According to Wikipedia:
The goal of the C2PA is to define and establish an open, royalty-free industry standard that allows reliable statements about the provenance of digital content, such as its technical origin, its editing history or the identity of the publisher.
Has anyone explored this standard before? I’m curious about privacy implications, whether it’s a truly open standard, whether this will become mandatory (by law or because browsers refuse to display untagged images), and if they plan on preventing people from reverse engineering their camera to learn how to tag AI-generated photos as if they were real.
From what I can tell, that’s basically what this is trying to do. Some company can sign a source image, then other companies can sign the changes made to the image. You can see that the image was created by so-and-so and then manipulated by so-and-other-so, and if you trust them both, you can trust the authenticity of the image.
It’s basically
gitcommit signing for images, but with the exclusionary characteristics of certificate signing (for their proposed trust model, at least. It could be used more like PGP, too).