Last week I wrote about Identity Capital: the idea that everything you do online builds a profile that has real transactional value, and that most people have never been able to prove, own, or use theirs. A lot of you asked the
same question: how?
Let me start with something that probably happened to you this week.
You tried to sign up for something online. And somewhere in the process, it asked you to “verify” yourself. Connect your Twitter. Link your wallet. Share your email. Maybe upload an ID. You’ve done this hundreds of times. And every single time, the deal is the same: give us everything, and we’ll decide if you qualify or can access our service.
Think about how strange that is. You want to prove you’re an actual person and you have to hand over your entire account. Or you want to show you’re a serious trader, and your options are: screenshot your portfolio (anyone can fake that), share your API key (that’s insane), or connect your wallet and hope the other side doesn’t do something weird with the data.
Every option either exposes too much, or proves too little, or can be faked entirely. And let’s be real about what “connect your account” usually leads to: your email ends up on a newsletter you never signed up for, or worse, gets sold to data brokers who resell it to dozens of marketing companies you’ve never heard of. You gave away one piece of information to prove one thing, and six months later you’re still getting spam from strangers.
Here’s a better version of how this could work.
You want early access to a new trading platform. They’re looking for experienced traders. You open the page, your T-Rex dinosaur lights up. In the background, it visits your exchange account through an encrypted session, confirms your trading volume is above their threshold, and sends them a signed confirmation. The protocol knows you’re real. They never see your balance, your positions, your trade history, or your login. You never filled out a form. You got in because you actually are who they needed.
Or this: a gaming company is launching a tournament and wants players who’ve actually spent serious hours in competitive games. Your dinosaur verifies your Steam profile in the background. Play time, achievement level, account age. The gaming company gets a confirmation that you’re a real, experienced player. They never see your friends list, your purchase history, or your chat logs.
Or this: you’re applying for a freelance gig and the client wants to know you actually have experience with a specific tool. Your dinosaur verifies your active subscription and usage tier on that platform. The client gets confirmation. They never see your projects, your files, or your billing details.
In every case, you proved exactly what was needed and nothing more.
The technology that makes this possible is called MPC-TLS. Let me explain it in plain terms, because the idea is genuinely elegant.
It starts with something you already use every day. Every time you see that little lock icon in your browser, TLS is creating an encrypted tunnel between your browser and the website you’re visiting. Both sides can see what’s inside the tunnel. Nobody else can. That’s been protecting your internet sessions for decades.
The problem is that this privacy works too well for one specific use case: you can never take something from inside that tunnel and show it to a third party in a way they can verify. The tunnel is sealed for everyone else. What happens inside stays inside.
MPC-TLS, built on an open-source protocol called TLSNotary, cracks this open in a very specific and controlled way. Instead of your browser handling the full encryption alone, the session key gets shared between your browser and an independent verification node through a cryptographic process. Your browser sees the actual content. The verification node can confirm the session was real, but never sees the content itself. When they compare their halves, the result is a signed attestation: this specific piece of data existed in a real session, on a real website, at a specific time.
That attestation is the building block of everything we’re doing at T-REX.
Every time your cute dinosaur verifies a new dimension of your identity, it’s running one of these MPC-TLS sessions in the background, while keeping your privacy intact. Your trading activity, your influence, your subscriptions, your skills. When you choose to prove something to a project, that specific piece of data produces a cryptographic attestation. Everything else stays encrypted, visible only to you. That’s what makes your Identity Capital real, verifiable, and valuable to projects looking for specific types of people — without ever exposing more than you decided to share.
But then, a fair question: who runs the verification? If T-Rex controlled it entirely, you’d just be trusting us the same way you trust every other platform, and that would completely go against our value proposition. In fact, the verification nodes run independently, and TLSNotary’s protocol has been audited by third parties. We’re building toward a model where no single party, including us, can forge an attestation alone. We’re not fully there yet, and I think being upfront about that is more useful than pretending the system is already perfect.
The internet’s trust problem is getting worse every month, and the old answer (“collect more data, ask for more permissions”) is exactly what created the mess. MPC-TLS is the other path: prove what needs to be proven, keep everything else private.
We didn’t invent MPC-TLS. The research started in academic papers years ago, and TLSNotary made the first open-source implementation possible. What we did is take it from research to production, package it into a browser extension that 40,000 people have already installed, and build a verification layer on top that turns attestations into something useful: a verified, multi-dimensional identity that projects will pay real money to reach.
The math was always there. The infrastructure to make it work for normal people wasn’t. Now it is.
This is the engine powering Identity Capital. Every verified dimension, every attestation, every door that opens for you and not for someone else.
But I think this goes way beyond T-Rex. As AI gets embedded into everything, the question “who am I actually talking to?” is going to become one of the most important questions on the internet. For people, for businesses, for AI agents acting on your behalf. The ability to prove something about yourself instantly, privately, and without trusting a middleman is going to reshape how the entire internet works. And we’re building one piece of that future.
Sunny