7 min read
Media Authenticity: What a Timestamp Proves and What It Cannot
A Label 309 proof shows that a media file existed by a public time. Authenticity needs more: capture context, provenance, signatures, and human verification. Here is how the timestamp layer fits.
A Proof of Existence can show that a specific media file existed by a specific time. It cannot, on its own, prove that the scene in front of the camera was real.
That distinction is the whole point of this article. With Label 309, a photo, video, audio file, Content Credentials (C2PA) manifest, or newsroom evidence bundle can be hashed and anchored on Cardano. Later, anyone holding the file can check whether it matches the timestamped commitment. That is real and useful — but it is one layer in a larger stack. To establish where media came from, you still need capture context, provenance metadata, signatures, chain of custody, and human judgment.
What does a media proof actually prove?
It proves that an exact sequence of bytes existed by a public time.
Hash a photo, anchor that digest with Label 309, and later you can verify the same photo file against the on-chain hash. If the hash matches, the verifier knows the later file is byte-for-byte the same content committed at the recorded block time. No appeal to a server, a vendor, or an issuer identity is required — only the transaction metadata, the file, and a public Cardano explorer.
The same mechanism works for any digital asset:
- videos and audio recordings;
- raw photos and edited exports;
- thumbnails, transcripts, and captions;
- C2PA manifests;
- newsroom evidence bundles and camera-card manifests;
- social-media export packages.
This matters because digital media is trivially mutable. A public, independent commitment to the exact bytes makes silent replacement far harder to deny.
What does a media proof not prove?
It does not prove the camera saw the real world.
A synthetic image can be timestamped. So can a deepfake, a staged photo, or a video edited before it was ever hashed. A truthful file and a misleading file can both carry a perfectly valid Proof of Existence. The proof answers exactly one question — did these bytes exist by this time? — and nothing more.
It does not, by itself, tell you:
- who captured the file;
- where it was captured;
- whether the scene was real;
- whether the file was edited before timestamping;
- whether the subject consented;
- whether the file is lawful to use;
- whether the story around the file is true.
That honesty is the point, not a weakness. A timestamp is evidence of timing and integrity, not a window onto reality. (For a fuller treatment, see what a proof does not prove.)
If it does not prove reality, why is it useful?
Because timing and integrity are exactly what media disputes turn on.
Investigations routinely need to know whether a file existed before or after an event, whether a newsroom held a source file before publication, whether a disputed clip was altered after it was delivered, or whether an archive still holds the same file someone reviewed months earlier. A Proof of Existence gives all of those a stable, comparable anchor:
- this file existed before the public claim;
- this export is identical to the one that was reviewed;
- this source package existed before the article ran;
- this C2PA manifest existed before the takedown;
- this batch of assets existed before the campaign launched;
- this evidence bundle existed before litigation began.
None of these require trusting the publisher. They give investigators a fixed object to compare against, which is often the missing piece.
How does Label 309 work alongside C2PA?
They cover different parts of the problem and fit together cleanly.
C2PA — the Coalition for Content Provenance and Authenticity, surfaced to users as Content Credentials — is a structured provenance layer, not merely a timestamp. It describes how content came to be: creation, edits, ingredients, tool claims, and other signed assertions bound to the asset. Label 309 does the complementary job: it anchors a hash — of the asset, the manifest, or a Merkle root over many of them — to public Cardano time, with no named authority to trust.
A strong media-authenticity workflow can layer them:
- a device or capture signature;
- a C2PA manifest;
- the original file hash;
- the edited-export hash;
- a source-package manifest;
- a Label 309 timestamp anchor;
- chain-of-custody notes;
- newsroom or platform verification.
C2PA helps tell the provenance story. Label 309 proves when a specific version of that story existed. We go deeper on this pairing in Proof of Existence vs C2PA and why C2PA needs a time anchor.
What should a newsroom timestamp?
The evidence package, not just the published image.
