Protect your photos before publishing: a practical guide for photographers and visual creators
Photo theft, uncredited use, ownership disputes: here's how to build solid proof of authorship before every publication, shoot by shoot.
You posted a photo on Instagram. Three days later, a brand is using it without credit. You contact their legal team, and the response comes back: "Prove it's your photo."
Without dated proof, you're stuck. When was your RAW file created? Who says your EXIF is credible? Was your Instagram post really the first one, or did someone repost it before you?
This happens to thousands of photographers, videographers and illustrators every year. The good news: you can prevent it in about 10 minutes per shoot, without becoming a lawyer or a blockchain expert.
Why traditional protections fall short
EXIF data: useful but fragile
EXIF metadata (capture date, camera model, GPS) is the first thing photographers think of. The problem: it can be edited with any metadata tool, and most platforms (Instagram, Facebook, X) strip it on upload.
In a dispute, opposing counsel can legitimately challenge EXIF as the sole proof. It remains a useful clue in a broader file, not standalone evidence.
Watermarks: deterrence, not protection
A visible watermark discourages opportunistic theft. But with current editing tools (including generative AI), a watermark can be removed in seconds. And a subtle watermark doesn't stop anyone from cropping the image.
Watermarks prove nothing legally. They don't establish a date and don't demonstrate authorship.
Online publication: a vague timestamp
Publishing on social media creates a date, but you don't control the server or the metadata. If someone published your photo elsewhere before you (after stealing it from a preview, a client delivery, a shared Drive), it's your word against theirs.
Watermark + EXIF + online publication feels like protection. In reality, none of these three elements constitutes verifiable, independent proof of prior ownership.
What real proof of authorship looks like
Solid proof rests on three pillars:
- A frozen file: a specific version of your photo that doesn't change.
- A hash (SHA-256): a unique mathematical fingerprint of the file. If a single pixel changes, the hash changes.
- A verifiable timestamp: a date anchored in an independent mechanism (such as the Bitcoin blockchain via OpenTimestamps) that no one can alter after the fact.
With these three elements, you can demonstrate that this exact file existed at this date and has not been modified since.
Practical workflow: from shutter to proof
- 1Shoot and keep your raw filesAlways keep your RAW files (CR3, NEF, ARW, RAF) or source files (PSD, AI, 16-bit TIFF). These are your irrefutable originals: they contain sensor metadata and cannot be fabricated from a JPEG.
- 2Select and edit as usualWork in Lightroom, Capture One, or your usual tool. Nothing changes in your creative process at this stage. Keep the XMP sidecar file or catalog that logs your adjustments.
- 3Freeze the files to protect before publishingExport final versions (high-resolution JPEG, TIFF, or both). Name them clearly: shoot-brand-X_001_final.jpg. For video rushes, export the master in ProRes or H.265.
- 4Build the proof folder for the shootCreate a folder PROOF/2026-04-shoot-brand-X/ containing: selected RAWs, final exports, XMP/metadata, and a context.txt file with date, location, client, and brief.
- 5Zip and timestampCompress the folder into a stable ZIP archive. Upload it to LegalStamp: the SHA-256 hash is computed automatically, the timestamp is anchored via OpenTimestamps, and you receive a proof receipt.
- 6Publish or deliver with confidenceYou can now post on Instagram, deliver to the client, or send to the agency. Your proof of prior authorship already exists and covers the exact version you're sharing.
Timestamping must happen before first distribution (client delivery, social media post, shared Drive). Proof created after publication loses its evidentiary strength.
Proof folder structure
Organize each shoot or project with a clear, stable directory layout:
PROOF/
āāā 2026-04-shoot-brand-X/
āāā originals/
ā āāā DSC_0142.NEF (RAW)
ā āāā DSC_0142.xmp (Lightroom sidecar)
ā āāā DSC_0187.NEF
ā āāā DSC_0187.xmp
āāā exports/
ā āāā shoot-brand-X_001_final.jpg
ā āāā shoot-brand-X_002_final.jpg
āāā context.txt
āāā receipt/
āāā 2026-04-shoot-brand-X.zip.ots
The context.txt file contains a few lines:
- Date and location of the shoot
- Client or project name
- Brief or assignment (one sentence is enough)
- Equipment used (camera body, lenses)
- Key file names
This folder is your proof archive. Keep it as-is -- don't modify files after timestamping.
Which formats to keep and why
| Format | Role | Why it matters |
|---|---|---|
| RAW (CR3, NEF, ARW, RAF) | Sensor original | Cannot be fabricated from a JPEG. Contains manufacturer metadata and serial numbers. |
| XMP sidecar | Development settings | Traces your creative choices (crop, toning, retouching). |
| JPEG/TIFF export | Published version | This is the version you share or deliver -- the one someone might steal. |
| Lightroom/C1 catalog | Full history | Import dates, edit history, collections. Useful as supporting evidence. |
A RAW file contains raw sensor data, a camera body serial number, and information that no one can recreate from a JPEG found online. It's your most powerful piece of evidence.
What this proves and what it doesn't
What you can demonstrate:
- That this photo file existed in this exact form at the timestamp date
- That the file has not been modified since (integrity verified by the hash)
- That you had the RAW, the editing settings, and the production context
What timestamping alone doesn't prove:
- That you were physically behind the camera (though the combination of RAW + EXIF + context strongly supports that conclusion)
- That no other person had a similar image (rare but theoretically possible)
In practice, a photographer presenting the RAW file, XMP sidecars, shooting context, and a timestamped proof of prior ownership has a case that's very hard to dispute.
Real-world scenarios where this method saves you
Unauthorized use by a brand: you spot your photo in an ad campaign. You present your timestamped receipt predating the campaign, the original RAW, and the context. The brand can't claim the image came from their internal library.
Dispute with a client: a client contests your authorship of photos delivered six months ago. Your timestamped archive proves the files existed before the delivery date, with RAW files and settings that only the photographer could possess.
Theft between photographers: a competitor publishes your shot under their name. Your proof of prior authorship is dated, verifiable, and independent of any platform.
FAQ
Conclusion
Photo theft is a structural problem, not an accident. Every image published without proof of prior ownership is an image you may not be able to defend.
The habit to build: shoot -> keep the RAWs -> freeze the exports -> zip -> timestamp -> publish. Ten minutes per project, and you have a file any lawyer can work with.
LegalStamp handles the technical part (hash + timestamp + verifiable receipt) so you can focus on what you do best: creating images.
