How ProofSnap Uses Blockchain for Evidence Timestamping

The Challenge of Digital Evidence

Courts worldwide are raising the bar for digital evidence. In the US, courts have repeatedly excluded screenshots where the offering party could not prove they had not been altered — in Shelby v. TufAmerica, Inc. (2016), for example, the court found screenshots inadmissible due to a lack of evidence identifying the exhibits or explaining where they came from. In 2018, the Hangzhou Internet Court in China became one of the first courts to accept blockchain-anchored evidence, ruling that data timestamped on a public blockchain carried a stronger presumption of integrity than conventional screenshots.

The core problem: traditional screenshots carry no cryptographic proof of when they were taken or whether the content has been modified. A file's “date created” metadata can be changed in seconds. ProofSnap addresses this by combining four independent verification layers — with blockchain timestamping at the center.

How OpenTimestamps Works

When you click “Capture” in ProofSnap, here is what happens behind the scenes. The entire process is automatic — you do not need to understand the cryptography to use it, but knowing how it works helps you explain the evidence to others (including courts).

In detail:

• Hash generation: ProofSnap creates a SHA-256 hash of the evidence manifest — a unique 64-character fingerprint that changes completely if even one byte is modified.
• Merkle tree aggregation: OpenTimestamps batches your hash with other users' hashes into a Merkle tree — a structure that combines many fingerprints into a single “root” fingerprint. This means only one Bitcoin transaction is needed for thousands of timestamps, keeping costs virtually zero.
• Bitcoin anchoring: The Merkle root hash is embedded in a Bitcoin transaction. Once the block is confirmed, the timestamp is permanent.
• .ots proof file: OpenTimestamps returns a compact .ots file that contains the Merkle path from your hash to the Bitcoin block. This file is all anyone needs to independently verify the timestamp.

Why Bitcoin Blockchain?

Bitcoin has the highest computational security budget of any blockchain — measured by hashrate, no other network comes close. With over 15 years of continuous operation, it provides the most battle-tested anchor for permanent timestamps.

Key Benefits:

• Immutability: Once recorded, data cannot be changed
• Decentralization: No single point of failure or control
• Transparency: Anyone can verify the blockchain records
• Longevity: Bitcoin has proven resilience over 15+ years

How to Verify a Blockchain Timestamp Independently

Anyone can verify your evidence using the .ots file included in ProofSnap packages. This means you're not dependent on ProofSnap's servers — the proof lives on the blockchain forever.

The verification process is straightforward:

• Extract the evidence package ZIP file
• Visit opentimestamps.org
• Upload the .ots file and the original manifest.json
• See the exact blockchain block and timestamp

Real-World Applications of Blockchain Evidence

This technology has numerous practical applications:

• Legal proceedings requiring proof of online content at a specific time
• Compliance documentation for regulated industries
• Intellectual property protection and patent priority claims
• Contract verification and dispute resolution
• Investigative journalism preserving source material
• Academic research documenting data collection

Blockchain Evidence in the Deepfake Era

Chain of Custody for Digital Evidence

Chain of custody is the documented, unbroken trail showing how evidence was collected, stored, and handled from creation to presentation in court. For digital evidence, this means every file must be traceable back to its source with cryptographic proof that nothing was altered in transit.

ProofSnap builds this chain automatically: the manifest records SHA-256 hashes of every file in the package, the RSA-2048 signature seals the manifest, and the Bitcoin timestamp anchors the entire chain to a specific point in time. The result is a forensic chain of custody that does not depend on any single party's trustworthiness.

Screenshot vs. Traditional Notary vs. ProofSnap

How does blockchain-timestamped evidence compare to a plain screenshot or a traditional notarized copy?

What Blockchain Timestamps Prove — and What They Don't

Transparency about what a timestamp can and cannot prove is essential. Overstating its scope would undermine credibility in exactly the legal and compliance contexts where it matters most.

Security Model and Trust Boundaries

ProofSnap implements multiple, complementary layers of security. Understanding what each layer does — and where trust boundaries lie — is important for anyone relying on the evidence in legal or regulatory contexts.

