it, adding a fingerprint to the message. If someone wanted to verify the email was sent at that point in time they could verify with our database and further re-compute the fingerprint themselves to see if the message had been tampered.
While this was a fun product (read: neat tech, low demand) it would eventually pivot to become SMTP.com's first product (I bought the domain for this), a way to relay emails in an era when mail servers were transitioning from open to closed. It turned out that the postmark server had everything we needed to change our email servers from a open relay into a selective open relay for users that bought our service subscription.
I would go on to sell the company and not think too much about digital fingerprinting until the NFT era reminded me of the power of hash functions and my now lawyer would lament about the power of an os-interface to the hash function.
Dibs goes one step further, allowing for easily creating fingerprints of files from the desktop as well as a web interface. These fingerprints include a "dibs code" proof that allows multiple claims of possession, but there's only one first.
The ordering of claims would be important, so I decided to use a public blockchain to write the records for all to see. End users don't have to know anything about blockchains, we do all of this behind the scenes, but expose the records so others can verify the transactions. (The blockchain chosen is the XRPL, for those interested in crypto).
I almost wrote an API for Dibs, but decided that the blockchain itself is an API, and it'd be better to just allow others to use that. So if a developer wanted to create their own system on top of Dibs, they'd just need to send a transaction on the blockchain to our "ingress" wallet address. That will then get indexed and available on the Dibs website the same as if the transaction was created with our interface. (Bonus: the per-transaction cost for the developer can be lower than our web interface, and yet is high enough that we still make money from the transaction payment.)
I suspect that most people will want to use the standard web interface. For that we chose a credit-based pricing model: $10 for 20 credits. Each Dibs is one credit, simple enough.
In talking to some potential users I came across some other example use cases, for instance my daughter wants to prove that she was the original creator of her avatar. While this current implementation is quite general, I suspect that there's quite a bit of work to do figuring out what a market segment might need and building the interface for that segment.
Is this the core of our business? No, at least not at the moment. Although the last time I started hashing things it turned into a business listed on the public markets, so you never know. I'd love to hear what you think we should do with it to improve the product. Thanks!
The nonce is good for privacy, preventing rainbow tables etc stuff right? Could still brute force if it's a small file maybe? Unless the nonce is hashed but not put on the blockchain directly, so the user can choose when to use the proof. But then the user has to save the nonce, which is precarious.
Also: it occurred to me a while ago that Archive.org etc really need something like this before generative AI gets too good. They wouldn't need to prove all of their documents if that's cost prohibitive. They could make a Merkle tree and prove the tip periodically.
Right the nonce–the "dibs code"–is there so that you can't just copy a known sha256 and claim it as your own. You have to at minimum have the file, and to prove you have it one way is to come up with some random data and hash that random data + the actual data. Then others can do the same to show that it indeed matches. Once a nonce is used it can't be re-used for the same reasons.
Not her words, but it can help prove that something existed at a point in time. It doesn't necessarily mean that you were the first but it does mean that you had it at that point in time. As I understand it, in copyright practice you take a work you've written, put it in an envelope and send it to yourself. The postmark shows that it existed at that point in time. (You don't open the envelope until some sort of legal procedure makes that required.)
> Can anyone take a file and check on the site to see who has logged it?
Exactly, it's a light-weight way to record that you had a file without storing the whole file.
These are good questions. I'm not sure. As it was a quick project I didn't start with user research, although remember the people that were interested in it last time I had a similar product were lawyers and their clients who had copyright claims. The ability to use the core technology here–a hash–is on every computer, so you could certainly do this yourself. We just make it easier in terms of interface, using the blockchain as a database of sorts.
Some posts above about alternative ways to do this. I'm not aware of any that integrate with the Finder.
[1] https://en.wikipedia.org/wiki/OpenTimestamps