The Digital Receipts of Having Existed
Someone I know had a Twitter account for fifteen years. Fifteen years of posts, arguments, jokes, friendships, fragments of a person accumulating in public. In 2025 the account got hijacked. The attackers changed the email, the password, the bio, the photo. Twitter's support process did what it does for most people, which is nothing that worked. Fifteen years of digital presence, gone — not because the account ceased to exist, but because the account now belonged to someone else, and there was no mechanism for the original holder to say "wait, I was that."
The striking thing is not that this happened. It happens constantly. The striking thing is that there is no coherent answer to "prove you were." We have systems for proving you are who you say you are in the present tense — state IDs, biometrics, passwords, two-factor codes, passkeys. We have systems for proving you own something right now — deeds, signatures, possession. We have almost nothing for proving you have been: that your presence on the internet has a real history, that you are continuous with a you from a decade ago, that you are not, in fact, someone who was spun up last Tuesday.
This is usually called the proof-of-humanity problem, but the name misleads. The problem isn't proving humanity. The problem is proving continuity. And in trying to solve it, we have been systematically asking the wrong question.
The mistake we keep making
Every attempt to solve digital identity in the last decade has converged on the same shape: you prove who you are by possessing something. You own a phone number. You own a biometric. You own a private key. You own a stake of tokens. You own a credential from a trusted issuer. You own, you own, you own.
This shape is so dominant that we barely notice it's a choice. But it is a choice, and it has specific failure modes.
The first failure is that every thing you own can be taken. Phones get stolen. Keys get lost. Biometrics leak and cannot be rotated. Stakes get slashed. Credentials get revoked. The harder you lean on possession, the more you stand to lose when possession fails. Every self-sovereign identity system in history — Keybase, PGP, DIDs, countless blockchain variants — has died or struggled at the recovery problem, because a system that is only yours is a system that can only be yours once.
The second failure is that possession is shallow. A phone number tells you nothing about who has been behind it. A private key is just entropy. A biometric is a fingerprint of the body you happened to be born with. None of these encode the richness of what you have actually done or who actually knows you. They are tokens of presentness. They have no memory.
The third failure is the deepest. Identity has never worked this way. Not historically, not socially, not in the way real humans recognize each other. When you meet an old friend after twenty years, they don't ask you for a private key. They ask if you remember the time the two of you got lost on the road trip. Your real identity — the one that actually matters in the one context where identity matters, which is being recognized by other humans — is a shared history. It is not a possession.
The entire crypto-identity industry has been trying to digitize the passport while forgetting to digitize recognition. We built digital possessions because we could not figure out how to digitize being known.
The ancient answer
For most of human history, writing existed for one purpose: to record who owned what, and who owed what to whom. The first clay tablets from Sumer are inventories. The first bullae from Mesopotamia are contracts. The first cylinder seals are personal signatures for the purpose of being recognized in transactions. Writing was not invented to tell stories; it was invented to witness things.
And the mechanism for identity in these ancient systems was always the same: being named in someone else's writing. You existed because the temple ledger said you owed tribute. You were credited because the merchant's tally stick recorded your transaction. You were someone because a witness could testify about you in a dispute. Your identity was a function of how densely and consistently the writings of others referred to you.
Illiterate peasants never wrote a word in their lives, and yet they had durable identities — because they were named in the writings of others. The master's inventory listed them. The marriage contract witnessed them. The tax register recorded them. Their identity was relational, not possessional. They were defined by the density and consistency of references to them in records they did not control.
This is the oldest model of identity we have. It is also, I have come to think, the right one.
The digital continuation
Everyone who has been online for a decade has a rich, dated, cryptographically-witnessed archive of their own existence. We call it an inbox.
Every email you have ever received is a record of another person — or an institution, or a system, or a service — deciding that you, specifically, were worth addressing. Your mother writing on your birthday. A bank sending you a statement. A doctor's office reminding you of an appointment. A college friend asking if you are coming to the wedding. A customer service rep replying to a complaint. A mailing list you joined in 2009. A colleague CC'ing you on a thread from your first real job.
Each of these is a tiny witness. Each of them is dated by the sending server's infrastructure, not by you. Most of them — since about 2011 — are cryptographically signed by the sender's mail provider under a DKIM key the sender does not personally hold and cannot forge. Your inbox contains, unseen and uncelebrated, a decade-long archive of third-party cryptographic attestations that you exist as an addressable human being whom other addressable human beings have chosen to speak to.
