Authentic content, cryptographically proven.

Open protocol. Hardware-backed. No trust required.

You can no longer look at a piece of writing, a photo, or a video and know whether it was made by a person. Generative AI produces content indistinguishable from human-created work. Every detection tool that analyzes the output is losing an arms race it can never win.

Speakwrite takes a different approach: instead of analyzing the content, it restricts how it can be created. Every word typed on the soft keyboard. Every photo and video captured live through the camera. A SHA-256 content hash signed by the Secure Enclave. The proof stored on the author’s PDS. Verification on every reader’s device. Pure cryptography.

Try the App

The Problem

The internet has an authenticity crisis. AI generates text, images, and video that are indistinguishable from human work. Detection tools try to solve this by analyzing the output — perplexity scores, pixel artifacts, temporal inconsistencies. But these tools are fundamentally fragile: each new model defeats the last detector.

Meanwhile, there is no place to go where everything you see was provably created by a person. No feed, no platform, no protocol for authentic content.

We think the solution isn’t better detection. It’s capturing the process of creation and making it verifiable.

The Approach

Speakwrite doesn’t analyze content after it’s made. It restricts how content can be created.

Writing

Soft keyboard only — no paste, no dictation, no autocorrect, no hardware keyboard. Every character entered through physical touch on the screen.

Photos & Video

Captured live through the device camera — no gallery picker, no file uploads, no imports. What the camera sees is what gets attested.

When you publish, a SHA-256 content hash covering both text and media is signed by the iPhone’s Secure Enclave via App Attest. The post is published on AT Protocol and a cryptographic proof record (io.speakwrite.proof) is stored in the author’s repository.

Verification happens entirely on the reader’s device. The content hash is recomputed, the certificate chain is validated against Apple’s Root CA, and the ECDSA signature is verified. No server in the loop.

How It Works

Creating

Sign in Authenticate with your AT Protocol handle.
Write Soft keyboard only — no paste, no dictation, no autocorrect.
Capture Photos and video recorded live through the device camera. No gallery. No uploads. Each file is SHA-256 hashed at capture time.
Publish Content hash signed by the Secure Enclave via App Attest. Proof record stored in the author’s AT Protocol repository.

Verifying

Client-side, on every reader’s device:

Fetch proof Retrieve proof records from the author’s PDS, resolved via the PLC directory.
Content binding Recompute content hash from text and media. Must match the proof’s contentHash.
Certificate chain CBOR-decode attestation, validate x5c cert chain against Apple Root CA.
Signature check Extract P-256 public key, verify ECDSA assertion signature.
Display result Grey checkmark while verifying, green checkmark when the proof passes.

The App

Speakwrite is a creation tool and a reader in one — a place to make authentic content and a place to find it.

Timeline

Your AT Protocol timeline. Browse posts from people you follow. Posts with valid proofs show a green checkmark.

[✓]

Verified

A feed of authentic content — every post, photo, and video created by a person on a real device. Nothing else gets in.

$ _

Compose

Write on the soft keyboard. Capture photos (up to 4) or video live through the camera. The Secure Enclave signs everything on publish.

{·}

Profile

Your posts, followers, and following. A public record of authentic content tied to your identity.

Verification

Three ways to verify any Speakwrite post:

[✓]

In-app

The Speakwrite app verifies every post client-side. Grey checkmark while verifying, green when the proof passes. No server. Pure cryptography on your device.

Verification bot

Mention @verify.speakwrite.io under any Speakwrite post. The bot runs the full verification pipeline and replies with results.

{→}

Web verify

Every Speakwrite post includes a link to speakwrite.io/verify. The page runs client-side verification in the browser using Web Crypto.

The Protocol

Each post is accompanied by a proof record (io.speakwrite.proof) stored in the author’s AT Protocol repository. Verification is entirely client-side.

