| Internet-Draft | HGCP | March 2025 |
| Tao | Expires 1 October 2025 | [Page] |
In an era where AI-generated content has become indistinguishable from human writing, the Human-Generated Content Protocol (HGCP) proposes a voluntary signing framework that enables human authors to take responsibility for their expressions. Instead of relying on probabilistic detection methods or enforcing centralized identity, HGCP encourages a simple yet powerful act: a signer publicly declares responsibility for authored content through a structured signature block. The protocol is platform-neutral, supports both real-name and anonymous identities, and prioritizes transparency, accountability, and human agency. HGCP defines minimal signature structures, integration suggestions for platforms and tools, and philosophical guidance for fostering expression trust in an increasingly synthetic information ecosystem.¶
This note is to be removed before publishing as an RFC.¶
Status information for this document may be found at https://datatracker.ietf.org/doc/draft-taoqiwen-hgcp/.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 1 October 2025.¶
Copyright (c) 2025 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document.¶
In the rapidly evolving digital world, a flood of content from countless sources fills our screens—much of it now automatically generated, indistinguishable, and detached from genuine human intent. As artificial intelligence becomes increasingly proficient at mimicking human expression, the boundary between real thought and algorithmic generation is becoming ever more blurred. The rise of AI-generated content brings tremendous opportunity, but it also presents a critical question: if we can no longer identify who wrote something, how can we trust it?¶
The Human-Generated Content Protocol (HGCP) is proposed as a voluntary signing framework to address this issue. HGCP does not attempt to detect AI content through technical means; instead, it introduces a simple yet powerful idea: that a human author should be able to voluntarily declare, "This was written by me, and I take responsibility for it."¶
HGCP is not a detection algorithm or classification tool. It is a social and ethical trust mechanism. It provides a standardized signing format that enables any publisher—across any platform and identity type—to assert authorship in a verifiable and human-responsible manner. HGCP is platform-neutral, identity-flexible, and supports both anonymous and real-name authors who wish to make their human expression distinguishable and trustworthy.¶
HGCP is intentionally designed as a minimal core protocol—simple, declarative, and human-first. It does not attempt to encode all possible expression scenarios from the start. Instead, it offers a stable foundation that can evolve over time to support multi-signer declarations, partial claims, multimedia expressions, and richer trust semantics.¶
The internet was originally built to foster human connection and communication. Yet in a world where content creation, duplication, and distribution approach zero cost, the origin of information has become increasingly obscured. We once relied on domain names, writing style, and user profiles to infer trustworthiness—but now, all of these can be simulated or spoofed by AI.¶
We face a growing asymmetry: it is far easier to generate content than to verify its trust. This leads not only to an explosion of noise and manipulation but to a slow erosion of meaning itself. Readers hesitate to believe; authors hesitate to sign their work; platforms hesitate to take responsibility.¶
Many recent solutions have focused on "AI detection"—using machine learning classifiers to guess whether a given text was written by an AI. These tools are inherently probabilistic, easily evaded, and perpetually behind in the arms race of model advancement. The more essential question is not "Was this written by an AI?", but rather: "Is someone willing to take human responsibility for having said this?"¶
HGCP addresses this deeper layer: the level of expression responsibility. It introduces a new kind of signal—not derived from how content was generated, but from whether someone is willing to stand behind it. In doing so, trust becomes not a passive inference but an active, verifiable commitment.¶
The core idea of HGCP is not to verify originality, authorship, or human origin of content—but to offer a voluntary, structured mechanism for a person to take public responsibility for their expression.¶
Whereas most classification systems ask "Who wrote this?", HGCP invites a more meaningful question: "Are you willing to claim this expression as your own?"¶
Signing under HGCP does not imply that the content is accurate, high-quality, or original. It simply affirms: "I am a human being, and I am publicly acknowledging that I wrote this."¶
This makes HGCP signing a social gesture rather than a technical classification. It is not about improving detection precision, but about restoring the most basic principle of communication: to speak is to bear responsibility.¶
HGCP is not anti-AI. It does not forbid AI-assisted writing. Its purpose is not to exclude AI, but to identify human intent and responsibility. Even if a human uses AI to assist, as long as they willingly sign, they are taking responsibility as a human.¶
HGCP is an open framework. It does not restrict what tools you use; it only asks whether you are willing to sign. It does not judge your expertise; it only values your readiness to be held accountable. This voluntary human claim becomes the root signal of trust in HGCP.¶
HGCP recommends that any author willing to assume responsibility for their expression include a standardized signature declaration when publishing content. The declaration should contain the following elements:¶
Required Fields:¶
signer_id: A pen name, public key fingerprint, platform username, or other verifiable identity reference (RFC 9580 [RFC9580] OpenPGP fingerprints recommended)¶
timestamp: A UTC timestamp indicating when the signature was made (preferably in [RFC3339] format)¶
content_hash: A cryptographic digest of the original text using a standard hash function (SHA-256 recommended, as defined in [RFC6234])¶
hgcp_version: A required version field to indicate which version of the HGCP signature structure is being used (e.g., "0.2"). This helps ensure future compatibility as the protocol evolves.¶
declaration: A clear statement of responsibility, e.g., "I affirm that the above content was written by me and I accept responsibility for it."¶
Optional Fields:¶
tools_used: If any tools (AI assistants, grammar correctors, translation engines) were involved, list them transparently¶
identity_type: e.g., real-name, anonymous, pseudonymous, organizational¶
revocability: Whether the signature can be withdrawn or the content edited. Suggested standard values include:
- immutable
- editable-until-locked
- time-limited-editable
- revocable-with-proof¶
id_format: e.g., "GitHub username", "PGP fingerprint", "platform alias"¶
Example Signature (Markdown):¶
Author: Tao Qiwen
Timestamp: 2025-03-29T14:22Z
HGCP Version: 0.2
ID Type: anonymous
Tools Used: ChatGPT + manual edits
Content Hash (SHA-256, base64): aGVsbG8sIHdvcmxk...
