This article talks about the need and reasoning behind building a service for verifying static assets such as certificates and other public assets such as PDF’s and images.
Table of Contents
Open Table of Contents
Backstory
It’s 2025, and we’re facing a content authenticity crisis. Everybody and their mother now has access to tools that can easily generate and/or modify content, often at zero cost. This makes one question the authenticity of everything that they see on the internet.
This isn’t some far-off problem. It’s here now, and it’s getting worse daily.
As a donor led organization it made sense for the folks at Internet Freedom Foundation to provide a way for users to verify the authenticity of assets such as certificates and receipts, without having to get in touch with a human every time. In this post, I talk about building - “Checkpost”, which attempts to address this issue.
The Fix
“Checkpost” is a simple web based service that:
- Takes any document or file we’re publishing
- Generates a cryptographic hash/identifiers before it hits our CMS/database
- Store this hash/identifiers in a CMS/database
- Provide a public portal where anyone can verify authenticity using some document identifiers like ID and timestamp.
That’s it. No blockchain, no complex protocols. The entire solution is built on Cloudflare workers, costs us monthly approximately $0.00 :)
How It Works in Practice
Lets say a user receives a receipt post successful payment. If they want to, at any later point in time, verify its authenticity using the document ID and date (or could be a link which is embedded in the file itself). Our system (checkpost) checks the CMS or database and immediately returns the file if there’s a match and an error otherwise. No human intervention needed.
As a bonus, we now have a complete, timestamped history of documents issues and changes being made - bringing transparency to our work.
Depending on the type and sensitivity of the document, one could limit the window of time until which the files can be checked for validity. For instance, if its a tax-filing receipt for the year 2025, you could limit the service to only allow verification of documents until 2026.
Paywalls Make Everything Worse
In my opinion, gate keeping and paywalls are making it harder than ever to trust content on the internet. When reputable sources lock their content, people often resort to screenshots and out-of-context quotes, which are perfect conditions for manipulation and breeding ground for fake news.
For instance, if someone posts a screenshot claiming to be from the New York Times, people assume it’s legitimate with no easy way to verify. To be clear, I’m not against monetising content, but doing so without an easy and accessible way for general public to verify authenticity and without the need for professional “fact-checkers” is simply unacceptable in 2025. Services like Internet Archive are a stop gap solution, one that depends on external or 3rd party services.
And then there’s the case of disappearing assets. I’ve grown tired of seeing organizations, including government institutions that randomly pull content off of their sites, often without explanation. “404 links” or LinkRot issues are more common than ever. I’m sure you must have noticed how journalists and researches are now increasingly using archived versions of sites as references instead of the original links! I feel like these are just symptoms of the same larger issue.
The Way Forward
Every public interest organization should implement something like this immediately. It’s not hard to build, you can even integrate it with any CMS you’re already using.
Additionally, by exposing verification through APIs, one could integrate this directly into social media platforms and search engines. In theory, platforms can automatically checking the authenticity of shared documents in real-time, without resorting to reaching a consensus like “Community Notes” as seen on X.
On an average day, I’m pretty sure you’ve dozens of tweets that are basically on the lines of “@groq is this true?”. With the adoption of protocols like MCP, it can easily be extended to LLM based workflows if required.
This solution itself isn’t a silver bullet, its nowhere near perfect. In an ideal world, engraving some metadata on the assets in a way that is immutable, transparent and verifiable would definitely help. Until we all decide on such a widely adopted standard, we will have to resort to solutions such as the one I discussed above.
Why Share This?
This is our small attempt at helping orgs and NPO/NGO’s improve their workflows while building transparency.
If you’ve built something similar, or want to, feel free to reach out.