The proof record

Content hash: For text-only posts: SHA-256(text). For posts with media: SHA-256(SHA-256(text) + sorted_media_hashes). A composite hash that binds text, photos, and video to a single attestation.
Attestation object: CBOR-encoded App Attest attestation from Apple. Contains the x5c certificate chain proving the signing key lives on a genuine device’s Secure Enclave.
Assertion: CBOR-encoded P-256 ECDSA signature over the content hash, produced by the Secure Enclave via App Attest. Unforgeable without the hardware key.
Media hashes: Optional array of SHA-256 digests of attached photos or video. Stored alongside the proof so any verifier can reconstruct the composite content hash.

Client-side verification

Every reader’s device independently verifies the proof:

Content binding Recompute content hash from text and media hashes. Compare to the proof’s contentHash.
Certificate chain CBOR-decode the attestation object. Extract x5c certificates. Validate the chain against Apple’s App Attest Root CA.
Signature verification Extract the P-256 public key from the leaf certificate. CBOR-decode the assertion. Verify the ECDSA signature over the content hash.

Input & capture restrictions

Text: soft keyboard only — no paste, no dictation, no autocorrect. Media: live camera only — no gallery, no file uploads. App Attest certifies the binary is unmodified, ensuring the restriction code hasn’t been tampered with.

Honest Assessment

It proves

Text was physically typed on the soft keyboard. Photos and video were captured live through the camera. All of it on a genuine Apple device, signed by a hardware-bound key in the Secure Enclave.

It doesn’t prove

That the ideas are original, that no AI was consulted beforehand, or that the author didn’t retype something from another screen. It makes deception expensive — not impossible.

This honesty is a design choice, not a limitation. Speakwrite produces forensic evidence of authentic creation, not mathematical certainty about originality.

Properties

No server in verification: Proofs are fetched directly from the author’s PDS. Verification is pure cryptography on the reader’s device. No intermediary.
Text + media in one attestation: A composite content hash binds writing, photos, and video to a single hardware-signed proof. The whole post is attested, not just the text.
Hardware-backed: Secure Enclave + App Attest on every proof. The signing key never leaves the silicon. No web fallback.
Proofs on author’s PDS: Proof records live in the author’s AT Protocol repository. The data lives where the author lives.
Pure cryptography: SHA-256 content hashing, CBOR-decoded attestation, x5c certificate chain validation, P-256 ECDSA signature verification. Math, not trust.
AT Protocol native: Full AT Protocol client. Timeline, verified feed, compose with camera, profiles. Your data, your server.

Why a Native App

A web app can’t do this. Hardware attestation requires a native binary — Apple’s App Attest certifies the app hasn’t been tampered with, and the Secure Enclave holds a signing key that never leaves the silicon. Camera-only capture requires native APIs to enforce that photos and video come from the live camera, not a photo library or file system. Signing happens inside the signed binary; verification happens on every reader’s device.

Why AT Protocol

Speakwrite needs three things from a social protocol: portable identity, user-owned data, and extensibility. AT Protocol provides all three.

Portable identity: Your DID is yours. If you move servers, your identity, followers, and proof history move with you.
Personal Data Server: Proofs are stored as custom lexicon records (io.speakwrite.proof) on the author’s own PDS. Not on a server Speakwrite controls.
Custom lexicons: AT Protocol lets any app define new record types. Speakwrite publishes proof bundles alongside posts. Any AT Protocol client can read and verify them.
Federated verification: Proofs live on the author’s PDS, resolved via the PLC directory. Any verifier can fetch and validate them. No API key. No special access.
Open ecosystem: AT Protocol is not one app. It’s an open network. Speakwrite is a native client that reads, writes, and extends the protocol — not a walled garden built on top of it.

Open Source

Everything is public under CC BY-SA 4.0.

iOS app: Native SwiftUI (iOS 17+)
Verification bot: TypeScript (Fly.io)
Web verifier: Client-side Web Crypto

View on GitHub