Signal — ثقة القنوات
ينتحل المحتالون صفة بنكك أو شركة الشحن أو متجرك على WhatsApp وTelegram. يؤكد Signal خلال ثوانٍ ما إذا كانت الرسالة من قناة رسمية.
Technical reality: asymmetric strategies
WhatsApp Cloud API: when a message is forwarded to a business number, the webhook only includes the phone of the person who forwarded it, context.forwarded and the content — never the original sender. Forwarded WhatsApp checks can only analyze content/links; channel attribution comes from sender-side claims.
Telegram Bot API: forward_origin includes the original sender (except privacy → MessageOriginHiddenUser). Third-party verification enables real receiver-side attribution plus a native badge.
Brand Claim Boundary (cornerstone)
Each brand declares and signs its official perimeter: the only domains, WhatsApp numbers, Telegram channels and short links it uses. The engine asks whether the artifact is inside or outside the perimeter against a signed allowlist. The perimeter is the published Official Channel Log entry.
Golden rule: registry facts, not intent
SecureStamp never asserts intent. The verdict is a closed set of facts:
PERTENECEThe channel is inside the brand’s declared and signed perimeter.NO_PERTENECEThe channel is outside the perimeter, optionally with observed signals.COUNTERSTAMPThe brand issued a confirmed counter-stamp against the channel.DISPUTEDThe case is under dispute and due process.UNKNOWNThe brand has not declared a perimeter in SecureStamp.
The 5 states map to L1–L5. The strong L1 state requires a brand-signed counter-stamp in state confirmed; the algorithmic case never imputes intent.
Two logs (TLP model) + transparency
Official Channel Log — TLP:CLEAR: first-party assertions about a brand’s own channels. Public lookup, history and revocations.
Abuse Transparency Log — TLP:AMBER: third-party assertions. Only cryptographic commitments and aggregate counts are public; detail remains restricted. A concrete case is proven with a Merkle inclusion proof against the public tree head.
Counter-stamp lifecycle
Not an arbitrary blacklist: it has states and due process.
Only confirmed enables L1; disputedis the dispute path for the channel owner.
Trust Receipt (ES256, shared JWKS)
Every verification produces a Trust Receipt: ES256-signed, timestamped, with idSSF-EV-… and re-verifiable by anyone. It reuses SecureStamp’s notarial key, so a third party verifies a receipt with the same/.well-known/jwks.json used for email stamps. Header typ: SSCT-receipt.
API
| POST | /api/signal/verify | Runs the engine and returns a registry fact + signed Trust Receipt. |
| GET | /api/signal/receipts/{id} | Re-verifies a Trust Receipt against the public JWKS. |
| POST | /api/signal/brands | Declares/updates a brand perimeter. |
| POST | /api/signal/counter-stamps | Opens a counter-stamp. |
| PATCH | /api/signal/counter-stamps | Transitions counter-stamp state. |
Disclaimer: SecureStamp certifies that a channel belongs to a brand’s declared official perimeter and the integrity of the receipt. It does not certify sender intent or the truth of message content.