How to Prove Authorship and Keep Your Rights: 6 Ways That Hold Up in Court

You created something. A design, a photograph, a piece of music, an article, a software library, an architectural plan. You know when you made it, how long it took, and what you put into it. But if someone copies your work tomorrow and claims it as their own — what do you actually have to prove otherwise? Files on your hard drive carry no external witness. Metadata is trivially editable. Cloud storage timestamps belong to the platform, not to you. And by the time you talk to a lawyer, the infringer may already have a head start on registering “their” creation. This is the gap that cryptographic deposit fills: independent, verifiable, timestamped proof that your work existed in a specific form at a specific moment — without trusting any single authority.

This article covers why authorship proof matters more than most creators realize, what intellectual property law actually protects (the full map of protected works, not just software), where traditional protection methods fall short, and how an open-source tool called deposit.mayday.software creates a cryptographic evidence layer anyone can verify independently. We’ll walk through real court precedents, the economics of IP theft, a practical comparison of all deposit methods, and an evidence stack tailored to your profession — whether you’re a developer, designer, photographer, musician, writer, or entrepreneur.

The AI Era: Why Proving Authorship Is Harder Than Ever

For most of human history, creative work required obvious human effort. A painting required brushstrokes. A novel required years of drafting. Software required thousands of lines written by hand. The connection between creator and creation was self-evident.

Generative AI broke that assumption. Today, a single prompt can produce an illustration, a marketing copy, a piece of music, or a functional codebase. The US Copyright Office responded by requiring human authorship as a condition for copyright protection — and in March 2026, the Supreme Court denied certiorari in Thaler v. Perlmutter, reaffirming that purely AI-generated works cannot be copyrighted in the United States. The Copyright Office now requires applicants to disclose AI involvement and demonstrate “sufficient human creative control.”

This creates a new burden for creators who use AI as a tool (not a replacement). If you prompt, curate, edit, and refine an AI-assisted work, your creative contribution is real — but how do you prove it? The prompts you typed, the iterations you discarded, the edits you made, the artistic direction you imposed — all of this exists only on your local machine unless you deliberately create an external record.

In March 2025, the Tribunal Judiciaire de Marseille recognized blockchain timestamps as valid proof of copyright priority in a fashion design dispute — the first such ruling in Europe. The court accepted that a cryptographic timestamp on a design file established its existence before the alleged copy. This precedent signals where evidence standards are heading: toward verifiable, machine-independent proof that doesn’t depend on any single platform or authority.

Whether you use AI or not, the lesson is the same: the bar for proving authorship is rising, and the tools for creating proof need to rise with it.

The Full Map of Protected Works: What the Law Actually Covers

Most creators know their work is “protected by copyright.” Few know exactly what that means in practice. Under Russian Civil Code Article 1225 — and similar frameworks worldwide — the law protects 16 categories of intellectual activity results (РИД, rezultaty intellektualnoj deyatelnosti):

• Literary works — books, articles, blog posts, scripts, translations
• Musical works — compositions with or without lyrics
• Visual art — paintings, illustrations, graphic design, typography
• Photographs — including editorial, commercial, and artistic photography
• Audiovisual works — films, video content, animations
• Architectural works — building designs, urban planning documents
• Software and databases — source code, compiled programs, structured data collections
• Maps, plans, and sketches — cartographic and technical drawings
• Choreographic works — dance compositions, stage directions
• Inventions, utility models, industrial designs — patentable technical solutions
• Trademarks and service marks — brand identifiers
• Trade secrets (know-how) — proprietary processes and methods
• Integrated circuit topologies — chip designs
• Plant varieties — agricultural breeding results

Copyright protection for most creative works arises automatically upon creation — no registration required. But “the right exists” and “you can enforce the right” are different statements. Without evidence of when you created the work and in what form, enforcement becomes a dispute where the party with better documentation wins.

This is why technology due diligence processes evaluate IP ownership so carefully. Investors want proof, not assertions. Whether you’re building a startup or a freelance portfolio, your intellectual property may be your most valuable asset — and often the least documented.

The Cost of Inaction: Economics of IP Theft

Intellectual property theft isn’t an abstract risk. The numbers tell the story:

• $225–600 billion annually in IP theft losses in the US alone (2025 estimates)
• Over 859,000 reported incidents of cybercrime-related IP theft documented globally
• Up to 5 million rubles in statutory damages for copyright infringement under Russian Civil Code Article 1301
• Class-action lawsuits by musicians against AI training services (Udio, Suno) for unlicensed use of creative works in 2025

For individual creators, the cost is more personal. A freelance designer loses a project and a client relationship when their mockups are reused without payment. A photographer discovers their images on stock sites under someone else’s name. A startup fails due diligence because they can’t prove the IP chain for their core product.

