Storage tells me what I have now. Versioning tells me what changed.
But when a dispute happens, the real question is often simpler: When did this data actually exist?
Screenshots, PDFs, dashboards, emails… they mostly rely on trust in a system or platform.
In many cases, storing or sharing the original data isn’t even an option (privacy, compliance, scale).
I’m curious how others handle this today. What approaches have you seen work in practice?
In many cases, a secure hash alone is enough to prove integrity (“this file hasn’t changed”). The gap usually appears around time and independence.
A hash answers what, but not always:
when the hash existed,
who can verify that claim later,
or whether the timestamp depends on the same system that controls the data.
In practice, people handle this today with a mix of:
hashes stored in internal systems,
logs,
emails,
screenshots,
or third-party platforms.
These work operationally, but during disputes or audits they often collapse back to “trust the system that says so”.
The approach I’m interested in is minimal:
hash the data locally,
bind that hash to a point in time via an external, neutral timestamp,
keep verification possible long after the fact, without access to the original system or data.
Not as a legal silver bullet, but as a technical primitive: integrity + existence at time T, independently verifiable.
Curious to hear what you’ve seen work reliably when trust in the original system is no longer assumed.
bell-cot•1h ago
Secure hashes of files can cover many of the use cases.