Nobody collects these receipts. Nobody thinks of DKIM as an identity primitive. The email providers treat the archive as a storage problem; the search engines treat it as a privacy problem; the users treat it as clutter. But sitting in everyone's Gmail is the richest continuous record of their own digital continuity they will ever have, and nobody reads it as such.
I find this genuinely startling. We have been complaining for years that there is no way to prove digital continuity — while literally every online adult has tens of thousands of dated third-party cryptographic attestations sitting in their inbox, silently accumulating, already stored, already signed, already indexed, already anchored to infrastructure nobody controls.
The receipts of having existed are sitting right there. Everyone failed to collect them.
What it looks like when you actually do
I built a small tool. It's about 150 lines of stdlib Python. It takes a local email archive — in the test case, a Thunderbird folder tree going back to 2004 — and reads only the headers. Never the bodies. It classifies each message by direction, counts distinct correspondents, checks DKIM validity, aggregates over time.
Here is what it produced for one specific person's 22 years of mail:
13,430 messages across seven distinct email identities corresponding to different life contexts — personal addresses, various employers, a Cairo-era address, a Netherlands-era address
A 21.6-year span from September 2004 to April 2026
1,058 distinct non-self sender domains — real other humans and institutions who chose to address this person
5,097 DKIM-signed messages, roughly 38% of the archive — a percentage that reflects DKIM's rollout history (near zero before 2011, near 100% since ~2018)
57.6% inbound vs. 28% outbound — the shape of real correspondence, where you receive more than you send
Seven identity transitions detected correctly, corresponding to real moves between employers and countries
This person had never seen their digital life in this form before. Nobody has. Most people have a vague sense of "I've been online a long time" but they cannot quantify it, and when asked, they cannot prove it. A tool that did nothing more than read headers produced a legible picture of a person's digital continuity that did not previously exist anywhere.
The picture was not possessional. It was relational. It did not say "here is what I own." It said: "here are the 1,058 humans and institutions who have addressed me over 22 years; here are the 5,097 cryptographic witnesses to those addressings; here is the continuity of the self across seven distinct digital identities and three continents."
That is a more honest portrait of a person than any passport.
The authority hiding in plain sight
The technical load-bearing element in all of this is DKIM. When Amazon sent a shipping notification in 2014, Amazon's mail server signed the message with Amazon's DKIM private key at the time. The signature is recoverable from the headers today, and the public key used to make it is still queryable from DNS history archives. I did not hold that key. I could not have produced that signature. Therefore, if I claim "I received an email from Amazon on August 12, 2014," I can prove it with a cryptographic artifact that Amazon created and I merely possess.
This is enormous, and I don't think I'd ever seen it stated. DKIM is not thought of as an identity authority. It is thought of as an anti-spam mechanism. But its cryptographic structure — third-party signing of dated content against a publicly verifiable key — is exactly the shape of a witness attestation.
Multiply this by thousands of messages from hundreds of sender domains over decades, and you have a corpus of third-party cryptographic witnesses that no adversary can fabricate at scale. Faking such a corpus would require compromising the DKIM private keys of hundreds of real mail providers across years. Possible, barely, for a nation-state. Prohibitively expensive for a bot farm.
The authority of "I was here, for 22 years, addressed by these 1,058 distinct parties" is already sitting in the archive, already signed by systems the user does not control, already dated by infrastructure that never asked anyone's permission. The archaeology is real.
The wall
So I built the tool, validated the data, designed the commitment scheme — Merkle tree of hashed leaves, hardware-backed signing, OpenTimestamps anchoring to Bitcoin, selective disclosure at three privacy levels, commit-now-age-later for cold starts. I pressure-tested the spam objection and found it answerable via a strict filter requiring threaded + reciprocal + non-marketing correspondence. I wrote three design documents, polished the edges, and made it genuinely defensible.
Then I hit the wall that every self-sovereign identity project hits, which is that no verifier exists.
Not today. Not planned. Not in the pipeline of any organization that might adopt the format. The set of systems that would accept a cryptographic proof of digital continuity is currently empty, and the cost to convince any organization to accept one is roughly as high as the cost to build the tool in the first place. No platform has a reason to adopt this. No regulator is mandating it. No user is asking for it. The demand side is simply not there.
