GetProofAnchor logo
GetProofAnchor
Verifiable web evidence
Dashboard
← Back to tutorials

How GetProofAnchor (GPA) actually works

In short: GPA proves what was on a web page at a specific moment, and lets anyone show — even years later — that the evidence wasn’t altered.

GPA captures a web page (public or behind login), generates a permanent Proof ID, and anchors the evidence in a three-layer trust stack (cryptographic hash chain + Bitcoin + eIDAS qualified timestamp) so any later modification is provably detectable.

Tutorial Proof ID Evidence ZIP Trust stack Verification ~6 min read
Quick overview

GPA captures a URL, (public or behind login), creates a permanent Proof ID, that’s anchored in three independent systems, and lets anyone verify later whether the evidence was modified.

1) Why GPA exists
What screenshots can’t prove
2) Capture
Two methods, one result
3) Trust stack
Hash chain → Bitcoin → eIDAS
4) Evidence ZIP
What’s actually inside

Why GPA exists

Online content changes constantly: articles get edited, posts disappear, pricing and policies move silently. A plain screenshot is easy to challenge — anyone with a graphics editor can produce something convincing in minutes, and there’s no independent way to prove when it was taken.

GetProofAnchor exists to answer one specific question with cryptographic certainty: “What was visible on this URL at that moment, and has the evidence stayed unchanged since?”

That makes online content reviewable by third parties — lawyers, regulators, investigators, journalists, compliance teams — when individuals or companies need to defend themselves against harmful, misleading, or disputed online content, or document what they themselves promised in writing.

How it works (at a glance)

  1. Capture a URL — either via the dashboard (public URLs) or via the browser widget (any page you can reach in your browser, including behind login).
  2. GPA generates a permanent Proof ID and stores the captured artifacts (screenshot, DOM, text, metadata).
  3. The proof is anchored in a three-layer trust stack — a global hash chain, the Bitcoin blockchain, and an EU-qualified eIDAS timestamp.
  4. Anyone can later verify the Proof ID online or an exported Evidence ZIP — even offline, with standard open-source tools.

Step 1 — Capture the page

GPA offers two capture paths. They produce equivalent forensic records — same Proof ID format, same Evidence ZIP — but they reach different parts of the web.

Method A · Dashboard
Server-side fetch (public URLs)

You paste a public URL into the dashboard. GPA fetches the page from its own backend, renders it in a real browser, and records the result. Available on every plan.

Method B · Browser Widget
Real-browser snapshot (also behind login)

A Chrome extension captures whatever your real browser is showing — including pages that need login, 2FA, or a specific session (analytics dashboards, social media inboxes, internal admin panels). Enterprise & Business plans.

Whichever method you use, the same artifacts are recorded:

  • a full-page screenshot
  • the captured HTML/DOM at capture time
  • extracted text content
  • technical metadata — final URL after redirects, capture timestamp, content fingerprints (SHA-256 hashes)

These artifacts together represent what the page looked like, what it actually said, and how it was structured — at that exact moment.

Step 2 — Proof ID

Every capture produces a Proof ID — a permanent identifier for that record. You can share it as a link, and it will always refer to the same captured evidence, exactly as it was at creation.

Step 3 — How the trust is anchored

Tamper-evidence isn’t a single feature; it’s the result of three independent layers stacked on top of every proof. Each layer makes it harder for any party — including GetProofAnchor itself — to alter, backdate, or fabricate a record.

Layer 1
Cryptographic hash chain

Every proof and every event (created, published, eIDAS-stamped, …) is appended to a global SHA-256 hash chain. Each entry contains the hash of the previous one, so inserting or modifying past entries breaks the chain mathematically.

Layer 2
Bitcoin blockchain anchor

The chain head is periodically anchored to the Bitcoin blockchain via OpenTimestamps. Once anchored, the timestamp is preserved by the entire Bitcoin network — not by GPA — so backdating becomes infeasible without rewriting Bitcoin itself.

Layer 3
eIDAS qualified timestamp

On eligible plans, every proof receives an RFC 3161 timestamp from an EU-qualified Trust Service Provider. This is recognized as legal-grade evidence of existence at a point in time, under eIDAS regulation 910/2014 across the EU and EEA.

