Public transparency log witness

Witness for https://api.fd0.sh

Independent observer of the fd0.sh server's signed tree heads. Consistency-verified observations are cosigned; fork evidence is archived and flagged. Pin the witness pubkey below in your client to require its cosign on every sync.

HEALTHYlast refresh 0s ago
Witness identity
pin this
Pubkey (ed25519)233848710d80517e…1ec7a383dc7cf567
Domainfd0-witness-cosign-v1
Add to ~/.fd0/config.toml:
[witness]
url    = "https://witness.fd0.sh"
pubkey = "233848710d80517e09718e3d18abc4afd12fea4f4fb83b911ec7a383dc7cf567"
required = true
Observed chains (21)
watching https://api.fd0.sh
Chain IDTree sizeCosignsStatus
scope:s_3h7ty2l6wlhsuhcrzvibc3ixkmtree_size=135256 cosigns✓ no fork
scope:s_efnkfuvrnkuhfvofgtjwwjr6latree_size=72 cosigns✓ no fork
scope:s_kig2kd4eytwqnq6cn42zh4x77itree_size=101 cosigns✓ no fork
scope:s_p2e2mb2rifsrxhg4zaoosrdwnytree_size=72 cosigns✓ no fork
scope:s_zajnqddgnm7sofg64rugoele5itree_size=41 cosigns✓ no fork
user:0ngv0pndtree_size=11 cosigns✓ no fork
user:36mnyp54tree_size=11 cosigns✓ no fork
user:5xeq1d0gtree_size=11 cosigns✓ no fork
user:7838y498tree_size=11 cosigns✓ no fork
user:789wrp0gtree_size=11 cosigns✓ no fork
user:7p41x93ntree_size=11 cosigns✓ no fork
user:86f2xah0tree_size=11 cosigns✓ no fork
user:9tmgntzqtree_size=11 cosigns✓ no fork
user:a6pypfz5tree_size=11 cosigns✓ no fork
user:b06tgea1tree_size=11 cosigns✓ no fork
user:e58tzd5ctree_size=11 cosigns✓ no fork
user:jdt6sqegtree_size=11 cosigns✓ no fork
user:p7g2n4rctree_size=11 cosigns✓ no fork
user:y3wsyvk2tree_size=11 cosigns✓ no fork
user:z2rtefm1tree_size=11 cosigns✓ no fork
user:ztbym5cwtree_size=11 cosigns✓ no fork
Verify yourself
curl + jq

The witness API is read-only and unauthenticated. Pull any STH and compare against what the server gave your client — the cosign should match.

$ curl -sS https://witness.fd0.sh/v1/server-info | cbor2json
{
  "witness_pub":     "0x233848710d80517e...",
  "witness_pub_hex": "233848710d80517e..."
}

# All chains the witness has archived for https://api.fd0.sh
$ curl -sS https://witness.fd0.sh/v1/observed/$(echo -n "https://api.fd0.sh" | basenc --base64url -w0 | tr -d '=')
What this guarantees

With the witness pinned in your client and required = true, every sync verifies the server's STH against this witness's cosign. If the server ever publishes a fork — two distinct root hashes at the same tree_size — the witness flags equivocation and your client refuses the sync. That makes server-side equivocation cryptographically detectable rather than a matter of trust.

Run your own witness: docs/TRANSLOG.md §8. The more independent witnesses, the harder undetected equivocation becomes.