After mentioning this idea of somehow being able to authenticate the source of a photo, I’ve implemented and tested the idea. Here is an update on the project.
I added the ability to federate the system using only a DNS dependency. The point is that for those who are very privacy conscious, they can handle their own data and their own server. They can even change the algorithms used to sign the images, as long as they stick to the format and API standard.
The system currently relies on local user registration, which is a security issue because an email address is a weak way to verify identity, but code is included to support OAuth (Google, Github, others possible). I just don’t have a business account to set it up. Eventually, we could imagine a 2-layered system that checks phone number via SMS, or any other stronger form of identity verification.
I added API keys and an API backend to allow for automation. We can imagine that photo applications could publish your photos and link them together automatically and transparently. I included a small bash script that signs and downloads a whole folder of images to show how it could be automated in your scripts or in applications.
Don’t consider it production ready yet, but it’s getting there.
I’ve made the specs and code available on Github: https://github.com/cedric-r/chain-of-custody
#Photography #CoC #Authorship