Internet-Draft HGCP March 2025
Tao Expires 1 October 2025 [Page]
Workgroup:
Network Working Group
Internet-Draft:
draft-taoqiwen-hgcp-00
Published:
Intended Status:
Informational
Expires:
Author:
Q. Tao
Independent Researcher

HGCP: A Voluntary Signing Framework for Human Expression in the Age of AI

Abstract

In an era where AI-generated content has become indistinguishable from human writing, the Human-Generated Content Protocol (HGCP) proposes a voluntary signing framework that enables human authors to take responsibility for their expressions. Instead of relying on probabilistic detection methods or enforcing centralized identity, HGCP encourages a simple yet powerful act: a signer publicly declares responsibility for authored content through a structured signature block. The protocol is platform-neutral, supports both real-name and anonymous identities, and prioritizes transparency, accountability, and human agency. HGCP defines minimal signature structures, integration suggestions for platforms and tools, and philosophical guidance for fostering expression trust in an increasingly synthetic information ecosystem.

About This Document

This note is to be removed before publishing as an RFC.

Status information for this document may be found at https://datatracker.ietf.org/doc/draft-taoqiwen-hgcp/.

Status of This Memo

This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.

Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.

Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."

This Internet-Draft will expire on 1 October 2025.

Table of Contents

1. Introduction

In the rapidly evolving digital world, a flood of content from countless sources fills our screens—much of it now automatically generated, indistinguishable, and detached from genuine human intent. As artificial intelligence becomes increasingly proficient at mimicking human expression, the boundary between real thought and algorithmic generation is becoming ever more blurred. The rise of AI-generated content brings tremendous opportunity, but it also presents a critical question: if we can no longer identify who wrote something, how can we trust it?

The Human-Generated Content Protocol (HGCP) is proposed as a voluntary signing framework to address this issue. HGCP does not attempt to detect AI content through technical means; instead, it introduces a simple yet powerful idea: that a human author should be able to voluntarily declare, "This was written by me, and I take responsibility for it."

HGCP is not a detection algorithm or classification tool. It is a social and ethical trust mechanism. It provides a standardized signing format that enables any publisher—across any platform and identity type—to assert authorship in a verifiable and human-responsible manner. HGCP is platform-neutral, identity-flexible, and supports both anonymous and real-name authors who wish to make their human expression distinguishable and trustworthy.

HGCP is intentionally designed as a minimal core protocol—simple, declarative, and human-first. It does not attempt to encode all possible expression scenarios from the start. Instead, it offers a stable foundation that can evolve over time to support multi-signer declarations, partial claims, multimedia expressions, and richer trust semantics.

2. The Problem of Expression Trust

The internet was originally built to foster human connection and communication. Yet in a world where content creation, duplication, and distribution approach zero cost, the origin of information has become increasingly obscured. We once relied on domain names, writing style, and user profiles to infer trustworthiness—but now, all of these can be simulated or spoofed by AI.

We face a growing asymmetry: it is far easier to generate content than to verify its trust. This leads not only to an explosion of noise and manipulation but to a slow erosion of meaning itself. Readers hesitate to believe; authors hesitate to sign their work; platforms hesitate to take responsibility.

Many recent solutions have focused on "AI detection"—using machine learning classifiers to guess whether a given text was written by an AI. These tools are inherently probabilistic, easily evaded, and perpetually behind in the arms race of model advancement. The more essential question is not "Was this written by an AI?", but rather: "Is someone willing to take human responsibility for having said this?"

HGCP addresses this deeper layer: the level of expression responsibility. It introduces a new kind of signal—not derived from how content was generated, but from whether someone is willing to stand behind it. In doing so, trust becomes not a passive inference but an active, verifiable commitment.

3. The Philosophy of HGCP: Responsibility Over Provenance

The core idea of HGCP is not to verify originality, authorship, or human origin of content—but to offer a voluntary, structured mechanism for a person to take public responsibility for their expression.

Whereas most classification systems ask "Who wrote this?", HGCP invites a more meaningful question: "Are you willing to claim this expression as your own?"

