Frequently asked questions
General
What is the CAI?
The Content Authenticity Initiative is a group of creators, technologists, journalists, and activists leading the global effort to address digital misinformation and content authenticity. We’re focused on promoting and providing an open, cross-industry approach to media transparency.
Who is involved in the CAI?
The CAI has built cross-industry community with diverse viewpoints to foster discourse and action toward bringing content authenticity into a global practice.
Collaborators include: Adobe, BBC, Microsoft, The New York Times Co., Leica, Nikon, Truepic, Qualcomm, and more.
What is the C2PA?
The Coalition for Content Provenance and Authenticity (C2PA) is a formal coalition dedicated exclusively to drafting technical standards and specifications as a foundation for universal content provenance. The C2PA is a mutually-governed standards development organization (SDO) under the structure of the Linux Foundation’s Joint Development Foundation.
How does the C2PA differ from the CAI?
The CAI drives feature explorations, creates open-source tools and fosters community around content authenticity. The C2PA complements these efforts by providing the end-to-end open technical standards for creators, editors, publishers, media platforms, and consumers.
Who is the target audience for CAI-enabled products?
Anyone who is interested in preserving trust on the internet — whether that’s social media users exposed to misinformation in their feeds, creative professionals who want attribution for their work, or news publishers who want to transparently share their process with their audience.
How will CAI be an international standard?
The CAI works across industries to ensure our explorations and solutions are global, accessible, and ubiquitous.
Is CAI a blockchain system?
While the CAI is blockchain compatible, CAI-enabled features do not use blockchain. View a prototype that integrated blockchain distributed storage.
Is the CAI about digital rights management?
No – the CAI will not enforce any permissions for access to content. In many cases, the name displayed on the CAI Verify website will be the name of the exporter of the content, not the rights owner.
Trust and transparency
Why is the CAI system trustworthy?
The CAI implements the open standards created by the C2PA standards body. The system itself relies on proven cryptographic methods to seal and protect information from being tampered with. We also have an open membership model which encourages feedback from users.
Will the CAI solve all misinformation problems?
No – there are generally three ways to address misinformation: education, detection, and attribution. The CAI is creating an attribution-focused solution. The CAI will undertake efforts around education where we’re able, and will be transparent about information that can aid in detection — but ultimately, the entire problem of misinformation requires further collaboration within the larger digital content ecosystem.
Why is attribution important if a creator used AI tools?
Artificial intelligence (AI) is a powerful tool that will help creators tell their stories, but it is not a creator itself. Behind the use of synthetic media and AI are people and organizations wielding these tools. The CAI creates a system that attributes both the tools used and by whom to keep aligned with the overall CAI efforts around transparency.
Will you tell me if a picture is fake?
No – the CAI does not make judgements about the content of an image, so we will not label content as fake or inauthentic. Instead, the standard enables creators to transparently share the details of how they created an image. This way, an end user can access context around who, what, and how the picture was changed — then judge for themselves how authentic that image is.
Data and privacy
Where does CAI data live?
CAI data can either be embedded into the content file itself, or stored in Adobe’s Content Credentials cloud, a public, persistent storage option for content attribution and history data. Publishing to this cloud will help keep your files smaller and make their Content Credentials more resilient and recoverable.
Why is there a gap in an image’s CAI data?
If a creator uses a non-CAI-supported tool to edit a piece of content, or if they’re working in a CAI-supported tool without CAI capabilities turned on, then the data of any actions in those spaces won’t be captured. We will make sure to show when this data is missing. The CAI will keep promoting transparency and encouraging the use of CAI-supported editing workflows, but we ultimately believe that any CAI process should be explicitly opted into.
What if CAI data is stripped from an image?
Because CAI does not enforce digital rights management considerations around metadata, it's possible for individuals or applications to strip CAI data from a file. If you inspect a file on the CAI Verify website and find that it has no Content Credentials, you may be able to find Content Credentials associated with the file on the Verify site by searching for possible matches.
Can a user change data after it is signed?
CAI data is tamper-evident, meaning it will be clearly identified and shown when something has been improperly changed. It is not possible to create a fake history of CAI data, and because we use cryptographic verifiability, it will be evident if someone tries to create one. The Verify website will show this information so viewers can determine if the content is untrustworthy.
