Asset Transparency is a public record of hashes of published content on the web. Everyday organizations publish assets across the web for download to their users. Users are asked to verify a signature or checksum of the data once it has been downloaded. In practice, this rarely happens, even though there have been many attacks that involve modifying content once it has been published. A transparency log allows this process to be automated by the clients that download the content — as well as be used as a record that can be verified after the fact. Any company that publishes content should be using a transparency log and associated clients to automatically verify the data from the public record.

Transparency Logs are used to provide a public record of cryptographically verifiable data, which is available for audit and verifying the integrity of their own content. Transparency Logs have become a foundational aspect of the web through the use of the Certificate Transparency system and the Go Lang module community.

To read a more technical paper on how transparency logs work, please see Russ Cox’s overview.