Signing under HGCP does not imply that the content is accurate, high-quality, or original. It simply affirms: "I am a human being, and I am publicly acknowledging that I wrote this."

This makes HGCP signing a social gesture rather than a technical classification. It is not about improving detection precision, but about restoring the most basic principle of communication: to speak is to bear responsibility.

HGCP is not anti-AI. It does not forbid AI-assisted writing. Its purpose is not to exclude AI, but to identify human intent and responsibility. Even if a human uses AI to assist, as long as they willingly sign, they are taking responsibility as a human.

HGCP is an open framework. It does not restrict what tools you use; it only asks whether you are willing to sign. It does not judge your expertise; it only values your readiness to be held accountable. This voluntary human claim becomes the root signal of trust in HGCP.

4. Signature Declaration Structure

HGCP recommends that any author willing to assume responsibility for their expression include a standardized signature declaration when publishing content. The declaration should contain the following elements:

Required Fields:

signer_id: A pen name, public key fingerprint, platform username, or other verifiable identity reference (RFC 9580 [RFC9580] OpenPGP fingerprints recommended)

timestamp: A UTC timestamp indicating when the signature was made (preferably in [RFC3339] format)

content_hash: A cryptographic digest of the original text using a standard hash function (SHA-256 recommended, as defined in [RFC6234])

hgcp_version: A required version field to indicate which version of the HGCP signature structure is being used (e.g., "0.2"). This helps ensure future compatibility as the protocol evolves.

declaration: A clear statement of responsibility, e.g., "I affirm that the above content was written by me and I accept responsibility for it."

Optional Fields:

tools_used: If any tools (AI assistants, grammar correctors, translation engines) were involved, list them transparently

identity_type: e.g., real-name, anonymous, pseudonymous, organizational

revocability: Whether the signature can be withdrawn or the content edited. Suggested standard values include:
- immutable
- editable-until-locked
- time-limited-editable
- revocable-with-proof

id_format: e.g., "GitHub username", "PGP fingerprint", "platform alias"

Example Signature (Markdown):

Author: Tao Qiwen
Timestamp: 2025-03-29T14:22Z
HGCP Version: 0.2
ID Type: anonymous
Tools Used: ChatGPT + manual edits
Content Hash (SHA-256, base64): aGVsbG8sIHdvcmxk...
Revocability: editable-until-locked
Declaration: I confirm that the above content was published by me, and I take responsibility as a human author.

Example HGCP Signature (JSON, v0.1):

{ "signer_id": "qiwen2025", "id_type": "anonymous", "timestamp": "2025-03-29T14:22Z", "hgcp_version": "0.2", "content_hash": "a732c8dffe34aabbcc...", "tools_used": ["ChatGPT", "Notion AI"], "revocability": "editable-until-locked", "declaration": "I confirm that the above content was published by me, and I take responsibility as a human author." }

Optional (PGP Signature):

"gpg_signature": "-----BEGIN PGP SIGNATURE-----\n...\n-----END PGP SIGNATURE-----"

HGCP signatures are versioned to ensure clarity, compatibility, and future evolution. The hgcp_version field in the signature block indicates which structure is used.

"hgcp_version": "0.2"

The version number refers to the signature structure specification, not the tool version or software implementation. Future versions may include DID bindings, cross-platform trust references, or encrypted metadata.

5. Identity Types and Trust Levels

HGCP does not require real-name identification, but encourages the use of consistent and interpretable identity labels. Each identity_type is associated with a general trust signal, though long-term behavior and signing consistency are more important than any single declaration.

Identity Types and Suggested Trust Levels

 

human
A human author who signs and takes responsibility.
Trust Level: High

human+ai
A human-led expression with AI assistance.
Trust Level: Medium-High

organization
A collective statement signed on behalf of an entity.
Trust Level: Medium

anonymous
An identity with no disclosed name but consistent signing history.
Trust Level: Medium

ai
Clearly labeled as AI-generated, signature for transparency only.
Trust Level: Low

Even anonymous users may build trust over time through persistent and verifiable signing behavior. Platforms may choose to highlight signer identity history to assist readers in evaluating context.

