What is verify.vwfndr.camera?

This site can verify whether an image was captured by a genuine VWFNDR™ camera by validating its Content Credentials.

Why does it matter?

When a photographer takes a picture, they capture a moment in time: something real.

Online, those pictures get mixed with many others, making it harder to tell which are authentic and which are manufactured.

In that world, Content Credentials provide evidence about the origin of an image. At VWFNDR™, we use them to prove what matters most to us: did a camera capture that image?

What are Content Credentials?

While a JPEG or a DNG file already carries information about how it came to exist, that metadata can be easily edited by anyone with access to the file, thus making it untrustworthy.

Content Credentials are a set of signed, tamper-evident records attached to an image. In the case of a camera, they are attached at the moment of capture.

What does "signed" mean?

Records are signed by their author: the camera or software that created them. This signature can be verified on sites like this one to confirm whether the author is genuine, and by extension, whether their records are too.

What about "tamper-evident"?

Records are tamper-evident. This means that if the records or the image they are attached to were to be modified, the signature would become invalid and the records rejected.

How does it work for VWFNDR™ cameras?

Upon taking a picture, the camera constructs a record of that capture: when it was taken, which device took it, and a fingerprint of the image's pixel data. That record is then signed and embedded in the image file before saving it.

Who signs it?

The signature comes from a unique cryptographic key that lives inside the device's Hardware Security Module (a secured physical chip protecting such keys) which can only be used by the camera software.

How is this key trusted?

Before it's able to sign records, the camera first obtains a certificate by proving to our servers its key genuinely lives in hardware, and that the software operating it is unmodified and up-to-date.

This certificate is then embedded as part of the records the key signs and allows anyone verifying the image to trace the credential back to its source against a list of trusted issuers1.

What is C2PA, and what does VWFNDR™ have to do with it?

C2PA is an open industry standard for Content Credentials developed by Adobe, Microsoft, the BBC, and others. It defines how records should be structured, signed, and verified.

VWFNDR™ cameras were independently evaluated by the C2PA Conformance Program and deemed conformant to the highest trust tier of the standard. This means the way they capture, sign, and protect records fully satisfies C2PA requirements.

Do you do anything differently?

VWFNDR™ differs from the standard by not relying on a program-conformant authority to issue certificates to cameras. Instead, we operate our own certification servers under the same terms2 a program-conformant authority would.

This approach allows us to offer authenticity for free, without the need for a subscription or any other fees.

1: the trust list used to verify VWFNDR™ images is publicly accessible at verify.vwfndr.camera/trust-list­ — Return to text

2: this includes verifying that the camera's hardware and software meets the C2PA requirements for Assurance Level 2 before issuing certificates, and storing our servers' keys in FIPS 140-2 Level 3-certified Hardware Security Modules — Return to text