This is the wall that killed Keybase, that has been slowly strangling W3C Decentralized Identifiers for most of a decade, that keeps Nostr niche, that has kept OpenPGP irrelevant for twenty years. Self-sovereign identity tools do not die because the cryptography is wrong. They die because verifiers never arrive. The chicken-and-egg problem is not a metaphor here; it is the literal structural fate of the category.
I am writing this essay instead of continuing to build because I don't think I can solve the verifier gap with more engineering, and I don't think anyone has.
What I think the idea actually is
Strip away the implementation and this is what remains:
You are digitally defined by who has witnessed you, and the receipts are already in your inbox.
This sentence is true independent of whether any tool to verify it ever exists. It is true the way "the earth orbits the sun" was true before Copernicus had a way to prove it conclusively. The continuity of the self across digital spheres is not located in what you own; it is located in the dense, dated, third-party-attested archive of you being addressed by other humans over time. That archive already exists. It has been accumulating for decades. Nobody is collecting it.
The idea that matters is not the specific Merkle-tree-and-Bitcoin-anchor design anyone might sketch. The idea is the reframing itself: identity as witnessed receiving, not as possessed owning. Once you see this, the proof-of-humanity conversation looks different. Every proposed solution — biometric orbs, token staking, social graph vouching, platform verification badges, credential wallets — is a variation on "prove you own X right now." None of them asks "who has spoken to you over time, and how do we count that?"
The continuity of the self, it turns out, is an extremely underbuilt area. And the raw material for building it is hiding in a place so mundane that nobody looks there.
A note on personal data pods
There is something about this idea that feels like it belongs inside a personal data pod — a Solid-style user-owned data store, or any other "my data, on my hardware, under my control" architecture. I could not fully articulate why at first. Now I think I can.
A personal data pod is usually described as a container for data you generate: your files, your photos, your posts, your notes. But the most honest personal data you have is not what you generated. It is what arrived for you. Your inbox is the one place on the internet where every artifact showed up because someone else chose to send it to you specifically, where every artifact is dated by infrastructure you do not control, and where the whole archive has accumulated without any effort on your part. It is the densest, most honest personal data you have, and it is the most underutilized.
A personal data pod that included your own inbox archaeology — your receipts of having existed, processed for privacy, presentable on demand — would feel more like you than any profile page, any social feed, any credential wallet. Because it would not be a projection of what you claim to be. It would be a record of who has addressed you, dated and signed by infrastructure outside your control, aggregated under your terms.
I think that is what a personal data pod is supposed to feel like, and almost no existing implementation delivers it. The gap between "store of files I keep" and "record of who I am in terms of who has witnessed me" is a design direction that probably matters more than any specific identity tool built on top of it.
But that is a different essay.
What I would tell someone starting this today
The core idea is solid.
The edges need hardening, and some of them may never harden well enough for mass adoption.
The tool, if you build it, will have roughly one satisfied user: yourself. That is a sufficient reason to build it if you want the self-knowledge artifact. It is not a sufficient reason if you want the network effect.
The real value of the exercise is the reframe, not the tool. If this essay changes how one person thinks about digital identity — from possession to witnessing, from tokens to receipts, from what you own to who knows you — then the tool does not need to ship. The idea has already done its work.
And the receipts are still in your inbox, whether or not anyone ever formally collects them. They are still signed. They are still dated. They are still third-party-attested. They are still there, silently accumulating, the oldest and most honest record of your own continuity that the internet has ever produced.
Key learnings from the journey
Before the conclusion, the condensed version of what trying to build this taught me. These are the things I did not know going in and now do.
The problem is continuity, not humanity. "Prove you are a real human" is the wrong framing. Bot farms have real humans attached to them when they need to. Biometric checks can be bypassed with enough motivation. The harder and more useful question is "prove you have been continuously present over time," which bot farms cannot satisfy without actually waiting out the time.
Receiving is older and richer than possessing. For most of history, identity was conferred by being named in other people's writing — ledgers, contracts, tax registers, witness lists. This is not a metaphor. It is how identity actually worked before the modern state. Digital identity has quietly inherited the same structure via the inbox, and nobody has noticed.
