receipts.youSeal a screenshot
The guide · Folio I · For the paranoid
receipts.you
§ The 2026 reference

How to prove a screenshot is real.

By May 2026, AI can fabricate any tweet, DM, chat log, or reaction in seconds — pixel-perfect, font-matched, timestamp-correct. The default trust we used to give a screenshot is gone. This is the reference for what works, what doesn't, and what to actually do.

~12 min read · last updated 2026-05-23

§ Three approaches, ranked

Detection. Metadata. Provenance.

Anyone trying to prove a screenshot is real reaches for one of three tools. Two of them are losing, and one of them is the answer. The order matters; the conclusion at the end matters more.

  1. Detection — “ask an AI if this was made by an AI”
  2. Metadata — “trust the EXIF data the file carries”
  3. Provenance — “sign the file with a key, anchor the time”

The first two were good enough when fakes were rare and crude. They are not good enough anymore. Provenance is the only approach that scales as the fakes get better, because it doesn't depend on the fakes being detectable.

§ I — Why detection is losing

The arms race you can't win.

Every AI image detector — Hive Moderation, Illuminarty, AI Or Not, TruthScan, Sightengine, Deep AI — works the same way: a classifier model trained on examples of “real” and “generated” images, learning to spot the statistical fingerprints of generation. In 2024 the best ones hit 85–94% on standard benchmarks. In 2026 they still hit 85–94%, but the benchmarks have shifted: as soon as a detector learns what Midjourney's v6 outputs look like, v7 comes out and changes the fingerprint.

This is not a bug. It's the structure of the problem. Generators get trained against detectors as part of their loss function — they explicitly learn to evade. Detection accuracy is bounded above by the latest generation it has seen; generation quality is bounded only by compute. Compute is winning.

There's a deeper issue for screenshots specifically. Detectors are tuned on photographic images and AI art. A screenshot of a fabricated tweet is a screenshot of rendered text on a uniform background — exactly the kind of content where ML detectors perform worst. Posters, memes, and chat screenshots have homogeneous regions and font-rendered content that doesn't carry the kind of noise signature a detector keys on. The very thing we most want to verify is the thing detection handles worst.

You can build a workflow around detection. You shouldn't stake an evidentiary claim on one. The honest framing for 2026: detectors are useful as a triage signal (“this deserves a closer look”) and useless as a verdict.

§ II — Why metadata isn't enough

EXIF is a hint, not a proof.

A photograph from a real camera carries embedded metadata: manufacturer, model, focal length, GPS, capture timestamp. A screenshot carries less but still has some — color profile, software, dimensions. In theory you could check the metadata to verify a screenshot.

In practice three things destroy this idea:

  • Social media strips metadata. Upload your screenshot to Twitter, Instagram, WhatsApp, or Discord and the EXIF data is gone before the next person sees the file. The image you receive from anyone never has it.
  • Metadata is trivially forged. Tools like exiftool rewrite any field in seconds. Modifying EXIF leaves no detectable forensic trace — the file looks “authentic” afterwards because the metadata fields are valid.
  • Screenshots never had useful metadata anyway. A screenshot is rendered by the OS from already-rendered pixels. There's no “camera” that signed it; no GPS; no inherent claim about what was on the screen. The metadata you get is just whatever the screenshot tool decided to embed, which is rarely cryptographically meaningful.

C2PA Content Credentials (from Adobe, Microsoft, BBC, Leica) is the serious effort to fix metadata. They sign metadata at capture time with a hardware key, then sign each edit, building a verifiable history. C2PA is the future for cameras and creative tools.

But C2PA only works if (a) the device that captured the image supports it (most don't, and even fewer screenshot tools do) and (b) the file format is preserved through every step of sharing (it's usually not — recompression strips it). C2PA solves the source problem at capture. It doesn't help you with a screenshot you took yesterday in DM that was never C2PA-signed in the first place.

Cryptographic provenance — the receipts.you approach — works regardless of what software made the image, because it's attached AFTER capture, by hashing the file you already have.

§ III — What actually works

Hash. Sign. Anchor. Forget.

Cryptographic provenance answers a narrower question than detection: not “is this real?” but “are these exact bytes the bytes I sealed at a specific time?” That narrower question is answerable with math, and the math is solid since the 1990s.

The recipe is three layers:

  1. Hash — a cryptographic SHA-256 digest of the file. 32 bytes. Any change to the file produces a completely different hash; it's practically impossible to find two files with the same hash on purpose.
  2. Sign — sign the hash with a private key controlled by the proof service. ECDSA P-256 is the modern standard (browser-native via the Web Crypto API, every modern OS implements it in hardware). The signature binds the hash to a key you can publish.
  3. Anchor — submit the signed hash to a timestamp authority that can't be backdated. OpenTimestamps anchors into the timestamp network, which costs nothing and is verifiable forever. After ~6 hours, the receipt has an anchor block height baked in. Anyone can prove the receipt existed at or before that block.

Together: a 32-byte hash + a 64-byte signature + a small OpenTimestamps proof = a 200-byte record that proves a file existed at a specific moment, signed by a specific party, anchored into a global ledger. The file itself never leaves your machine — only the hash does.

