not.bot

The not.bot App

The not.bot app is your identity on your phone. You enroll once, create as many aliases as you need, and use them to sign content, prove things about yourself to websites, and verify other people's signatures. Your personal information stays on your device. Julia Social, the company behind not.bot, cannot access it.

This document covers what you experience as a user: enrollment, aliases, signing, scanning, verification requests from websites, contacts, recovery, and the settings you control. For the privacy architecture and security model underlying these features, see Privacy Architecture and Security Model & Known Weaknesses.

The app is available on iOS and Android worldwide. Android devices require hardware security (a Trusted Execution Environment) equivalent to the iOS Secure Enclave.

Enrollment

You enroll by scanning the NFC chip in your passport. Hold your phone against the data page of a current, NFC-enabled passport. The app reads your name, date of birth, gender, and nationality from the chip's data group 1 (DG1). It does not read your facial image (DG2). A certified identity-verification partner validates the chip's digital signatures against the ICAO Public Key Directory, confirming the passport is genuine and unexpired.

After enrollment, the app creates your root DID (decentralized identifier) on the Chia blockchain and generates your first alias with a random petname and a unique LifeHash. Your first alias has all personal information fields and age credentials enabled by default. You land on the home screen ready to create and scan signatures.

Enrollment is currently available to users on US app stores. Users in other regions can download the app and use scan-only mode: they can verify other people's signatures, browse their contacts, and view history, but the Join and Me icons are disabled, and they cannot create signatures or manage aliases. International enrollment support is in progress.

Aliases

An alias is a separate identity. You can have as many as you need, and each one operates independently. Your professional alias, your anonymous alias, an alias for a forum you visit once. No one, including Julia Social, can connect your aliases to each other or back to you. The unlinkability is cryptographic, enforced by the architecture of the DID system itself.

Aliases can never be deleted. You can hide them.

Each alias has three identifying elements:

A petname arrives at creation. Petnames are three-word combinations like "endlessly-altruistic-whale," generated from the alias's 32-byte DID using the petname algorithm. The algorithm has over two billion possible combinations. You do not choose your petname. Because every copy of the app generates petnames the same way from the DID, anyone who knows your DID can derive your petname without you needing to share it separately.

A LifeHash is a small, colorful geometric pattern generated from the alias's 32-byte DID using the LifeHash algorithm. Each alias produces a distinct LifeHash. Two aliases with identical LifeHashes are the same alias. Different LifeHashes mean different aliases. As with petnames, every copy of the app generates the same LifeHash from the same DID, so you can recognize an alias at a glance across different contexts without the signer needing to share their LifeHash separately.

A private nickname is a label you choose, visible only on your device. It helps you tell your aliases apart in the app. Nobody else sees it.

Creating an alias

Tap "Create New Alias" on the Me tab. Enter a private nickname, choose whether to hide the alias (more on that below), and configure sharing settings. The app assigns a petname and generates a LifeHash. Free users can create up to five aliases. Pro and Verified Signer subscribers can create unlimited aliases.

Unlike your first alias, new aliases have all personal information fields and age credentials disabled by default. The first time you enable credentials on a new alias, the app warns you to be careful about sharing personal information.

Hidden aliases

You can mark any alias as hidden. A hidden alias disappears from the app's normal interface. Revealing hidden aliases requires biometric authentication (FaceID, TouchID) or the device passcode. The app re-hides them when it closes and periodically while open. If someone picks up your unlocked phone, they see your visible aliases. The hidden ones, and the signatures created with them, stay invisible unless you choose to reveal them.

Reserved names

Reserved names replace the petname with a name you choose: "alice-smith.nb" or "techwriter42.nb." They use a .nb suffix and allow letters, numbers, and underscores, from 3 to 25 characters. The system prevents visual-confusion collisions: uppercase I, lowercase l, and digit 1 are treated as equivalent, as are uppercase O and digit 0. Underscores are ignored in comparisons. Names that could be confused with petnames are prohibited.

