Content Signing and not.bot Signer

Your organization publishes under attack. A video-cloned executive moves money. A deepfaked physician sells a "cure" she never endorsed. A fabricated statement in your candidate's name lands the night before the vote. Each attack works for the same reason: the audience has no fast way to tell your real content from a convincing fake, and detection loses ground with every new model.

not.bot Signer inverts the problem. Instead of proving fakes are fake, you make it easy to prove the authentic is authentic. You sign what you publish, every time, and the signature is a visible code rendered into the content. Anyone can scan it with the free not.bot app and confirm that a verified human authorized to act for your organization signed it. Sign everything you publish, and your audience can dismiss anything unsigned in your name as fake.

not.bot Signer is the hosted member of the not.bot product family, made by Julia Social. It is targeted for launch at the end of June 2026.

How signing works

not.bot Signer runs on top of the not.bot app, so every human signer starts in the app. You enroll once by scanning your passport (in-person enrollment is planned), which creates a phone-held identity that proves you are a real, unique human without revealing who you are. From that identity you create an alias, which is a separate working identity, and dedicate it to signing for your organization. That alias is what not.bot Signer knows you by.

You log in to not.bot Signer with the alias. A login request reaches the not.bot app, you confirm the login request, and you are in. No password required: your not.bot alias is your login.

You sign under a Verified Signer badge, not the bare alias. A badge is a human-readable line your organization issues, such as "Editor @ dailyherald.com," and it is the identity a verifier reads. One alias can carry several badges, so a communications team member's signing alias might hold a badge for each executive they post for and one for the company itself, and they would pick the badge that fits each piece of content. The organization sets each badge up once.

Signing one item is quick. You upload the finished content, and not.bot Signer stores it encrypted. A signature request comes to your phone, and you confirm you want to sign. You'll have the chance to see the content in the app to verify it's the intended content.

From there you choose how the code reaches the content. not.bot Signer can render the QR into the content, and you download the result or post it straight to a connected platform. Or you download the bare signature QR and place it into the content with whatever tool you already use. Either way, anyone can scan the visible code on your content.

What you can sign

Five content types at launch. not.bot Signer stores an encrypted copy of the original, the signature carries the decryption key, and a QR rendered into the published artifact is the verification surface.

Video. Limited to 75 minutes / 16 GB per video.
Images.
Posts and threads. Signed as one bundle: the ordered post texts plus attached images.
PDFs. A printed copy stays verifiable, which an embedded e-signature cannot offer.
Links. Sign a URL, such as a donation page or payment address, so your audience can confirm the destination is yours before they click.

Every distinct piece of content should get its own signature. Reformatting content does not need a new signature. Significant edits need their own signature.

The known-good copy

When you sign through not.bot Signer, an encrypted copy of the original is stored at a permanent address. The unique decryption key is embedded in the QR signature. Even Julia Social, the company behind not.bot and not.bot Signer, cannot decrypt the content without the decryption key in the QR code. not.bot Signer keeps your QR signatures encrypted as well, readable only from inside your own logged-in session.

A verifier who scans your signature can pull up the original in the not.bot app, decrypted on their own device, and compare it against whatever version they have received. If it matches, the signature is good.

If it does not match, the verifier knows the signature has been copy-pasted out of the real document and into something else. The copy they access through the app is the unsigned original, your content as uploaded before any QR was rendered onto it. If the content in the app does not match the content to which the signature was attached, the verifier knows the signature is invalid.

Storage is perpetual and priced into signing, not your subscription. A signed video stays verifiable after you stop paying, because its hosted copy is funded at the moment you sign it.

Verifying a signature

Verification needs only the free not.bot app. A QR scanned by a phone without the app routes to the app store, so every signature in the wild is also an invitation into the verification ecosystem.

On a scan, the verifier sees the Verified Signer badge of the human that created the signature, the organization-assigned line such as "Editor @ dailyherald.com". The badge is the identity the audience reads. The alias beneath it, its petname, reserved name, and identifier, is available on request, not shown by default. One more tap opens the hosted original, decrypted on the verifier's device, for comparison against whatever version they found.

