On Photography and the Current Era, and My Intrusion

It was not long after the invention and proliferation of photography that photographs were used as legal evidence and scientific record. Though photographs were often accepted as an accurate portrayal of reality, there were a great variety of methods used to develop these images (Protochrome is named after one of the earliest of these methods used for color photography, known as photochrome), so there isn't one singular 'reality' that can be captured by photography. As the methods and technologies of photography stabilised and standardised, particular technologies and methods were chosen to capture certain desirable facets of particular photographic subjects, and to portray images attuned to the human eye rather than how the subjects reflect light in nature.

Though photography still maintains a significant status as legal and scientific record, the authority of photographic images themselves isn't necessarily so high. Artists have stretched the limits of illusion and photographic reality since the advent of artistic photography. More recently, digital manipulation has made almost any image questionable. Even in scientific and journalistic venues, the images are only trustworthy because we trust them: we trust scientific, journalistic, and other institutions to not deceive us for a variety of reasons. We may believe that they would not be able to sustain themselves if they were found to have falsified images, we may trust that they have no motive or interest in misrepresenting images, we may trust some person or organisation who lends their trust to these institutions. Like many technologies, they only work as they do because society has developed the conditions to allow them to work as they do.

Protochrome is an attempt to counteract the emergence of the manipulation of photos. Protochrome provides an interface to take photos, and immediately generates a signature of the image, before the image can be altered. This signature is uploaded to and stored on a server, and anyone with the the unaltered photo image can check that the image is indeed the same unaltered photo. The basic mechanics of the initial verification are relatively straightforward: the app captures a photo, generates the signature, saves the photo, and uploads the signature. Beyond this core process, there are a variety of security checks to ensure that there are no other ways to upload a signature from outside of the app, only signatures for newly-taken photos can be uploaded, and that none of the code in these processes have been corrupted or modified.

But, above all else, Protochrome can only verify images if you grant it the authority to do so. At this point, it might be advisable to not do so. I don't have the credibility of a newspaper or an academic journal. At this point I don't have any institutional backing either. I have no intention to manipulate any part of the system I've created, and would like to see it used as intended by anyone who might desire to use it, so if you are willing to give me your trust, please enjoy and use the app however you like.

That said, beyond your personal trust in me, there are other reasons why this system as it stands might not be completely trustworthy. The system hasn't received much external vetting, and at the present moment I can think of at least one technically conceivable way around the security systems. Though the infrastructure is as properly secured as I have the capacity to make it, it is still hosted on cloud systems which I don't have complete control over, as well as Apple's operating system. This relies on some of Apple's more most recent security APIs, which relies not only on Apple's willingness to faithfully host the software I have provided them, but also on the strength and independence of their security apparatus. Further, as an individual, I doubt I can secure the service against state-level threats. With or without trust in me, overall trust in the system must depend on a variety of moving parts.

Through Protochrome, verifiable photography has the potential to become accessible to a much broader population than ever before.

In its current interation, minimal moderation is being done on this system. The ways in which this system handles data does not permit it to store illicit content (or any content, beyond short hash strings and timestamps), but there may be ways in which actors might use aspects of this system for potentially illicit means while operating within the intended bounds of the system. Because of the architecture of the system, its operators cannot know how or why the system is used, nor can the operators know the contents or subjects of the images verified. The operators can only determine roughly when the system is used. For this reason, any moderation must stem from the monitoring the contexts on the broader internet where this is used. Some of this monitoring will occur, though due to the vastness of the internet and the very limited resources available, its reach will not be sufficient. If you observe Protochrome being used in a suspect or particularly curious way, please contact us (at the address at the bottom of this page).

At the moment, neither the app nor the server components of this system are open source. The source code to one or both of these pieces may be made available at some point in the future, potentially after both internal and external security auditing, and if the release of the source code would serve to benefit society at large.

Elijah Cohen (eli173 at