Proving creation time/date of a screenshot

Question

I have to produce a screenshot of a web page, and want to make sure others will know without any doubt that this screenshot has been produced today. That is, I would like to embed today's date in the screenshot as irrefutable proof the screenshot has been made exactly today.

Is there any way?

you could try digitally signing the file because all metadata of a photo can be edited — schroeder, Jun 26 '16 at 10:44
Someone **else** must sign the screenshot. Because nothing prevents you from signing it inserting false data. — Bakuriu, Jun 26 '16 at 12:38
You assumedly also want to prove that the screenshot is legitimate, that you didn't fake it (even if you can prove that your faked screenshot was uploaded at a certain date). — asmeurer, Jun 26 '16 at 17:20
If you did it yourself, you could easily spoof it using Developer Tools, even if the date was real. — noɥʇʎԀʎzɐɹƆ, Jun 26 '16 at 20:13
Do you want to prove the screenshot? Or the data represented by the screenshot? That is, you can craft an image that looks exactly like a screenshot but have the image show whatever you choose. Then you take a **screenshot** of your image and have your guaranteed date (but of false data). What exactly do you need to guarantee? Even a 3rd-party might have trouble providing a _guarantee_ that's useful. — user2338816, Jun 26 '16 at 21:04
web page screenshots are of no value, because browser developer tools allow to change the content easily in any way. same goes for photos of a screen. you as the owner of the computer have power to make it display anything — Display Name, Jun 27 '16 at 04:00
This question could be better specified. Right now, it's not clear what you are trying to prevent or what your exact goals are. Back-dating? Future-dating? Spoofing/manipulation/modification of the data in the screenshot? How much certainty do you want? etc. After getting some answers, you have posted several comments on other answers saying "Oh, wait, that wasn't quite the question I wanted to ask". Rather than posting those in comments, you should either edit the question (if this doesn't invalidate existing answers) or ask a new question that is better-specified. — D.W., Jun 27 '16 at 19:47
Cross-site duplicate? http://superuser.com/questions/1010186/how-to-prove-the-authenticity-of-a-screenshot — Thomas Weller, Jun 28 '16 at 12:40
I wonder why the date can be as or even more important than the content. How do you ensure that a) you haven't used a /etc/hosts entry to call a local copy which you have modified b) you haven't used a proxy that modified the content c) a man in the middle has modified the content — Thomas Weller, Jun 28 '16 at 12:47
@Someone_Else It is about time you showed up! We have a huge backlog of work for you. — , Jun 29 '16 at 14:53

score 72 · Accepted Answer · answered Jun 26 '16 at 11:55

72

If you want to prove to others that you took the screenshot on a specific date and not later, you will not be able to do it yourself, you will have to rely on some common trusted third party.

For low importance issues, this can be accomplished by simply posting the image on some well known public service where the date when the image has been posted will be mentioned. Be sure to check beforehand that this service does not offer any possibility to modify the picture without altering the upload date!

For higher importance issues, you will have to contact a bailiff or a notary. By being present during the screenshot, they will be in measure to vouch the date and the conditions when it has been taken. For instance I've read about such procedure being used when someone wants to keep a proof of the existence of a security flaw still valid even once the flaw itself has been corrected. However, if you go that way I would strongly recommend to check the Law StackExchange website before engaging yourself into anything.

answered Jun 26 '16 at 11:55

WhiteWinterWolf

19,082
4
58
104

3

@User: My wording was intentional. The bailiff / notary may still be of some help, but even then I do not see how they can reasonably vouch that you have never taken any identical screenshot by the past. Maybe adding some more information on your actual need behind this screenshot may help, otherwise there is probably no real solution to your issue. – WhiteWinterWolf Jun 26 '16 at 12:06
9

@User: While thinking about it, this is very context dependent and a very sad example, but kidnappers used to make their victims carry a well-known newspaper from the day in order to prove that the video has been recorded on the given day and not at a previous date. Some adaptation of this may or may not be applicable in your case, but as far as screenshots are concerned some people may still claim that the picture has been manipulated. – WhiteWinterWolf Jun 26 '16 at 12:15
As there's a lot of talk about forgery here, could the very same notary be handed a large brown envelope stuffed with cash? It'll still be cheaper than some of the forgery methods suggested in other answers... – RemarkLima Jun 29 '16 at 08:27
A real plug-and-play solution would be to use a service like [Notarizer](https://notarizer.app) – kemp Nov 25 '18 at 15:55

score 57 · Answer 2 · edited Jun 16 '20 at 09:49

Uploading a hash of the screenshot to the Ethereum blockchain allows anybody in the future to make sure that the screenshot was taken before the hash was uploaded. Of course, you should choose a hash function that is cryptographically secure (and in particular, collision-resistant).

