Photo Authenticity Checker

Verify EXIF & C2PA metadata to check if a photo is authentic, AI-generated, or has been edited — no upload, runs entirely in your browser.

🔍
Drop a photo here or click to browse
JPEG · PNG · WebP — processed locally, never sent to a server
Preview

How it works

This tool reads the hidden metadata layers embedded in photo files without sending anything to a server. Three independent signals are checked:

1. EXIF metadata Reads camera make/model, lens, ISO, shutter speed, aperture, date/time, software used, and GPS coordinates — the digital fingerprint a real camera leaves behind.
2. C2PA content credentials Checks for a cryptographically signed provenance manifest (the Coalition for Content Provenance and Authenticity standard). If present and valid, it can assert the image origin, AI generation, or edit history in a tamper-evident way.
3. AI-generation signals Looks for tell-tale software tags (Midjourney, DALL·E, Stable Diffusion, Adobe Firefly, etc.) in EXIF Software, XMP Creator Tool, and IPTC fields. Missing camera fields combined with AI software tags are a strong indicator.
4. PDF report Every finding is compiled into a clean A4 PDF you can download and share — useful for journalism, legal review, or content moderation workflows.

Privacy note: Your photo never leaves your device. All processing happens in JavaScript running locally in your browser tab using the exifr library and the pdf-lib library.

Frequently asked questions

What does "no EXIF data" mean — is the photo fake?
Not necessarily. Many platforms (Twitter/X, Facebook, WhatsApp, Telegram, Signal) strip EXIF metadata on upload to protect user privacy. A photo shared via these platforms will appear clean even if it was taken on a real camera. The absence of EXIF data alone is not proof of manipulation — it is simply evidence that metadata was removed at some point. Look for other signals, such as visual inconsistencies, or ask for the original unshared file.
What is C2PA and what does a valid C2PA manifest prove?
C2PA (Coalition for Content Provenance and Authenticity) is an open standard backed by Adobe, Microsoft, Sony, the BBC, and others. A C2PA manifest is a cryptographically signed block embedded in the file that can record the capture device, creation software, any edits, and whether AI was involved. A valid signature means the manifest has not been tampered with since signing. However, C2PA adoption is still early — most photos in the wild do not contain one, which is normal rather than suspicious. Cameras like the Leica M11-P and Sony Alpha 9 III now embed C2PA signatures natively.
How does the tool detect AI-generated images?
AI image generators typically write their name into the EXIF Software field, XMP CreatorTool, or IPTC Source field. Known signatures include "Midjourney", "DALL-E", "Stable Diffusion", "Adobe Firefly", "Runway", "Imagen", and similar. The tool also flags photos that have no camera make/model and no shutter/ISO data — fields a real camera always writes — as a secondary indicator. A C2PA manifest may additionally carry an explicit ai.generated assertion. No single signal is conclusive; the tool shows all evidence and lets you judge.
Can EXIF data be faked or removed?
Yes. EXIF data can be edited with tools like ExifTool, Lightroom, or Photoshop. A bad actor can write a fake camera make/model or remove the Software field to hide AI generation. Conversely, social-media platforms remove metadata automatically. This is why C2PA was created: a digital signature cannot be forged without access to the creator's private key. For high-stakes verification, a valid C2PA signature from a known signer is much stronger evidence than EXIF tags alone.
What file formats are supported?
JPEG (the most common format and the best EXIF coverage), PNG (supports XMP and some EXIF chunks), and WebP (limited metadata support). RAW formats are not currently supported. HEIC/HEIF support depends on your browser. For best results, use the original uncompressed file straight from the camera or AI generator before any platform upload.