Revocability: editable-until-locked
Declaration: I confirm that the above content was published by me, and I take responsibility as a human author.¶
Example HGCP Signature (JSON, v0.1):¶
{ "signer_id": "qiwen2025", "id_type": "anonymous", "timestamp": "2025-03-29T14:22Z", "hgcp_version": "0.2", "content_hash": "a732c8dffe34aabbcc...", "tools_used": ["ChatGPT", "Notion AI"], "revocability": "editable-until-locked", "declaration": "I confirm that the above content was published by me, and I take responsibility as a human author." }¶
Optional (PGP Signature):¶
"gpg_signature": "-----BEGIN PGP SIGNATURE-----\n...\n-----END PGP SIGNATURE-----"¶
HGCP signatures are versioned to ensure clarity, compatibility, and future evolution. The hgcp_version field in the signature block indicates which structure is used.¶
v0.1: Basic HGCP signature, including signer ID, timestamp, content hash, and a declaration. Suitable for human-readable contexts (e.g., Markdown).¶
v0.2: Adds optional cryptographic signing (e.g., PGP) for enhanced verification. Fully backward-compatible with v0.1.¶
"hgcp_version": "0.2"¶
The version number refers to the signature structure specification, not the tool version or software implementation. Future versions may include DID bindings, cross-platform trust references, or encrypted metadata.¶
HGCP does not require real-name identification, but encourages the use of consistent and interpretable identity labels. Each identity_type is associated with a general trust signal, though long-term behavior and signing consistency are more important than any single declaration.¶
human
A human author who signs and takes responsibility.
Trust Level: High¶
human+ai
A human-led expression with AI assistance.
Trust Level: Medium-High¶
organization
A collective statement signed on behalf of an entity.
Trust Level: Medium¶
anonymous
An identity with no disclosed name but consistent signing history.
Trust Level: Medium¶
ai
Clearly labeled as AI-generated, signature for transparency only.
Trust Level: Low¶
Even anonymous users may build trust over time through persistent and verifiable signing behavior. Platforms may choose to highlight signer identity history to assist readers in evaluating context.¶
The statement_level field reflects how the signer claims responsibility for the content. It does not attempt to verify authorship origin, but instead signals how the signer relates to the text and its expression.¶
HGCP-H
Human-only authored, signer claims full responsibility
Use Case: Essays, personal writings¶
HGCP-H+AI
Human-led with AI assistance, signer reviews and owns final version
Use Case: Blogs, mixed content¶
HGCP-O
Statement signed on behalf of an organization
Use Case: Press releases, company updates¶
HGCP-AI
AI-generated content, signed only for transparency
Use Case: Automated posts, system replies¶
HGCP-C
Curated or reinterpreted content, signer takes responsibility for context and presentation
Use Case: Compilations, summaries, quoted content¶
Platforms and readers may interpret these statement levels in combination with identity and signing history to infer credibility or accountability. HGCP does not enforce strict verification, but rather enables visible patterns of declared responsibility. ###Trust is Accumulated Through Behavior¶
HGCP emphasizes the act of voluntarily claiming responsibility, not the technical origin of the content. Repeated, consistent, and transparent signing behavior is more meaningful than a single signature. Platforms are encouraged to experiment with trust scoring systems based on:¶
HGCP is platform-neutral and decentralized, but content platforms, publishing tools, and browser extensions are encouraged to integrate HGCP through the following actions:¶
For content platforms:¶
Provide HGCP signing support (e.g., auto-generate timestamp, content hash, signature block)¶
Visibly display signature declarations and identity type¶
Offer exportable signature metadata (e.g., JSON-LD)¶
Provide "verify signature" buttons for end users¶
Allow flagging or auditing of forged or misleading signatures¶
For authoring tools:¶
Markdown/word editors can embed HGCP plugins for local signing¶
AI-assisted writing apps should encourage users to optionally sign with responsibility¶
Publishing interfaces should invite voluntary HGCP signing at submission time¶
For reader tools and plugins:¶
Browser extensions can detect and visually mark HGCP-signed content¶
Enable readers to view signer reputation, signature validity, and signing history¶
HGCP is platform-neutral and supports a wide spectrum of content styles and identities. Each use case involves a signer voluntarily declaring both their identity context and expression responsibility.¶
identity_type: pseudonymous, statement_level: HGCP-H)
A blogger writing longform essays under a pseudonym includes a signature at the end of each post. While the views may be subjective, the signer affirms personal responsibility for all content.¶
