C2PA signs provenance at capture. Receipts.you signs an existing screenshot.
C2PA (Content Authenticity Initiative) is a camera-side and AI-tool-side provenance standard: Sony, Canon, Adobe, OpenAI sign content as it's created, embedding cryptographic credentials in the file. It's the right answer for 'I want to prove this photo came out of my Sony camera, unedited, on Tuesday.' It is not the answer for 'I screenshotted a tweet that's now deleted' — screenshots are not produced by C2PA-signing devices, and even if they were, the chain breaks at the moment of capture by a third party. Receipts.you fills the gap C2PA leaves: it signs files that already exist (no camera-side cooperation required) and proves WHEN the file existed (not who took it or that the content depicted is real).
If you control the capture device, use C2PA. If you're sealing a screenshot you already took — of a tweet, a DM, a website, a leaked screenshot someone sent you — use receipts.you. They're complements, not competitors. A photojournalist on assignment uses both: C2PA on the camera, receipts.you on the screenshots they capture from social-media sources during the same investigation.
Pick receipts.you if…
- You're sealing a screenshot of something on someone else's device (tweet, DM, web page).
- You need to seal a file you already have — captured before any provenance tooling was running.
- You want zero account, zero setup, browser-only, free.
- Your evidence is going to a court / regulator / journalist who doesn't have a C2PA-aware viewer.
- You need the proof to verify in any browser, on any device, with no special software.
Pick C2PA if…
- You control the camera or generation tool (you're a photographer, a news photographer, an AI-image generator).
- You need to prove the content has not been edited since capture (C2PA chains edits as signed claims).
- Your downstream audience is using a C2PA-aware viewer (some news platforms, some social platforms in beta).
- You need to distinguish AI-generated from camera-captured content at the source, not at the seal step.
Axis by axis
| Axis | receipts.you | C2PA | Edge |
|---|---|---|---|
| What it proves | The file existed at the timestamp shown. | The file was produced by a specific device or tool, and the edit history is signed. | both / tie |
| Capture-time vs. seal-time | Seal-time. Works on any file you already have. | Capture-time. Requires the camera / tool to support C2PA. | both / tie |
| Setup required | Open a URL, drop the file. No signup. | C2PA-capable hardware or software (Sony A1, Adobe Creative Cloud, etc.). | receipts.you |
| Cost | Free. | Free at protocol level; the C2PA-capable hardware costs whatever it costs. | both / tie |
| Verifier ubiquity | Anyone with a browser can verify. | Requires a C2PA-aware viewer; partial adoption across news/social platforms in 2026. | receipts.you |
| Identifies the creator | No — anonymous. | Yes — the signing device / tool / account is bound into the credential. | the other tool |
| Edit history | No — receipt is a single timestamp; an edited file is a different hash needing a separate receipt. | Yes — C2PA chains signed edit claims, so a doctored file shows the doctoring step. | the other tool |
| Works for screenshots | Yes — primary use case. | Not really — the screenshotting OS isn't a C2PA-signing surface in 2026. | receipts.you |
| Privacy of source file | Image never leaves your browser. Only the hash is sent. | The credential is embedded in the file itself, including device + account identifiers. | receipts.you |
| Open standard | Built on open primitives (SHA-256, ECDSA, OpenTimestamps); verifier is open source. | Open standard maintained by C2PA working group (Adobe, Microsoft, BBC, Intel, etc.). | both / tie |
Specific questions about this comparison
If I'm a photojournalist, should I use both?
Yes, in different parts of the workflow. C2PA at capture — your camera signs every frame. Receipts.you for any social-media screenshots you collect during research (tweets, DMs, web evidence) — those aren't C2PA-signable at capture because they originate on third-party devices. Two tools, two parts of the chain.
Will C2PA replace receipts.you when it's universal?
It can't — C2PA depends on the capture device cooperating with the standard. Screenshots of arbitrary content (tweets, DMs, leaked files from elsewhere) will never be C2PA-signed at source because the source isn't C2PA-aware. Receipts.you covers the after-the-fact provenance gap that C2PA structurally leaves open.
If I find an unsigned image, can I 'add C2PA' to it later?
You can sign a derivative claim, but it only attests to your handling of the file from the moment you signed forward — not to the file's original provenance. That's structurally identical to what a receipts.you seal does. C2PA is most powerful when the chain starts at capture; weakening it to a seal-time start brings it to parity with simpler tools.
Is C2PA more legally admissible than receipts.you?
Both rely on standard cryptographic primitives (ECDSA signatures, hash functions). Court admissibility is fundamentally about authentication and chain of custody, not about which standard's logo is on the credential. C2PA carries more name recognition with judges familiar with the news industry's adoption; receipts.you is simpler to verify if the court has standard cryptography tooling available. For high-stakes proceedings, lean on whichever your expert witness is more comfortable presenting.
Does C2PA support OpenTimestamps anchoring?
C2PA's claim signature is signed by the originating device or tool's key. It doesn't depend on an external timestamp anchor like OpenTimestamps; the timestamp comes from the signing entity's claim. This means the timestamp's strength depends on trusting the device manufacturer / tool vendor's key custody. Receipts.you's OpenTimestamps anchor adds an externally-verifiable layer that doesn't depend on trusting us specifically; that's an architectural difference, not necessarily better or worse.
Use the right tool for the moment.
For screenshots, deleted posts, ephemeral evidence: receipts.you. For camera-side provenance with creator identity: C2PA. Both are good engineering.