What happens to CAI data if an image is cloned or someone takes a screenshot of it?
Our system doesn’t prevent anyone from taking a screenshot of an image, but it will indicate when a file does not have historical data. A screenshot of an image wouldn’t include CAI metadata from the original file.
How is CAI addressing privacy concerns?
Protecting privacy is one of our guiding principles, so no CAI information is signed without an explicit user action to turn the feature on. Users can also control which categories of data they want to attach to their content. For those with unique privacy needs (e.g., human rights workers in authoritarian countries), the standard offers an option to redact PII (Personally Identifiable Information).
Content Credentials
What are “Content Credentials?”
We refer to the CAI metadata associated with a piece of content as Content Credentials. This is the metadata that shows people the attribution and provenance details behind all the ingredients used to make the final content. If something has Content Credentials, it was most likely created or downloaded using CAI-enabled tools.
How are Content Credentials different from current metadata formats?
The main difference between Content Credentials and existing metadata is CAI technology uses cryptographic file signing. We use cryptographic asset hashing to provide verifiable, tamper-evident signatures that show the image and metadata haven’t been unknowingly altered. CAI claims can be used to secure common metadata such as EXIF, IPTC, and XMP.
How do I add Content Credentials to my images?
The CAI has many efforts on the horizon to create user-facing tools for collecting and attaching CAI metadata to content. One way to attach CAI metadata is through the Adobe Photoshop feature called Content Credentials (Beta). The feature is in ongoing development and is one of many ways content authenticity efforts are being brought to life. If you are interested in signing up for news and updates about CAI tools, please subscribe to our mailing list.
Will Content Credentials work on non-Adobe products?
Yes – CAI collaborators are creating an open standard, and we encourage the digital media ecosystem to join in adopting and implementing this standard. Interoperability is one of our guiding principles.
What information is listed in the “Produced by” section?
For people exporting content using Content Credentials (Beta) in Adobe Photoshop, “Produced by” will refer to the chosen name associated with their Adobe ID. For non-Adobe products, “Produced by” may refer to the name of the exporter. Over time, as further CAI-enabled products are put into general use, you might see different attribution data associated with images, such as distributed storage information or editorial staff.
Is “Produced by” referring to the copyright holder?
Not necessarily – Copyright and licensing are legal definitions enforced and recognized by an appropriate governing body. Right now, the “Produced by” data item shows which Adobe user exported the content from Photoshop. This info may be used to help users find the copyright holder but is not sufficient to determine that alone.
What does “Signed on" mean?
The date you see refers to the time that the CAI data was digitally signed, or the date the content was exported with Content Credentials attached. Some devices will capture an image and sign it at the same time, so the date will also represent when the photo was taken. However, many images have different times of capture and distribution.
What does “Secure image” mean?
A “secure image” is an image captured using cameras and smartphones with CAI specifications integrated deeply into the secure execution environments. The CAI presents a baseline standard for manufacturers to provide this level of security on their devices to collect and secure data.
Misuse
Can I use Content Credentials (Beta) to claim other people’s work as my own?
No – a user can only attach their name to exported images as a producer. This only shows other people that the user exported the content and does not necessarily mean they created it.
Content Credentials (Beta) in Photoshop is not yet able to show who created a piece of work, but does capture and note when images were copied or placed into a new Photoshop document. If we can’t show the full trail of a file back to its creation, people will be able to see that reflected in the Content Credentials. We also make it clear when we don’t have that information.
Can I cherry-pick which data I share?
Not necessarily – You can choose the categories of Content Credentials you attach to your work, but you cannot pick and choose which pieces of data are included within those categories. You can choose to include Edits and activity, Produced by, Connected accounts, and the specific accounts connected to Content Credentials (Beta). But if you include these, you can’t hide specific pieces of data, and all of what’s attached to your content can be viewed by others on the Verify website.
Can I use bugs in Content Credentials (Beta) to hide info about my work?
No – during this public beta, some features and experiences are still in development and some bugs may appear. As we work to fix these bugs, we’ve made sure anytime they occur that they are labeled clearly. This is so people can be aware of any missing info or errors that might affect how they interpret the Content Credentials on a piece of content.