The result: any later change to a captured proof is detectable, and the time of capture cannot be faked — not by an attacker, not by an insider, not by GPA. Verification doesn’t depend on trusting us; it depends on math and on systems we don’t control.

Why eIDAS matters in practice

An RFC 3161 timestamp from a qualified TSA is recognized in EU/EEA courts and regulatory proceedings as proof that data existed at the timestamped moment. Combined with Bitcoin anchoring, you get two independent time anchors — one legally recognized, one cryptographically global — backing the same evidence. The full TSA certificate chain and a frozen snapshot of the EU Trusted List are bundled inside the Evidence ZIP, so verification works fully offline — even years from now, even if the TSA is no longer operational.

Step 4 — Evidence ZIP

If you need to share or archive evidence outside your account, export an Evidence ZIP — a portable, self-contained package (format identifier: getproofanchor-evidence-1) that bundles every captured artifact together with the integrity data needed to verify it later.

What’s actually inside the ZIP
  • manifest.json — the integrity baseline — SHA-256 hash of every other file in the package; verification always starts here
  • proof.json — structured proof metadata (final URL, capture time, SHA-256 fingerprints, capture mode, plan, eIDAS and anchor status)
  • screenshot.png — full-page screenshot of the captured page
  • page.html + content.txt — captured DOM/HTML at capture time and the extracted plain-text content
  • capture/capture_meta.json — detailed capture metadata — engine (Playwright + Chromium), viewport, page dimensions, scroll behavior, consent dialogs auto-handled, success verdict
  • report.pdf — human-readable Evidence Report PDF — formatted summary suitable for case files and printouts
  • timestamp/eidas.tsr + anchor/anchor_receipt.ots — a complete eIDAS qualified-timestamp kit (RFC 3161 token, full TSA certificate chain, frozen EU Trusted List snapshot, verification report) and the Bitcoin OpenTimestamps receipt — together they make the package independently verifiable, fully offline
  • README.md — bilingual (English + Czech) verification guide for forensic experts and court-appointed examiners — using only standard open-source tools

Want every file inside the ZIP explained one by one? See the dedicated tutorial: Evidence ZIP — every file inside, offline-verifiable.

Using verification you can later demonstrate that the ZIP and its contents are original and have not been modified since capture — including the screenshot, the HTML, the text, and the metadata.

Evidence ZIP is useful when you need to:
  • share evidence with a lawyer, compliance team, regulator, or other third-party reviewer
  • attach online evidence to a case file, internal investigation, or regulatory submission
  • archive evidence outside your GetProofAnchor account, on your own infrastructure
  • prove later that the evidence package is original and unchanged — including in court or before regulators
  • verify integrity even if the original URL no longer exists or your GPA account is closed

Step 5 — Verification

Verification answers a single yes/no question: does this evidence still match what was originally captured? It can be performed against either form of the proof:

  • a Proof ID (online verification — quick, public, no download needed)
  • an Evidence ZIP (online verification or fully offline verification with standard tools)

Evidence ZIP verification is independent of GetProofAnchor. The ZIP includes the cryptographic manifest, the eIDAS timestamp response, and the OpenTimestamps Bitcoin receipt, plus a README that walks you through verification with only python3, openssl, and ots — no GPA service, no network call to our infrastructure, no account required.

Any modification to the Evidence ZIP will cause verification to fail. That includes editing extracted text, modifying a screenshot pixel, replacing files, recompressing content, or altering the ZIP structure.

Results are intentionally clear and deterministic: Match (the evidence is byte-identical to the original record) or Modified (the evidence differs from the original capture and cannot be trusted as the original).

What GPA does not do

  • GPA does not assess or judge the truthfulness of captured content — only what was visible.
  • GPA does not make legal decisions or replace legal counsel.
  • GPA does not decide admissibility — that’s determined by authorities and jurisdiction.
  • GPA does not capture retroactively — only what is visible at the moment you trigger the capture.

GPA’s role is precise and technical: it provides a verifiable, tamper-evident, time-anchored record of what was visible at a specific moment. How that record is used legally depends on context, procedure, and jurisdiction — but the technical integrity of the record itself is independently verifiable.

Next tutorial

Continue with: How to create a proof from a URL — Dashboard + Browser Widget.

Create proof (sign in) → Open verifier →

Not legal advice. Admissibility depends on jurisdiction and circumstances.