Four layers of evidence integrity

• SHA-256 cryptographic hash: Creates a unique 64-character fingerprint of the captured content. Any modification — even a single pixel — produces a completely different hash.
• RSA-2048 digital signature: Think of this as a wax seal on a letter — it proves the evidence has not been tampered with since it was sealed. The evidence manifest (manifest.json) is signed with an RSA-2048 key (a strong encryption standard used by banks and governments). The corresponding public key (publickey.pem) is included in the evidence package so anyone can verify the seal.
• Bitcoin blockchain timestamp: The manifest hash is anchored to the Bitcoin blockchain via OpenTimestamps. This proves when the hash was created — an anchor that cannot be backdated or forged.
• Metadata capture: ProofSnap records HTTP headers, TLS certificate details, cookies, DOM text content, and page HTML — providing forensic context beyond the visible screenshot.

Trust boundaries — what you should know

No evidence system is perfect. We believe in being transparent about the limits, so you can make informed decisions. For the vast majority of use cases — legal disputes, compliance, IP protection — ProofSnap's four layers provide strong, court-tested evidence. Here is where trust lies in each component:

• Capture environment: ProofSnap runs as a Chrome extension in the user's browser. The capture is as trustworthy as the browser environment. A compromised browser or malicious extension could theoretically modify page content before capture. This is an inherent limitation of any client-side capture tool.
• Signing key: The RSA-2048 private key is generated and stored within the extension. In theory, this means the user could sign fabricated content — but the same is true of any notarization tool where the user initiates the process. In practice, the combination of the timestamp, metadata, and signature makes fabrication extremely difficult to pull off undetected. For higher-assurance use cases, hardware-backed keys or a trusted third-party signing service would provide even stronger guarantees.
• Timestamp: The OpenTimestamps protocol itself is trustless — verification depends only on the Bitcoin blockchain, not on any ProofSnap server. However, between capture and Bitcoin confirmation (typically 1–2 hours), the timestamp relies on OpenTimestamps calendar servers. Even if a calendar server were compromised, the worst outcome is a failed timestamp, not a forged one.

CLI verification (optional — for technical users)

Most users will verify evidence through the opentimestamps.org website. But if you prefer, the entire process can be done offline on your own computer using open-source tools:

All three commands use standard, widely-audited open-source tools (sha256sum, openssl, ots-cli). No proprietary software is needed.

Evidence Package Anatomy

Every ProofSnap capture produces a ZIP file containing nine files. Each serves a specific forensic purpose:

The manifest is the keystone: it contains hashes of every other file, is signed with RSA-2048, and is timestamped on Bitcoin. Verifying the manifest verifies the entire package.

Key Takeaways: Blockchain Timestamping

• 1. Blockchain timestamps prove existence - By anchoring a SHA-256 hash to Bitcoin, you create immutable proof that data existed at a specific time.
• 2. OpenTimestamps is free and open - The protocol is decentralized, requires no trusted third party, and timestamps are verifiable by anyone.
• 3. Bitcoin provides maximum security - Measured by hashrate, Bitcoin has the highest computational security budget of any blockchain, with over 15 years of continuous operation.
• 4. eIDAS 2 creates a legal framework - EU Regulation 2024/1183 introduces Qualified Electronic Ledgers, giving blockchain-based evidence a path to legal recognition across the EU (full implementation by December 2026). Individual providers must still complete the qualification process.
• 5. Independent verification - Anyone can verify timestamps at opentimestamps.org without relying on ProofSnap servers.

People Also Ask

How do I prove a screenshot was not altered?

Create a SHA-256 hash of the screenshot at the moment of capture, then anchor that hash to the Bitcoin blockchain via OpenTimestamps. The hash acts as a unique fingerprint — if even a single pixel changes, the hash will not match. Anyone can later verify the hash against the blockchain record to confirm the screenshot has not been modified since the timestamp. ProofSnap automates this entire process.

Is blockchain evidence admissible in court?

Yes, and legal recognition is growing. The Hangzhou Internet Court in China accepted blockchain-anchored evidence in 2018. Italy’s Law 12/2019 (Article 8-ter) gave blockchain timestamps the same legal effect as electronic time stamps under eIDAS. In the US, Vermont and Arizona have passed legislation recognizing blockchain records. eIDAS 2 (EU Regulation 2024/1183) introduces Qualified Electronic Ledgers, creating a formal EU-wide framework with full implementation by December 2026.

How long does a blockchain timestamp take?

