The Load-Bearing Test: How a Bitcoin Protocol Discipline Produces an Identity That Pays You to Exist Online

An account that pays you to open it

Consider the strangest thing the OrangeCheck stack does, and start there rather than at the cryptography. A person arrives at a website that has integrated me.ochk. They click sign in, their Bitcoin wallet pops a message to sign, they sign it, and they are in. No email was demanded. No phone number, no name, no document, no password was created or stored anywhere. And then the inversion: the website pays them. A small amount of Bitcoin, denominated in satoshis, flows to the user for the legitimate activity they generate, funded by the site, skimmed by the platform at a fixed rate, and settled to a wallet the user controls. The thing that has cost you your identity at every signup form you have ever filled out now costs you a signature and pays you to participate.

That behavior reads like a gimmick until you trace where it comes from, and where it comes from is the actual story. me.ochk is not a clever growth hack bolted onto a wallet. It is the visible end of a deliberate chain of design decisions that runs all the way down to a single rule about when Bitcoin is allowed to appear in a system at all. The rule is austere and most projects would not survive it. Followed honestly across a handful of separate protocols, it produces primitives that compose, and the composition is a person who can act online without surrendering themselves. The protocols are the engine. me.ochk is what the engine was built to drive.

One rule decides what gets built

The rule is a test applied before any feature is admitted to the family. Ask whether the mechanism would work identically if every Bitcoin address were replaced by a generic keypair. If the answer is yes, Bitcoin is decoration and the feature is rejected, because the thing being built is then a worse version of credential systems that already exist on ordinary keys. If the answer is no, if the mechanism genuinely depends on something only Bitcoin supplies, it earns a place. The discipline sounds academic. Its effect is brutal, because almost nothing passes. A wallet login that uses a signature fails, since any signature scheme would do. A loyalty token on a sidechain fails, since it uses Bitcoin only as a marketing adjective. The test is a filter calibrated to reject the vast majority of what calls itself a Bitcoin application, and a project willing to hold the filter ends up with a very short list of things it is permitted to build.

The short list matters because everything downstream inherits its integrity. A consumer product assembled from primitives that each truly need Bitcoin is a product whose Bitcoin claim is real at every layer. A consumer product assembled from primitives where Bitcoin was ornamental is a product wearing a costume. me.ochk is the first kind, and the reason it can be is that the protocols beneath it were each forced through the filter before they were allowed to exist. The work of the discipline happens upstream, invisibly, in everything that was refused. What reaches the user is only the residue that passed.

The one property everything is built from

What survives the test, almost always, is a single property of Bitcoin that a fresh keypair cannot reproduce: a held coin has a publicly verifiable age and balance, and holding it still has a real, externally measurable cost. A keypair is free to generate in unlimited quantity. A coin left unspent for a month is not free, because the holder gave up the liquidity and the optionality for that month, and anyone can read the age of the unspent output from the chain. The unit the family is built from is the product of those two facts, satoshis multiplied by days, and it is the cheapest credible proof that someone has skin in the game that a sybil attacker cannot cheaply fake at scale.

This is the raw material from which the consumer experience is eventually milled. A person proves control of a Bitcoin address by signing a message with BIP-322, and no transaction is broadcast and no coin moves. A verifier reads the public chain to see how many satoshis sit at that address and how long they have sat. Holding, say, one hundred thousand satoshis untouched for thirty days costs roughly seventy dollars in foregone yield, which is nothing for a real participant and ruinous for an adversary who needs ten thousand fake identities and must replicate the idle stake ten thousand times. Spending the coins to recycle them into a new identity resets the age and destroys the proof. This is proof of stake in the original literal meaning, stake denominated in the one asset whose holding cost is real and not issued by the party charging it, and it is the load-bearing thing that every higher primitive borrows.

