What Are C2PA Content Credentials — and Can You Remove Them?
There is a new kind of metadata spreading through the creative ecosystem — and it's more revealing, more persistent, and more misunderstood than anything in a standard EXIF profile.
It's called C2PA content credentials. If you've exported anything from Adobe Photoshop, generated images with Midjourney or DALL·E, or shot video on a newer Sony or Leica camera, there's a good chance your files already contain them. Most creators have no idea this data is there, what it discloses, or that removing it requires a different approach than stripping standard EXIF.
What Is C2PA?
C2PA stands for the Coalition for Content Provenance and Authenticity — a consortium including Adobe, Microsoft, Google, Sony, the BBC, and Arm. They developed a technical standard for embedding cryptographically-signed provenance data inside media files.
A C2PA manifest embedded in your image or video can contain:
Whether the content was generated or edited by an AI tool
Which specific AI model was used (Firefly, DALL·E, Stable Diffusion, etc.)
The software application that created or processed the file
A full edit history — what was changed, when, and by what tool
The identity of the creator or organization if the credential is signed
GPS location and device data for camera-captured content
Unlike standard EXIF data — which is a simple list of key-value fields — a C2PA manifest is cryptographically signed. That makes it both harder to selectively modify and far more detailed than anything a camera's EXIF profile typically contains.
Why This Creates Real Privacy and Business Risk for Creators
C2PA was designed with good intentions: fighting misinformation, authenticating journalism, and proving content is human-made. But the same infrastructure that verifies authenticity can expose information you didn't intend to share.
If you use AI tools in your workflow — even minimally, for tasks like noise reduction, upscaling, generative fill, or background removal — C2PA credentials from Adobe tools will tag the output with which AI was used and to what degree. Some clients and agencies contractually prohibit AI use. An embedded manifest is discoverable evidence.
If you shoot on newer cameras, Sony's A9 III and ZV-E1, and Leica's M11-P, embed C2PA signatures at the hardware level. These are harder to remove than software-embedded credentials and include GPS and camera serial data signed into the chain.
If you publish to social platforms, LinkedIn and YouTube now surface C2PA provenance labels directly to viewers — including AI-generation flags — based on embedded credentials. A minimal AI assist can result in a public "AI-generated" label applied to your content, regardless of whether that label reflects the spirit of what you made.
If you license or sell content, embedded credentials create an audit trail buyers can inspect. Stock agencies including Getty and Shutterstock have policies around AI-assisted content — and a signed C2PA manifest is the clearest possible evidence of what tools were used.
How Is C2PA Different from EXIF?
Standard EXIF removal tools — even good ones — don't touch C2PA manifests. The two systems live in different parts of the file structure and use different encoding formats.
There are three key differences:
1. Cryptographic signing. A C2PA manifest is signed with a digital certificate. Selectively altering the file after signing invalidates the signature. This is intentional — the standard is supposed to be tamper-evident. Removing the manifest cleanly (rather than corrupting the signature) requires a tool that understands the C2PA structure.
2. Depth of information. A C2PA manifest can include references to parent files, edit operations, linked identity records, and tool-version metadata that standard EXIF profiles don't touch.
3. Tool-specific embedding. Different tools embed credentials differently. Adobe Photoshop and Lightroom use JUMBF (JPEG Universal Metadata Box Format). Newer cameras use their own signing chains. A removal tool needs to handle each implementation.
Which Files Can Carry C2PA Credentials?
C2PA is format-agnostic and expanding quickly. Files that may contain credentials:
JPEG, PNG, WebP, TIFF — exports from Adobe Photoshop, Lightroom, Firefly, Midjourney, DALL·E, and other tools
MP4, MOV — video from C2PA-enabled cameras or AI video platforms (Runway, Sora exports)
PDF — credentialing workflows in publishing and legal contexts
Audio files — emerging use case for AI voice and music content
How to Remove C2PA Credentials Without Uploading Your File
This is where most tutorials get it wrong: they point you toward online tools that require uploading your file to a server. For a task motivated by privacy, that's a fundamental contradiction.
Metadata Cleaner handles C2PA manifest removal entirely inside your browser. Your file is processed locally on your device using client-side JavaScript — no upload, no server, no data leaving your machine.
How it works:
Open metadatacleaner.app in any browser
Drop your image or video file
The app strips the C2PA manifest along with all standard EXIF and XMP data
Your cleaned file downloads directly — same filename, smaller size
For images, the tool re-encodes the pixel data through the browser's canvas API, producing a fresh file with zero embedded metadata of any kind. For videos, it performs in-place byte manipulation on the file structure — neutralizing metadata containers without re-encoding the video stream, so quality is preserved completely.
Should You Remove C2PA Credentials?
There are legitimate reasons on both sides of this decision.
Reasons to keep them: C2PA credentials can protect your authorship, prove content is authentic, and satisfy platforms or clients who require provenance disclosure. If you're a journalist, brand, or organization that benefits from verified content provenance, keeping credentials makes sense.
Reasons to remove them: Privacy, client requirements, workflow confidentiality, or the fact that a minimal AI assist is being flagged in ways that misrepresent your work. The principle is simple: this data is about your work and your process. You should have the choice of whether and how it travels with your files.
Your Files, Your Data
C2PA credentials represent a new category of metadata that most creators don't know is there — and most metadata tools can't remove. As platforms increasingly read this data to surface labels and make distribution decisions, knowing what's embedded in your exports becomes part of the job.
Check your files at metadatacleaner.app →
Free. No install. Processes everything locally — your files never leave your device.
