I need to prove that all my pictures were taken before a certain date. Is uploading them to Picassa, Flickr or a similar service a good way to achieve such timestamping?
-
4not sure if this is a security question - just get a 3rd party to timestamp the files, like you suggest – schroeder Dec 30 '16 at 15:57
-
16Inversely, proving a picture was taken *after* a certain date is quite simple: include the front page of that day's newspaper in the photograph. – Polynomial Dec 30 '16 at 18:00
-
@Polynomial: What about photoshopping? – wb9688 Dec 30 '16 at 19:05
-
5As it stands this question is too vague. Who do you need to prove it to, why, and what are their standards for proof? Depending on the answers to those this may not even be a technology question. – user2752467 Dec 30 '16 at 19:36
-
5@wb9688 Note that he said "pic is newer than newspaper". If you can sit down today and photoshop a pic containing the front page of next Thursday's newspaper, I'll be impressed to say the least. ... I would also ask to see the page with the NFL scores ;) – Mike Ounsworth Dec 30 '16 at 19:50
-
1@wb9688 What Mike said. You'd have to know the next day's paper headline in order to spoof it. Many utility companies (gas, water, electricity) accept this as proof of earliest date on user-submitted meter readings. – Polynomial Dec 30 '16 at 20:23
-
I second @JustinLardinois: it is one thing if you're asking about cryptographic proof, and a different thing if you're asking about a legal proof which you intend to use in the court. Second may be easier, or more complicated depending on circumstances. – George Y. Dec 30 '16 at 22:09
-
1Send it to yourself in an envelope and never open it. Once you have to prove that you have taken the photo before some date, show them the date on the post mark. – bot47 Dec 30 '16 at 23:59
-
If you just need the timestamp of when it was uploaded then I think you have no other option than asking them to provide it to you if they have it – Mr. E Dec 31 '16 at 14:31
-
I'd upload them somewhere and then save it in archive.org and hope that no one proves archive.org timestamps can be tampered with. – Oskar Skog Dec 31 '16 at 15:41
-
A non-technical solution would be to give a physical copy to a trusted authority, like a lawyer who then protocols the action, or to make a trusted copy with a timestamp, or just timestamp the original by a trusted entity. The circumstances under which this kind of proof holds in your jurisdiction may vary. I'm not sure if any of the technical solutions here are or have been accepted in front of courts already. Trusted entity here means someone who is special in legislative terms and is trusted by the goverment not to lie. This is most of the time some kind of goverment official. – HopefullyHelpful Dec 31 '16 at 23:25
-
Upload it to a photo sharing site – ARi Jul 03 '17 at 19:49
9 Answers
In general, the problem of Secure Timestamping is actually a complex topic with no single right answer. There are two general approaches: 1) a trusted "Timestamping Authority" keeps logs of when stuff happened and everybody believes them because that's literally their job. 2) Using cryptography in some way. In general the crypto approaches don't work very well and can only prove that photo A was logged before photo B, but not the exact time.
There are lots of companies on the market who offer timestamping services based on one of these two approaches. How much you want to trust them depends on how transparent the company is with their practices, and what local law apply.
So, for your situation: it sounds like somebody is requiring you to do this (maybe for legal reasons?). You should find out level of trust they need in the timstamping authority. What you have come up with is to use Picassa or Flickr as a trusted Timestamping Authority. Depending on what you need the timestamp for, that might be ok. For example, if it's your friend to win a bet, then the upload time
on Picassa or Flickr is probably fine. If this is to prove ownership of multi-billion dollar real estate holdings, then you may want to involve a notary.
Basically, ask yourself this question: is the dollar value that you stand to gain or lose greater than what it would cost to hack or bribe Picassa into changing a timestamp? If no then you're fine. If yes, then you need a more official timestamping service.
- 57,707
- 21
- 150
- 207
-
5
-
12Another note is that you can add more Timestamping Authorities in different ways, such that while the hacking of one of them may be possible, the hacking of all of them likely is not. For instance, if you upload to both Picassa and Flickr, then post a MAC of the image to Twitter, Facebook, and Google+, then so long as you can match the hash of the photo (i.e. that things like the exif data or encoding don't change), then the consensus among many entities can be added value for cheap. The question then is: what if they disagree; who wins? – Nate Diamond Dec 30 '16 at 20:30
-
This question might actually be better suited for a legal stack exchange ... you could get a notary to witness the existence of said files and corresponding hashes. – CaffeineAddiction Jan 01 '17 at 14:07
You can use the Bitcoin (or similar) blockchain for that.
