Blog · Document timestamping

How to prove your photo existed before AI scraped it (without a lawyer)

A working photographer ships a portrait on a Tuesday. Six months later a similar image surfaces in an AI-generated set, and the argument over who shot what begins. Whoever can date the file earliest, against a record the other side cannot edit, wins. Whoever is relying on metadata, cloud-sync timestamps, or a saved email loses, because each of those can be edited by the person holding the file.

This is the next phase of a dispute pattern that already played out in music (sample arguments), in writing (plagiarism), and in illustration (style mimicking). Photographers are now the cohort with the most exposure — a stock-image-provider lawsuit over twelve million scraped images is in active litigation as of mid-2026 — and every working photographer either has a "is that mine?" story brewing or knows someone who does.

The standard answer is EXIF metadata plus RAW files plus cloud backups. That is three plates spinning, all of which can be edited, deleted, or lost, and none of which produce evidence a third party would treat as definitive.

This post walks through the better answer: cryptographic timestamping — a way to lock today's date to a file's contents such that the only path to forge the claim is to re-mine the entire Bitcoin chain. No reasonable adversary will do that for a wedding shoot.

The fundamental tool: OpenTimestamps

OpenTimestamps is a free, open protocol that works like this:

1. Compute the SHA-256 hash of the file. The hash is 32 bytes and reveals nothing about the photo.

2. Submit the hash to one of roughly five "calendar servers."

3. Each calendar batches many users' hashes into a single Merkle root and writes that root into a Bitcoin transaction approximately once per hour.

4. The submitter receives a small .ots proof file. The proof says: this hash is provably included in Bitcoin block N, mined at time T.

Verification is the inverse: given the original file plus the .ots proof, anyone with a Bitcoin node — or with the public chain — can confirm that the hash existed at time T. No trust in any server is required at verification time.

This is the strongest available proof-of-existence anchor. It is free, it is permissionless, and it does not go away if any single company disappears.

The catch with raw OpenTimestamps

OpenTimestamps is a strong protocol, but the default interface is a CLI:

pip install opentimestamps-client
  ots stamp photo.jpg
  # ... wait ~1 hour for the calendar to publish the block ...
  ots upgrade photo.jpg.ots
  ots verify photo.jpg.ots

A reader who is comfortable in a Python shell can stop here and run it directly. For the working photographer who does not live in pip install, the CLI is a wall — a Python environment, a working build chain for native bindings, terminal comfort, and the discipline to file .ots files alongside RAW photos. Most photographers will not do any of that. So most photos go unanchored, and the AI-vs-real disputes happen with no usable evidence on either side.

A simpler path: drop the file in a browser

Orphograph wraps OpenTimestamps with a browser-based workflow:

1. Open the site, drag the file onto the drop zone.

2. The hash is computed locally in the browser using WebCrypto. The image bytes never leave the device.

3. The receipt — a JSON file plus five OpenTimestamps proofs — downloads as a single bundle.

4. The block-pinning upgrade happens automatically over the following hour; the receipt updates from "pending" to "block-pinned at block N."

The receipt verifies later against any Bitcoin node using the open-source verifier published at orphograph.com/verify/ — no Orphograph dependency. The receipt is designed to outlive the issuing service.

Pricing: the free tier covers three anchors per 24 hours. A Pack of Fifty is $29 (one-time, credits never expire); a Standing Order is $9/month for unlimited. Packs are one-time purchases, credits never expire.

Three working paths for a portfolio

Pick the path that matches the reader's comfort level. The defensibility is identical across all three — the same OpenTimestamps proofs land in the same Bitcoin blocks.

Path A — free, technical (use OpenTimestamps directly)

pip install opentimestamps-client
  # anchor:
  ots stamp my_photo.jpg
  # returns my_photo.jpg.ots — save it next to the photo
  # upgrade after 1 hour to get the full Bitcoin merkle proof:
  ots upgrade my_photo.jpg.ots
  # verify any time:
  ots verify my_photo.jpg.ots

Cost: $0. Time: about five minutes per photo plus a one-hour wait. The protocol is being used directly, with no wrapper.

Path B — free, browser (drag-and-drop, up to three per 24 hours)

Visit orphograph.com, drop a photo onto the box, save the receipt bundle. The free tier covers three anchors per 24 hours, permanent.

Cost: $0. Time: about ten seconds. Save the bundle to whichever cloud-sync service or external drive holds the rest of the photo backup.

Path C — Pack purchase (when batch volume exceeds the free tier)

A Pack of Fifty ($29 one-time, credits never expire) clears the rate limit for batch sessions — for a wedding shoot, a fashion-week catalog, or a back-catalog upgrade. Packs are one-time purchases, credits never expire, and the claim code is delivered by email so receipts continue to flow even if the original payment device is replaced. The card-checkout receipt is the invoice; the email carries the claim code.

What this does not do

The limits matter — disputes around AI training are being litigated, and a holder of a receipt should know exactly what it will and will not prove.

A timestamped hash proves:

• A specific byte sequence existed at or before time T.

A timestamped hash does not prove:

• That the holder authored the file. Anyone with the file can anchor it. If a photo is published to a public surface on Day 1, an adversary can anchor it the same day as the creator.
• That the file was produced by a camera rather than generated.
• That the file is legally authentic under eIDAS or any national qualified-trust-service-provider framework. For that, a notary, a qualified TSA, or both are required.

The right framing is: anchor immediately at capture time, while the file is still only on the camera and the laptop. That gap — file exists privately, file does not yet exist publicly — is the temporal moat. Anchor RAW files before posting JPEGs. Anchor a wedding selects folder before delivery. Do not wait until after publication.

What to do this week

For a working photographer, the minimum-effort path is:

1. Pick the most distinctive image from the last week — the one a dispute would hurt most.

2. Anchor it. Free, about ten seconds.

3. Save the receipt bundle to wherever the photo backup lives.

4. If the date is ever disputed, hand over the receipt and the open-source verifier link. The math is the trust.

Further reading

• OpenTimestamps protocol: opentimestamps.org.
• Orphograph open-source verifier: orphograph.com/verify/.
• eIDAS-grade timestamps, for legally binding contexts: consult the relevant national qualified-trust-service-provider list. EU — the European Trust List. UK — the ICO trust list. US — there is no federal QTSP regime; consult a digital-evidence attorney.

Real-world use cases settled with a Bitcoin-anchored receipt are the most useful input the office can receive. The office keeps a public record of cases where the customer consents to publication; write to the office to share one.

Orphograph is a Bitcoin file-timestamping service. Three free anchors every 24 hours. Pack of Fifty: $29 one-time, credits never expire. Standing Order: $9/month for unlimited. Open-source verifier. The file's bytes never leave the browser; only the hash is submitted. Try the sample receipt without signing up. Related: the step-by-step model-cutoff walkthrough. Method overview: how the protocol works end-to-end.

Published 2026-05-17. More from the blog.

Start here: What this office actually does.