5.1. Statement Responsibility Levels

The statement_level field reflects how the signer claims responsibility for the content. It does not attempt to verify authorship origin, but instead signals how the signer relates to the text and its expression.

Statement Levels and Their Meanings

 

HGCP-H
Human-only authored, signer claims full responsibility
Use Case: Essays, personal writings

HGCP-H+AI
Human-led with AI assistance, signer reviews and owns final version
Use Case: Blogs, mixed content

HGCP-O
Statement signed on behalf of an organization
Use Case: Press releases, company updates

HGCP-AI
AI-generated content, signed only for transparency
Use Case: Automated posts, system replies

HGCP-C
Curated or reinterpreted content, signer takes responsibility for context and presentation
Use Case: Compilations, summaries, quoted content

Platforms and readers may interpret these statement levels in combination with identity and signing history to infer credibility or accountability. HGCP does not enforce strict verification, but rather enables visible patterns of declared responsibility. ###Trust is Accumulated Through Behavior

HGCP emphasizes the act of voluntarily claiming responsibility, not the technical origin of the content. Repeated, consistent, and transparent signing behavior is more meaningful than a single signature. Platforms are encouraged to experiment with trust scoring systems based on:

  • Identity stability

  • Revocation or editing history

  • Contradiction or refutation patterns

  • Peer endorsement or community validation

6. Platform and Tool Integration Suggestions

HGCP is platform-neutral and decentralized, but content platforms, publishing tools, and browser extensions are encouraged to integrate HGCP through the following actions:

For content platforms:

Provide HGCP signing support (e.g., auto-generate timestamp, content hash, signature block)

Visibly display signature declarations and identity type

Offer exportable signature metadata (e.g., JSON-LD)

Provide "verify signature" buttons for end users

Allow flagging or auditing of forged or misleading signatures

For authoring tools:

Markdown/word editors can embed HGCP plugins for local signing

AI-assisted writing apps should encourage users to optionally sign with responsibility

Publishing interfaces should invite voluntary HGCP signing at submission time

For reader tools and plugins:

Browser extensions can detect and visually mark HGCP-signed content

Enable readers to view signer reputation, signature validity, and signing history

7. Social and Ethical Considerations

HGCP is not a replacement for content governance, but a voluntary signal system designed to restore visibility to human-authored expressions in an increasingly hybrid content landscape.

HGCP does NOT:

Detect AI content or act as an AI classifier

Track real identities or force doxxing

Judge truth, originality, or value of signed content

Restrict unsigned content from being published

HGCP DOES protect:

Anonymous authors’ right to claim authorship

Signers’ right to choose their identity level

The right to revoke, edit, or update signed content

Each platform’s autonomy in adapting or extending HGCP support

HGCP offers a decentralized path to expression accountability—not by censorship, but by providing those who want to be recognized and trusted the ability to do so.

8. Example Use Cases

HGCP is platform-neutral and supports a wide spectrum of content styles and identities. Each use case involves a signer voluntarily declaring both their identity context and expression responsibility.

8.1. Personal Blogs and Essays (identity_type: pseudonymous, statement_level: HGCP-H)

A blogger writing longform essays under a pseudonym includes a signature at the end of each post. While the views may be subjective, the signer affirms personal responsibility for all content.

{ "signer_id": "silentvoice", "id_type": "pseudonymous", "statement_level": "HGCP-H", "timestamp": "2025-03-29T16:12Z", "tools_used": [], "declaration": "I wrote the above post entirely on my own and stand by it as a human author." }

8.2. Social Media Discussion (identity_type: anonymous, statement_level: HGCP-H)

An anonymous user on a contentious Reddit thread wants to show that they are not a bot and take personal responsibility for their words.

  • "This opinion is signed under HGCP. I take responsibility for this view as a human author."