Reserved names are first-come, first-served. You do not need to prove you are the person or entity the name suggests. A reserved name does not expire and does not require renewal. Propagation across the system takes up to 10 minutes.

Reserved names are a preview of the planned Julia Vanity Name system, which will operate autonomously on the blockchain with deposit-based registration, name transfer, and independence from Julia Social's infrastructure.

Pro subscribers receive one reserved name. Verified Signer subscribers receive five.

Verified Signer badges

A Verified Signer badge links your alias to a specific social media account. When you sign content with a badged alias, the signature displays the badge (for example, "Verified Signer: @notbot_official at x.com") instead of the petname or reserved name.

The qualification process:

  1. Tap "Request Verified Signer Badge" on the Edit Alias screen.
  2. The app generates the alias DID in the format did:julia:<32-bytes-base58-encoded>.
  3. Post the DID text on your social media account.
  4. Submit the public URL of the post to Julia Social.
  5. Julia Social confirms the post within 24 to 48 hours.

The same alias can carry badges for multiple platforms. A badge provides cross-platform recognition: a journalist who signs articles, social posts, and press releases can present the same verified identity across all of them.

Verified Signer badges require a Verified Signer subscription ($9.99/month).

Signing content

A not.bot signature is a cryptographic proof that a verified human reviewed and approved something. You compose a message, authenticate with your biometric, and the app produces a signed image you can attach to photos, documents, videos, or social media posts.

Creating a signature

  1. Tap "Create Signature" on the home screen.
  2. Select which alias to sign with. The app defaults to your first alias; you can switch.
  3. If the selected alias has a Verified Signer badge, choose whether to include it.
  4. Write a message describing what you are signing. Be specific. "I authorize this transaction" is more useful than "ok."
  5. Optionally include personal information: first name, family name, age. Each field toggles independently. These values come from your enrollment data stored on your device.
  6. Tap Next. The app prompts for biometric authentication.
  7. The app generates the cryptographic signature and displays the finished image.

The finished signature appears as a JAB code by default. JAB codes are large, colorful grid patterns that encode the full signature payload directly in the image. These visible signatures (patent pending) survive distribution channels that strip invisible metadata: a screenshot, a forwarded photo, or a re-uploaded image still carries the signature. JAB codes support up to 250 characters in the message and up to three credential claims (beyond the base not.bot credential).

You can toggle to a QR code view if you have a Pro or Verified Signer subscription. QR codes are smaller and more recognizable; the signature data is encrypted and uploaded to Julia Social, with the decryption key embedded in the QR code itself (Julia Social cannot read the data). QR codes do not have the message length or credential limits that JAB codes have. If you select more credentials or write a longer message than the JAB code format supports, the app notifies you that only the QR code version will be available.

Free users create JAB code signatures. Pro and Verified Signer subscribers create both JAB and QR code signatures.

Tap Share to send the signature through the standard sharing options (AirDrop, Messages, email, or any installed app). The signature is a PNG image, typically around 10 KB.

Signatures cannot be revoked once created. The message you write is permanent.

Scanning and verifying signatures

You do not need a not.bot identity to verify signatures. Download the app and scan.

Tap "Scan Signature" on the home screen. Three input methods:

Camera. Point your phone at a physical signature or a signature displayed on another screen.

Photos. Select a screenshot or saved image from your photo library.

Paste. Scan a signature image from the clipboard.

The app extracts and verifies the cryptographic signature against the Chia blockchain. A successful verification displays:

  • "not.bot verified" confirmation
  • The signer's alias identity (petname, reserved name, or Verified Signer badge)
  • Creation and scan timestamps
  • The full message the signer composed
  • Any personal information the signer chose to include (name, age)

If the signer is in your contacts, the scan result shows the contact name in green. If the signer has a Verified Signer badge, the badge appears in a teal panel with the linked social account.

After scanning, you can add the signer to your contacts.

Contacts

The not.bot contact list is private and local to your device. The app does not read your phone's contact list, does not upload contacts anywhere, and does not share contact data with Julia Social or anyone else. Contacts are stored encrypted on the Recovery Server, and shared across all of your devices.