The irony: the cost of creating proof is nearly zero. A cryptographic deposit takes under a minute and costs nothing. The cost of not having one only becomes apparent when you need it — and by then, you can’t create evidence for the past. If you already think about risk management in your business, IP evidence belongs in the same framework.

Why Proving Authorship Is Harder Than You Think

Every creative profession has its own version of the same problem: the original author often has the weakest proof of creation.

• Developers have Git repositories — but timestamps come from local clocks and can be backdated. Private repos have no external witness.
• Designers have Figma/Photoshop files — but file creation dates depend on the local filesystem and are trivially modifiable.
• Photographers have RAW files with EXIF data — but EXIF metadata can be rewritten with a single command.
• Musicians have DAW project files — but project timestamps reflect the last save, not original composition date.
• Writers have document drafts — but Google Docs version history belongs to Google, and local files have no external anchor.
• Architects have CAD files — but internal timestamps are platform-dependent and not independently verifiable.

The core problem is temporal: you need to prove that your work existed before someone else’s claim. Every piece of evidence that lives only on your machine or on a platform you control can be challenged as self-serving. What you need is an independent, external timestamp from a source neither party controls.

Deposit vs Registration vs Notary: A Practical Comparison

When creators decide to protect their work, they typically reach for one of several methods. Each has real value — and real constraints.

Method	Cost	Time	Legal Strength	Independent Verification	Repeatable
Government registration (Rospatent, USCO)	$50–500+	Weeks to months	Strongest (legal presumption)	Via registry lookup	Per version
Notary deposit	$100–400+	Hours to days	Strong (notary certification)	Via notary records	Per visit
Collective societies (RAO, n’RIS, EDRID)	$30–200	Days to weeks	Medium (organizational certificate)	Via society database	Per submission
Private registries (SafeCreative, etc.)	$0–100/yr	Minutes	Weak–Medium (depends on service)	Depends on service survival	Easy
Cryptographic deposit (deposit.mayday.software)	Free	<1 minute	Evidence layer (existence + time)	Fully independent (Bitcoin + RFC 3161)	Unlimited

The key insight: these methods aren’t mutually exclusive. Government registration provides the strongest legal presumption but is slow and expensive for iterative work. Cryptographic deposit provides the fastest, cheapest evidence layer that complements everything above it. The optimal strategy combines both: formal registration for milestone versions, cryptographic deposit for continuous protection.

Court Precedents: When Digital Evidence Works

The question “will a court accept this?” matters more than any technical argument. Here’s where the precedent stands:

France, March 2025: Blockchain Timestamp Accepted

The Tribunal Judiciaire de Marseille accepted a blockchain timestamp as proof of copyright priority in a fashion design dispute. The court recognized that the cryptographic hash anchored to a blockchain transaction established the design’s existence before the alleged copy. This was the first such ruling in a European court and signals a shift in how digital evidence is evaluated.

Russia: Court for Intellectual Property Rights (СИП)

Russia’s specialized Court for Intellectual Property Rights increasingly evaluates digital evidence in authorship disputes. While government registration under Article 1262 remains the gold standard for presumptive authorship, courts have accepted supplementary digital evidence — including timestamps, email records, and development logs — as part of a broader evidence package. The key: digital evidence works best when combined with traditional documentation, not as a replacement.

Bernstein.io: Blockchain Evidence in European Courts

Bernstein.io has documented cases where blockchain-based evidence was admitted in IP proceedings across multiple European jurisdictions. The pattern: courts are increasingly willing to accept cryptographic timestamps as evidence of existence and priority, especially when the verification process is transparent and reproducible.

The trend is clear: digital evidence is gaining legal weight. But “gaining weight” isn’t “universally guaranteed.” The strength of your case still depends on the totality of evidence — which is why building a multi-layer evidence stack matters.

Cryptographic Deposit: An Approach for All Creators

Cryptographic deposit takes a fundamentally different approach from traditional methods. Instead of relying on a single authority (government office, notary, platform), it creates mathematical proof that can be verified by anyone, independently, without trusting the deposit service itself.