{ "signer_id": "silentvoice", "id_type": "pseudonymous", "statement_level": "HGCP-H", "timestamp": "2025-03-29T16:12Z", "tools_used": [], "declaration": "I wrote the above post entirely on my own and stand by it as a human author." }¶
identity_type: real-name, statement_level: HGCP-C)
A university researcher summarizes a recent paper from another lab and posts it to their department blog. While they didn't generate the original content, they take responsibility for the summary.¶
{ "signer_id": "dr.lin", "id_type": "real-name", "statement_level": "HGCP-C", "timestamp": "2025-03-29T19:12Z", "tools_used": ["Notion", "Grammarly"], "declaration": "This post is my own summary of a published paper. While I did not author the original, I take responsibility for this interpretation and presentation." }¶
identity_type: human+ai, statement_level: HGCP-H+AI)
A YouTube creator uses ChatGPT to help draft a video script. They edit, restructure, and rewrite sections before publication.¶
{ "signer_id": "creatorzone", "id_type": "human+ai", "statement_level": "HGCP-H+AI", "timestamp": "2025-03-29T21:05Z", "tools_used": ["ChatGPT", "DeepL", "Grammarly"], "declaration": "This script was generated with AI assistance, but I have reviewed and edited the final version and take human responsibility for it." }¶
identity_type: ai, statement_level: HGCP-AI)
A system-generated bot post discloses that it is not written by a human, but still includes HGCP metadata for transparency and traceability.¶
{ "signer_id": "autosummary-bot", "id_type": "ai", "statement_level": "HGCP-AI", "timestamp": "2025-03-29T23:00Z", "tools_used": ["Custom NLP Pipeline"], "declaration": "This content was automatically generated by a bot and is signed for transparency purposes only." }¶
These examples demonstrate how HGCP enables a wide range of expressive behaviors, from pseudonymous essays to AI-generated system messages. By combining identity_type, statement_level, and an explicit declaration, HGCP makes the nature of authorship visible, responsibility claimable, and trust interpretable.¶
As a voluntary protocol, HGCP is not without its skeptics. Below are common concerns and clarifications to address them:¶
Response: Correct. HGCP is not a fact-checking mechanism or a tool for moderating content. It exists to signal that a human is willing to be associated with and take responsibility for the expression—regardless of whether others agree with it.¶
Response: HGCP does not prevent bad-faith actors from signing. However, consistent signing behavior creates a trackable pattern, enabling communities to build reputation graphs over time. Persistent abuse can be observed, flagged, and judged accordingly.¶
Response: HGCP protects the right to pseudonymous and anonymous expression. Real-name identification is not always safe, especially in authoritarian contexts. Responsibility can still be claimed meaningfully without revealing legal identities.¶
HGCP emphasizes voluntary, transparent, and repeatable expression behavior. It complements—but does not replace—legal, social, or technical forms of accountability.¶
HGCP affirms an ethical gesture of responsibility, but it is not a legal instrument. Signing indicates that the author:¶
Is human (or self-identifies as such),¶
Chooses to claim the expression,¶
Accepts the social consequences of that claim.¶
However, the scope of “responsibility” should be clearly understood:¶
HGCP does not confer legal liability unless enforced by separate legal agreements or jurisdictions.¶
HGCP does not guarantee truth, originality, or moral correctness.¶
HGCP does allow for revocation, and platforms may record and display revocation histories transparently.¶
Over time, frequent revocations or inconsistency in signing behavior may reduce the perceived trustworthiness of a signer. Platforms and readers are encouraged to interpret such patterns thoughtfully.¶
HGCP serves as a signal, not a sentence. It is a flag of presence—not proof of virtue.¶
In an era where synthetic content floods our screens and truth feels elusive, what we are losing is not just facts—but responsibility.¶
Expression has never merely been about information. It is about standing behind what one says.¶
HGCP is a quiet signal. It is not a firewall or detection tool, but a torch, held by those willing to say:¶
"This is what I said. And I am willing to be remembered for it."¶
Those who sign are not necessarily perfect, but they are present. They are not hiding. They are accountable.¶
HGCP does not aim to stop AI, nor does it attempt to verify the origin or value of content. Instead, it offers a decentralized and consistent way for humans to voluntarily claim authorship and responsibility.¶
Just as HTTPS creates trust in communication, HGCP creates trust in expression—not by policing the source, but by making visible those who choose to stand behind their words.¶