A signature valid when created stays valid until voided, so a newsroom's ten-year archive does not rot when staff move on. A voided signature shows "voided" and the date. A deleted signature's QR doesn't scan at all, so an orphaned code cannot be pasted onto unrelated content to borrow authority.

Who uses not.bot Signer, and how

The same loop serves organizations of every size, and signing becomes the last production step before anything ships: produce, approve, sign, post.

The solo creator or public figure. A physician, entertainer, journalist, or athlete who frequently posts videos uses not.bot Signer as an organization of one. Record the video, open the not.bot Signer web app on their device, pick the file, type the caption while it uploads, tap Sign & Post. The not.bot app opens showing what a verifier will see; glance, touch the sensor, pocket the phone. not.bot Signer renders the branded end-card with the QR, publishes to the connected platform, and pushes a confirmation when it is live. About six taps and one biometric per video, with the upload as the only wait.

not.bot Signer's first publishing integration is Instagram, and more are planned. For every other platform, you download the signed content and post it yourself.

The communications team. A brand, newsroom, or campaign desk publishing dozens of items a day works from desktop browsers, where "nothing ships unsigned" becomes routine. Each item requires one phone interaction to create the signature, and the signed content flows back into the schedulers, ads managers, and publishing tools the team already uses. A crisis statement can go from staged to published in minutes, signed. Paid creatives are a sharp case: a dark ad never appears on a public feed, so the in-creative QR is the only authenticity surface a targeted ad has.

The accountability signer. Organizations that sign to take responsibility, such as AI-content disclosures, compliance statements, and chain-of-custody attestations, treat the signature as a record. Signatures stay valid as of their signing time, voiding is timestamped repudiation that preserves the record, deletion is slow and attributed, and the full signing history exports to CSV for auditors.

Organizations, roles, and onboarding

not.bot Signer has two roles.

Admins manage settings, billing, invitations, brand templates, and oversight. They are identified by email. Admins cannot sign content.
Members sign. A Member is identified by their not.bot alias. not.bot Signer does not have the Member's email, name, or other personal information.

Verified Signer badges are how an organization authorizes its signers. Organizations do not sign; their people do, under a badge the organization provides. The setup needs no corporate identity of its own and no server:

Each authorized signer creates a dedicated alias in the not.bot app.
The organization publishes that alias's identifier on web real estate it controls, such as its site or a verified social account. Publishing proves control, since only example.com's owners can put content on example.com.
Julia Social verifies the publication and issues a Verified Signer badge to the alias, with a human-readable line such as "Customer Support at ExampleCompany.com" or "Editor @ dailyherald.com."
Every signature made through not.bot Signer carries that badge.

One alias can hold more than one badge: the organization repeats the publication step for each entity the alias signs as, and the signer chooses among them at signing time.

The meaning of a not.bot signature is precise: a human authorized to sign on behalf of the organization signed this. It is never a claim of personal authorship. A campaign staffer signing under "Joe Candidate @ joecampaign.org" produces what a press release is, made cryptographically checkable.

Offboarding is one immediate action. Remove a Member and their membership ends and revocation of their badge begins. Everything they signed stays valid, so the organization's signed history survives staff turnover untouched.

The signing experience

No passwords exist, in any role. There is nothing to phish, leak, stuff, or reset. Members log in with a signature: a request reaches the not.bot app, the app surfaces the work alias first as a guard against picking a personal one, and a biometric touch completes it. Member sessions persist for 30 days, sliding forward on each signature, so a dormant session expires and an active signer stays logged in. Admins log in by a single-use email magic link plus a mandatory second factor.

Mobile is an installable web app. An icon on the home screen, full screen, with push notifications, and nothing to install from an app store beyond the not.bot app the signer already has. One-time setup covers enrolling in the app, adding not.bot Signer to the home screen, connecting a publishing platform, and choosing an end-card template.

The ceremony shows verifier parity. What the app displays for review is what a future verifier will see: the badge and the content reference.

Sign-and-download is universal. Every signed artifact, and the bare QR for teams that composite in their own tools, is always downloadable for any platform, scheduler, ads manager, or print shop. Direct-publish integrations remove steps where Julia Social can build them; they do not limit where you publish. Instagram-direct is the first integration: connect once over standard OAuth, and the stored token is encrypted so that only your own active session can use it. A breach of not.bot Signer cannot post as you.