The mechanism is the same regardless of what you’re protecting:

1. WHAT — Compute a SHA-256 hash of your files. This fingerprint is unique to your exact content. Change a single byte and the hash changes completely. Works for .psd, .raw, .wav, .py, .pdf, or any other file type.
2. WHO — Attach a cryptographic signature (GPG/OpenPGP) linking the hash to your identity.
3. WHEN — Anchor the hash to an independent time source: the Bitcoin blockchain (via OpenTimestamps) and/or RFC 3161 timestamp authorities trusted under eIDAS or similar frameworks.

The result is a set of small proof files that anyone can verify using standard open-source tools. The Bitcoin blockchain is immutable by design. RFC 3161 timestamps come from authorities whose clocks are audited and legally recognized. Your files never leave your machine — only the hash travels.

This is what deposit.mayday.software implements as a free, open-source, MIT-licensed tool.

How deposit.mayday.software Works

The workflow takes under a minute for any type of creative work:

1. Drop files or a folder into the web interface at deposit.mayday.software — source code, design files, photos, audio, documents, anything
2. Files are hashed locally in your browser using SHA-256. Nothing uploads to any server.
3. A manifest file (CITATION.cff) is generated containing file names, sizes, hashes, and metadata in the Citation File Format standard.
4. Timestamp anchoring sends only the manifest hash to timestamp services: OpenTimestamps calendars (which anchor to Bitcoin) and RFC 3161 TSA providers.
5. You download proof files: the manifest, its OpenTimestamps proof (.ots), and optionally an RFC 3161 timestamp token.

The output files you store alongside your work:

File	Purpose	Verification Tool
manifest.cff	Content fingerprint + metadata	Any SHA-256 tool
manifest.cff.ots	Bitcoin timestamp proof	ots verify (OpenTimestamps)
manifest.cff.asc	GPG signature (when enabled)	gpg --verify
manifest.cff.asc.ots	Timestamp of the signature itself	ots verify

Every piece of this chain is verifiable with standard open-source tools. No proprietary software, no account required, no dependency on the deposit service remaining online.

Architecture: Zero-Trust, Browser-First Design

The architecture reflects a principle critical for evidence tools: the service operator should not be a required trust anchor. If you have to trust the deposit service to verify your evidence, you’ve replaced one single point of failure with another.

deposit.mayday.software runs as three components:

• Angular SPA (frontend) — All hashing, manifest generation, and certificate rendering happens in the browser. Your files never leave your machine.
• Cloudflare Worker (API relay) — Forwards timestamp requests to allowlisted upstream providers. Doesn’t store files, hashes, or user data. Exists only because browsers can’t directly call some timestamp APIs due to CORS restrictions.
• External timestamp services — The actual trust anchors: OpenTimestamps calendars anchoring to Bitcoin, and RFC 3161 authorities providing signed timestamps recognized under eIDAS.

The relay-only model means that even if the Cloudflare Worker is compromised or shut down, existing proofs remain valid. The project is MIT-licensed and fully open-source — you can deploy your own instance if you prefer not to use the hosted version.

This kind of zero-trust architecture is a natural fit for anyone already thinking about cybersecurity as a strategic priority. Evidence tools that require trusting the tool operator defeat their own purpose.

Browser Extension: Deposit and Capture from Your Toolbar

For creators who want deposit to become a habit rather than an occasional task, the project includes a browser extension for Chrome (Manifest V3) and Firefox with three capabilities:

• Deposit tab — Same drag-and-drop workflow as the web app, accessible from any page.
• Capture tab — Take a timestamped snapshot of any web page (HTML + screenshot). This is particularly valuable for non-code use cases: a photographer can capture a competitor using their photos without attribution, a designer can record the state of their published portfolio, a writer can timestamp their article as published on a specific date.
• History tab — Browse your deposit history locally. All data stays in the browser’s extension storage.

The extension is compact (~630 KB total) and built from the same Angular codebase for both Chrome and Firefox.

Legal Reality: What Cryptographic Evidence Can and Cannot Do

Honesty about legal boundaries matters more than marketing claims.

What It Proves

• Existence — A specific set of files existed in a specific form at a specific time.
• Integrity — The files have not been modified since the timestamp was created.
• Priority — If your timestamp predates someone else’s claim, you have evidence of earlier existence.

What It Doesn’t Prove

• Authorship — A hash proves the file existed, not who created it. The GPG signature layer ties the deposit to a cryptographic identity, but identity itself requires additional context.
• Legal presumption — Government registration creates a legal presumption of authorship in most jurisdictions. Private deposit creates evidence, not presumption.
• Scope of rights — Timestamping doesn’t define licensing terms, ownership structure, or usage rights. You still need contracts and license files.

