I was looking at an attestation this morning that was supposed to be private.
The data location was off-chain.
Content not visible.
But I already knew more than I expected to.
Before I followed a single link.
I checked the schema ID.
It told me what kind of credential this was.
Then the attester address.
That narrowed it further than I thought it would.
I checked the valid Until field.
It hinted at how long this credential was meant to matter.
Then the recipients field.
That told me exactly who it was tied to.
The content was private.
The structure wasn’t.
At first I thought I was reading too much into it.
So I pulled a second attestation.
Different holder. Different issuer.
Same pattern.
Schema visible.
Attester visible.
Validity window visible.
Recipient visible.
Everything that was supposed to stay hidden stayed hidden.
But everything around it was still there.
That’s where I paused longer than I expected.
It didn’t feel like I was supposed to be able to see that much.
I had to go back and check I wasn’t missing something obvious.
So I stayed on it.
Not the content.
Just the shape of it.
The schema ID gave away the category.
The attester made the source clear.
The validity window said more than it should have.
The recipient tied it all together.
Each field on its own felt harmless.
Together, they weren’t.
Put side by side, the credential had already introduced its holder.
Before the holder said anything.
I wasn’t sure if I was overreading it at that point, but the pattern wasn’t going away.
That’s when it clicked.
Metadata shadow.
The outline a credential casts before anyone reads what’s inside it.
Visible on-chain.
Permanent.
Attached to every attestation regardless of where the content lives.
For a moment I thought I was projecting patterns that weren’t really there.
So I checked a few more.
Not many.
But enough.
Same structure.
Same signals.
Same outcome.
That’s when it stopped feeling like interpretation.
And started feeling like behavior.
The first place this shows up is access.
A verifier doesn’t read the content.
It reads the schema.
That alone tells it what kind of credential this is.
And the decision happens anyway.
The second place is duration.
The validity window is visible.
Short-lived credentials behave differently from long-lived ones.
That signal exists before anything is verified in detail.
The system reacts to it.
The third place is authority.
The attester address is public.
Who issued the credential is always visible.
That link exists whether the holder intended to reveal it or not.
At that point, the content almost doesn’t matter.
The structure has already done the work.
That changes how I read any attestation before I trust it.
$SIGN only matters here if the structural layer of a credential can be scoped the same way the content layer can.
Because right now the content is private.
The shadow it casts isn’t.
And every query that touches an attestation reads that shadow whether it means to or not.
How many decisions right now are being made off that shadow without anyone realizing it?
