Two weeks ago, Digimarc, a company that creates software for businesses, unveiled a Chrome extension that helps verify and show the origin of images with C2PA Content Credentials. After two weeks of usage, PetaPixel found it to be mostly ineffective, largely due to the chaotic rollout of C2PA.
For a few years, the Content Authenticity Initiative (CAI) has been gradually implementing the C2PA Content Credentials system in cameras, smartphones, and photo editing software. Companies like Leica and Nikon included it in 2022, while Sony and Fujifilm followed in 2024. Panasonic just joined the governing body of this standard recently.
However, since late last year, with Google and more recently Samsung, the implementation of C2PA into smartphones has lost direction. Samsung’s method, in particular, seems misguided. The company adopted C2PA on its Galaxy S25 series, but only added the C2PA metadata to images that used AI edits. Photos that were simply captured untouched received no provenance information at all. As mentioned in February, this approach is backwards.
“The initial goal of the CAI and C2PA was to validate that a photo is genuine and unaltered. Once all legitimate images carry this metadata, there would be no need to prove an image is AI-generated because it wouldn’t have a tag,” I mentioned earlier. “In the ideal CAI scenario, if an image lacks the C2PA tag, it can’t be trusted. This approach encompasses all AI-generated content and images where the tag has been removed, thus rendering the distinction moot.”
The CAI shares blame here along with Samsung, as it isn’t providing proper guidance to its members. Since the CAI’s inception until the launch of the S25 Ultra, AI concerns have increased; in an attempt to keep pace with this trend, the CAI shifted its focus to a narrative that emphasizes proving images are AI-generated. While this is achievable with C2PA, it is more logical to start by confirming a photo is real as opposed to trying to establish that it’s not.
“It’s incredibly challenging to prove that a photo is altered or fake, but it’s straightforward to demonstrate that an image is real and unmodified,” I noted.
Fast forward to May, when Digimarc Labs launched its Chrome extension for viewing C2PA provenance directly in the browser. This concept is promising and could effectively showcase the full editing history of images, but the problem lies in the fact that very few photos online have C2PA metadata. This is a direct consequence of the CAI and its partners focusing their efforts on demonstrating that AI images are unreal, effectively halting progress on attaching C2PA metadata to new photos.
As a side note, it’s ironic that an AI voice narrates the script for the Content Credentials Chrome extension in the video above.
Even with more accessible tools than ever to analyze and understand a photo’s provenance (including a tool that embeds C2PA captured with any camera), we’ve overlooked the crucial step of ensuring photos possess that metadata to utilize these tools effectively.
I’ve engaged with every camera manufacturer regarding C2PA over the past year, questioning their hesitance to fully adopt and promote C2PA support. The answer is frustratingly straightforward: they are all still deliberating on the best method for a cohesive rollout. Many are in a “wait and see” phase, expecting news outlets to implement the system while publications await broader support from camera makers for the metadata. If everyone is waiting for someone else to act first, progress will remain stagnant.
The C2PA system appears to be the most viable way to authenticate photos due to its advanced development and wide acceptance, but unless someone takes the initiative to advance it, it will remain stuck without progress.
Image credits: Header image created using assets licensed via Depositphotos.
