You can disagree, but then how do you account for working examples of forgeries using tools provided by C2PA members? (I don't just say there are problems; I demonstrate the problems.)
Creating a forged signing certificates: https://www.hackerfactor.com/blog/index.php?/archives/1037-C2PA-and-Untrusted-Certificates.html
Altering "cryptographically signed" timestamps with nothing more than hexedit: https://www.hackerfactor.com/blog/index.php?/archives/1031-C2PA-from-the-Attackers-Perspective.html
And a long list of other vulnerabilities: https://www.hackerfactor.com/blog/index.php?/archives/1010-C2PAs-Butterfly-Effect.html
In my opinion, C2PA is nothing more than snake oil.
Hacker Factor /
npub1ju…sse9n
2024-08-05 01:17:25
in reply to nevent1q…284t
Author Public Key
npub1juzxwk54l455a96gh2ujty02wt3urjhht4q2uwzq8ctjvt26e88q7sse9nPublished at
2024-08-05 01:17:25Event JSON
{
"id": "79c275cfb1c6fbe69db2691e9b6f87622418cb7b33a5e2d36f8d78f6557900fc",
"pubkey": "9704675a95fd694e9748bab92591ea72e3c1caf75d40ae38403e17262d5ac9ce",
"created_at": 1722820645,
"kind": 1,
"tags": [
[
"p",
"2f3afe951cf211bd163306f5698222e2f16c25b928743efba74f3d135d848c10"
],
[
"p",
"9704675a95fd694e9748bab92591ea72e3c1caf75d40ae38403e17262d5ac9ce"
],
[
"e",
"f7dc1df3c941d1665e4ef6be577ed170700ea18398441c4bb978151172266ae3",
"",
"root",
"2f3afe951cf211bd163306f5698222e2f16c25b928743efba74f3d135d848c10"
],
[
"p",
"8c3cd29c32329fabbe47614cc7be0051e2ae8fbb2779704462c9fa14d01840b8"
],
[
"e",
"a5e2a7781a02e1b8fe5e917e6c145fc97ee56b5f5bf12edbb2a566fc2e4a72c2",
"",
"reply",
"2f3afe951cf211bd163306f5698222e2f16c25b928743efba74f3d135d848c10"
],
[
"proxy",
"https://noc.social/@hackerfactor/112906773829547168",
"web"
],
[
"proxy",
"https://noc.social/users/hackerfactor/statuses/112906773829547168",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://noc.social/users/hackerfactor/statuses/112906773829547168",
"pink.momostr"
],
[
"-"
]
],
"content": "You can disagree, but then how do you account for working examples of forgeries using tools provided by C2PA members? (I don't just say there are problems; I demonstrate the problems.)\n\nCreating a forged signing certificates: https://www.hackerfactor.com/blog/index.php?/archives/1037-C2PA-and-Untrusted-Certificates.html\n\nAltering \"cryptographically signed\" timestamps with nothing more than hexedit: https://www.hackerfactor.com/blog/index.php?/archives/1031-C2PA-from-the-Attackers-Perspective.html\n\nAnd a long list of other vulnerabilities: https://www.hackerfactor.com/blog/index.php?/archives/1010-C2PAs-Butterfly-Effect.html\n\nIn my opinion, C2PA is nothing more than snake oil.",
"sig": "5bb866fe37530f9ade8a03c1586a451464eff375fb0027120f8d94549865174fe60d4249d8831537914091e61679b00a5b8f7552f4efd5b23f8ba16ef5e1e6a9"
}