Create a file with both your original file (in case of text it can be inline, otherwise use a container like a ZIP archive) as well as a message stating who you are and that you have a copy of the file. Take the SHA1 of the resulting file/container and use it as a Bitcoin address to send some coins to. This will permanently store the hash in the blockchain with a timestamp precise up to a few hours.
This is anonymous and doesn't reveal anything about the file, but when the time comes you can just reveal the hashed file as well as the hash and anyone can verify the timestamp independently.
There are easy to use services for that which you may want to check out, though I haven't used them personally and I can't vouch for them.
- 12,706
- 3
- 39
- 76
-
6Note that you can't use the result of a hash function as a bitcoin address directly, as [they contain error detection information](https://rosettacode.org/wiki/Bitcoin/address_validation). You'll need to [craft the transaction manually](https://bitcoin.stackexchange.com/questions/31972/how-to-add-additional-information-to-transaction/31976). This is non-trivial, and verification is very technically complex (i.e.: not doable by 99.9% of humans) – loopbackbee Dec 30 '16 at 19:17
-
@goncalopp if we assume that it will be used only in extreme cases (in a court for example) then I don't think the complexity of verifying the timestamp is an issue. Plus, nothing prevents you from including the very code that will verify the transaction in the timestamped file itself. – André Borie Dec 31 '16 at 03:13
-
This was answered in another question, where it was mentioned that the Canadian government posted a hash and headline for their first Bitcoin regulation, registered on the blockchain. – SDsolar Dec 31 '16 at 03:39
-
@goncalopp Your link says that the address contains a RIPEMD-160 hash. Using SHA1 instead of RIPEMD-160 should be undetectable to anybody who doesn't have the original file since both are cryptographic hashes with a 160 bit output. You just have to use the correct algorithm to format those 160 bits as a bitcoin address. – kasperd Dec 31 '16 at 11:02
-
5@goncalopp luckily there's a service to do all this for you: https://proofofexistence.com/about – ydaetskcoR Dec 31 '16 at 18:40
Yes - if the person you want to prove it to trusts the service not change the timestamps.
This is an excellent question - one that has been asked and answered, in various forms, since at least Galileo's time:
Early astronomers used anagrams [...] to lay claim to new discoveries before their results were ready for publication. Galileo used smaismrmilmepoetaleumibunenugttauiras for Altissimum planetam tergeminum observavi ("I have observed the most distant planet to have a triple form") for discovering the rings of Saturn.
Nowadays, this process is usually called trusted timestamping, and usually works with a commitment scheme, very much like Galileo's anagram. On digital media (text, pictures, video), the commitment is usually the result of applying a hash function to the original.
While the process of deriving a commitment is very much a solved problem, it's only a part of the process. Often, the difficult part is knowing to whom do you want to prove the timestamp.
For example, let's say you want to prove to a person P that you've taken a picture at time T. If you know that ahead of time, it's trivial: just derive a commitment C at time T and send it to P directly.
However, if you only learn who the person is after you've taken the picture, this is much harder - because you need to know, ahead of time, who (or what) the person trusts without knowing who the person is.
If you have absolutely no idea who P is, a good compromise is to send your commitment to entities a lot of people trust
Now let's put all that we've learned to practice!
Step 1 - derive a commitment
1.1 - Choose a cryptographic hash function. SHA-512 is as popular and secure as it gets for 2016.
1.2 - Get software for your computer that enables you to calculate the hash. Quick Hash GUI is open source and works on Windows, Mac and Linux. If you're a command line user, you can just type
sha512sum
.1.3 - Calculate the file hash, and save both the hash and a copy of the file. Be aware that many tools for viewing pictures can corrupt the file, making the hash change. The same is true for (non-plain) text and, to a lesser degree, video.
