Metadata washing
C2PA's signature scope explicitly excludes GPS and timestamps so files can be re-encoded. An attacker can rewrite where and when a verified image was captured while the cryptographic signature stays valid.
PRAMA is a cryptographic alibi engine that mathematically proves where you were, when you were there, producing court-admissible evidence that survives hostile legal scrutiny.
The forensic stack we inherited assumes you can spot fakes after the fact. That contract is broken. Three independent failures push the legal and social burden back onto the subject of the lie.
C2PA's signature scope explicitly excludes GPS and timestamps so files can be re-encoded. An attacker can rewrite where and when a verified image was captured while the cryptographic signature stays valid.
Software GPS emulators cost the price of a coffee. Carrier ping logs are subpoena-friendly. Today's defense, "my phone says I was here," collapses the moment opposing counsel reproduces the same coordinates on a Raspberry Pi.
Generative models re-train on every detector. Pixel-level forensics is an arms race with diminishing returns. The only durable answer is to invert the proof: stop arguing about the fake, prove the reality.
PRAMA runs as an invisible background protocol on your phone. Each layer adds a different proof: that the data came from real silicon, from your body, and from a moment in time that can never be rewritten.
A quiet record running in the background
Your phone takes a snapshot whenever something changes. You unlock the screen, your cell tower swaps, your watch logs a heartbeat. No prompts, no timers, just a passive ledger of where you actually were.
Location
38.9954°N · 76.93°W
Wi-Fi
14 BSSIDs nearby
Bluetooth
9 devices
Cell tower
T-Mobile · LTE 66
Altitude
142 m
Heart rate
68 bpm
Hashed locally, never transmitted
Tied to you, on your real device
Each snapshot is signed by Face ID and a private key that only your phone holds, then certified by Apple App Attest or Google Play Integrity. The frame is provably yours, from a real device, signed by you.
Face ID
Verified
Heartbeat
68 bpm
Real device
App Attest
Your signature
Ed25519
Signed inside hardware, never exported
Encrypted on device, by you
Your raw data is encrypted on your phone using a key only you hold. The server only ever sees a sealed blob and a unique fingerprint. The key stays with you, always.
0xC4 92F1 7AB8 9D7E
Your data
Encrypted on your phone
Your key
Stays on your phone, always
Server sees
The sealed blob and fingerprint only
Only you can open your snapshot
Permanent, public, verifiable
Every few hours your fingerprint is published to a public ledger with a verified timestamp. From that instant the snapshot is mathematically frozen. Anyone with the receipt can verify it independently, years later.
Locked in time
Permanent record
Anyone can verify independently
GPS lies. A single radio is forgeable. A ring of independent radios, glued together by a biometrically signed Merkle root, is physically expensive to fake, and trivially cheap to verify.
xfinitywifi
94:b3:4f:51:11:61 · -52 dBm
ATT-WiFi-9F2C
3c:37:86:2a:b1:04 · -58 dBm
NETGEAR47-5G
a0:40:a0:1d:7e:22 · -64 dBm
Spectrum_Mobile_4423
94:b3:4f:50:f7:90 · -71 dBm
TP-LINK_E2C4
94:b3:4f:50:da:82 · -78 dBm
Hashed locally · never transmitted
Court-admissible by construction
Six real people, on the record: jail over unverified AI texts, a deepfake by someone trusted, a live likeness stolen from Zoom, imposter accounts built from a meteorologist's face, non-consensual deepfake imagery of a broadcast journalist, and fans targeted simply for supporting a creator they follow. Every card has two faces. The voice. And the receipt that would have changed the outcome.
I end up getting arrested for violating my bond. No one verified the evidence. It was horrific. Why would someone knowingly send a text from their phone that could get them arrested? People are not really that stupid.
I was screaming and crying and violently scrolling through my phone to work out what I was reading and what I was looking at. I knew that this could genuinely ruin my life.
They took Zoom footage from a past session and used AI to animate me doing something I never did. They used my likeness, my actual face and body, and inserted it into a real time fake video stream. This isn't just misleading. It's manipulative. It's dangerous.
Last fall, fake Facebook accounts pretending to be me started popping up. These accounts used fake pictures that showed my face on someone else's semi-nude body. They also make fake videos that used my face and my name to try to convince people that it was really me. Discovering these imposter accounts and seeing the degrading fake images and videos was devastating to me.
It feels like a violation. It just feels really sinister that someone out there who's put this together, I can't see them, and they can see this kind of imaginary version of me, this fake version of me. You can't unsee that.
I'm so sorry to my community members that have had deep fakes made of them just for supporting me. You shouldn't have had to experience that in any way. please protect each other, especially the minors! Report those accounts and just know it says more about them, not you. Stay safe.
Six different attacks. Same missing piece: proof that what they say happened, actually happened.
PRAMA is that proof, captured before the attack.Five exhibits. Nineteen questions. The same answers PRAMA gives any judge, lawyer, or opposing party who walks into the room.
No. Your location data is encrypted on your device before it ever leaves your phone. Our servers store only encrypted data that we mathematically cannot read. Not now. Not ever.
The first wave is invite-only and capped at 500 devices. Tell us who you are and where you operate. We route invites jurisdictionally based on legal-admissibility maturity.
Read the blueprint