AI systems misquote and misattribute content at scale. A sentence you wrote gets fed into a model, comes back garbled, spreads as if it were yours. Editors doctor quotes. Screenshots get cropped. Social posts get altered and re-shared. By the time you need to prove what you actually said, there may be no record that proves it.
What Kernel of Truth does
Kernel of Truth lets you register a cryptographic fingerprint (SHA-256 hash) of your words, documents, and images before anyone can alter them. Change a single character and the hash changes completely. We record your name and timestamp. That record is permanent and immutable. We never store your content, only the fingerprint.
How hashing works
π½
Your content stays on your device.
Hashing runs in your browser via the Web Crypto API. Nothing is sent to our servers.
π
The hash is a fingerprint, not the content.
SHA-256 produces a fixed 64-character string. It cannot be reversed to recover the original.
π
The claim is permanent.
The submitted hash is recorded with your identity and a UTC timestamp. It cannot be edited or deleted.
π
Anyone can verify.
Anyone with the original content can paste it into the verify page. No account needed.
Identity claims
A provenance record is only as strong as the identity behind it. Identity claims let you publicly and verifiably link your Kernel of Truth account to accounts you control elsewhere. Once verified, those links appear on your public profile and on every claim you make.
Supported identity types:
π§
Email address.
We send a one-click verification link to the address you provide. Click it to confirm ownership. No posting required.
π
Website / domain.
Prove you control a domain via a DNS TXT record (_kot-verify.yourdomain.com) or an HTML meta tag in your page's <head>.
π
X / Twitter.
Post a unique token publicly on your X account. Paste the post URL and we fetch it to confirm the token is there.
π
Mastodon.
Post the token publicly on your Mastodon instance. Paste the toot URL for verification.
π
GitHub.
Create a public gist or add the token to any public file. Paste the raw file URL to verify.
π
Facebook.
Post the token publicly on your profile or page and paste the post URL.
π€
Reddit.
Add the token to your profile About section or make a public post. Paste the URL to verify.
πΌ
LinkedIn.
Post the token publicly or add it to your About section. Paste the post URL to verify.
All social verifications follow the same pattern: you receive a unique token, post it somewhere only you could post, and we fetch it to confirm. The verified link is then permanently attached to your account. Go to Identity Claims to get started.
How identity verification works
Every identity type uses a challenge-response flow:
You submit an account or address. We generate a unique, one-time token tied to your Kernel of Truth account.
You publish the token somewhere only you can write. For email, that means clicking a link we send you. For social accounts, it means posting the token publicly. For a website or domain, it means adding a DNS record or a meta tag.
We check. We fetch the public URL or DNS record you provide, look for the token, and mark the identity as verified if it is found.
The key property: only the genuine account holder could have placed the token where we look for it. The token is random and single-use, so it cannot be guessed or reused from an old verification.
Verified identities appear as badges on your public profile and add credibility to every claim associated with your account.
Verified website badge
Link your account to your website. Once verified, your public profile shows a verified badge.
Enter your URL and submit β you will receive a token.
Add either a DNS TXT record _kot-verify.yourdomain.com = kot=<token> or the meta tag <meta name="kot-claim" content="<token>"> to your site's <head>.
Click "Check now" β verification is instant once the record or tag is live.
Every claim also has a badge image and a JS widget. From any claim's verify page, copy the HTML embed or widget snippet to display a provenance card on any webpage.
Frequently asked questions
No. Hashing runs in your browser. Your text or file never leaves your device. We receive only the resulting hash, your title, and an optional description.
Claims are designed to be immutable. That is the point: a record that cannot be quietly removed is more credible than one that can. Contact us if you have a serious concern, but routine deletion is not available.
You can claim any hash. The system does not verify authorship. A claim is a statement that a specific person asserted provenance of specific content at a specific time. Its value depends on what you can corroborate alongside it.
Each hash can only be claimed once. If someone claims your content before you do, their timestamp precedes yours. This is why it helps to claim content early, before it circulates.
AI systems can reproduce and alter text in ways that make the altered version indistinguishable from the original to a casual reader. A hash claim gives you a verifiable reference point. If a model or person presents an altered version as yours, you can produce the original, hash it in public, and point to the registered claim as proof of what you actually said.
A provenance claim registers a cryptographic fingerprint of a piece of content β a document, image, or piece of text β along with a timestamp and your account name. It answers the question: "Who registered this content, and when?"
An identity claim links your Kernel of Truth account to an external account you control β your email address, a social media handle, a website. It answers the question: "Is this Kernel of Truth account really operated by the same person as that Twitter account, GitHub profile, or email address?"
Together they are stronger than either alone: provenance claims show what you said and when; identity claims show that the account behind those claims is demonstrably connected to your real-world presence.
When you add a social account, we generate a unique random token and ask you to post it publicly on that platform. You then paste the URL of that post back to us. We fetch the page, find the token in the content, and mark the identity verified. The token proves you had write access to that account at the time of verification. We do not use OAuth or require app permissions β you never grant us access to your account.
Enter your email address on the Identity Claims page. We send a message with a one-click verification link. Click it within 24 hours to confirm that you control that address. No post or DNS record is required. The verification is recorded permanently once confirmed.
No. Each identity β an email address, a Twitter handle, a GitHub username β can only be verified on one Kernel of Truth account at a time. If you need to move a verified identity to a different account, you can use the challenge-and-transfer process: the second account initiates a challenge, posts a fresh token from that account, and ownership transfers to the challenger.
Verified identity records are permanent snapshots: they record that you controlled that account at the time of verification. If an account is later deleted or the handle changes, the historical record is preserved. If you want a current verification under a new handle, add a new identity claim for the updated account.
We cannot give legal advice. A timestamped cryptographic record can be useful supporting evidence, but it is not a court-certified timestamp. For high-stakes legal use, consider a qualified timestamping service. Kernel of Truth is a practical tool for establishing a public, verifiable record, not a legal instrument.
SHA-256 is a cryptographic hash function. Given any input, it produces a fixed 64-character string. The same input always produces the same hash. Change a single character and the hash changes completely. It is infeasible to reverse the hash back to the original input.
Yes. A trailing space, a different line ending, or a different encoding will produce a different hash. On the claim and verify pages you can check "Normalize whitespace" to trim and collapse whitespace before hashing. Use the same normalization setting when claiming and verifying, or the hashes will not match.
Yes. Public endpoints let you look up any claim or user profile without authentication. Authenticated endpoints let you list and create claims programmatically. See the API documentation page for details.
Each hash is unique to the exact bytes of your content, so a plain-text document and a PDF of the same words produce different hashes and can each be claimed separately. If you want both formats covered, register a claim for each. Some claimers include a description noting that the two records refer to the same work.
The hashing code runs entirely in your browser using the standard Web Crypto API β it is not a proprietary algorithm. You can independently verify any hash using built-in OS tools: on macOS or Linux run shasum -a 256 yourfile or pipe text with printf '%s' "your text" | shasum -a 256. On Windows, use Get-FileHash -Algorithm SHA256 yourfile in PowerShell. The result should match what is recorded on the claim.