The honest positioning: cryptographic deposit is one layer in a multi-layer evidence strategy — the fastest and cheapest layer, independently verifiable, complementing (not replacing) formal registration.

Building Your Evidence Stack by Profession

For practical IP protection, you want multiple layers of evidence that reinforce each other. No single artifact is universally sufficient. Here’s what that stack looks like for different creative professions:

Developers

• Signed Git commits (git commit -S) with meaningful messages
• CI/CD build logs showing test and deployment history
• Issue tracker records linking commits to features
• Cryptographic deposits at tagged releases
• Contributor agreements and contractor contracts

Designers and Illustrators

• Source files (.psd, .fig, .ai, .sketch) with layer history
• Export versions showing iteration (v1, v2, final)
• Client correspondence approving directions and revisions
• Cryptographic deposits of source files before client delivery
• Portfolio publication timestamps (use Capture tab to record)

Photographers

• RAW files with EXIF metadata (camera serial, GPS, original timestamp)
• Lightroom/Capture One catalogs with edit history
• Model and property release agreements
• Cryptographic deposits of RAW files from each shoot
• Published portfolio entries with Capture-based timestamps

Musicians and Composers

• DAW project files (Ableton, Logic, FL Studio) with session history
• Demo recordings with dated filenames
• Sheet music or MIDI files of original compositions
• Cryptographic deposits of stems and master before distribution
• Registration with PROs (performing rights organizations) for royalty tracking

Writers and Content Creators

• Document drafts with version history (multiple saves, not just final)
• Editorial correspondence, feedback, and approval records
• Publication records (timestamps of when articles went live)
• Cryptographic deposits of manuscripts before submission or publication
• Capture-based screenshots of published content with dates

Entrepreneurs (IP as Business Asset)

• IP inventory — catalog of all company-owned intellectual property
• Contributor and employment agreements with IP assignment clauses
• Cryptographic deposits of product milestones (before each funding round, partnership, or acquisition)
• Formal registration of core assets (trademarks, key software modules)
• IP due diligence package ready for investors — treat IP evidence as part of your knowledge management strategy. If you’re choosing a technology stack for a startup, IP evidence infrastructure belongs on the list

Real Scenarios Where Deposit Changes the Outcome

The Designer Who Lost a Client Dispute

A freelance designer delivers brand identity mockups. The client ghosts on payment, then launches with the exact designs. The designer’s Figma files show creation dates — but Figma timestamps are controlled by Figma. A cryptographic deposit made before delivery would have provided Bitcoin-anchored proof that the designs existed on the delivery date, independent of any platform.

The Photographer Whose Work Went Viral Without Credit

A photographer’s image spreads across social media with the watermark cropped. Multiple accounts claim it as their own. The photographer has the RAW file, but RAW files can be shared or stolen. A deposit of the RAW file immediately after the shoot — with its unique SHA-256 hash — creates a timestamped record that predates all the copies. Combined with EXIF data showing the camera serial number, this builds a strong authorship case.

The Musician in a Priority Dispute

Two artists release similar melodies within months of each other. Both claim they composed it first. The one who deposited their demo recording and DAW project files before the other’s release date has clear evidence of temporal priority. Without a deposit, it’s one person’s word against another’s — exactly the kind of dispute where the Marseille court’s blockchain timestamp precedent becomes relevant.

The Startup That Passed Due Diligence

A startup enters due diligence for Series A. The investor’s technical team asks: “Can you prove your team built this?” A history of signed, timestamped deposits at each release, combined with Git history and contributor agreements, creates a compelling IP provenance trail. The competing startup — the one without deposits — gets harder questions and a longer process. Technology due diligence rewards preparation.

The Writer Whose Article Was Republished

A technical writer publishes an in-depth article on their blog. Weeks later, a content farm republishes it word-for-word under a different byline, with an earlier fake publication date. The original writer deposited the article’s HTML file before publishing. The deposit’s Bitcoin timestamp proves the article existed before the content farm’s claimed date — an externally verifiable fact that no amount of HTML date manipulation can counter.

