How to prove a photo was not edited.

The short version

• Compute a SHA-256 fingerprint of the photograph file on your own device.
• Submit only that fingerprint — not the photograph itself — through a public timestamping protocol that writes the fingerprint into a Bitcoin block.
• Keep the resulting receipt with the original file. Anyone with the file and the receipt can verify the match using a public open-source verifier and a Bitcoin node.

What actually proves it

A digital photograph is a sequence of bytes. A cryptographic hash function — SHA-256 is the one used here — reduces that sequence of bytes to a short fixed-length fingerprint. Two photographs that differ by even a single bit produce different fingerprints. The function is one-way: the original file cannot be reconstructed from the fingerprint, but any copy of the file can be checked against the fingerprint in seconds.

Recording the fingerprint on the Bitcoin chain freezes it in a place no single party controls. A Bitcoin block, once a small number of further blocks have been mined on top of it, is for practical purposes a permanent public record of which data existed by the time of that block. If the fingerprint of a photograph was recorded in a specific block, then a copy of the photograph that produces the same fingerprint today is byte-for-byte identical to the file that existed when the block was mined.

An independent verifier reads the photograph, computes its fingerprint, reads the receipt, and checks the fingerprint against the recorded block. The verifier needs only the photograph, the receipt, and access to the public Bitcoin chain. No call to any private server is required.

The step-by-step

The following procedure can be done today with the file you already have on your device.

1. Identify the moment that matters. For a damage photo, that is usually the end of the on-site visit. For a journalistic image, the moment of capture or first transfer to a desk. For a finished portrait, the moment of export from the editing software.

2. Open the office at orphograph.com and drop the photograph onto the anchor area. The browser computes the SHA-256 fingerprint locally. The photograph itself does not leave the device.

3. The office submits the fingerprint through the OpenTimestamps protocol, which aggregates it with other submissions and writes the aggregate root into the Bitcoin chain.

4. A receipt is returned. Save the receipt alongside the original photograph. The pair — file plus receipt — is the evidentiary unit from this point forward.

5. When a dispute arises, hand the photograph and the receipt to the verifier. The verifier recomputes the fingerprint, reads the receipt, and checks the Bitcoin block. The verdict is binary: the file matches, or it does not.

The same approach scales to a folder of photographs — a job's images, an inspection set, a news shoot — using the folder-anchoring extension described at /method/folder-merkle.html. One receipt covers the whole set, with the option to later prove that any one photograph belonged to that set without revealing the rest.

Common questions

Is this admissible in court?

Cryptographic hash verification and electronic-records authentication are addressed in the federal rules of evidence and in several state statutes. A receipt anchored on the public Bitcoin chain has been used in real disputes as a way of authenticating the file's date. The grounding is described at /method/evidence-law.html. Whether a particular receipt is admitted in a particular forum is a question for that forum and the customer's counsel.

Does the office see my photograph?

No. The fingerprint is computed on the customer's device, in the browser or in the local command-line tool. Only the fingerprint — a short opaque string — is transmitted. The photograph itself never leaves the device. The reasoning is set out at /method/folder-merkle.html and /about-the-office.html.

What happens if the office disappears?

The receipt continues to verify against the Bitcoin chain without any participation from the office. The open-source verifier at /docs/verify.html works offline against a Bitcoin node. The chain is the trust anchor; the office is the convenience layer.

How much does it cost?

The free tier covers a small number of anchors per day, which is enough for most personal and small-business use. Paid tiers cover higher volumes and folder anchoring for working sets. Specific pricing is on the homepage.

How long does the proof last?

As long as the Bitcoin chain endures and the photograph's bytes are preserved. The receipt is a static file; the Bitcoin record is a public ledger. Neither expires.

What this does not prove

The receipt proves one narrow thing: the photograph existed in its present byte form by the recorded moment. It does not prove who took the photograph. It does not prove the photograph depicts what its caption claims. It does not prove the photograph was lawfully obtained. It does not prove the depicted scene is unmanipulated in the physical world. The receipt establishes the dated-existence floor on which other claims rest; the broader claims belong to the customer and any counsel.

Try it

The office is at orphograph.com. A walk-through of a first anchor is at /docs/quickstart.html. The mechanics are described at /method/folder-merkle.html. The independent verifier is at /docs/verify.html. The doctrinal grounding is at /method/evidence-law.html.