CONTINUOUS INTERNET TELEMETRY24H3,996 material changesacross 3,238 domains · +21 vs yesterdayMOVES44 domains changed DNS providertop destination dns.br · +5 vs yesterdayMOVES13 domains switched email providertop destination mimecast.com · +1 vs yesterdayTLS12 domains switched issuing CA24h · -3 vs yesterdayNOW9,768 curated domains not answeringlast probe, steadyMOVERgov.brDNS provider changed: gov.br → dns.br24H3,996 material changesacross 3,238 domains · +21 vs yesterdayMOVES44 domains changed DNS providertop destination dns.br · +5 vs yesterdayMOVES13 domains switched email providertop destination mimecast.com · +1 vs yesterdayTLS12 domains switched issuing CA24h · -3 vs yesterdayNOW9,768 curated domains not answeringlast probe, steadyMOVERgov.brDNS provider changed: gov.br → dns.br
Verify a Connor bundle
Paste any Connor signed bundle below. Every receipt is verified in your browser using the public Ed25519 keys. Nothing is sent to a server. This page works offline once loaded.
Formats: connor.signed-bundle.v1 (full) · connor.signed-bundle-compact.v2 (Merkle rollup) · Algorithm: Ed25519 · Verified locally against Connor's published keys
or paste below
How verification works
  1. Each observation carries a receipt_json (a commitment: the hash of what was observed, a signature, and the public_key that produced it) and, alongside it, signed_outputs — the exact data that was hashed and signed. The receipt itself holds no data; that is why the observed bytes are archived next to it.
  2. This page calls DRM3Provenance.verifySignature(receipt) from the open-source drm3-provenance WASM SDK loaded with this page. That proves attribution (Connor produced this receipt) and integrity (it has not been altered).
  3. Where signed_outputs is present, the page also canonicalizes it, computes hashValue(), and confirms it equals receipt.output_hash. That is the data-binding check: it ties the signature to the observed data itself. Observations recorded before Connor began archiving the signed payload show binding n/a — their signatures are still valid; the optional check simply cannot be run on them.
  4. The page also fetches Connor's published key registry at /.well-known/connor-keys.json and grades every signing key's lifecycle: current keys verify, rotated keys verify for receipts inside their validity window (marked "key since rotated"), and compromised, revoked, or unregistered keys FAIL even when the signature math passes. If the registry is unreachable the result is reported as signature-only.
  5. Want to verify with your own tools? The SDK is at github.com/DRM3Labs/drm3-releases.