Every registry change (new verified dApp, new threat, key rotation) is appended to a
hash-chained log signed by Zoza's Ed25519 root key. This page downloads the log from
/v1/audit/log and verifies every entry in your browser against
the published root public key. No trust in our server required — if a malicious or
coerced Zoza employee tried to retro-insert, modify, or delete an entry, the chain would
break and this page would show a red result.
The extension has this same key compiled in. You should pin it out-of-band (Twitter, PGP-signed release notes, etc.). Any change here must be accompanied by a signed rotation entry in the log.
Pinned value (as of 2026-04-17):
34b83458d85068871ccac6bd9efe93303acb6df2d0d6ee5a818224ba3265f9b9
Fetch the full log from the server, or paste it in manually if you saved a snapshot elsewhere.
Runs entirely client-side with window.crypto.subtle + pure-JS Ed25519 verification. No network round-trip during the check.