You build your contact list by scanning signatures. After scanning a signature, you can create a new contact or add the scanned alias to an existing contact. One contact can have multiple aliases associated with it (the same person might use different aliases in different contexts).

Each contact entry shows the contact name, the number of signatures you have scanned from them, the number of known aliases, the last scan date, and any personal information they have shared in their signatures.

History

The History tab has two views.

My Signatures lists signatures you created, sorted by date with the most recent first. Each entry shows the alias name, the message, the date and time, and icons indicating whether personal information or age claims were included. A green left border identifies the creating alias.

Scanned Signatures lists signatures you scanned from others. Each entry shows the signer's name (contact name if saved, or alias name), the message, the date and time, and property icons. A blue left border distinguishes scanned signatures from created ones.

Web verification requests

Websites that run not.bot Verify can send verification requests to your app. The experience differs depending on the device:

On mobile, the website presents a universal link as a button or tappable link in a mobile browser. Native apps can present the same link as a button within the app. Tapping it opens the not.bot app. The app displays the requesting site's domain name (cryptographically verified against the site's business DID), the claims the site requested, and any attached message. You select an alias, review the request, and approve or decline. Approval requires biometric authentication.

On desktop, the website presents a QR code. You scan it with your phone, and the flow continues in the app the same way.

If you do not have the not.bot app installed, the link redirects to the appropriate app store.

If you have visited the site before, the app pre-selects the alias you used last time, even if that alias is hidden. If this is your first visit, the app defaults to a new alias. You can override either default and pick any existing alias. A site can also specify which alias you must respond with; if you decline to use that alias, you can reject the request.

Approval is all-or-nothing. You respond with the full set of requested claims or decline the request. There is no partial approval.

The verification exchange happens directly between your phone and the site's servers. No traffic reaches Julia Social during the exchange.

Site Passes

A Site Pass is a token unique to you on a given site. You produce the same Site Pass for that site every time, regardless of which alias you use. A different person produces a different Site Pass. The site stores Site Passes it has seen; a duplicate means the same human returned.

Site Passes enable one-person-one-account enforcement without revealing your identity. Three parties compute the value (your app, the site's Verify server, and Julia Social), and the protocol prevents Julia Social from learning which site generated the request. If two sites compare their Site Passes, the comparison reveals nothing, because each site's passes are cryptographically distinct.

Creating a Site Pass requires your consent. The site's verification request specifies whether a Site Pass is required; you see this before you approve.

Credential claims

A site can request specific facts about you. The most common are age thresholds: over 18, over 21, or any threshold from 13 to 25. Your age credentials are derived from your passport through a three-party multiparty computation among the not.bot app, Julia Social, and the Escrow Server (operated by Praxis, an independent escrow agent). Neither Julia Social nor the Escrow Server learns your birthdate during the process. The credentials expire monthly and refresh through the same MPC.

Beyond age, sites can request age-range brackets, nationality, gender, and name fields. You see the full set of claims before you respond.

Subscription tiers

Free. Up to five aliases. Create JAB code signatures. Scan both JAB and QR code signatures.

Pro ($1.99/month). Free features plus one reserved name, unlimited aliases, and QR code signature creation.

Verified Signer ($9.99/month). Pro features plus unlimited Verified Signer badges and four additional reserved names (five total).

Canceling preserves your identity, aliases, reserved names, and existing signatures. You lose the ability to create new aliases beyond five, create QR signatures, or request new Verified Signer badges.

Multi-device

You can use up to five devices with the same not.bot identity. The Devices screen in the More menu lists all paired devices by name.

Adding a device

On your existing device:

  1. Open the Devices screen and tap "Add Device."
  2. Authenticate with your biometric or device passcode.
  3. Enter a name for the new device.
  4. The app displays a JAB code and instructions to scan it from the new device.

On the new device:

  1. Install the not.bot app and open the Devices screen.
  2. Tap "Add as New Device." The app opens the camera.
  3. Scan the JAB code displayed on the first device.
  4. Enter your recovery password.
  5. The app fetches your aliases, credentials, and settings from the Recovery Server.

