bots don't cry

C2PA is overseen by the Joint Development Foundation (JDF), which holds the specification and the C2PA™ trademark.
The Linux Foundation merely provides services, staff and support.

Note: Despite pulling in $292 million in 2024, the Linux Foundation devoted just $6 million (2%) to the Linux kernel.

Verifox by golimbo.ai is now officially a #C2PA conforming product. 🤔

github.com/c2pa-org/con...

How did the "Adobe Content Authenticity Inspect" tool come to be included in the conforming products list, while still in "beta" and far from being "secure and interoperable"?

Which open‑source tool is listed in the conforming products list?

bsky.app/profile/bots...

It's not a processor issue.

Adobe managed to get its #C2PA "Inspect" tool into the C2PA "conforming-products" list.

Their tool is still validating hacked Nikon images.

It's a total failure.

bsky.app/profile/bots...

2025-10-10 screenshot

"the C2PA Conformance Program provides a formal mechanism to ensure that implementations of the C2PA standard for Content Credentials are both secure and interoperable"

🥳 to @adobe.com @contentauth.bsky.social @andyparsons.net for having the "Adobe Content Authenticity" #spyware passing the test.

Nikon joined c2pa in 2021.

bsky.app/profile/bots...

Overlay oversight: forum member exposes weakness in Nikon's Content Credentials DPReview reader Horshack got a Z6III to sign an image it probably shouldn't have.

The Nikon camera was hacked in a week, and in any case was not compliant.
www.dpreview.com/articles/272...

Despite receiving 10 million Norwegian kroner in funding (around US $1 million), the Norwegian campaign for truth and authenticity in news media ended up being non‑compliant and vulnerable to forgery.

bsky.app/profile/bots...

Oops, turns out the code "is" online.

And I was spot‑on about the watermark: it’s literally commented as “FFmpeg command with advanced watermark settings” 😂

Sadly, C2PA isn’t a real fix:

- Web crawlers ignore C2PA data (except Google Search, and only for Pixel 10 images).

- The "Opt‑Out" feature is an Adobe marketing promise, there’s no enforcement behind it.

- History shows that digital watermarks are notoriously ineffective across the industry.

The BBC calls its C2PA "stamping tool" open source, yet no repo exists.

From what I saw at IBC, it looked like nothing more than FFmpeg drawtext (v0.6, 2010) for watermarking, wrapped with Adobe’s c2patool and its WASM C2PA decoder.

There was no demo with the Sony Camera, probably not compatible.

Open Source? 👍
Where is the repository?

Open Source? 👍
Where is the repository?

No, thank you.

Watermark removed

This could not be verified as U.S. Embassy Guinea content.

The #C2PA Watermarking Task Force (WTF) claims to have launched “the most robust and accessible content verification system ever deployed in a developing nation.”

- The watermark is removable with a single click.
- Desktop only, in a country where 80% of internet access happens on mobile.

On the preceding day, the same event and stage featured a session sponsored by the Silicon Valley "Content Authenticity Initiative" @contentauth.bsky.social , whose members include Adobe, Google, Microsoft and OpenAI.

bsky.app/profile/bots...

If is was only NIkon... BBC publishing a "verified" Fake, IPTC messing up metadata, Microsoft and Adobe signing everything

The new specs solve all the problems! said the C2PA Product Lead at Google.

For 2 days later removing from a blog post a C2PA signed image doxing his home location.

LinkedIn! Because it shows that @contentauth.bsky.social Microsoft and Adobe only pay attention to AI labels when it’s about pleasing regulators or drafting their annual AI safety report.
bsky.app/profile/bots...

The EU AI Act’s Code of Practice allows multiple methods for tagging AI‑generated content.

IPTC’s “Digital Source Type”, used by Meta and Apple, matches C2PA’s AI provenance capabilities while working with widely supported tools, avoiding reliance on a fragile toolchain.

bsky.app/profile/bots...

I got my hands on a old Sony ILME-FX30 with #C2PA support while browsing the 2025 IBC Show. Way cheaper than the PXW-Z300 if Sony decides to release the firmware 🤔. But Sony prefers to sell the PXW-Z300 as the "first" camera with #C2PA support.

Source: https://www.eidr.org/assets/Preserving-Media-Provenance-Metadata-with-C2PA.pdf

Yes, BBC is an "official" steering member but with no decision power. Project Origin now sits under IPTC, likely funded so Google and Adobe can push their own 'standards.' Meanwhile, #C2PA is "managed" by @linuxfoundation.org , giving Adobe cover to opensource‑wash its own code and specifications.

For AI companies, the mix of self‑regulation and vaporous product claims works well: the regulators get distracted.

Somehow BBC is profiting from being part of this "community": discount on Photoshop™ licenses probably.

bsky.app/profile/bots...

