poztter.org
philosophy · essay 01
Trust the data, not the provider.
For most actions on the internet, what matters is not how the information reached you but that the information itself is accurate. POZ takes this seriously, and it changes almost everything.
the path no longer matters
In the early internet, when you connected to example.com,
a single physical machine answered. The IP address was the company. The
web server was the company. The mail server was the company. If you
could verify you'd reached the right IP, you'd reached the right
organization.
None of that is true anymore. Today, content is delivered through CDNs you didn't pick, mirrored by services the original provider doesn't operate, cached by regional infrastructure that nobody centrally controls. Servers are load-balanced. DNS is resolved by whichever recursive resolver you happen to use. Your packets traverse half a dozen networks before reaching anything the destination organization actually runs.
And yet the trust model we still rely on — TLS certificates issued by a small set of root authorities — was built for the simpler world. It asks: can the server prove it's the right server? A great question in 1995. A less useful one in 2026, when the "server" is a hundred boxes in a hundred places.
the simpler question
POZ asks a different question. Not "can the server prove it's the right server," but "can the data prove it's the right data?" The data, after all, is what the user actually cares about.
If the data is cryptographically self-verifying, the path it traveled becomes uninteresting. It can be mirrored, cached, replicated, distributed — and the user, with a POZ chain in hand, can verify it themselves on their own device. There is nothing left to compromise in the middle.
why this is harder than it sounds
"Just sign everything" has been proposed for decades. The reason it doesn't take hold is bootstrapping: which key do you trust to sign what? Today's PKI answers that by hardcoding a small list of root certificate authorities. If one of them is compromised, the entire ecosystem is at risk — and we know, from a regular drumbeat of incidents, that they get compromised.
POZ replaces the hardcoded root with the user's choice. The user decides which identities to trust and which not. The chain of signatures runs from the user's own keys outward, through whichever providers they have chosen to involve. There is no global trusted third party, because trust isn't a property of the global system; it's a property of each user's record.
internal chains, external chains
A POZ record verifies itself in two directions.
Internally: every part of a POZ record traces back to the Master Zone through a chain of signatures and serial numbers. Every sub-zone is signed by keys the Master Zone delegated to. Every change is sequenced. To forge any internal piece, you'd have to forge the chain back to the master keys — which the holder controls.
Externally: POZ records attest to each other. An organization's website attests to its email; its email attests to its social handle; a domain registrar attests to the domain. To forge an identity, you'd have to forge not one record but the entire interconnected web of attestations — every provider, every chain, all at once.
The strength isn't in any single chain. It's in the cost of attacking the whole web.
the surprising consequence
Once you accept this principle, many internet protocols become simpler. You don't need a real-time revocation service if a key is revoked the moment it's replaced in the chain. You don't need certificate transparency logs if every change is sequenced in the record. You don't need centrally-trusted intermediaries if every party in the conversation verifies the data themselves.
The protocol carries bytes. The data carries the trust.