How Vera Works

From gameplay to public proof

So you can be believed without having to argue. Vera keeps a neutral, inspectable record of what was running while you played (processes, drivers, integrity posture). Here is exactly how it works, top to bottom.

Simple enough to read in a minute. Rigorous enough to hold up to a kernel engineer.

Five steps from install to proof

Every piece of evidence on a Vera profile follows the same path. Nothing is hidden, nothing is assumed.

01

Register

Sign up with your email. Magic-link login, no password. You're verified in seconds.

under the hoodPasswordless magic-link auth binds a verified identity to your account before any evidence is ever attributed to it.

02

Install

Download the Vera agent and install on your Windows PC. It runs quietly as a background service.

under the hoodA lightweight Windows service, scoped to read-only observation and provisioned with a per-device identity, so every upload is attributable to the machine that made it.

03

Collect

The agent captures running processes, loaded kernel drivers, and integrity flags. No keystrokes, no screenshots, no personal files.

under the hoodRead-only enumeration of the process table, the kernel-mode driver set with full code-signing chains, and boot/runtime integrity (Secure Boot, HVCI, test-signing). No hooks, no injection, no memory reads.

04

Detect

Vera identifies gameplay by matching activity against curated game catalogs. Background noise is filtered out; only real sessions surface.

under the hoodActivity is correlated across time into genuine play, with focus windows separating real gameplay from background noise. The rules are versioned and principled; the catalog itself is the one thing we keep close, so the line can't be studied and routed around.

05

Publish

Sessions are bundled, signed, and uploaded. The platform publishes proof pages anyone can inspect. Nothing hidden, nothing edited.

under the hoodEach session is serialized, cryptographically signed, and written to immutable storage. The public page renders straight from that sealed record, so what you read is what was captured.

What you see on a Vera profile

Every verified creator gets a public profile page at /u/handle. Here's what it contains, and why it matters.

Games Played

A summary of every game detected in the selected time range. Each game has a consistent color across all views, showing session count and when it was last played. Click any game to filter the entire profile to that title.

  • Color-coded by game, consistent everywhere
  • Session count and recency at a glance
  • Click to filter timeline and sessions
GAMES PLAYED (7D)
Fortnite8 sessions
Call of Duty4 sessions
Minecraft3 sessions

Game Session Timeline

A visual swim-lane chart showing exactly when each game was running. Each horizontal lane represents a game, with colored segments marking active gameplay. Hover to cross-highlight between the timeline and sessions below.

  • Time-based visualization across 24h, 7d, 30d, or all time
  • Each bar is clickable: jump straight to session detail
  • Overlapping sessions from the same game merge automatically
Game Session Timeline
Fortnite
Call of Duty
Minecraft

Sessions

Below the timeline, sessions are listed newest-first. Each card shows the time range, duration, and the games detected in that cluster. A mini activity bar visualizes game overlap within each session.

Click any session to drill into the full session detail: every process running and every kernel driver loaded during that window.
SESSIONS
Feb 18, 09:35 PM to 10:19 PM43m 43s
Fortnite
Feb 18, 06:32 PM to 09:01 PM2h 29m
Call of DutyFortnite

Inside a game session

Every session is a window into exactly what was happening on the system. Click any session from a profile to see the full breakdown.

Processes

Every process running during the session: name, executable path, publisher, runtime, and frequency. Sorted by rarity, activity, or alphabetically. A Process Timeline shows when each launched and for how long.

Drivers

Full kernel-mode inventory with the complete code-signing chain on each driver, not just signed-or-not. The dangerous one is rarely the unsigned driver. It is the legitimately signed, vulnerable one a cheat carries in to pry open the kernel, a technique with a name: BYOVD. Watching for it is the whole reason drivers are here.

System Profile

The environment around the evidence: OS, hardware, BIOS mode, Secure Boot state, and virtualization posture. Context, never a verdict: a session on bare metal with Secure Boot on simply reads differently than one inside a VM. Names, usernames, and paths are redacted before anything leaves your machine. What your setup says about you is the full story of what's collected, what's redacted, and why.

Unfiltered

Every data point captured is displayed as-is. Nothing is hidden, nothing is edited, nothing is selectively omitted. The raw evidence speaks for itself.

Call of Duty
Game Session · 32m 30s
Unfiltered
110
processes
793
drivers
Processes (431)Drivers (793)

What turns data into proof

Anyone can record what's running on a PC. Proof is what survives scrutiny. Four properties make a Vera record hold up when it matters, and none of them ask you to take our word for it.

Tamper-evident

If a record were altered after the fact, it wouldn't survive.

under the hoodSessions are signed at the source; the published page renders from the signed bundle, so any later edit breaks verification.

Append-only

Nothing gets quietly rewritten or deleted.

under the hoodEvidence is written once and never mutated. Even compaction is signal-preserving: presence is encoded as intervals, one record per continuous span a fact held true, split the instant any attribute changes. Far smaller on disk, yet nothing that mattered is ever averaged away.

Traceable to the source

Every conclusion points back to the raw fact it came from.

under the hoodFindings are derived, never freestanding. Each one links to the observed data beneath it, so you can always check the work.

Yours to verify

You never have to just trust us.

under the hoodEvery profile and session has a permanent public URL, open and inspectable. No login, no gate, no expiry.

Two levels of evidence

Observed

What actually happened, captured straight from your system during a verified session. No interpretation, no opinion. The raw fact, and the bedrock every other claim has to answer to.

  • Process names, paths, and publishers
  • Kernel driver inventory and signatures
  • Secure Boot, HVCI, and testsigning posture
Correlated

What those facts add up to once curated rules are applied. Useful, but one honest step removed, and always labeled as such. Vera never lets a derived guess wear the costume of a raw fact.

  • Known-risk driver matches
  • Game session detection via catalog rules
  • Finding severity from threat model versions

How to read a Vera profile

Start with the timeline

Colored bars are when games actually ran. The denser the activity, the more there is to check.

Open any session

Every card opens the full breakdown: every process and every driver loaded during that exact window.

Weigh the pattern, not the moment

What holds across weeks says far more than any single game. Trust is a shape over time, not a snapshot.

Move the window

Swap between 24h, 7d, 30d, and all. Change the lens and watch whether the story stays consistent.

No link required

Every profile and session lives at a permanent public URL. Anyone curious can find it and verify independently. You never have to hand it over.

What Vera does NOT collect

Minimal by design: only what's needed for meaningful evidence

No keystrokes or input monitoring
No screenshots or screen recording
No personal files or documents
No network traffic inspection
No memory scanning or injection

Don't take our word for the boundary. The collector evidence pack lets you prove it without asking us: a sandbox recording, the decompiled API surface, and a hostile-analyst prompt for your own AI.

Never argue your innocence again

Install the Vera agent and start your record. The day someone doubts you, the proof is already there, public and inspectable, exactly as it happened.