After excluding companies with a vested interest in avoiding AI regulation, the steering group consists of BBC, Publicis Groupe, and Sony. The BBC has not acknowledged its #C2PA pilot failure. Other mailing list members have no role in decision‑making: this arrangement is questionable for publishers

Self-regulation paired with vaporware is a calculated tactic for the AI tech giants to protect their bottom line while avoiding regulators oversight.

bsky.app/profile/bots...

And there you have it, #C2PA certified crash!

Yet it wasn’t difficult: record the video at the set time and sign it with the good old @adobe.com @contentauth.bsky.social #C2PA software.

Adaptive streams? Nowhere to be found.
Metadata? Dumped like a CRT-TV.

www.franceinfo.fr/une-informat...

Six months of effort, @francetelevisions.bsky.social finally ships its #C2PA POC.

They’ve cracked text encoding like it’s 1999… by ASCII‑ing it 😅
"rights": "France Télévisions/ 'Tous droits réservés'"
"rights": "France Televisions tous droits reserves"

Wrapped up in a deprecated #C2PA version.

At least it validates successfully.

<NonRealTimeMeta> <TargetMaterial umidRef="060A2B340101010501010D4313FF00003F328909870806C810322CFFFE0D5DCA"/> <Duration value="330"/> <LtcChangeTable tcFps="30" halfStep="true"> <LtcChange frameCount="0" value="40050000" status="increment"/> <LtcChange frameCount="329" value="54900000" status="end"/> </LtcChangeTable> <CreationDate value="2025-09-15T20:33:38+02:00"/> <VideoFormat> <VideoRecPort port="DIRECT"/> <VideoFrame videoCodec="AVC_Proxy_1280_720_MP@L4" captureFps="59.94p" formatFps="59.94p"/> <VideoLayout pixel="1280" numOfVerticalLine="720" aspectRatio="16:9"/> </VideoFormat> <AudioFormat numOfChannel="2"> <AudioRecPort port="DIRECT" audioCodec="AAC-LC" trackDst="CH1"/> <AudioRecPort port="DIRECT" audioCodec="AAC-LC" trackDst="CH2"/> </AudioFormat> <Device manufacturer="Sony" modelName="PXW-Z300" serialNo="0003421"/> <RecordingMode type="normal" cacheRec="false"/> <AcquisitionRecord> <Group name="CameraUnitMetadataSet"> <Item name="CaptureGammaEquation" value="rec709"/> <Item name="CaptureColorPrimaries" value="rec709"/> <Item name="CodingEquations" value="rec709"/> </Group> <ChangeTable name="ImagerControlInformation"> <Event frameCount="0" status="none"/> </ChangeTable> <ChangeTable name="LensControlInformation"> <Event frameCount="0" status="none"/> </ChangeTable> <ChangeTable name="DistortionCorrection"> <Event frameCount="0" status="none"/> </ChangeTable> <ChangeTable name="Gyroscope"> <Event frameCount="0" status="none"/> </ChangeTable> <ChangeTable name="Accelerometor"> <Event frameCount="0" status="none"/> </ChangeTable> </AcquisitionRecord> <RelevantFiles> <RelatedTo umid="060A2B340101010501010D43130000003F328909870806C810322CFFFE0D5DCA" file="015_0001.MXF" rel="mainStream" numOfAudioCh="4" formatFps="59.94p"/> </RelevantFiles> <UserDescriptiveMetadata> <Meta name="DigitalSignatureTypes" content="(C2PA+SSIG)"/> <Meta name="Tsfiller" content="40"/> </UserDescriptive…

A C2PA Manifest Consumer shall never process an assertion, assertion store, claim, claim signature or C2PA Manifest that is not contained inside of a C2PA Manifest Store. Additionally, when a C2PA Manifest Consumer encounters a JUMBF box or superbox whose JUMBF type UUID it does not recognize, it shall skip over (and ignore) its contents.

I got my hands on a Sony PXW‑Z300 camera with #C2PA support!
The #C2PA implementation is minimal: just a signature (no timestamp), "SONY CAMERA" listed as the generator, and a 160×120 thumbnail. That’s all.

However, there’s also a "private" SSIG box (Sony Signature) containing XDCAM XML metadata.

It’s been around for six years. Not useless, it still has niche uses.

The same giants funding the tech that spreads misinformation, MSFT, OpenAI, Google, Adobe, are promoting #C2PA as a “self‑regulating” AI guardrail to dodge real oversight over AI deployment.

C2PA isn’t about misinformation.

Adobe includes PII into #C2PA, Google Pixel too. People don't have the choice and are unaware of it.

Of course you can use it, but there is not a single one compliant implementation at the moment.🤷

Give me one real example where C2PA has helped against disinformation and I can change my mind.

Sorry, but no journalist is discussing it, because you can't lose @adobe.com as an advertiser.

I may have some bad faith, but nothing compared to the misleading statements made to regulators by the @contentauth.bsky.social

bsky.app/profile/bots...