When the goal is to defend a story later, the valuable thing to anchor is everything that supported it:
- original and source-provided media files;
- capture-metadata exports;
- C2PA manifests;
- transcripts and translation files;
- verification notes and geolocation evidence;
- reverse-image-search screenshots;
- witness statements and edit-decision logs;
- the published export and any correction records.
Most of this is sensitive and should stay private. That is fine: the public record only ever needs the hashes and Merkle roots. The underlying bytes can be kept offline, or sealed so the ciphertext is stored while the plaintext stays with the key holders.
How can a platform timestamp media at scale?
By anchoring batches instead of individual uploads.
A platform handling large volumes does not want one Cardano transaction per file. Instead it can periodically build a Merkle root over many media hashes, moderation records, provenance manifests, or transparency-report source data, and anchor a single root. For example:
- one root per hour for high-risk uploads;
- one root per day for removed-media evidence;
- one root per campaign for verified brand assets;
- one root per publication batch for partner media;
- one root per takedown evidence package.
Later, the platform can prove that any single asset or moderation record was part of a timestamped batch, by producing that item's inclusion proof against the published root. The mechanics are covered in one record for thousands of files.
How does this help with deepfakes?
It helps with timelines, not with magic detection.
A proof can show that an alleged original existed before a deepfake surfaced, that a platform received a disputed upload at a certain time, or that a creator's source file or project folder predated a misleading derivative. Those are real, decision-shaping facts in a dispute.
What it cannot do is look at a file and declare it real or fake. Deepfake detection, secure capture, provenance metadata, source validation, and human investigation all still do that work. The contribution here is narrower and more reliable: here is the earlier committed file or manifest, and here is when it existed.
Should the media itself be stored forever?
Sometimes — but think carefully before making plaintext permanent.
For genuinely public media, the file or manifest can be stored openly through content-addressed storage. For sensitive media, a sealed record is usually the safer choice: the encrypted ciphertext is preserved while the plaintext stays readable only to the intended key holders. Sealing keeps the content confidential, but it does not guarantee anonymity, and a recipient can still leak the plaintext once they decrypt it.
Long-lived media evidence has to weigh:
- privacy and consent;
- the safety of subjects and sources;
- legal privilege and source protection;
- retention policy;
- recipient access and future verification needs.
Permanent public storage of plaintext is rarely the right default. A permanent commitment to the hash is often all you actually need; the bytes can live wherever the situation requires. See confidential disclosure without public files for the sealed-record pattern.
What should creators keep?
The original file, and everything needed to explain the proof later.
A durable media-proof package generally holds:
- the original file and any edited exports;
- the manifest and the hash algorithm used;
- the Label 309 transaction reference;
- the C2PA manifest, if one was made;
- the Merkle leaf and inclusion proof, if the item was batched;
- the record's signing public key, if it was signed;
- source and chain-of-custody notes.
If some of these are lost, the proof itself usually still exists on chain — but it becomes much harder to explain and present convincingly. The on-chain anchor is the durable part; the surrounding context is what makes it legible.
The short version
Media authenticity is a stack, not a single feature.
Label 309 can prove that a specific media file, manifest, or evidence bundle existed by a public time, verifiable by anyone with the file and a Cardano explorer. It can support C2PA provenance, newsroom verification, legal evidence, platform moderation, and creator workflows — and it can do so without asking anyone to trust the publisher.
What it cannot do is prove reality on its own. Treat it as the timing-and-integrity layer inside a stronger authenticity process, and pair it with the provenance, signature, and human-verification layers that prove the rest.
Further reading
- Label 309 standard — the open, vendor-neutral specification behind these proofs.
- C2PA / Content Credentials — the provenance layer that pairs with a time anchor: c2pa.org, spec.c2pa.org, contentcredentials.org.
- Related posts: Proof of Existence vs C2PA, why C2PA needs a time anchor, what a proof does not prove, and one record for thousands of files.