Signature history does not transfer between devices. Each device keeps its own history of signatures created and scanned on that device. Aliases, contacts and certain other information is shared across your devices.

Resetting devices

Reset clears all devices except the one you are using. Open the Devices screen, tap "Reset Devices," and authenticate with your biometric or device passcode.

Reset is a rekey operation. The app changes the cryptographic keys controlling your root DID and alias DIDs on the blockchain, which requires interaction with the Recovery Server. The root DID rekeys immediately, rendering all other devices unusable. Alias DIDs rekey over the following 24 hours. While an alias is waiting to be rekeyed, it appears with a red bar on the left in any alias list, indicating it is unavailable. (The same red-bar indicator appears during recovery while alias DIDs are being restored.)

When someone opens the app on a device that was reset out, the app detects that its keys are no longer valid. It offers two options: recover onto this device (using the recovery flow) or add the device back to the multi-device set (using the add-device flow). If the user adds the device back to the same user's set, signature history on that device is preserved. If the user attempts to add it to a different user's set, the app returns an error. If the user does not recover or re-add the device, the app stays on this prompt. To start over from scratch on that device, the user must delete and reinstall the app.

Recovery

Recovery restores your identity after you lose all your devices. The process takes approximately five days and requires your recovery password (set during enrollment or changed in the app) and authorization from your Recovery Server operator.

Recovery proceeds in stages. Your root DID recovers first, completing 48 hours after initiation if no one cancels. Over the next 24 hours, your alias DIDs are submitted for recovery; each alias takes 48 hours. You can use the app once your first alias completes, while remaining aliases show as pending.

The 48-hour delay is a safety mechanism. If someone initiates a malicious recovery (using a stolen passport and guessed password), the legitimate owner has 48 hours to cancel it. Canceling requires authorization from a Recovery Server operator at a verification level equal to or higher than the original enrollment level. Even if a malicious recovery completes, the legitimate owner can recover the identity back to themselves.

Julia Social is currently the only Recovery Server operator. The plan is to open-source the Recovery Server and support third-party operators, including 2-of-3 multi-agent arrangements where any two of three chosen agents are required to authorize recovery.

Settings

The More menu provides access to settings that control privacy, network, and support features.

Network

Three options for blockchain access:

Public nodes connects directly to the Chia network through publicly available nodes. The app displays connected node count and addresses. This is the default, as it best protects users' privacy. Julia Social cannot see which blockchain queries you make.

Julia Social routes blockchain queries through Julia Social's infrastructure. This node is often faster than public nodes and can provide a better user experience.

Private nodes connects to nodes you specify. Best for advanced users or organizations running their own Chia infrastructure.

Privacy

Show Hidden Aliases reveals hidden aliases and their signatures. Requires biometric authentication to enable. Aliases re-hide when the app closes.

Enable Data Collection controls anonymous telemetry. Off by default. When enabled, the app collects anonymous usage statistics. It does not collect identifying information about you or about the signatures you scan. The app never collects crash logs, to avoid any risk of capturing sensitive user data.

Support

Access to diagnostic tools (log viewing and clearing), the support email (support@julia.social), enhancement suggestions (better@julia.social), recovery documentation, and your root DID. The root DID is the foundational identifier for your identity on the blockchain. You should never need it during normal use, but it is available for troubleshooting and support interactions.

The not.bot App log does not include any identifying information. The log is never sent directly to Julia Social. If you choose to view it, you can download it at any time. If you choose to share it as part of working with Support, you can download it, review it, and then send it to Support. You can also clear the log at any time.

Leaving not.bot

There is no formal account deletion feature. Your identity is a decentralized identifier on a public blockchain; it cannot be erased.

Deleting the app removes all local data from your device: your enrollment information, your aliases, your contacts, your history. Without initiating recovery, the identity is abandoned. Nobody can use it, and Julia Social cannot access the underlying data.

If you want to return, install the app and go through the recovery process using your passport and recovery password.

View this page as Markdown