# 01 — Mutually-Hostile Validators as the Design Requirement

> *Plural verdicts are meaningful only if the frames admitted can include actors who believe each other to be evil and lying. Anything less is single-frame propaganda with an inclusive marketing layer.*

## The argument, stated directly

The earlier version of the Veritas Protocol design treated "mutually-hostile validators" as an edge case — a failure mode to be managed. This working paper, as of v0.2, treats it as the design requirement.

The distinction matters. In the earlier framing, a foundation-hosted consortium credentialed validators who shared enough institutional norms to operate under common editorial standards. Divergence between them was tolerable; mutual hostility was a corner case. In that framing, a Russian state-narrative validator, a Taliban-aligned religious validator, or a North Korean academic validator would not be admitted — they fail the foundation's editorial standard.

But if those validators are not admitted, the protocol is *not* a plural-verdict substrate. It is a Western-institutional consensus substrate with "plurality" as a marketing layer — exactly the complaint that users of those rejected frames already have about existing fact-check infrastructure. Saying otherwise would be a category error.

A protocol that genuinely supports plural verdicts across hostile frames must admit:

- Validators from ideologically opposed states (e.g., Russian academy and Ukrainian academic institutions).
- Validators from mutually-delegitimising religious traditions (Vatican theologians and militant atheists; Sunni and Shia jurists; orthodox and reform Jewish authorities).
- Validators embedded in historical-grievance disputes (Palestinian and Israeli historiography, Serbian and Bosnian historians, Turkish and Armenian accounts of 1915).
- Validators outside formal institutional structures altogether (sub-cultural and conspiracy communities who claim expertise their frames do not recognise in mainstream).

Each of these groups will call the others *evil, lying, or compromised.* A protocol that refuses to admit them is picking sides, whether or not it claims neutrality.

## Why this forces architectural changes

A foundation cannot neutrally credential enemies. A Mozilla-hosted consortium that credentialed a state-aligned Russian narrative validator and a state-aligned Ukrainian validator simultaneously would be accused by each of capture by the other, and both accusations would contain truth: the foundation would inevitably apply one standard that favours one side when the standards are genuinely incommensurable.

Three consequences follow:

1. **Write-layer must be permissionless.** The act of publishing a signed attestation cannot depend on foundation approval. Anyone with a cryptographic identity and the willingness to sign their verdict must be able to post to the protocol's log. Gatekeeping moves *down* in the stack, to aggregators and consumer-side filters.

2. **Semantic governance moves to aggregators and CPML.** The foundation (or any single institution) does not decide which frames count. Aggregators publish their editorial policy — what they surface, what they filter — and compete on it. Consumers select aggregators, or specify filtering preferences via their own CPML (see `04-cpml.md`). Plurality is thus generated at the read layer, not enforced at the write layer.

3. **Neutrality becomes a claim about architecture, not about content.** The protocol is neutral not because all frames are equally true (they aren't) but because the architecture does not privilege any one frame's write access. Consumers choose their frames. Institutions compete to be trusted aggregators. The foundation handles narrow, universal-harm operational refusals (see `09-refusals-and-panel.md`) but does not decide *whose verdicts count*.

This is a substantial shift from the v0.1 whitepaper's design.

## Critical analysis — what could go wrong

**1 — Enemy narrative domains become tools of information warfare.** A state-sponsored validator posts fabricated claims with elaborate provenance and high-volume cross-attestation from other state-affiliated validators. Within the state's own CPML-using consumer base, the verdict is "verified." Outside that consumer base, the verdict is filtered or ignored, but the fabrication sits on the permanent log. Bad-faith actors can point to the existence of the verdict as evidence — *"even Veritas records that we verified this."*

**Response.** The protocol documents, at the log layer, which validators issued an attestation, under which credential, with which reputation trajectory. An external observer sees the attribution. "State-affiliated validator X verified Y" is not the same as "Y is true." Aggregators that consumers trust apply their own editorial standards. Narrow-audience consumption of state narratives inside state-aligned CPMLs is an acceptable outcome if the alternative is gatekeeping the substrate itself.

**2 — The foundation becomes the de facto arbiter anyway via its reference aggregator.** If one foundation-operated aggregator has 90% of traffic, the foundation decides de facto what is visible, and the permissionless-write layer is a fig leaf. The foundation's filtering becomes the real governance.

