Seeing is No Longer Believing: How Content Credentials Provide Transparency in What We See Online
- May 25
- 5 min read
Updated: 3 days ago
Trust in a World Drowning in Digital Content
The digital world is currently flooded with content. Every day, more than 400 quintillion bytes of content are created, shared and consumed worldwide¹. At the same time, easy-to-use generative AI tools have enabled almost anyone to generate highly realistic images and videos in seconds. Whether the intent is malicious or for entertainment, the rise of AI-generated media has made it increasingly difficult to distinguish reality from fiction.
So how can you trust what you see online?
This is where Content Credentials comes in. It offers a way to verify where digital content comes from, how it was created and whether it has been altered along the way.
What Are Content Credentials?
When a piece of media contains Content Credentials, you will usually see a small Content Credentials icon on supported platforms. This indicates that the image or video holds secure, tamper-evident information about its origin and/or editing history.
You may already see this on platforms such as LinkedIn or in smartphone devices like Google Pixel 10.
Under the hood, Content Credentials are based on the open global standard known as the Coalition for Content Provenance and Authenticity (C2PA). Much like Wi-Fi or Bluetooth, C2PA defines common rules that enable different tools, platforms, and devices to consistently record and verify the origin and history of digital content.
By embedding secure information into media files, Content Credentials allow viewers to check:
Who created or published the content
When and where it was created
What device or software was used
What edits were made along the way
Together, these signals promote transparency in the digital world and help audiences make informed decisions about what they trust.
The Technology Behind the Scenes: C2PA Manifest, Watermarking & Fingerprinting
The C2PA Manifest: A Secured Record of Origin and Edits At the core of the C2PA standard is the C2PA manifest, a cryptographically protected record stored with the content. It can include a range of metadata or assertions, such as identity, creation date, and editing history².
Each manifest is digitally signed using a digital certificate. When content is edited or republished, the new creator, editor, or publisher must specify the metadata to include and re-sign the manifest to maintain the validity of the Content Credentials.
If anyone attempts to tamper with the file without updating and re-signing the manifest, the cryptographic signature breaks, signalling to verifiers that the content may have been tampered with.
When Things Get Tricky: Watermarking and Fingerprinting
Because not all apps and platforms support C2PA today, a manifest may be stripped when a file is uploaded, resized or transferred. This is where Durable Content Credentials techniques such as watermarking and fingerprinting help fill the gaps. An invisible watermark embeds a hidden message directly into an image's pixels (or video frames) and is designed to survive common transformations like resizing, compression, or format conversion. Even if metadata is stripped, a Content Credentials verifier can detect the watermark, extract the embedded reference, and reconnect the media to its original manifest, which is stored securely on a server.
A fingerprint is a unique digital identifier generated from the visual characteristics of an image or video. When a manifest is retrieved, the verifier compares the fingerprint stored in the manifest with the file's fingerprint. This helps ensure that the media matches the original content associated with the manifest and prevents spoofing or substitution attacks.
Together, these Durable Content Credentials techniques³ enhance resilience and add layers of verification.
What Content Credentials are Not
While Content Credentials are helpful, they are not a cure-all.
They do not detect intent or context, nor do they judge whether content is being used responsibly. An unedited photo can still be mis-contextualised if it is shared with false captions, placed in the wrong context, or presented without important background information.
Content Credentials cannot prevent all forms of manipulation or misinformation. What they do offer is greater transparency about how the content came to be and provide clearer trust signals for everyday users. These tools help us understand an image's history but interpreting that information and evaluating context remain a human responsibility.
The Future of Digital Content is Transparency
In today’s digital environment, critically evaluating what we see online is an essential skill.
As adoption grows among camera manufacturers, software vendors, and platforms that support C2PA, Content Credentials are likely to become a standard part of how we assess digital media, much like checking a safety certification on an appliance or reading nutrition labels on food.
While bad actors may still attempt to pass off manipulated content as real, Content Credentials are designed to help good actors, such as journalists, creators, and organisations, reliably prove the authenticity of their work.
For now, when you see the Content Credentials icon, you can tap it to explore the media’s origin and history, helping you make a more informed decision about what to trust.
Frequently Asked Questions
Can Content Credentials be used for videos, or only images? Yes. Content Credentials support both images and videos, depending on tool and platform implementation.
When can Content Credentials be added – during creation or later?
Content Credentials can be added at multiple points in the workflow, including during capture, editing, or publishing, depending on the tools used.
How Content Credentials works from: https://contentauthenticity.org/how-it-works
Are Content Credentials only for AI-generated content?
No. They can apply to both AI-generated and non-AI content, including traditionally edited or camera-captured media.
What if a piece of content doesn’t have Content Credentials?
The absence of Content Credentials does not automatically mean the content is untrustworthy. Adoption is still growing, and not all tools or platforms support them yet.
Over time, the goal is for authenticated content to become more widely available, making it easier to recognise verified media by default.
What information can be included in a Content Credentials?
Content Credentials can include a range of verifiable records about how a piece of content was created and modified. Full list can be found in C2PA Technical Specification and examples include:
Creator, editor or publisher identity
Date and time of creation or modification
Location information
Device or software was used
Editing actions (e.g. cropping, colour adjustments, or filters)
It is important to note that creator, editor or publisher remain in control of what information is shared and can choose which assertions to include. Sensitive details, such as precise location data, are not mandatory and may be omitted for privacy reasons.
When can Content Credentials no longer be recovered?
Content Credentials may no longer be recoverable when extreme or cumulative edits (e.g. aggressive cropping, heavy filtering, compositing, or repeated re-encoding) make the embedded watermark undetectable. While modern watermarking is robust to common edits, it has practical limits. When the watermark cannot be detected, the embedded reference cannot be extracted, and the media can no longer be reconnected to its original C2PA manifest.
Where can I find more information?
For consumers:
C2PA in action: https://www.youtube.com/watch?v=na9jBUC72VA
For implementer/developers: