What is a .win file?
A .win is a sealed record of a file at a moment in time. Anyone can check it. They don't need an account. They don't need to trust us. They don't even need us to be around tomorrow.
Free. Forever. No account on either side.What Wise is.
Wise is a small protocol. You take a file you made, and a witness signs that it existed at a specific moment, with a fingerprint of its bytes. The witness's signature plus the timestamp plus the fingerprint is a tag that travels with the file forever. Anyone who later receives the file can drop it on the verifier and get a one-word answer about whether the file is the same one the witness saw.
The witness is a real party — today that's us, Wise.Est Systems. Tomorrow it can be a hardware device you own, a notary public, or any person whose key the receiver knows.
What the verifier tells you.
Drop a file on the verifier and you get exactly one of three answers. No maybes. No confidence scores. No fifth state.
Verified
The file's fingerprint matches the tag. The witness signature checks out. The file is exactly the one the witness saw, unchanged.
Tampered
The tag is intact, but the file's bytes don't match it. The file was changed after sealing. The original is gone.
Invalid
The tag itself is malformed or the witness signature doesn't check out. We can't tell you anything about the file from this tag.
What a .win does not prove.
This is the part most provenance systems oversell. Wise will not.
It does not prove the file is true
A .win can seal a lie just as easily as a truth. All it proves is that the file existed at a moment, unchanged since, witnessed by a specific party. It says nothing about whether what's inside is correct.
It does not prove the author wrote it
The witness saw a file. The witness did not see who wrote it. A sealed essay proves the essay existed at a time, not that the person sealing it is the author.
It does not prove the file is original
Someone could copy a file and seal the copy. The seal is real; the originality claim is not part of it.
It does not depend on us being alive
If Wise.Est Systems disappears tomorrow, every .win ever sealed still verifies. The proof is mathematical, not organizational. This is the whole point.
Drop a file on the verifier.
The verifier is the public demo. It runs in your browser via WebAssembly. Files don't leave your device. There's no account, no signup, no contact with our servers in the verification path.
If you don't have a .win to test, drop any file — it'll come back as Invalid (no tag).Honest notes about how this works
The witness, today, is Wise.Est Systems. We sign with our Ed25519 key. Our public key is pinned in the verifier and published openly. Anyone can check that the witness on a .win matches our published key.
A hardware witness is coming. A small device that holds your own witness key — so you don't have to depend on us being the witness at all. Once it's out, your seals are signed by your own hand, not ours. The protocol is already built to support this transition.
Sealing is not yet open to the public. Right now you can only verify .win files, not produce them. The sealing flow is being built. When it ships, sealing will be free during launch and remain free for verification forever.
Read the protocol. Source and specs at github.com/Wise-Est-Systems. Built to be implementable from scratch by anyone — so it survives us.