Integrating Deposit into Your Workflow

The best evidence strategy is one you actually follow. Here’s how to make deposit a natural part of your creative process:

Milestone-Based Deposit (Recommended for Most Creators)

• Deposit source files before delivery to a client
• Deposit before publication — whether it’s a blog post, a portfolio update, or a release
• Deposit before fundraising — investors appreciate documented IP provenance
• Deposit before onboarding contractors — delineates what existed before their contribution

Continuous Deposit (For Teams and High-Value Projects)

• Integrate into CI/CD pipelines: hash and timestamp every tagged release
• Store proof files in version control alongside the work they certify
• Maintain a deposit log (date, version, hash, proof location)

Capture-Based Monitoring (For Published Content)

• Use the browser extension’s Capture tab to timestamp your published work at regular intervals
• Capture competitor pages that may be infringing — timestamped evidence of what was on their site when
• Capture terms of service or contractual pages before they change

Since the entire tool is open-source, you can deploy a private instance behind your firewall. The Cloudflare Worker relay only sends hash values — never files.

Verification: How a Third Party Checks Your Proof

Evidence is only as strong as its verifiability. Here’s how anyone — a court expert, an investor’s team, a lawyer — independently verifies a deposit:

1. Check file integrity: Recompute SHA-256 hashes and compare against the manifest. Any mismatch means the files were modified after deposit.
2. Verify GPG signature (if present): gpg --verify manifest.cff.asc manifest.cff
3. Verify Bitcoin timestamp: ots verify manifest.cff.ots — checks against Bitcoin blockchain data, no trust in any service required.
4. Verify RFC 3161 timestamp (if present): OpenSSL validates the token against the issuing authority’s certificate.

None of these steps require deposit.mayday.software to be online. All verification uses public infrastructure and standard open-source tools.

Why Open Source Matters for Evidence Tools

A closed-source deposit tool has a fundamental credibility problem. If the opposing party asks “how do we know this tool does what it claims?” and the answer is “trust the vendor,” that’s a weak position in any proceeding.

With an open-source tool:

• Any expert can audit the code to confirm correct hashing and no data exfiltration
• The verification process is documented and reproducible
• You can fork and deploy independently, eliminating any dependency on the maintainer
• MIT license means no commercial restrictions

In disputes where digital evidence is challenged, the ability to demonstrate exactly how the evidence was created — with auditable source code — significantly strengthens its weight.

FAQ

Does cryptographic deposit replace government registration?

No. Government registration (Rospatent in Russia, USCO in the US) creates a legal presumption of authorship. Cryptographic deposit creates evidence of existence and timing. Both are valuable; they serve different functions. Use both when formal registration is available and appropriate.

Do my files get uploaded to any server?

No. All file hashing happens in your browser using the Web Crypto API. Only the hash of your manifest (a 32-byte value) is sent to timestamp services. Your source files never leave your machine.

What file types can I deposit?

Any digital file: source code, design files (.psd, .fig, .ai), photographs (.raw, .jpg), audio (.wav, .mp3, .flac), video (.mp4, .mov), documents (.pdf, .docx), archives (.zip), or entire project folders. The tool computes SHA-256 hashes regardless of file format.

How long does a Bitcoin timestamp take to confirm?

Initial proof is available within seconds (a “pending” proof against OTS calendars). Full Bitcoin confirmation typically takes a few hours. The pending proof is already useful; the confirmed proof is stronger.

What if deposit.mayday.software goes offline?

Your proofs remain valid. Verification uses the Bitcoin blockchain and RFC 3161 authority certificates — neither depends on this service. The source code is MIT-licensed on GitHub, so anyone can deploy a new instance.

Is this admissible in court?

Court admissibility depends on jurisdiction. Blockchain timestamps have been accepted as evidence in French courts (Marseille, 2025) and in proceedings documented by Bernstein.io across Europe. In Russia, digital evidence is evaluated case-by-case. The strength of your case improves when combined with other evidence layers. Consult a lawyer in your jurisdiction.

How does this help with AI-assisted works?

If you use AI as a tool, depositing your prompts, iterations, edits, and final outputs at each stage creates a timestamped record of your creative process. This can help demonstrate the “sufficient human creative control” that copyright offices increasingly require for AI-assisted works.

How is this different from emailing myself a copy?

The “poor man’s copyright” has limited legal value because the timestamp comes from a service you control. Cryptographic deposit anchors to the Bitcoin blockchain — a public, immutable ledger maintained by thousands of independent nodes. The evidentiary quality is fundamentally different.

Start Protecting Your Work Today

The cost of creating a cryptographic deposit is zero and takes under a minute. The cost of not having one becomes apparent only when you need it — and by then it’s too late.

Whether you write code, shoot photos, compose music, design interfaces, or build businesses — your creative work deserves an evidence trail that doesn’t depend on any single platform, company, or authority. Try it now at deposit.mayday.software, review the source code on GitHub, or install the browser extension to make deposit part of your daily workflow.