If you however also need to make sure that the screenshot wasn't taken before a certain date you have to go to trusted person like a notary to have them create the screenshot.

If you don't need complete legal certainty, the Wayback Machine has a "Save this url in the Wayback Machine" feature. The Wayback Machine doesn't gurantee their own data integrity but their data is relatively trustworthy for many applications. archive.is is another similar tool.

Comments are not for extended discussion; this conversation has been [moved to chat](http://chat.stackexchange.com/rooms/41945/discussion-on-answer-by-christian-proving-creation-time-date-of-a-screenshot). — Rory Alsop, Jul 02 '16 at 11:49

score 17 · Answer 3 · answered Jun 26 '16 at 11:50

Ask a mutually-trusted third-party to use their own independent equipment to make the screenshot and ask them to date and sign it (digitally or using ink)

The normal way is to pay a solicitor/lawyer/notary to do this.

It is trivial for you to fake a date in image metadata (EXIF etc) or in a digital signature - so you need certification by someone that will be trusted by anyone with doubts who you need to convince.

score 11 · Answer 4 · edited Jun 27 '16 at 03:53

11

There is no need to rely on a trusted third-party. Besides the excellent suggestion to use a blockchain (the answer by Christian), you could use a publically verifiable service like the excellent Stamper

Even better, store the screenshot in several (unrelated) of these services. Even the most paranoid checker would no longer be able to complain.

PunKeel on Twitter suggested the excellent Wikipedia page on Trusted Timestamping which has some other suggestions.

edited Jun 27 '16 at 03:53

techraf

9,141
11
44
62

answered Jun 26 '16 at 17:12

bortzmeyer

217
1
3

2

How does that prove that the screenshot wasn't made a year before the screenshot was submitted to the service? How does it prove it wasn't photoshopped? – RedGrittyBrick Jun 27 '16 at 09:22
1

@RedGrittyBrick Proving the screen shot was not made earlier: impossible. There is no solution for that (may be adding to the screen a Web page showing today's news?). Proving it wasn't photoshopped: same thing. (Well, there is a solution, using a trusted third-party that will take the picture and vouch for it. Obvious solution but which requires to trust someone else.) – bortzmeyer Jun 27 '16 at 11:58
1

Proving a screenshot was not taken earlier is impossible after the screenshot has already been taken. As noted in other answers, it is possible to verify exact date by using a trusted third party present at the time the screenshot is created. That's why the third party is required to answer the question as stated. – GrandOpener Jun 27 '16 at 15:28
@bortzmeyer In terms of legal proof, having a trusted witness is sufficient. That's why people are suggesting a third party (such as a notary). – jpmc26 Jun 28 '16 at 17:22

score 8 · Answer 5 · edited Jun 27 '16 at 04:05

I think there are 3 parts to this question, and I think I can reasonably answer all three. I think parts 1 & 2 have been mostly answered above, but I think this will link them together. I added a related followup question:

Can I prove that a file (screenshot or otherwise) was generated on or before a particular timestamp?
- Add a copy or secure hash of your file to either a trusted third party's tamper evident publicly visible data store for later verification. Adding this data to a blockchain (similar to what bitcoin uses) would be a good example of such a data store if the blockchain is public and frequently appended to with a sufficiently powerful network of hashing (aka "miner") nodes. The blocks include hashes (directly or indirectly) of all data on the chain that came before it, including your data.
Can I prove that a file (screenshot or otherwise) was generated or modified on or after a particular timestamp?
- Include as part of the image some public data that didn't exist before that point in time, but is easy to verify later. (Some examples would be the current head of the Bitcoin blockchain, the last closing price of a well known stock exchange, or the score of several recent sporting events for instance.)
Can I prove that PART OF the screenshot wasn't created before a given point in time?
- No, definitively! Proof?:
  - Assume that there is a way to verify specifically when a screenshot was taken, despite modification.
  - Assume also that you can differentiate an actual screenshot from one that came out of a graphics editing program like Photoshop.
  - Take one of these timestamp verified, modification apparent screenshots from 3 weeks ago.
  - ( Optionally edit it in any program of your choice. )
  - Now open it, fullscreen, in an image viewer.
  - Capture the current screenshot, with the assumed verification technology we used as a premise for this proof.
  - Now you have proof that a 3 week old image was taken today, causing a contradiction to our premise.
(Followup question) What part of my data can I prove was generated after a given point in time?
- If you can make some part of your data directly derivitive from arbitrary input (like a hash being derivative from arbitrary input) that can verify that the output was generated after a point in time as described in #2 above. Unfortunately that doesn't verify creation timestamp of anything adjacent to the timestamp derived data, just that data, and its output.

caveman · Answer 6 · 2016-06-27T07:40:47.670

2

For simplicity, let's consider those that attempt to verify your screenshot dates as users.

