Remove C2PA
Content Credentials
Strip C2PA content credentials, AI provenance manifests, and Adobe edit history from your images and videos. Works on the signatures embedded by Firefly, Photoshop, ChatGPT, DALL·E, and Microsoft Designer.
What is C2PA?
C2PA — the Coalition for Content Provenance and Authenticity — is the cryptographically signed metadata block that says “this image was generated by [tool] on [date]”. Adobe, Microsoft, OpenAI, and others embed it. Instagram and Facebook read it to add the “Made with AI” label.
The signatures are cryptographic and tamper-evident — but they ride in a metadata box outside the pixel data. In JPEG they live in an APP11 (JUMBF) segment; in PNG, in a caBX chunk; in MP4/MOV, in a uuid box with the C2PA UUID. Re-encoding via a canvas (for images) or remuxing the container (for videos) leaves all of them behind.
Tools that embed C2PA today
- Adobe Firefly — everything it generates is signed.
- Photoshop Generative Fill — signs edits made with Generative Fill.
- ChatGPT image generator (DALL·E 3) — signed since spring 2024.
- Microsoft Designer / Image Creator.
- Some Google models — selective rollout in 2024.
What this tool does, exactly
For images: re-encodes through a browser canvas, which produces a brand-new file from the pixel grid alone. Every metadata block outside the pixels — including C2PA — is left behind.
For videos: remuxes the container with -c copy -map_metadata -1 via in-browser ffmpeg.wasm. No re-encoding; same pixels and audio; just the metadata atoms dropped.
Limits
Removing C2PA removes one signal platforms use. It doesn’t remove pixel-level AI watermarks (SynthID, etc.) and doesn’t override user self-disclosure on upload. Test on a low-stakes post first.
Frequently asked.
Is it legal to remove C2PA content credentials?+
C2PA is metadata, not a copyright signal. Removing it from your own files is generally fine. Removing it from someone else's work and republishing as your own is a different question — that's plagiarism regardless of metadata.
Does removing C2PA always stop the Made with AI label?+
Often, but not always. Meta uses C2PA as one input among several (model-disclosure metadata, user self-disclosure, internal detectors). Removing C2PA removes one trigger; other triggers may still apply.
Will the recipient know the file was 'sanitized'?+
There's no special flag. A C2PA-stripped file looks like any other file with no C2PA manifest — same as a phone snapshot or a file from a tool that doesn't sign. It's only conspicuous to detectors that flag the *absence* of expected credentials.
Does it work on video C2PA too?+
Yes. Drop an MP4, MOV, or WebM and the remuxer drops the uuid box where C2PA lives, alongside udta and meta atoms. Same one-tool, one-drop interface.