poztter.org / overview

Trust, made verifiable.

When an email lands in your inbox or a link arrives in a DM, you can't tell whether it's really from who it claims to be. Twenty years of phishing has proven that. POZ fixes the underlying problem: identity that is cryptographically signed, portable across services, and verifiable without trusting any single server.

the two big ideas

01 · organizations

One trusted identity. Every web presence.

An organization has a single, trusted POZ identity that lets users trust it across every place it appears on the internet. Its websites, its emails, its social media posts — all carry the same POZ identity, and any user can verify it themselves, without trusting a third party.

02 · users

Users own their identity.

Web services like social media can host a user, but they never own that user's identity. People follow people, not the host. Deplatforming is a thing of the past — your identity travels with you, signed by you, recognized everywhere.

the problem POZ is solving

Long ago, the internet used cryptography to ensure that when you connected to your bank's website, the connection was secure and the site was who it claimed to be. That same machinery never reached the rest of the things people do online. Email arrives unsigned. Social handles are claimed first-come-first- served. There is no built-in way to ask, of an arbitrary identity claim, "is this really them?"

POZ applies the cryptographic machinery we already trust for HTTPS to the bindings between a person and their identities on the internet. The trust doesn't flow from a server you happen to have connected to — it flows from keys you control, and from providers you've chosen to involve.

the shape of a POZ record

A POZ record is a self-contained, signed identity. It's divided into functionally distinct zones, connected by cryptographic keys and graduated levels of trust. The zones form a tree. At the root sits the Master Zone — the most important, the most trusted, the most protected. Other zones branch out from the Master and link cryptographically back to it.

fig 01 · the Master Zone delegates to one authority per sub-zone. each zone is independently signed and revocable.

The Master Zone is generated from one or more signing keys, and its computed hash uniquely identifies its owner. In simple configurations one key is enough; in higher-assurance ones, ownership is distributed across several keys so the loss or compromise of any single one doesn't take the record down. The same model scales from an individual all the way to critical infrastructure.

Each zone change is signed by an authorized key and carries a strictly sequential serial number — no skips, no duplicates — so a verifier can confirm the authenticity of any change from its content and signature alone, with no central service in the loop.

building a trusted identity

The Master Zone's hash uniquely identifies a record but tells a human nothing. The Identity Zone connects the record to names that humans actually use. A POZ identity is a signed link from one record (the provider) to another (the user). The provider uses its own signing keys to attest the binding.

Concrete cases:

Trust a social media company? You can trust the handle they issued to a content creator.
Trust a domain registrar? You can trust the domain they sold to a company.
Trust your phone carrier? You can trust the number they assigned. The same with a postal address.

fig 02 · the same business across three services. POZ links the real website, the real account, and the real address back to one signed Master record. The spoofs look familiar — but the chain doesn't verify.

Each attestation is a small signed link. Together they form a complete web of trust — and that web is what makes POZ useful.

read deeper

philosophy

Why, and why this way.

Why POZ is needed and why specific decisions were made the way they were — portable identity, survivorship over single keys, asymmetric authority, cohabitation with existing infrastructure.

Read philosophy

format

The POZ record format.

The binary file format — small, complete, predictable. Designed so records can be shared in whole or in part across the internet safely.

Read the format

network

The POZ network protocol.

A small protocol that moves records. Because records are self-verifying, the protocol doesn't have to carry trust — only bytes.

Read the protocol

three rules of thumb

The design philosophy in three lines:

The data is the trust anchor. Servers, transports, providers — none of them. Validate the chain on the client.
Recovery is a feature, not an afterthought. A configuration that leaves no recovery path should be hard to make by accident.
Asymmetry beats symmetry when stakes differ. Granting a new identity and revoking a compromised one are not the same operation.

Read the philosophy essays →

start using POZ

com

Create your POZ record

The Poztter Community provides browser-based tools to create your Master record, manage identities, and share your POZ.

poztter.com

net

See the live network

The Poztter Network tracks the operational state of POZ services — servers, ports, versions, uptime.

poztter.net

code

Read the spec / source

Internet-Draft RFCs, the C++ reference implementation, and the protocol source. Apache 2.0.

github.com/Poztter

also

guide

What is POZ? — extended

A longer walk through the format and the network, with diagrams and binary detail.

Read

faq

FAQ

How POZ differs from PGP, DIDs, and passkeys. Common questions about keys, recovery, and operations.

Read

Status. POZ is an early-stage project. The core specification and network protocol are stable enough to implement against; the reference implementation is pre-1.0. Treat any record you create now as experimental — and watch poztter.net for the live network state.