Each protocol produces one civic primitive

The family builds upward from that property without ever letting a second protocol absorb the job of the first. Identity is OrangeCheck Attest, which turns a signature plus the satoshis-times-days reading into a portable sybil-resistance credential that any site can check from public data without trusting a server. Confidentiality is OC Lock, which binds an encryption key to a Bitcoin address with a single signature and then runs ordinary authenticated encryption, after an earlier version that tried to tie decryption to on-chain spending was discarded for a precise reason: Bitcoin should prove who you are, not police what you can open. Legitimacy is OC Vote, which weights a poll by the unspent balance at a chosen block and produces a tally any observer can recompute offline, with no token to rent and no authority to trust. Provenance is OC Stamp, which signs a document hash and anchors it to a Bitcoin block so authorship and time verify later from block headers alone.

Each of these does exactly one thing, and the insistence on one-thing-each is not tidiness for its own sake. It is what keeps the Bitcoin claim honest, because a protocol that tries to do everything ends up doing most of it on properties any keypair has, at which point the filter would reject it. By splitting the work into narrow primitives that each fail the substitution test in a different direction, the family guarantees that every piece a consumer product later picks up is a piece where Bitcoin was the only way. The primitives are deliberately small. The intelligence is in keeping them separate and in what they become when combined.

The primitives compose into a person

Here is the move that turns a set of protocols into a product. Identity, stake, encryption, and reputation are not four features a user toggles. They are the components of a single thing, an online person who can be recognized without being surveilled. A Bitcoin address proven by signature is the anchor. The satoshis-times-days behind it is a credible claim to be real without a name attached. An encryption key bound to the same address lets that person receive confidential messages addressed to who they are rather than to an email server they rent. A history of legitimate activity accumulates as a reputation that travels. Stacked, these compose into an account that has the properties society normally extracts identity to obtain, sybil resistance, recoverability, accountability, reputation, and obtains them instead from a key and a held coin.

The reputation piece is the part the surveillance internet insists is impossible, so it is worth being exact about how the composition delivers it. A person accumulates a history of legitimate activity across many sites, and that history is worth carrying, but carrying it normally requires a central party that watches everywhere and sells the composite. The OrangeCheck stack exposes reputation instead as an aggregate that reveals a number without revealing its sources. A site can ask for a scope that returns, as one integer, the total satoshis a pseudonym has earned across all other sites, or the count of distinct sites it has been active on, and it learns that this person has a substantial history without learning which sites, what amounts, or when. The credibility built elsewhere transfers; the map of where it was built does not. Reputation and tracking, which every advertising business has sold as a single inseparable bundle, come apart, because the linkage is a value the user holds and chooses to expose as a summary rather than a record a platform compiles behind their back.

The composition is where the discipline pays off in something a human can hold. A person assembled from these primitives is recognizable enough that a forum can trust they are not a bot, reachable enough that a counterparty can encrypt to them, credible enough that their cross-site history means something, and anonymous enough that none of it requires their legal identity. That bundle is what every identity system has been trying to deliver and has only managed to deliver by collecting the very personal data the bundle was supposed to make unnecessary. The OrangeCheck primitives deliver it without the collection, because the costly signal lives in Bitcoin rather than in a dossier. The protocols, taken together, do not produce a feature. They produce a person, and a person needs a front door.

me.ochk is where the discipline meets a human

That front door is me.ochk, and its job is to take the assembled person and make them usable by someone who has never heard of BIP-322. The signing ceremony hides behind a wallet button that supports UniSat, Xverse, Leather, Alby, OKX, and Phantom. The account that gets created is keyed to an opaque identifier rather than to the address or the email, so the credential and the account are not the same object. The session is a small token signed with an Ed25519 key, scoped across every sibling site, and verified locally by each site against a published public key with no central session server in the path, which is the same property Bitcoin gives money applied to a login. To the person, none of this is visible. They signed something and they were recognized.

The privacy is in the defaults, not in a settings page. Each integrating site sees a different pseudonym for the same user, derived per site, so two sites cannot match a person against each other on their own. Disclosure is a deliberate act layered on top: a site asks for a scope, the address, the email, a reputation count, and the user grants or denies it, with the scopes that would release a master credential gated behind a fresh proof so that a stolen session cookie cannot quietly unmask anyone. A person starts as an unlinkable pseudonym at every site and spends that anonymity in increments they choose, which is the exact opposite of the signup form that demands everything at the door and lets the user negotiate nothing. me.ochk is not a new idea grafted onto the protocols. It is the protocols rendered for a human being who wants to use a website.