The initial .ots proof file is generated within seconds. However, the Bitcoin blockchain confirmation — which makes the timestamp permanent and independently verifiable — typically takes 1–2 hours, as it waits for your hash to be included in a confirmed Bitcoin block. During this waiting period, the OpenTimestamps calendar server holds a pending attestation.

Can blockchain timestamps be faked or backdated?

No. To backdate a Bitcoin timestamp, an attacker would need to rewrite the Bitcoin blockchain — which would require controlling more than 50% of the global hashrate, a computational feat that has never been achieved in Bitcoin's 17-year history. The cost of such an attack would run into billions of dollars, making it economically irrational for any evidence-tampering scenario.

What is the difference between blockchain notarization and traditional notarization?

Traditional notarization requires a trusted human notary who certifies the document in person, during business hours, for a fee of $10–50+ per document. Blockchain notarization uses cryptographic hashing and a decentralized network (Bitcoin) to achieve the same goal — proving that data existed at a specific time — without requiring any trusted third party. It is available 24/7, costs a fraction of a cent per timestamp, and the proof is independently verifiable by anyone, forever.

How do I verify a blockchain timestamp independently?

Extract the .ots file and the manifest.json from the ProofSnap evidence package. Upload both files to opentimestamps.org. The website will show the exact Bitcoin block number and timestamp, confirming when the data existed. For full offline verification, you can also use the open-source ots-cli tool on your own computer.

Does blockchain timestamping work for photos and videos?

Yes. Blockchain timestamping works for any digital file — the SHA-256 algorithm hashes any input (photo, video, PDF, spreadsheet) into a fixed 64-character fingerprint. ProofSnap is specifically designed for web page evidence (screenshots + metadata + HTML), but the underlying OpenTimestamps protocol can timestamp any file.

How does blockchain evidence help in the deepfake era?

AI-generated deepfakes can replicate visual content, but they cannot replicate a blockchain timestamp that predates their creation. By timestamping evidence at the moment of capture, you establish cryptographic proof that the original content existed before any potential manipulation. ProofSnap goes further by also capturing HTTP headers, TLS certificates, cookies, and full page HTML — forensic metadata that a deepfake cannot reproduce.

Glossary: Key Terms Explained

Blockchain Timestamping

The process of anchoring a cryptographic hash of digital data to a blockchain to create immutable proof that the data existed at a specific point in time.

OpenTimestamps

An open-source, free protocol for creating independently-verifiable timestamps using the Bitcoin blockchain. It aggregates multiple hashes into a Merkle tree and anchors the root to a Bitcoin transaction.

SHA-256

Secure Hash Algorithm 256-bit. A cryptographic function that produces a unique 64-character hexadecimal fingerprint from any input. Even a one-bit change produces a completely different hash.

Merkle Tree

A binary tree structure where each leaf node contains a hash, and each parent node contains a hash of its children. Used by OpenTimestamps to batch thousands of timestamps into a single Bitcoin transaction.

Chain of Custody

The documented, unbroken trail of evidence handling from creation to court presentation. For digital evidence, this means cryptographic proof that no file was altered between capture and verification.

Proof of Existence

Cryptographic proof that specific digital data existed at a particular point in time, created by anchoring a hash of the data to an immutable blockchain.

Qualified Electronic Ledger (QEL)

A trust service introduced by eIDAS 2 (EU Regulation 2024/1183, Article 45l). QELs enjoy legal presumptions of uniqueness, authenticity, and accurate chronological ordering. Providers must complete qualification with EU member states.

RSA-2048

A widely-used public-key cryptographic standard with a 2048-bit key length. NIST recommends it as the minimum for digital signatures through 2030. Used by ProofSnap to sign evidence manifests, ensuring authenticity.

Conclusion

A blockchain timestamp alone does not make evidence court-admissible — but it closes the most common gap: proving when data existed and that it has not been modified since. Combined with RSA-2048 signatures, full metadata capture, and manifest checksums, ProofSnap produces a forensic evidence package that is independently verifiable using only open-source tools.

The legal landscape is moving in this direction. The Hangzhou Internet Court accepted blockchain evidence in 2018. In 2019, Italy’s Law 12/2019 (Article 8-ter) gave blockchain timestamps the same legal effect as electronic time stamps under eIDAS. eIDAS 2 now creates a formal EU framework for Qualified Electronic Ledgers. Capturing evidence with a verifiable chain of custody today means being prepared for the standards of tomorrow.