Every term the rest of the site uses, defined.

Standardized by NIST in 2001 and the workhorse of modern cryptography. Receipts.you hashes the bytes of your screenshot file with SHA-256 in your browser via WebCrypto's SubtleCrypto.digest. The output is a 64-character hex string. SHA-256 is one-way: you cannot reverse the hash to recover the file. Collisions (two different files with the same hash) are computationally infeasible.

Elliptic Curve Digital Signature Algorithm over the NIST P-256 curve. Universally supported by browsers, Workers, and openssl. Our worker signs each receipt's hash + timestamp with our private P-256 key; our public key is published at /.well-known/receipts-pubkey.pem. Verification works offline with openssl + our public key.

OpenTimestamps is a protocol for proving a file existed at a specific time by committing its hash into the public Bitcoin blockchain. Many hashes are aggregated into a Merkle tree and the tree root is embedded in a single Bitcoin transaction. Anyone can verify the hash existed by the block's timestamp using the Merkle inclusion proof and the Bitcoin block history — no trust in receipts.you required. Our cron upgrades each receipt with an OTS anchor within ~30 minutes of sealing. Read the deep-dive.

The SubtleCrypto interface exposes browser-native SHA-256, signing, encryption, and key management without third-party libraries. Receipts.you uses SubtleCrypto.digest to compute file hashes in your browser — that's why the image bytes never leave your device. Available on all modern browsers over HTTPS. Read the deep-dive.

SHA-256 changes completely if a single byte changes; perceptual hashes measure what the picture looks like rather than what bytes it has. We compute two: pHash (DCT-based, 64-bit) and dHash (gradient-based, 64-bit). The pair lets us return useful verdicts (recompressed, similar) even when a platform has re-encoded your file. AND-gated thresholds prevent the false-positive failure modes either hash would have alone. Read the deep-dive.

A frequency-domain watermark built from Discrete Wavelet Transform + Discrete Cosine Transform + Singular Value Decomposition. Embeds a 60-bit recipient ID into the U channel of an image, surviving JPEG re-encoding down to q40, resize 0.5×-2×, and partial crops up to ~50%. Recovers reliably from canonical platform pipelines (Instagram, Twitter, Telegram). 500 lines of browser JavaScript; runs in <1 sec per quadrant. Read the deep-dive.

Each receipt contains: a SHA-256 hash of the original file, two perceptual hashes, an ISO timestamp, an ECDSA signature, an OpenTimestamps inclusion proof (after ~30 min), and any user-supplied note. About 400 bytes total. The receipt page at receipts.you/r/<id> shows all this and provides a verify drop-zone. The receipt proves WHEN the file existed, not WHAT it depicts.

Possible verdicts, from strongest to weakest match: identical (byte-for-byte match via SHA), recompressed (same picture, re-encoded by a platform — pHash distance ≤6 AND dHash distance ≤9), similar (cropped or mildly edited — pHash ≤14 AND dHash ≤16), mismatch / qr_pasted (different image entirely — either hash distance >25).

Mint one invisibly-watermarked copy per recipient (subscriber, friend, leak suspect); when a leaked copy surfaces, the extractor identifies which variant ID was leaked, naming the leaker. The watermark is browser-side, image bytes never leave your device, no monthly fee. Designed for the single-leaker threat model.

When you mint per-recipient variants, each gets a unique 60-bit ID. The IDs map to your recipient list (stored locally — we don't see names). When a leak is extracted, the variant ID points to the recipient. CRC32 framing makes false positives practically impossible.

Our worker generates a composite image: your original screenshot plus a tiny QR encoding the receipt URL. Both the original and the composite are hashed and stored. Sharing the composite means anyone with a phone camera can verify by scanning the QR; sharing just the receipt URL also works.

Workflow: drop a file on /seal, your browser computes the hashes, our worker signs the hash and returns a receipt URL + QR-stamped composite. About fifteen seconds end to end. The image stays on your device throughout.

Drop any image on /verify; your browser hashes it locally and our worker returns a verdict from the verdict ladder. If the image has a receipts.you QR, we also look up the original receipt and show its timestamp and signature. If not, the verdict is mismatch.

Requires the proponent of evidence to produce “evidence sufficient to support a finding that the item is what the proponent claims it is.” A sealed receipts.you receipt provides this via FRE 901(b)(9) — “evidence describing a process or system showing it produces an accurate result.” Read the walkthrough.

Qualified Trust Service Providers (QTSPs) issue eIDAS-qualified timestamps that carry presumptive validity in EU regulatory and commercial contexts. Receipts.you is not QTSP-qualified — we offer the cryptographic floor without the regulatory layer. For matters where QTSP is procedurally required, see vs. TrueScreen.

A formal notice to a hosting provider or registrar requesting removal of allegedly infringing material. Attaching a receipts.you receipt URL as the evidence of ownership (and a Snitch Tracker variant ID for attribution, if applicable) speeds processing meaningfully. Read the walkthrough.