1.4 - You'll need to keep the original copy until you make the proof. This is easier said than done - see this article
Step 2 - distributing the commitment
If you want to be as safe as possible, just go for a shotgun approach:
- Send it over a reputable email service (where you can't edit your messages after sending them).
- Publish it on a reputable blog or forum service (that doesn't allow silent editing of posts)
- Publish it on a blockchain, such as Bitcoin, if you suspect P will be technically able to read it (or willing to get someone they trust to do it)
- Ask a notary
Obviously, if you don't care about the confidentiality of the photo itself, you can send the photo instead of the commitment - use a reputable photo hosting service, like you mention.
- 5,308
- 2
- 21
- 22
Send the photos via email to gmail and another mail service provider using your mobile phone. The IP address of your mobile phone and timestamp embeded in the emails should be good enough as a proof.
- 61
- 7
From the other answers: you need a timestamping authority. Whatever you decide you use, keep in mind that the first requirement is that it has to survive until the time when you need to prove your claim. If they pull a Geocities and disappear, you are out of luck.
From this point of view, I would consider Bitcoin to be the most reliable long-term solution. Even if it were to disappear, there are good chances that the blockchain will be available for download somewhere.
- 123,438
- 55
- 284
- 319
- 829
- 9
- 15
The standard approach for doing this in pre digital era was to mail a sealed copy of the picture to yourself. The postal office now works as a timestamp authority for you. Its a pretty cheap way of doing so and was a often used method for asserting copyright instead of a copyright register. As a bonus this has been proved to work in the court of law many times and will probably remain so for quite a while yet.*
Now a digital timestamp authority would probably do much the same for digital files and have a more convenient frontend. But nothing stops you from sealing a memory card in a sealed a physical capsule and get a third party sign authenticating the date of the seal, like the postal office example.
* its fine if the court unseals it it becomes permanently documented in this case.
- 475
- 4
- 11
You should be able to use your bank as a trusted timestamp provider. Create archive with all your files and calculate hash for it. Then send some money from one account to another, and use calculated hash as a description for this money transfer. By doing this you will have this hash printed on your bank statement. You should also be able to get statement with this single transfer only, so you could present it to someone without revealing other activities on your account.
Update: transfer and accounting may need few extra days, so take this into account (pun intended).
- 111
- 4
Besides all the high-tech approaches suggested above, I'd like to add a very low-tech but reliable one: make sure that something that can be accurately dated is in the picture itself. Best for this purpose is that day's newspaper, either in physical or electronic form (ex. displayed on a tablet). You can even zoom in and display a single headline, but make sure it's something that couldn't be predicted in advance in order to dispel any doubt. Obituaries are good, stories about Mardi Gras are not.
Obviously, this only proves the picture was taken before and not after the date in question, but that does seem to fit your purposes.
- 1
-
What if the photo is of an invoice or contract? Do you wanna include a newspaper in that? – Rápli András Jan 01 '17 at 12:33
-
This answer only (sort of) proves the document existed *after* the newspaper was published, but the question is about proving existence *before* a certain time. (I say 'sort of' because in reality Photoshop has rendered this kind of evidence unreliable.) – John Deters Jan 01 '17 at 15:26
Make a git repository on github (even though you can date back commits, it wont let you date back pushes in any way), upload either the pictures or their hashes if you don't want to share them yet. Anybody can see exactly when the commits were pushed from that point.
echo 1 > time
touch time --date="1999-01-01 10:10:10"
git add -A
git commit -m "getting ready for apocalypse" --date="1999-12-30 08:40:21"
git push origin master --force
- 2,124
- 11
- 24
-
19This simply isn't factual. GitHub *must* accept the timestamps in commits from external repositories, and can't prevent a repository owner from doing a forced push. Git offers cryptographic guarantees, but even signed commits don't offer the timestamp guarantees that you seem to think they do. – Todd A. Jacobs Dec 30 '16 at 21:03
-
1Most commits on GitHub are back dated since people work from local repos and then push to remotes like GitHub, guaranteeing the commits are at least a few seconds old, and generally longer if you do lots of local commits and sync with remotes less frequently. – casey Dec 31 '16 at 15:27
-
@CodeGnome I meant push dates, not commit dates. This is github-specific stuff, I don't know if any others do the same. – Rápli András Jan 01 '17 at 11:28