DKIM is a pre-existing, unused, global authority source. Every modern email is cryptographically signed by its sender's mail provider. The signatures remain verifiable for decades. The public keys are preserved in DNS history archives. This is a massive continuous record of third-party attestations sitting unused in every adult's inbox. The realization that this is the authority we needed was the single biggest technical insight of the whole exercise, and I don't think I've seen it named anywhere else.
The POC worked and the signal is real. Running a 150-line stdlib Python tool against a real 22-year archive produced 13,430 messages, 1,058 distinct correspondents, 5,097 DKIM-signed messages, 7 identity transitions, and a 21.6-year span. The archaeology premise is not theoretical — it extracts meaningful data from files people already have, with no network, no credentials, and no trust assumptions.
The adoption wall is structural, not technical. Every prior attempt at self-sovereign identity — Keybase, PGP, DIDs, Nostr — has died at the same wall: no verifier ecosystem, no chokepoint, no forcing function. The wall is not something engineering can climb. It can only be routed around by finding a chokepoint that already wants this kind of proof, or by accepting that the tool is expressive infrastructure rather than a mass-market product.
The reframe is worth more than the tool. Articulating "identity as witnessed receiving, not as possessed owning" is an insight that travels better as an essay than as software. A tool without users is a fossil; an idea that changes how someone thinks reaches further than any CLI ever will.
Seven points — what worked, and what is needed for the next build
What worked
The reframe from possession to witnessing. The core idea — that digital identity is the accumulated record of who has addressed you over time — survives every objection. It does not depend on the tool, the commitment scheme, the adoption model, or any specific technology. It is the idea worth saving from the whole exercise. If nothing else is ever built, the reframe should travel.
DKIM as the authority source hiding in plain sight. The fact that every adult online already holds tens of thousands of third-party cryptographic attestations in their inbox, preserved by infrastructure they don't control, dated by servers they never touched, is the technical substrate that makes any future version of this work. Anyone returning to the problem should start here.
Reading headers-only from local archives. The entire pipeline — from IMAP or local mbox, through DKIM verification, through structural filtering, to an aggregate report — can be done in stdlib Python with no network dependencies, no credentials in the tool, and no body content ever leaving the user's disk. The working POC proved this end-to-end against a real 22-year archive. The minimum useful thing is small, buildable in an evening, and privacy-preserving by construction.
What is needed for the next build
A chokepoint that will accept the proof. This is the binding constraint. Without a specific adopter — a bank KYC pipeline, a creator platform, a journalist-source verification tool, a single forum willing to trial the format — no amount of cryptographic elegance matters. Banks are hard but structurally real (regulatory pressure already requires identity verification). Creator platforms are more plausible (lower overhead, clearer value prop for individuals). Either is a valid starting point. Talk to one before writing a line of Phase-1 code.
Narrow scope and order-of-magnitude simpler UX. The Sigstore lesson: narrow scope plus chokepoint plus mandatory adoption path is the formula that actually works. Not "general-purpose longevity proof," but "cryptographic proof that this email has existed for N years, backed by DKIM." One claim, one format, one verification path. And no user-visible crypto — no passphrases, no Merkle trees, no salts, no identity tables. The tool should feel like showing a vaccination card, not operating a key management system.
Protocol-first, never company-first. Keybase is the cautionary tale. Any serious version must be a small, auditable, open-source reference implementation — not a service, not a SaaS, not a startup. A dead GitHub repo is still a working tool; a deprecated service is nothing. The format and the verifier logic should be boring, stdlib-heavy, with the fewest possible moving parts and no organization whose survival the user has to bet on.
Recovery, hardened filtering, and verifier cultivation — treated as requirements, not nice-to-haves. Key loss kills every self-sovereign system. The next attempt must specify recovery (social recovery, Shamir shares, trusted contacts, or similar) before Phase 1, not after. The spam/marketing filter must stop being string-pattern-matching on domain names and become something robust to adversaries who know the filter exists. And most importantly: verifiers must be cultivated, not hoped for. You do not build the tool and pray adoption follows. You find the first adopter first, understand their integration constraints, and build for that specific integration, then generalize from there. Sigstore's trajectory, not Keybase's.
Maybe I will have a better idea to solve this in the future, or somebody will.
This helped me come up with https://github.com/hamr0/kn...