Blog
8 pages

C2PA Adoption in the Tranco Top 1,000: May 2026 Snapshot
We scanned the Tranco top 1,000 sites for C2PA support. Here is the adoption picture by sector and what it says about where provenance is heading.

EU AI Act Article 50: A Compliance Decision Framework
A practical decision framework for Article 50: are you a provider or deployer, what's your deadline, and what to build first before 2 Aug 2026.

How We Run OpenTimestamps at 10 Million Signatures Per Day
An engineering deep-dive on aggregating millions of daily manifest hashes into one Bitcoin anchor: Merkle tree design, fee economics, and proof distribution.

Nikon Z6 III Certificate Revocation: The AL2 Lesson
Nikon revoked every Z6 III signing certificate after a multi-exposure exploit. The cryptography was sound; the integration was not. Here is the AL2 lesson.

Original Pictures vs Truepic: Architecture Compared
A feature-by-feature architecture comparison of two provenance approaches: horizontal signing API versus vertical controlled capture. With honest trade-offs.

Signing Sora 2 Output: Preserve OpenAI's Manifest
How to re-sign Sora 2 video while keeping OpenAI's manifest as a c2pa.ingredient, with real integration code and a read of the Sora 2 system card.

The Arup Deepfake: A Forensic Timeline of the $25.6M Scam
A step-by-step reconstruction of the Arup deepfake CFO fraud, with primary sources, and where provenance would and would not have helped.

TrustMark vs SynthID vs AudioSeal: A 5,000-Image Benchmark
We tested watermark survival across 14 attack vectors. Here are the recovery rates, the honest failure modes, and what they mean for layered provenance.