Public launch · in development
Minimum trust.
Clear limits.
A signed public card and live QR resolver, so scans show current status, not a static profile. No phone. No ID. No ads. No tracking.
river.example
Portable trust under published rules.
Card since 2026
- Vouched human
- Live control
- QR active
Scan shows current status. It does not prove the nearby person owns this card.
The wedge
Objects point at a resolver, not a bio link.
Stickers and cards spread curiosity. The product is the scan: signed card state, revocation, vouches, and optional live control, readable in seconds, honest about limits.
What creates dependency
Merch alone is printing. Dependency starts when people and systems must ask the resolver for current truth.
- Live resolver Every QR resolves to active, revoked, suspended, or unknown, not a 404
- Per-item revocation Revoke one stolen sticker QR; other credentials can stay active
- Signed public card Keys on your device; export and revoke; not platform-owned
- Vouch graph Accountable social attestations under published rules, not follower counts
- Live control Optional proof you control the card key now, not legal ID
- Machine-readable status Apps and communities can check JSON status, not just a web page
Build plan
Order from the repo. Each phase unlocks the next.
- A Resolver + card Create card, HTTPS scan page, vouch display, revocation, open when it works
- B Curiosity drop One sticker SKU; strangers scan; measure scan → create card
- C Belonging Personalized item QR; vouches under published rules
- D Commons Pass Community membership passes, check-in, stamps, same resolver grammar
- → Governance Public rules, member control of rights-affecting changes, federated operators
Where this goes
Long-term: trust infrastructure communities can govern, not another surveillance identity platform.
- Open standards Public card format, QR credentials, resolver API, portable across hosts
- Commons Pass Orgs issue membership without phone numbers or scan analytics
- Member governance Users and workers set rules for suspension, vouch policy, and surplus
- Federated resolvers Multiple operators, one trust grammar, no single company owns identity
Primitive
- Humanity Card Signed public profile + handle + manifesto you control
- QR credential Short HTTPS payload; print-safe; unique per physical item when needed
- Scan page Card status, human trust, artifact status, and what scan does not prove
- Commerce path Shopify checkout + Printify fulfillment, only after resolver QA passes
Limits
- Not legal ID, KYC, or employment verification
- Not proof the person holding a QR is the owner
- Not bot-proof or “verified forever”
- Buying merch does not grant vouched status
- No scan analytics by default
- Operator data policy What the resolver stores, and what it does not
- Policy on GitHub Canonical markdown in the repo
Today
- This site Plan and specifications published
- Resolver + card Phase A, in active development
- Create a card Opens to anyone, no invite list
- Sticker drop Optional merch after the resolver ships