Your users cannot tell:

Whether the age of the screenshot is older than age claimed by the timestamp. E.g. you may take a screenshot months ago but assign it a recent timestamp, and your users can't tell.

Your users can tell:

Whether the age of the screenshot is younger than the age claimed by the timestamp. E.g. you can never take a recent screenshot and claim that it was taken months ago.

edited Jun 27 '16 at 07:40

answered Jun 26 '16 at 22:38

caveman

142
7

1

I'm pretty sure this is a phrasing problem, but your second sentence contradicts the first one. "not taken later" = "taken earlier" – techraf Jun 27 '16 at 04:24
Applied major rewording to avoid the ambiguity. – caveman Jun 27 '16 at 04:44
I'm not sure it was a change for good. It looked like a simple language problem (one "not" either missing or to much). Now it's a total surrealism. OP wanted to take a screenshot and prove the date. I have no clue who are "your users" in your answer. – techraf Jun 27 '16 at 04:53
That's the problem: "prove the date" is too generic and implies that the date is proven to be right, which is false. We must pay attention to the fact that he can *only* prove that the screenshot is not younger than the date he claims. He can *never* prove that the screenshot not older. "Your users" are those who are going to verify the proof of your date/timestamp. – caveman Jun 27 '16 at 05:00
Wait, what stops you from assigning old timestamp to arbitrary file? – Oleg V. Volkov Jun 29 '16 at 12:19
@OlegV.Volkov Trusted 3rd party time provider that signs its timestamps along with the hash of the image. – caveman Jul 01 '16 at 01:28
@caveman, yeah, but "trusted 3rd party" is nowhere in your answer. And OTOH "trusted 3rd party" is the single answer anyway, with or without timestamp. – Oleg V. Volkov Jul 01 '16 at 11:16
@OlegV.Volkov it is included because my claim is very general and the trusted 3rd party is only one example to convince you that it is possible, but my claim is by no means limited to the 3rd party. What I am saying is that no matter what you do (3rd part is one example, but you may think of other methods like decentralized web of trust) you can only manage to show that your screenshot is not younger (i.e. you can never manage to show that it is not older). – caveman Jul 01 '16 at 18:50

score 2 · Answer 7 · answered Jun 27 '16 at 16:14

Without knowing the prevailing law where you require this, all answers are moot.

For last year's Large Renewable Procurement (LRP) in Ontario, Canada, proponents had to prove that a public web page was available on a certain date. After much discussion with proponents, the agency required:

a printout of the webpage, showing URL and system clock date and time; and
a notarized solemn declaration affirming that all information in the screenshots was complete and accurate.

(For the curious, the full 11 page declaration is here, in DOCX format: Registered Proponent Declarations.)

Although digital signatures have legal standing in Ontario, the agency required “wet” (that is, printed and manually signed in ink) originals to be made available. As these requirements were in the RFP wording, any proponent choosing not to comply was at liberty to withdraw from the competitive bid process.

score 1 · Answer 8 · edited Jun 27 '16 at 04:26

1

Why wouldn't you take an actual photo of the screen, not a screen shot, screen capture, print screen?

Take a digital camera, or smart phone, have the page up, have in the shot a copy of today's paper. Much harder to photoshop.

Even better, take a video, today's paper in shot, open the browser, type in the url and show the page loading and the content in question. Also browse to the NASDAQ, FTSE and other relevant sources in the same session, or have their tickers running at the same time.

The amount of effort to forge this, and with screen reflections etc would mean it would need to be very serious to go to that amount of effort.

edited Jun 27 '16 at 04:26

techraf

9,141
11
44
62

answered Jun 26 '16 at 19:50

RemarkLima

445
6
17

10

It's actually not that hard. You can easily take a screenshot, modify that screenshot, then display it in fullscreen. Having physical objects won't help, since you can easily composite such an image. – March Ho Jun 27 '16 at 00:18
1

That's why a video of the url being typed in (of course you can hack your hosts file easily enough), and some current ticker running along side. – RemarkLima Jun 27 '16 at 07:08
5

@RemarkLima: all easily forged, such evidence would not survive legal scrutiny in court by expert witness. – RedGrittyBrick Jun 27 '16 at 09:25
Which is why the right answer is to get a trusted third party, as accepted. But if it's of lower importance then at least it's harder to forge. The fact that you can make FX transactions with a mug shot holding some ID means that it'd hold for many purposes. – RemarkLima Jun 27 '16 at 09:36

score 0 · Answer 9 · answered Jul 24 '16 at 21:27

0

If it is of limited importance http://www.icanprove.com will do for you. Otherwise you will need a real notary.

answered Jul 24 '16 at 21:27

Martin Loehnertz

31
1

Proving creation time/date of a screenshot

9 Answers9

Linked

Related