What sets not.bot Signer apart

A human signs every item. not.bot Signer holds no signing keys and signs nothing on anyone's behalf. Every signature is produced by a verified human on their own device. There is no automated signing, no API key that produces signatures, and no service account. not.bot Signer's job is to make that human act take seconds.

The signature survives the open internet. Signatures are QR codes rendered into the content: a branded end-card on a video, a trailer image on a thread, a stamp on a PDF. Platforms strip metadata. They do not strip pixels. Screenshots, re-encodes, re-uploads, and printouts keep the signature scannable. The code also tells a viewer that verification is available, which a hidden watermark does not do.

not.bot Signer cannot read uploaded content. The originals not.bot Signer stores for verification are encrypted, and not.bot Signer never keeps the decryption keys. The keys travel inside the signatures, held by you. An attacker who steals every byte of not.bot Signer's storage gets encrypted blobs with no way to open them.

Record discipline for compliance

For buyers who sign as a documented control, the record behavior is the draw.

Voiding is the low-friction safety valve. The signing Member can void their own items, and an Admin can void anything in the organization. The signature will show as voided to verifiers and the record that it existed remains.

Deletion is the guarded act. Only Admins can delete signatures and associated data. Deletion is reversible for 90 days, with the content hidden from everyone yet restorable in place. Every deletion lands in a daily digest to all Admins, attributed. After 90 days the content and signature payload are purged, and a metadata tombstone survives in the audit record.

Audit export gives Admins the organization's complete signing-activity record as CSV: every item's signing alias, timestamps, status, void and delete actions with actor and time, and tombstones. It is built for the SOC 2, HIPAA, and SOX conversation, where "we sign everything" needs to be a documented control.

Spend control lets an organization set a monthly video-minute cap and optional per-Member caps. Members see remaining quota at upload, Admins are alerted at 80 percent, and the cap blocks with a plain message rather than a surprise bill.

Privacy and security for due diligence

Each property below is enforced by how the system is built, not by a policy.

A total breach of Signer yields no route to any content. An attacker stealing all of not.bot Signer's storage gets only encrypted blobs and no keys. The maximum exposure is bounded operational metadata: organization names and settings, brand templates, public Member alias identifiers and their membership status, item titles and types and timestamps and statuses, void and delete history, Admin email addresses, and billing records. No content, no thumbnail, no signature message, no key, no usable session, no Member email, and no cryptographic link between two aliases or between a human and an alias is in that set.

Plaintext media never touches a disk. Unencrypted content exists only in server memory, only while your own request or publish job is being processed, and is wiped when that window closes. Even thumbnails are generated in your browser and stored encrypted; not.bot Signer's servers never decode your media.

Sessions are split-key. Showing you your own encrypted data needs a value in your browser cookie and a record on the server, each useless alone. Logging out or being offboarded destroys the server part at once, which makes any stolen cookie inert.

Honest disclosures. Item titles and other operational metadata are stored in plaintext so the dashboard, deletion digest, and audit export can function; keep content out of titles, since the title is the one free-text field stored unencrypted. The roles one alias signs under are linkable to each other in public, though never to the human, so an organization that wants role separation uses one alias per role. In an organization of one, not.bot Signer's own billing records plus the single published alias support an inference tying the payer to the signing alias; a signer whose safety depends on no such link should use the not.bot app's on-device path with app-store billing. not.bot Signer is not an anonymity system against its own records or legal process.

How not.bot Signer fits with Verify and the not.bot family

Where not.bot Verify is server software a business deploys in its own infrastructure to verify users, not.bot Signer is hosted by Julia Social: no servers, no deployment, no key management. You bring a browser and the not.bot app. not.bot Signer's own backend is a not.bot Verify customer.

Availability and requirements

Launch target: end of June 2026. Until then, not.bot Signer is "coming soon".
For signing: the not.bot app on iOS or Android with a passport-enrolled identity, and a browser. Mobile video signing works best as the installed web app; push notifications need iOS 16.4 or later.
For verification: the free not.bot app, with no account of any kind.
For organizations: control of web real estate on which to publish not.bot aliases, an email address per Admin, and a card for billing.
Hosted by Julia Social. Support: support@julia.social.