In an age of artificial voice, those who remain human by choice will be trusted first.¶
HGCP is deliberately minimal by design. Its current version focuses on text-based, single-signer declarations of human responsibility. However, real-world content and trust environments are far more diverse. Future protocol versions may support:¶
Multi-signer declarations (e.g., co-authorship, joint statements)¶
Partial responsibility claims (e.g., hybrid AI + human paragraph-level tags)¶
Multimedia content hashes (e.g., audio, image, or video signatures)¶
Publisher-declared AI content without human responsibility¶
Role-based identity claims (e.g., editor, translator, commentator)¶
Richer metadata for curatorial or interpretive context¶
HGCP will evolve cautiously. Its core principle remains: responsibility, voluntarily claimed, should be visible and interpretable. Extensions should enhance this clarity—not dilute it.¶
This document has no IANA actions.¶
HGCP does not introduce new network protocols or data exchange layers, and thus does not pose direct technical threats such as injection, eavesdropping, or man-in-the-middle attacks. However, it introduces indirect risks rooted in the potential misuse, manipulation, or misunderstanding of signature claims. These risks are primarily social and structural in nature, rather than cryptographic.¶
Key risks include:¶
Identity Impersonation and Signature Forgery¶
In the absence of strong cryptographic validation (e.g., OpenPGP signatures), it is possible for malicious actors to forge HGCP-style declarations using arbitrary signer IDs. Platforms should support optional cryptographic signing or verified identity bindings (e.g., platform-verified accounts) to mitigate impersonation and provide trustworthy signature attribution.¶
Mass Signature Automation (Sybil Attacks)¶
Without rate limits or identity constraints, attackers could mass-generate AI content paired with fabricated signature blocks to simulate trustworthiness at scale. This undermines the value of human-authored declarations. To address this, platforms may implement frequency controls, account reputation checks, or trust graphs to detect and contain such behavior.¶
Content Hash Evasion through Minimal Edits¶
HGCP relies on cryptographic content hashes to bind declarations to content. Yet even trivial edits (e.g., changing a space or emoji) produce a different hash, potentially allowing near-identical but unsigned derivatives to circulate unchallenged. Platforms are encouraged to store content snapshots alongside signatures, or explore fuzzy hashing techniques to detect close variants of signed material.¶
Revocation Abuse and Responsibility Avoidance¶
HGCP supports revocable or editable signature declarations, which can enhance flexibility—but also invite strategic denial or erasure of public statements. To preserve accountability, platforms should retain and display signature histories, including revocation timestamps, and clearly indicate whether a signed expression has been withdrawn or altered post-publication.¶
Lack of Native Trust Scoring or Validation Layer¶
HGCP intentionally avoids enforcing a centralized trust model. While this encourages openness, it also requires platforms and communities to build supplementary mechanisms for evaluating signer credibility, such as reputation systems, signature consistency tracking, or peer endorsement. Transparency in how these trust layers are constructed is essential to avoid unintended bias or exclusion.¶
Ultimately, HGCP’s effectiveness hinges not on cryptographic certainty, but on the visible willingness of authors to claim responsibility and the surrounding ecosystem’s support for interpretation, verification, and dispute resolution. It is a voluntary, human-centered protocol—its security lies in participation, not enforcement.¶
This document was initially drafted using ChatGPT (OpenAI), and subsequently edited and approved by the human signer. The signer acknowledges responsibility for the final content.¶
7. Social and Ethical Considerations
HGCP is not a replacement for content governance, but a voluntary signal system designed to restore visibility to human-authored expressions in an increasingly hybrid content landscape.¶
HGCP does NOT:¶
Detect AI content or act as an AI classifier¶
Track real identities or force doxxing¶
Judge truth, originality, or value of signed content¶
Restrict unsigned content from being published¶
HGCP DOES protect:¶
Anonymous authors’ right to claim authorship¶
Signers’ right to choose their identity level¶
The right to revoke, edit, or update signed content¶
Each platform’s autonomy in adapting or extending HGCP support¶
HGCP offers a decentralized path to expression accountability—not by censorship, but by providing those who want to be recognized and trusted the ability to do so.¶