TrueTimeStamp: Free, Offline Timestamping and Verification
The challenge of proving when a work was created is one that tech companies have attacked for over a decade. On this site alone, we’ve looked at more than half a dozen different services that attempt to make it easy for creators to prove when they created a work.
The list includes sites such as Myows, Safe Creative, Numly, Registered Commons and, for programmers, DepotCode.
All of those services have their strengths and weaknesses. However, none of them have been completely free (though several offer free tiers) and all required the service to be online to verify the timestamp of the work. Though none have shut down completely in the time I’ve been monitoring, serious questions are raised about what happens after the services closes its doors.
TrueTimeStamp is a service that aims to answer both of those limitations, creating a timestamping service that is both free and will work offline long after the site goes dark. However, other shortfalls and limitations may limit its usefulness for most creatives, especially those who are posting directly to the Web.
How TrueTimeStamp Works
To understand how TrueTimeStamp works, you first have to understand the concept of fingerprinting.
When a file is fingerprinted, a complex mathematical formula is run over it that converts the file into a legthy string of characters and numbers. Two different files, even with just minor differences, would produce different fingerprints. As such, even if one character or byte were off, the fingerprint would not match.
What TrueTimeStamp does is, when you aim to create a new timestamp and add a file, it uses your browser to calculate the fingerprint for the file. That fingerprint, not the file itself, is uploaded to the TrueTimeStamp site where it is then stored in a database on the site. Anyone looking at the same file can then verify the work by simply going to the TrueTimeStamp site, putting the same work in the verify box and get confirmation of the date and time it was originally uploaded.
To be clear, many sites use fingerprinting as their means of verification. However, where TrueTimeStamp differs is that it offers a certificate that you can then download and carry with you to verify the work offline, even if the TrueTimeStamp site ceases to function.
The certificate itself is just a text file and anyone, theoretically, could just edit the date or add in their own fingerprint. However, the certificate itself is signed using PGP. This has two key impacts.
- Verified Creator: The certificate is signed with a key owned by TrueTimeStamp, this proves that the service created it and not an imposter.
- Verified Content: Much like with a fingerprint, the PGP changing the text would change the signature. As such, any edit to the text would cause the signature to no longer be valid.
As such, if you edit any portion of the certificate, it will reuse to validate, as I showed by adding random words to one of my test certificates.
The best part of this is that there’s no need to use the TrueTimeStamp site to verify these certificates. One can use any PGP client, such as the free GnuPG, and TrueTimeStamp’s public key to verify it. The result is that, even if TrueTimeStamp goes away completely, its certificates can be validated easily.
But while all of this sounds very good, there are several very serious limitations to the service that have to be considered.
Thoughts About TrueTimeStamp
The first thing I noticed is that the design and UI of TrueTimeStamp is, at best, very basic. Though the site has some advanced features, such as drag and drop files, the look and feel is extremely plain and there’s very little guidance on what to do.
This is going to be very intimidating for newcomers, especially those who aren’t very tech savvy and don’t understand much about fingerprinting, PGP, etc. The process is very intimidating and not very clear.
In short, don’t expect any hand holding when using the service.
The lack of bells and whistles has other impacts as well. If you’re a blogger or otherwise directly upload your content to the Web, you’re going to have to get files that you can upload. There’s no pasting text, no WordPress plugin, no submitting via RSS feed, etc.
Further, while you can submit multiple files at once, if you need to submit more than about 50 MB, you have to use the offline method, which involves using the command line.
So right off the bat the service is only very useful for a subset of creators, those who make doanloadable/uploadable digital files, files that are smaller than 50 MB and create new works rarely enough to not require a more advanced UI. That certainly describes some people, but your average blogger, photographer or filmmaker are all probably out.
The final issue deals with the reliance on fingerprinting. While it’s a great way to lower costs and avoid having to upload the original works, it also means that any modification needs a new timestamp and others are less likely to be able to validate your timestamp based upon the copy the have.
For example, if you take a photo and timestamp it with this service and then post it online, the first time someone crops, changes the format, resizes or even just removes the metadata (which many sites do automatically) anyone who tries to validate using that version of the photo will get no results.
In short, while it can help prove when you created a file, it doesn’t necessarily help as much with the content as the file itself can change without editing the content and it won’t be extremely useful in combating the orphan works problem that spurned so many of the other services into existence.
Bottom Line
In the end, what I like best about TrueTimeStamp is the certificate you take away. That’s a simple, elegant and easy way to eliminate the “What happens after you close?” question common to these services.
Beyond that, TrueTimeStamp’s best feature is its price tag. It’s free unless you are using its API, which only provides 5 timestamps per day. I have found no such limitation on the web interface.
However, TrueTimeStamp has a long way to go on its interface and it still has the same nagging problem that other services have: Why would you register a work here when you need to register it with the U.S. Copyright Office to be able to sue in the first place? While more expensive, the Copyright Office provides benefits that other services can not provide, including being the only place to receive prima facie (on its face) proof of ownership in court.
While these services can fill in the gap between when a work is created and registered, which can often be a matter of months, they aren’t a replacement.
Still, there are situations where it might be useful, such as submitting diagrams and elements that might later be a patent filing or submitting private, early drafts of a work to create a paper trail for its creation.
And for those uses, TrueTimeStamp is there and it is free.
Want to Reuse or Republish this Content?
If you want to feature this article in your site, classroom or elsewhere, just let us know! We usually grant permission within 24 hours.