Cloudflare is making it easier to assess the authenticity of online images by adopting the Content Credentials system advanced by Adobe and embraced by many others. Images hosted using Cloudflare now integrate Content Credentials, ensuring metadata remains intact. The platform tracks ownership and subsequent modifications, including whether artificial intelligence was used to edit the images. With touchpoints to an estimated 20 percent of Internet traffic, connectivity firm Cloudflare substantively expands the reach of the Content Authenticity Initiative (CAI), founded in 2019.

PetaPixel couches the move as “a massive deal and a huge win for the CAI, which Cloudflare has also joined.” Based on the Coalition for Content Provenance and Authenticity (C2PA) protocol, Content Credentials “allow publishers, creators, and regular web users to trace the origin of the media they view” and “ensures that creators can be accurately and consistently credited for their work.”

A Cloudflare blog post provides details on how the process works: “During the creation, editing, and resizing process of a piece of digital content, a unique hash of metadata is created for each action and then signed using a private key.” The signature and signer’s public certificate then become part of the metadata of the work.

“These hashes and signatures allow any open source verification tool to recalculate the hash, validate it against the signature, and check the certificate chain to ensure trustworthiness for each action taken on the image,” Cloudflare explains. “This is what is meant by Content Credentials being tamper-evident: if any of these hashes and signatures fail to validate, it means that the metadata has been tampered with.”

Each cryptographic signature is part of a Trust List that enables anyone to query the provenance chain “across various entities, such as from a camera manufacturer to photo editing software to distribution across Cloudflare,” the company explains.

Available worldwide, anyone who views or downloads images with the CAI setting enabled “can verify their digital history via Adobe’s Content Authenticity web tool or its Chrome browser extension,” reports The Verge.

CAI members include Adobe, Arm, Canon, Getty, Leica, Microsoft, Nvidia, Qualcomm, Shutterstock, Truepic and several major news outlets.