**Response.** This risk is real. Mitigations: (a) the foundation publishes a *small number of reference CPMLs / aggregators* with explicit, contested editorial rationale — not one; (b) the consumer UX explicitly makes aggregator choice legible at each interaction; (c) third-party aggregators (including conspiracy-research, religious, sub-cultural, ideologically-opposed) are architecturally first-class. The foundation's weight at any moment is a political fact, not an architectural inevitability.

**3 — Low-friction validator registration invites adversarial AI-generated validator identities.** LLM-fabricated "institutions" with sophisticated-looking credentials sign thousands of attestations; the log becomes flooded with low-quality or malicious signals.

**Response.** Chain-level anti-spam (minimum fee, rate limits, possibly proof-of-humanity on first credential registration) plus aggregator-level filtering. Aggregators that refuse to surface attestations from validators with no established reputation are still protecting consumers; the substrate is not harmed by the presence of low-weight entries because nothing *requires* aggregators to surface them.

**4 — The hard-list of operationally-refused claim shapes becomes a lever of capture.** If the foundation's hard-list expands to cover politically-contested material, the permissionless-write guarantee erodes.

**Response.** The hard-list is intentionally narrow and specific to *operation shape* (see `09-refusals-and-panel.md`). CSAM verification is refused because the operation is incoherent — a validator cannot verify content whose possession is itself illegal. This does not extend to "contested political claims." Expansion of the hard-list requires supermajority board vote with published rationale and is subject to appeal.

**5 — Consumers default to their tribe, the system reproduces the echo chambers it was supposed to surface.** Everyone sets their CPML to their existing worldview; the protocol becomes an echo-chamber enabler rather than an epistemic-plurality tool.

**Response.** The onboarding-quiz MVP (`07-quiz-mvp.md`) includes an explicit "opposite view" and "most-surprising-claim-today" feature. Default CPMLs surface calibrated disagreement across composed domains. The protocol does not force consumers out of their frames, but it makes it trivial to see beyond them for anyone who wants to.

## Related work and precedent (to be enriched by research subagents)

- Wikipedia's handling of nationality-fraught articles via NPOV policy — the process has been gamed in specific topic areas (Gibraltarpedia 2012, Eastern-European-historical articles, Middle-East articles). Precedent for *not* what Veritas should do editorially; precedent for *architectural* robustness via history-visibility.
- Bluesky / AT Protocol labellers — a structurally similar design: permissionless labelling with consumer-side subscription. Early empirical evidence in 2025-2026 on whether this works at scale.
- Nostr relay federation — anyone can run a relay; anyone can refuse to propagate content; consumers connect to relays they trust. Lessons on the economic sustainability of a federation where the substrate is permissionless.
- Pol.is (used in Taiwan's vTaiwan) — handles ideologically-opposed participants algorithmically by clustering. Different mechanism, same design value: treating adversarial frames as first-class.

## Design implications

1. The protocol's write API must be authenticated only at the cryptographic level (valid signature over valid schema) — not at the credentialing level.
2. The foundation's reference aggregator is *one among several*, not *the canonical view*.
3. Validator credentials, once issued (or self-asserted), can be queried for metadata but not for approval-to-post.
4. The consumer UX must make visible, at each verdict query, *which aggregator(s) and which CPML are doing the composition*.
5. Reference CPMLs include at least one explicitly-hostile-to-mainstream frame — e.g., a "heterodox-research" CPML — precisely to demonstrate that plurality means what it says.

## Open questions

- How narrow should the hard-list of operationally-refused claim shapes be, and what procedure governs its expansion? (`09-refusals-and-panel.md`)
- What is the minimum "reputation" signal an aggregator should surface for low-reputation or brand-new validators, given the permissionless-write guarantee?
- What happens when an aggregator publishes a filter rule that is legal in one jurisdiction but illegal in another — e.g., holocaust-denial content unfiltered in the US but mandatorily filtered in Germany? (`08-country-chapters.md`)
- What is the test for whether the permissionless-write guarantee is actually being honoured, versus being hollowed out by aggregator-level censorship equivalent to write-layer gatekeeping?

## What we'd build for this

- **`veritas-write-api`** — permissionless claim + attestation posting. Any valid signature + schema is accepted.
- **`veritas-validator-registry`** — open registry of self-declared validator metadata; not approval-gated.
- **`veritas-aggregator-pluralism-test`** — automated check that the foundation's reference aggregator is not the only viable view; measures diversity of surfacing across third-party aggregators.
- **Reference aggregator set** — four or five foundation-blessed aggregators with explicitly different editorial policies, shipped as equal first-class options in onboarding UX.