C2PA promised to solve image provenance. Instead, it created a false sense of security. Here's why perceptual hashing is the only approach that actually works.
The Content Authenticity Initiative (C2PA) embeds cryptographic signatures directly into image files. It's a solid idea — in theory. In practice, the moment you share your image, the verification breaks.
Every major platform — Instagram, Twitter/X, TikTok, Facebook, Threads — removes all metadata during upload. Your C2PA credentials vanish before anyone sees them.
Platforms resize, compress, and re-encode images. Cryptographic signatures that depend on exact byte content break after any modification.
C2PA only works if platforms choose to read and preserve the metadata. They don't. There's no enforcement, no incentive, no consequence.
Existing photos can't be retroactively certified. You can only verify images that were C2PA-signed from the moment of creation — excluding millions of existing photographs.
Every major platform removes metadata during image processing:
Perceptual hashing (pHash) creates a fingerprint based on what an image looks like, not its exact byte content. This fundamental difference is why it survives transformations that destroy metadata-based approaches.
JPEG re-encoding slightly changes byte values but preserves visual structure. pHash remains stable because it measures relative brightness, not absolute values.
Downscaling to thumbnail doesn't erase the perceptual fingerprint — the gradient directions that pHash captures are preserved at any resolution.
Screenshot of your image? The perceptual fingerprint survives. It's still recognizably derived from your original — which is exactly what you want to prove.
Hash compares adjacent pixel relationships, not absolute values. A brighter or darker version produces the same (or very similar) fingerprint.
Here's how the two approaches compare across the criteria that actually matter for photographers.
| Capability | Provyn (pHash) | C2PA (Metadata) |
|---|---|---|
|
Survives metadata stripping
Works after Instagram/Twitter upload
|
✓ Yes | ✗ No |
|
Survives image compression
Works after JPEG re-encoding
|
✓ Yes | ✗ No |
|
Survives resizing
Works on thumbnails
|
✓ Yes | ✗ No |
|
Works on existing photos
No camera hardware required
|
✓ Yes | ✗ No |
|
Platform-agnostic
No platform cooperation needed
|
✓ Yes | ✗ No |
|
Detects similar images
Finds modified copies
|
✓ Yes | ✗ No |
|
Backward compatible
Works with old images
|
✓ Yes | ✗ No |
Provyn combines perceptual hashing with blockchain timestamping. The hash survives everything. The timestamp proves when.
Upload any image. We compute a perceptual hash that captures visual structure, not file bytes.
Your pHash is committed to a public blockchain with a timestamp. Immutable. Public. Verifiable.
Anyone can check if an image matches your registered fingerprint — no matter where it's been.
Try the interactive demo to see pHash in action, or join the waitlist for early access.