Why the payment runs backward

The part that looks like a marketing trick, the satoshis flowing to the user, is the cleanest demonstration that the discipline produced something structural rather than cosmetic. The ordinary signup makes the user expensive in surrendered identity, and the platform captures the value of that surrender. me.ochk reassigns the cost. Activity on a site is recorded as a billable event in one of three classes, a state transition like account creation, a bounded action, or a session. The site funds these from a prepaid balance, the platform keeps a fixed fee of twenty percent, the user receives a share capped at eighty percent, and the site takes a rebate from the remainder, with the arithmetic constrained to balance to the satoshi.

The consequence is that sybil resistance stops being a gate the honest user squeezes through and becomes a market the site tunes. A spammer who creates a thousand accounts that never do anything billable costs the site nothing, because nothing was billed. A spammer who wants those accounts to count must generate real, priced activity for each, which is the cost the site wanted them to bear all along, now denominated in Bitcoin instead of in the user's personal data. The cost moved off the user's identity and onto an external, self-custodied, fungible asset, and the direction of payment flipped because the user is now the scarce, valuable, hard-to-fake thing the site is willing to pay to acquire. That flip is not possible without every layer beneath it. It needs the costly signal, the proven address, the pseudonymous account, and the settlement rail, and each of those exists because it passed the test that most things fail.

What it costs and where it strains

An honest account has to mark the places the design bends, because the discipline's credibility depends on naming them. The most permanent limit is that stake-weighting is wealth-weighting. A reputation priced in held Bitcoin gives more standing to those who hold more, and the voting protocol is explicit that it cannot stand in for a sovereign election, which requires one-person-one-vote and legal-identity binding that a stake reading cannot provide. The system measures conviction weighted by stake, which is a real and useful thing and is not the same thing as equal voice, and the distinction will be misused the moment the tool is popular.

The second strain is custody. The family's rule is that it holds nothing, and me.ochk has one exception, the email path, where a user who arrives without a wallet has their earned satoshis held as Chaumian ecash in a Fedimint federation whose guardians, recruited by an operator rather than by the project, hold the threshold keys. That is custody, bounded by a quorum and run on a public protocol, but custody nonetheless, and the escape from it, a graduation flow that sweeps the balance out to the user's own keys, is at the time of writing still a placeholder rather than a shipped feature. The third strain is that a Bitcoin address is pseudonymous, not anonymous. A user who reveals the same address to two sites links themselves across them, and the public chain history of that address is readable by anyone, so the unlinkable-pseudonym default protects against lazy correlation and not against a user's own disclosure or against on-chain analysis. And the largest open question is not technical at all. Sites adopt this only if they accept paying satoshis to acquire users they currently acquire for free by harvesting data, and that is a real barrier and the most plausible way the whole thing fails to spread.

The product was always the point

It is tempting to read OrangeCheck as a purist exercise, a set of protocols admirable for their refusals and indifferent to whether anyone uses them. That reading misses what the refusals were for. The discipline was never academic. It was aimed, from the start, at producing a thing a person could hold, an identity that is recognized without being surveilled, that pays its holder rather than billing them in privacy, and that is anchored in an asset the holder controls rather than in a record a platform owns. Every protocol that was forced through the filter, every feature that was rejected for leaning on Bitcoin ornamentally, was a step toward making that consumer object trustworthy at every layer rather than only at the top.

me.ochk is the answer to a question the discipline was implicitly asking the whole time: if you build only the things for which Bitcoin is irreplaceable, and you compose them honestly, what do you get. You get an account that opens with a signature, knows nothing about you that you did not choose to tell it, treats every site as a separate face, and pays you to exist on it. Whether the world adopts it is a fact about people and incentives that no specification can settle. But the demonstration already stands, regardless of adoption. The signup form's founding assumption, that deterring fakes requires extracting identity, was never a law of nature. It was a billing decision made once, before there was a neutral asset to bill against. There is one now, and a chain of disciplined protocols has carried it all the way to a front door, where it turns out the user was never the thing that had to be expensive.