VFACE — Own Your Pseudonym
The problem
In Usenet, email, forums — anywhere pseudonyms exist — anyone can pretend to be you. Just type your name and email in the From field, hit send. Nobody checks. Nobody stops them.
Digital signatures fix part of this. Ed25519 lets you sign messages so people can prove the message hasn't been tampered with. But an Ed25519 key is just 32 anonymous bytes. It doesn't say who you are, it doesn't look like anything, and it doesn't prove when you first started using it.
VFACE fixes all three problems.
What VFACE does
VFACE ties together four things into one identity that's persistent, recognizable, and impossible to fake:
The result: you pick a name, you get a unique visual identity tied to your cryptographic key. Change one character in any component and the whole thing changes. Nobody can copy it because nobody has your private key. Nobody can claim they were first because the Bitcoin blockchain doesn't lie about time.
The four components
1. Your key pair
Everything starts with an Ed25519 key pair — a private key (yours, never shared) and a public key (published, used by others to verify your signatures). You can generate one in the VFACE tool, or use an existing key from yubicrypt, yubisigner, or any Ed25519 tool.
If you don't have a YubiKey, the VFACE tool generates a key pair for you and gives it as a JSON file to download. Keep it on an encrypted drive. If you lose it, that identity is gone forever — there's no recovery, no "forgot password", no central server that has a copy.
2. Your identicon
Your identity string — username|email|publickey — gets
hashed with SHA256, and those bytes become a small colorful image:
a 5×5 symmetric grid with two color layers, picked from fixed
palettes. Same input always produces the same picture.
This is the identicon algorithm created by Ch1ffr3punk. It's not like GitHub or WordPress identicons — those are just decorative placeholders. Ch1ffr3punk's version is deterministic and bound to a cryptographic key. Your identicon is your face in the pseudonymous world. (Read more about how identicons work)
The identicon comes in two sizes: 48×48 pixels for the
Face: header in Usenet/email messages, and 256×256
for your published identity page.
3. Your signed messages
Every message you send carries these headers:
From: Alice <alice@example.invalid>
Ed25519-Pub: hlHxqZ3uXv4TMXDM1Xus7xsJhlZzwovxg25SHmRKNrQ=
Ed25519-Sig: [signature of the message body]
Identity-Hash: f1e65d4e41939733d3c2d55950a028ff...
Face: [48x48 identicon as base64 PNG]The signature covers the message body — the text you wrote. Anyone with your public key can verify that the message is authentic and untampered. If the signature is invalid, the identicon doesn't show. Simple visual signal: face = real, no face = fake.
4. Your timestamp
This is the part most people skip, and it's the most important one.
Without a timestamp, someone can create a new identity with your name and email, generate their own key pair, and claim they were first. With a Bitcoin timestamp on your identity page, you can prove exactly when you published that specific combination of name + email + key. The blockchain is the judge — it's immutable and public.
This is done with OpenTimestamps, a free tool that anchors a hash to the Bitcoin blockchain. No account needed, no fees, no third party to trust.
How to create your identity
The entire process takes about five minutes.
Step 1 — Generate your identity
Go to identicons.virebent.art, pick a name and email, choose whether to generate a new key or paste an existing one from your YubiKey. The tool gives you everything: your identicon, your Identity Hash, your VFACE headers, a downloadable key pair (if generated), and a ready-to-publish identity page.
Step 2 — Save your key pair
If you generated a new key, download the JSON file immediately. This is your identity — no backup exists anywhere else. Store it on an encrypted volume. If you use a YubiKey, this step is already done: the key lives in the hardware.
Step 3 — Publish your identity page
Upload the static HTML page to your website, blog, or
.onion service. This is your public identity card.
Anyone can visit it and see your identicon, public key, and hash.
Step 4 — Timestamp it
This is where you anchor your identity on the Bitcoin blockchain.
You need the ots command-line tool.
Installing OpenTimestamps
Arch Linux
bash# From AUR
yay -S opentimestamps-client
# Or via pip
pip install opentimestamps-client --break-system-packages
# Verify
ots --version
Debian / Ubuntu
bash# Install pip if not present
sudo apt install python3-pip
# Install ots
pip install opentimestamps-client --break-system-packages
# Or in a virtual environment (cleaner)
python3 -m venv ~/ots-env
source ~/ots-env/bin/activate
pip install opentimestamps-client
# Verify
ots --version
Fedora / RHEL
bashpip install opentimestamps-client
ots --version
Option A — Python (recommended)
Install Python 3 from the official site. During installation, check "Add Python to PATH". Then open PowerShell or Command Prompt:
powershell# Install ots
pip install opentimestamps-client
# Verify
ots --version
Option B — Web interface (no install)
If you don't want to install anything, go to
opentimestamps.org,
drag your identity page file onto the page, and download the
.ots proof file. You can verify the same way later.
This works entirely in the browser — no account, no upload to
any server.
Timestamping your identity
Once ots is installed, timestamp your identity page:
bash# Create the timestamp
ots stamp identity-page.html
# This creates identity-page.html.ots
# Keep this file — it's your proof
The timestamp is submitted to calendar servers and anchored to the Bitcoin blockchain within 1 to 24 hours. Check the status:
bash# Check if confirmed (may say "Pending" for a few hours)
ots verify identity-page.html.ots
# Once confirmed, upgrade the proof to include the full path
ots upgrade identity-page.html.ots
# Verify again — should show the Bitcoin block number
ots verify identity-page.html.ots
When verified, you'll see something like:
Success! Bitcoin block 930116 attests existence as of 2026-01-15
That's it. Your identity is now anchored on the Bitcoin blockchain.
Publish the .ots file alongside your identity page so
anyone can independently verify when you first claimed that name.
.ots proof won't match anymore.
The page must stay exactly as it was when you stamped it. This is
by design — it proves the content at that exact point in time.
Why nobody can fake your identity
Three attack scenarios, three defences:
| Attack | What they do | Why it fails |
|---|---|---|
| Copy your headers | Copy your From, public key, Face, and Identity Hash from a public post | They can't sign new messages — they don't have your private key. The signature check fails instantly. |
| Same name, different key | Use your name and email but generate their own key pair. Their signatures are valid. | Their Identity Hash is different (different public key). Their identicon looks completely different. And your Bitcoin timestamp proves you were first. |
| Copy everything including your key | Copy your name, email, public key, identicon — all of it | They still don't have your private key. Every message they send with your identity has an invalid signature. If you use a YubiKey, the key physically cannot be extracted. |
Works everywhere
VFACE doesn't care about transport. It works over Usenet, email,
Tor hidden services, or clearnet. The headers are standard text —
any mail client or newsreader can carry them. The identicon is a
standard PNG. The timestamp is a standard .ots file
verifiable by anyone with the open-source tool.
Compatible with yubicrypt and yubisigner by Ch1ffr3punk — same identicon algorithm, same key format. If you already use those tools, your identicon is the same one VFACE generates. No migration, no conversion.
Try it
Create your identity at identicons.virebent.art. It takes five minutes, costs nothing, and doesn't require an account or any personal information.
Your pseudonym was never really yours. Now it is.