When Reuters had to pull AI-generated images from their wire service in 2024, they identified the fakes using Adobe’s Content Credentials. The system worked—in that controlled workflow, with preserved metadata, in a professional newsroom. But The Verge just published an interview with reporter Jess Weatherbed documenting why this approach fails everywhere else. Her conclusion after months covering C2PA adoption: “there is not going to be a point in the next three, five years where we sign on and go, ‘I can now tell what’s real and what’s not because of C2PA.’” The problem isn’t cryptography—it’s that the vast majority of authenticated images lose their metadata when shared on social media. Instagram, Facebook, Twitter all strip EXIF data during upload. C2PA credentials get destroyed along with everything else. OpenAI, which sits on C2PA’s steering committee, openly admits their implementation is “incredibly easy to strip.”
There’s also a structural issue Weatherbed identifies: verification infrastructure controlled by corporations with commercial incentives that don’t necessarily always align with protecting truth. Adobe controls Content Credentials, platforms gate API access, terms change. She quotes journalists being “hesitant to depend on corporate-controlled infrastructure for truth verification.” They need authentication infrastructure they control, not rent from tech companies who can change terms or shut down services.
We’re prototyping an approach that separates authentication from file metadata entirely. Instead of embedding credentials in images, cameras submit cryptographic hashes to a public registry at the moment of capture (or queued until an internet connection is established). When someone encounters an image anywhere, they hash what they’re looking at and check that hash against the registry. A match means it came from an authenticated camera. No match doesn’t necessarily mean it didn’t, but the false negative rate naturally improves with adoption and edit provenance integration. The registry is implemented as a consortium ledger with independent validator nodes operated by fact-checking networks and press freedom organizations. The design requirement was multi-party governance without reliance on a single corporate operator; a permissioned blockchain architecture without transaction fees or trading tokens satisfies that constraint. The operating cost is roughly $100-150/month per node. In our first iteration, we’re using camera fingerprint (PRNU)-derived entropy contributes to device-unique key material, binding authentication to physical sensor characteristics rather than software-generated keys.
This system is designed to prove hardware origin, but it does not prove a scene was not staged. That’s a narrower problem than C2PA attempted, which might be why it’s solvable. We’re currently closing out the Phase 1 proof of concept to validate the cryptographic pipeline. Phase 2 moves to mobile app implementation—photographers simply take pictures normally while authentication happens invisibly in the background. The data packet the camera sends is less than 1KB (a tiny fraction of the image data itself), making the process fast enough to be unnoticeable. Verification happens via browser extension or platform integration for anyone viewing the image later. We’re targeting 50-100 beta users in photojournalism and fact-checking communities by Q2 2026, with initial deployment focused on cash-prize photography competitions where all submissions must be authenticated, proving they were captured by a real camera. We’re in early discussions with WITNESS.
The hardest problems aren’t technical. They’re adoption (why would manufacturers integrate our system?), governance (who decides what’s authenticated and what validator node operators are trusted?), and sustainability (how does registry infrastructure stay funded long-term?). Current discussions focus on governance models where validator node decisions require supermajority consensus among mission-aligned organizations, preventing any single entity from controlling authentication. We’re publishing everything openly—technical specs, threat models, economic analysis—specifically so these questions get scrutinized before we’re too far down a wrong path. Weatherbed’s reporting confirms metadata-based authentication does not survive open internet redistribution at scale. We’re testing whether registry-based authentication works any better. Early results in a few months.