ICanProve digitally signed screenshots
and session logs
Start a session
for free

ICanProve: digitally signed screenshots and session logs for legal evidence, proofs and discovery

If you want to prove that something is displayed on a website you typically
  • take a screenshot - but there is no way to prove that you didn't fake it by painting it yourself
  • hope for web archiving services to crawl it in just this moment
    - well that's hope and does not work for many dymanic or password protected sites
www.icanprove.com acts as a third party to overcome these problems. Try it!


Start a session
for free
use
        the small browser window like any other website

Features:

  • A remote controlled browser to create screenshots with
  • extended logging of user actions and data transfer to create
  • a timestamped and digitally signed document to
  • give a very reliable proof of the website contents while
  • allowing to selectively exclude sensitive information
  • and transparently decoding ssl (https) sessions
  • SNI Support
  • NEW ! LTV and PDF A/1-B compliant

Typical usage scenarios:

  • Prove that an image was offered under creative commons license
  • Prove to your professor that you cited that webpage correctly
  • Prove your acomplishments in a game (if that game displays them on a web page)
  • Prove to your mother that your sister wrote something stupid in her/your social media account although she will delete it.
  • Prove to that website service technican, that this “ unreproducable ” error on his site actually can be reproduced
  • other types of ediscovery or evidence generation

FAQ:

  • What is a digitally signed Document?

    A digitally signed document contains additional information: A digital signature. This is a mathematical construct so tightly interwoven with the document that it is destroyed if the document is modified.
    The digital signature is a sequence of numbers that together with the name of the signer and a so called hash-value denotes one solution to a complicated mathematical equation. The hash-value is the result of a mathematical function using all parts of the document as its input. This function has been designed to map small changes of the document to different values. So modifying any part of the document will change this hash-value invalidating the equation mentioned at the beginning. To make this valid again the name of the signer and/or the signature have to be adapted. The equation is so complicated that finding a new adapted signature is so difficult that one needs some secret informaton to do so. The certification authorities choose the equations (adjust further parameters) in a way that solving needs data only hold by the authrorized signers.

  • How do I recognize digitally signed documents ?

    Many PDF-viewers e.g. AdobeReader verify and display digital signatures. A PDF-file signed by ICanProve.de looks like this:

    Many other sites provide PDF-validation,too.

  • AdobeReader reports a digital signature but flags it UNKNOWN.


    AdobeReader can use certificates for digital signatures from different sources. The certificate used by IcanProve.de has not been commissioned by Adobe but by a different company that cooperates with many oparating system vendors. Therefore certificates stored by the operating system have to be applied for verification. To enable these (using Windows) choose
    Edit → Preferences → Signatures → Verification → More → Windows-Integration
    and check the two boxes.

  • Should I trust this page with my passwords?

    You should not. I have been very cautious and have implemented many security mechanisms, but every website can be hacked and furthermore you do not know me at all. So if you absolutely need to enter secret passwords please change them immediately afterwards. Never ever enter transaction codes.

  • How do you handle spectre and meltdown?
    Spectre variants might allow to steal data from other processes on the same machine, even when separated by virtualization. Therefore we cannot be sure at the moment that your browsing process cannot be seen by others. But we try to keep up with all the patches (microcode, OS and browser) so that the needed zero time exploits will be too expensive for almost anyone to use.
    The signing process has been transferred to a (physical) different machine where the key is protected by a TPM 2.0 module. This combination should not be vulerable to spectre or meltdown on the computer used for browsing. (Stealing the passwort of the signing computer by spectre will not help an attacker as this machine is not reachable from any other system at all.)
Work in Progress...
If you enable this some general data will be transferred to third parties like Google Analystics etc.
If you enable this some general data will be transferred to third parties like Google Analystics etc.
use the small browser window like any other website