Why does every C2PA provenance chain break the moment content hits social media?
Opportunity
C2PA cryptographic manifests are embedded in the file itself and survive storage and direct sharing, but every major social platform, including Instagram, X, LinkedIn, and TikTok, strips those manifests during upload transcoding and re-encoding as of 2026. The result is that a piece of content can be signed by a camera, a newsroom, and a regulatory-compliant AI generator, yet arrive in a feed with zero provenance information attached. The EU AI Act Article 50 and California SB 942 require machine-readable disclosure on AI-generated content, but metadata-only compliance dissolves at the exact distribution point where most people actually see content. No mechanism exists today to either force platforms to preserve manifests or to reconstruct provenance after stripping without a trusted third-party ledger that did not exist at capture time.
Why it matters
C2PA is becoming a regulatory baseline while the primary distribution layer actively destroys its signal, making the standard practically unenforceable where it matters most.
How I score the opportunity
The Opportunity Score is my own read, not a measurement: how much it hurts, how often it bites, and how little exists to solve it today. Higher means I think it is more worth building.
How much pain it causes when it shows up.
How often people actually run into it.
How little good tooling exists for it today.
More problems worth solving
Why is the software we depend on most the worst to use?
TechWhy do I still own none of the data I generate?
TechWhy can I not get a receipt proving my data was actually deleted?
TechWhy can I not know if what is running matches what my SBOM declared?
TechWhy does critical open source software still depend on one exhausted maintainer?
TechWhy is there no recovery path when a breach leaks my biometrics?