That's the entire receipts.you methodology in three sentences. The remaining detail is just productizing it: a QR code on the image so the receipt URL travels with it, a public verification page, a second hash that locks the QR-stamped composite against paste-attacks. Seal one yourself; the math takes about 200 milliseconds.

§ IV — Use cases by profession

Who actually needs this.

Journalists & OSINT

Seal source screenshots as you collect them. Tweets get deleted, DMs get withdrawn — the receipt is your evidence that the content existed when you saw it. Pair with receipts.you Snitch Tracker mode to find out which source leaked a draft if you shared it with multiple people.

Lawyers & paralegals

Screenshots used as exhibits frequently get challenged on authenticity grounds (FRE 901). A cryptographically sealed receipt with a external timestamp anchor gives you a defensible chain of custody that doesn’t rely on your word or a notary. For EU jurisdictions where qualified timestamps are required, complement with a QTSP service like TrueScreen.io.

Moderators & fraud teams

When a user disputes a moderation action by claiming “you made up that screenshot”, having a pre-sealed copy of the report material settles the question. Used internally as part of evidence chain documentation.

Researchers & whistleblowers

Screenshot first, decide what to do with it later. A pre-sealed receipt means no future doubt that the screenshot existed before any subsequent edit/deletion by the source. For team distributions, use track mode to identify leakers.

Ordinary humans

Someone’s impersonating you. A friend is gaslighting you about something they wrote. Your ex is rewriting history. Receipts is the same tool the journalists use, free.

§ V — Edge cases we handle

Three attacks we already defeat.

QR-paste fraud

Someone takes our QR code and pastes it onto a fake image. We store TWO hashes per receipt: clean original and QR-stamped composite. Their fake matches neither — instant mismatch.

Backdated timestamps

We sign with a P-256 key whose public PEM is published. We anchor into the timestamp network via OpenTimestamps. Forging a backdated receipt requires forging the timestamp chain, which is computationally infeasible.

Service shutdown

If receipts.you disappears tomorrow, every existing receipt remains verifiable. The external timestamp anchor + the published public key let anyone verify with openssl, offline, forever.

§ VI — The actual workflow

How to prove a screenshot is real, in 30 seconds.

  1. 1. Take the screenshot. The earlier you seal it, the stronger the proof. A receipt minted right after capture proves the content existed before any subsequent edit/deletion.
  2. 2. Drop it at receipts.you/seal. Or, faster, on the landing page's built-in dropzone. Your browser hashes it locally; only the 32-byte hash leaves your device.
  3. 3. Save the stamped image. Your screenshot with a small QR code in the corner. That stamped image is what you share. The QR encodes the receipt's public URL.
  4. 4. (Optional) Snitch Tracker mode for per-recipient tracing. If you're going to share with multiple people and want to know who leaked it later, turn on Snitch Tracker when sealing and name each recipient. You get one invisibly-watermarked copy per name — each looks identical to the original.
  5. 5. Share the appropriate version. Public copy: share the QR-stamped image — anyone can verify it's unaltered. Per-recipient: give each person their own Snitch Detector copy. They see what looks like the original screenshot.
  6. 6. If a Snitch Tracker copy leaks, drop it at receipts.you/track. Browser extracts the invisible watermark, returns the recipient name. Catches WhatsApp / Instagram / Twitter recompression paths via the block-DC layer.
§ VII — Glossary

The terms that matter.

SHA-256
Cryptographic hash function. Maps any file to a 32-byte digest. Different files almost certainly produce different hashes (collision rate ~1 in 2^128). Browser-native via crypto.subtle.
ECDSA P-256
Elliptic curve digital signature algorithm on the NIST P-256 curve. Produces 64-byte signatures. The WebCrypto default; hardware-accelerated everywhere.
OpenTimestamps
Open standard for anchoring cryptographic timestamps into an external decentralized network. Free, verifiable forever. Once your receipt has an anchor confirmation, the timestamp is unforgeable.
Provenance
Demonstrable history of a file: where it came from, when it existed, who signed it. Distinct from authenticity (which makes claims about the content's truth).
QR-paste attack
Trying to defeat verification by copying a real QR code onto a fake image. Defeated by storing both the clean-original hash AND the QR-stamped composite hash — the fake matches neither.
Traitor tracing
Identifying which recipient leaked a shared file by giving each recipient a uniquely watermarked copy. receipts.you implements this as Snitch Tracker mode — invisible per-recipient watermarks (LSB + block-DC, no visible QR). See /track.
C2PA / Content Credentials
An open industry standard for cryptographically signed content provenance, supported by Adobe, Microsoft, BBC, and most camera manufacturers. Solves authenticity at capture time; receipts.you complements it for content captured without C2PA support (i.e. screenshots).
External timestamp anchor
A timestamp commitment recorded on an independent, decentralized, append-only network. Once anchored, the timestamp cannot be altered or backdated without breaking the entire underlying chain — economically infeasible.
§ Try it

Stop arguing.
Start sealing.

Seal a screenshot