Proof of capture that survives social media.
C2PA attaches a camera signature to content data at capture. But that capture proof tolerates no modification to the content data whatsoever — and most social media platforms alter the data for display optimization. We needed a way to separate the capture proof from the content data itself, so that mathematical trust is preserved even after posting to social media.
The right foundation already exists
The root cause of problems like deepfakes and unauthorized reposting is the same: the origin and rights ownership of digital content remain unknowable until actual harm occurs and someone makes a claim.
Technologies are being developed to enable verification of content authenticity and rights before harm occurs. There are broadly two approaches.
The first is post-hoc analysis — detecting fakes by examining content after creation, as with AI-based authenticity detection. But this is an arms race. As detection technology advances, generation technology that evades detection emerges. There is no structural advantage for detection.
The second is recording provenance with cryptographic signatures at the time of content creation. The security of these signatures depends on the integrity of signing keys, the certificate chain, and the correctness of the implementation. But unlike post-hoc detection, this approach has a structural foundation that is unaffected by advances in generation technology.
C2PA (Coalition for Content Provenance and Authenticity), backed by over 6,000 organizations including Adobe, Microsoft, and Google, is the open standard for this provenance-recording approach. It records which device or software created the content, when, and what edits were made — all cryptographically signed.
Google Pixel signs photos with its Titan M2 chip. High-end Sony and Nikon cameras implement C2PA signing. OpenAI, Google, and Adobe sign their AI-generated content with C2PA. The infrastructure is real and growing.
But proof disappears as content spreads
C2PA verification requires two things: the complete C2PA manifest data (a JUMBF container holding the signature chain, certificates, and edit history) and the complete data of the content itself. For a photo, that means the full-resolution capture data. For a video, the entire original video file. If even one byte of the content data changes, the hash will no longer match and verification fails. This tight coupling (referred to as hard binding in the C2PA specification) is an essential design for integrity guarantees, but becomes a barrier when content is distributed.
Nearly every social media platform, messaging app, and CDN strips the manifest and recompresses the content on upload. Facebook, Instagram, X, and YouTube all remove C2PA data and alter the content data for efficiency. Once that happens, verification becomes impossible. The World Privacy Forum calls this "the primary obstacle to C2PA interoperability."
Even when C2PA data remains in the file, cryptographically verifying the information inside it (camera capture proof, timestamps, edit history, etc.) requires both the complete C2PA manifest data and the complete content data. If either is missing, it is impossible for a third party to cryptographically confirm and retrieve that information.
Existing solutions include mechanisms like embedding URLs in watermarks and using cloud storage to recover C2PA manifests. But these are fundamentally approaches that attempt to approximately re-associate content data — which has already lost its cryptographic verifiability — with C2PA manifests.
To build a system where proof of camera capture actually reaches people on social media, we needed to solve a different problem: separating the proof — that the content had camera capture provenance recorded and passed C2PA verification — from the content itself, making it accessible in a trustworthy form even without the complete original file.
Title Protocol: making proof independent
Extracting arbitrary attributes from content and recording them as standalone, independently trustworthy records.
Title Protocol takes C2PA-signed content and processes it inside a TEE (Trusted Execution Environment): hardware-isolated processing designed so that the server operator cannot access or alter the verification. While the cryptographic binding between the content and its manifest is still intact, it performs C2PA verification and attribute extraction, then seals the result with the TEE's own signature. This ensures the cryptographic chain of trust passes unbroken from the device's signing key to the TEE's attestation signature. The signed attributes are stored off-chain and linked to an NFT on the blockchain.
The result: provenance data that exists independently of the content. No original file needed. No trust in any specific company required. Trust is grounded in the TEE's hardware isolation, open-source verification code, and immutable records on the blockchain. Which device captured it, when, whether it was hardware-signed — these attributes can be queried through the blockchain.
- Sign at captureC2PA records the device information, date and time, and tools used, all sealed with a cryptographic signature.
- Verify in isolated hardwareA TEE (currently using AWS Nitro Enclaves) verifies the C2PA data. The TEE is a hardware-isolated environment designed so that the operator cannot access the verification process. The verification result is signed with the TEE's internal key.
- Extract and recordThe verified attributes are extracted and linked to a compressed NFT on the Solana blockchain. Cost at current network conditions: ~$0.00015 per record. 100,000 records cost roughly $15.
- Anyone can verify, anywhereYour browser fetches data directly from blockchain nodes and verifies the TEE signature. No server is involved in verification, and no trust in any specific company is required. The proof exists independently of the content file.
Learn more about the trust model →
What exists today and what remains unsolved
C2PA verification services and provenance registries exist. Here is where the gaps remain.
- Proof that survives sharing C2PA data is stripped by nearly every platform. Existing solutions attempt to recover the full manifest via watermarks or centralized cloud. Title Protocol takes a different approach: verified attributes exist as independent records on the blockchain, so even after C2PA metadata is stripped from the file, the provenance data remains accessible without recovering the original manifest.
- Querying attributes without the file Existing services store full C2PA manifests externally, so you still need to parse the manifest to access specific attributes. Title Protocol extracts and records individual verified attributes, making them directly queryable from the blockchain.
- Cross-platform rights tracing When content goes viral, tracing the original creator requires searching across fragmented services, each with its own ID scheme. Title Protocol uses a content ID derived from the SHA-256 hash of the C2PA manifest signature. This is a value anyone can compute from the same C2PA content, independent of Title Protocol. Rights holders are linked by wallet address, enabling cross-platform tracing through a neutral, non-proprietary identifier.
- Trusting the verifier If a company runs the verification, you must trust that company. Title Protocol uses TEE: the verification is designed to happen in hardware-isolated processing where the operator cannot intervene. The result is cryptographically signed and client-verifiable. All TEE enclave code is open source, so the verification logic itself can be independently audited. The trust shifts from a company's reputation to a publicly auditable codebase and security model.
RootLens
The reason we built Title Protocol
RootLens is a camera app that proves your photo or video was really captured, and lets you share that proof on any platform.
- Capture a photo or video
- The app signs it with C2PA using the device's secure hardware
- Publish. Title Protocol extracts and records the proof
- Share the link anywhere. Anyone can verify it
The proof outlives the app. If RootLens disappears tomorrow, the verification records remain linked to on-chain NFTs. Other applications built on Title Protocol can access the same records.
For creators who face AI-generation accusations, journalists who need verifiable evidence, and anyone whose content is worth proving real.
How content signing and verification work →
Open source. Open protocol.
The specification, architecture documentation, and implementation are all publicly available. You can read the docs and independently verify or reimplement the entire system.
RootLens is built on Title Protocol, an open protocol. Anyone can run a verification node, and anyone can build an application on it.
All source code is public, released under Apache 2.0.