The signature metadata may look like:

{ "signer_id": "anon321", "id_type": "anonymous", "statement_level": "HGCP-H", "timestamp": "2025-03-29T17:35Z", "tools_used": [], "declaration": "I stand by this statement as an individual human participant in this conversation." }

8.3. Academic or Scientific Blog Summary (identity_type: real-name, statement_level: HGCP-C)

A university researcher summarizes a recent paper from another lab and posts it to their department blog. While they didn't generate the original content, they take responsibility for the summary.

{ "signer_id": "dr.lin", "id_type": "real-name", "statement_level": "HGCP-C", "timestamp": "2025-03-29T19:12Z", "tools_used": ["Notion", "Grammarly"], "declaration": "This post is my own summary of a published paper. While I did not author the original, I take responsibility for this interpretation and presentation." }

8.4. AI-Assisted Script Writing (identity_type: human+ai, statement_level: HGCP-H+AI)

A YouTube creator uses ChatGPT to help draft a video script. They edit, restructure, and rewrite sections before publication.

{ "signer_id": "creatorzone", "id_type": "human+ai", "statement_level": "HGCP-H+AI", "timestamp": "2025-03-29T21:05Z", "tools_used": ["ChatGPT", "DeepL", "Grammarly"], "declaration": "This script was generated with AI assistance, but I have reviewed and edited the final version and take human responsibility for it." }

8.5. AI-Generated Content Disclosure (identity_type: ai, statement_level: HGCP-AI)

A system-generated bot post discloses that it is not written by a human, but still includes HGCP metadata for transparency and traceability.

{ "signer_id": "autosummary-bot", "id_type": "ai", "statement_level": "HGCP-AI", "timestamp": "2025-03-29T23:00Z", "tools_used": ["Custom NLP Pipeline"], "declaration": "This content was automatically generated by a bot and is signed for transparency purposes only." }

These examples demonstrate how HGCP enables a wide range of expressive behaviors, from pseudonymous essays to AI-generated system messages. By combining identity_type, statement_level, and an explicit declaration, HGCP makes the nature of authorship visible, responsibility claimable, and trust interpretable.

9. Criticisms and Responses

As a voluntary protocol, HGCP is not without its skeptics. Below are common concerns and clarifications to address them:

9.1. Criticism 1: “Signing doesn’t stop misinformation.”

Response: Correct. HGCP is not a fact-checking mechanism or a tool for moderating content. It exists to signal that a human is willing to be associated with and take responsibility for the expression—regardless of whether others agree with it.

9.2. Criticism 2: “Malicious actors can sign too.”

Response: HGCP does not prevent bad-faith actors from signing. However, consistent signing behavior creates a trackable pattern, enabling communities to build reputation graphs over time. Persistent abuse can be observed, flagged, and judged accordingly.

9.3. Criticism 3: “Why not require real names?”

Response: HGCP protects the right to pseudonymous and anonymous expression. Real-name identification is not always safe, especially in authoritarian contexts. Responsibility can still be claimed meaningfully without revealing legal identities.

HGCP emphasizes voluntary, transparent, and repeatable expression behavior. It complements—but does not replace—legal, social, or technical forms of accountability.

10. Scope and Limits of Human Responsibility

HGCP affirms an ethical gesture of responsibility, but it is not a legal instrument. Signing indicates that the author:

However, the scope of “responsibility” should be clearly understood:

Over time, frequent revocations or inconsistency in signing behavior may reduce the perceived trustworthiness of a signer. Platforms and readers are encouraged to interpret such patterns thoughtfully.

HGCP serves as a signal, not a sentence. It is a flag of presence—not proof of virtue.

11. Why We Need HGCP Now

In an era where synthetic content floods our screens and truth feels elusive, what we are losing is not just facts—but responsibility.

Expression has never merely been about information. It is about standing behind what one says.

HGCP is a quiet signal. It is not a firewall or detection tool, but a torch, held by those willing to say:

"This is what I said. And I am willing to be remembered for it."

Those who sign are not necessarily perfect, but they are present. They are not hiding. They are accountable.

HGCP does not aim to stop AI, nor does it attempt to verify the origin or value of content. Instead, it offers a decentralized and consistent way for humans to voluntarily claim authorship and responsibility.

Just as HTTPS creates trust in communication, HGCP creates trust in expression—not by policing the source, but by making visible those who choose to stand behind their words.

In an age of artificial voice, those who remain human by choice will be trusted first.

12. Future Extensions and Evolving Use Cases

HGCP is deliberately minimal by design. Its current version focuses on text-based, single-signer declarations of human responsibility. However, real-world content and trust environments are far more diverse. Future protocol versions may support:

HGCP will evolve cautiously. Its core principle remains: responsibility, voluntarily claimed, should be visible and interpretable. Extensions should enhance this clarity—not dilute it.

13. IANA Considerations

This document has no IANA actions.

14. Security Considerations

HGCP does not introduce new network protocols or data exchange layers, and thus does not pose direct technical threats such as injection, eavesdropping, or man-in-the-middle attacks. However, it introduces indirect risks rooted in the potential misuse, manipulation, or misunderstanding of signature claims. These risks are primarily social and structural in nature, rather than cryptographic.

Key risks include:

Identity Impersonation and Signature Forgery

In the absence of strong cryptographic validation (e.g., OpenPGP signatures), it is possible for malicious actors to forge HGCP-style declarations using arbitrary signer IDs. Platforms should support optional cryptographic signing or verified identity bindings (e.g., platform-verified accounts) to mitigate impersonation and provide trustworthy signature attribution.

Mass Signature Automation (Sybil Attacks)

Without rate limits or identity constraints, attackers could mass-generate AI content paired with fabricated signature blocks to simulate trustworthiness at scale. This undermines the value of human-authored declarations. To address this, platforms may implement frequency controls, account reputation checks, or trust graphs to detect and contain such behavior.

Content Hash Evasion through Minimal Edits

HGCP relies on cryptographic content hashes to bind declarations to content. Yet even trivial edits (e.g., changing a space or emoji) produce a different hash, potentially allowing near-identical but unsigned derivatives to circulate unchallenged. Platforms are encouraged to store content snapshots alongside signatures, or explore fuzzy hashing techniques to detect close variants of signed material.

Revocation Abuse and Responsibility Avoidance

HGCP supports revocable or editable signature declarations, which can enhance flexibility—but also invite strategic denial or erasure of public statements. To preserve accountability, platforms should retain and display signature histories, including revocation timestamps, and clearly indicate whether a signed expression has been withdrawn or altered post-publication.

Lack of Native Trust Scoring or Validation Layer

HGCP intentionally avoids enforcing a centralized trust model. While this encourages openness, it also requires platforms and communities to build supplementary mechanisms for evaluating signer credibility, such as reputation systems, signature consistency tracking, or peer endorsement. Transparency in how these trust layers are constructed is essential to avoid unintended bias or exclusion.

Ultimately, HGCP’s effectiveness hinges not on cryptographic certainty, but on the visible willingness of authors to claim responsibility and the surrounding ecosystem’s support for interpretation, verification, and dispute resolution. It is a voluntary, human-centered protocol—its security lies in participation, not enforcement.

15. Informative References

[RFC3339]
Klyne, G. and C. Newman, "Date and Time on the Internet: Timestamps", RFC 3339, DOI 10.17487/RFC3339, , <https://www.rfc-editor.org/rfc/rfc3339>.
[RFC6234]
Eastlake 3rd, D. and T. Hansen, "US Secure Hash Algorithms (SHA and SHA-based HMAC and HKDF)", RFC 6234, DOI 10.17487/RFC6234, , <https://www.rfc-editor.org/rfc/rfc6234>.
[RFC9580]
Wouters, P., Ed., Huigens, D., Winter, J., and Y. Niibe, "OpenPGP", RFC 9580, DOI 10.17487/RFC9580, , <https://www.rfc-editor.org/rfc/rfc9580>.

Acknowledgments

This document was initially drafted using ChatGPT (OpenAI), and subsequently edited and approved by the human signer. The signer acknowledges responsibility for the final content.

Author's Address

Qiwen Tao
Independent Researcher