Trend report · hn_ai · 2026-06-07

AI #171: False Flag

The conversation on Hacker News about "False Flag" operations in AI detection gets at something real: platforms are getting better at spotting AI-generated content, but their methods are creating collateral damage for legitimate creators. Understanding what gets scanned—and exactly how to fix it—is now essential for anyone publishing digital media.

What Platforms Actually Scan For in 2026

Modern AI detection isn't a single test—it's a layered stack. Here's what actually runs when you upload an image or video:

1. C2PA Metadata: The Coalition for Content Provenance and Authenticity standard embeds cryptographically signed manifests (/remove/sora-watermark) into files. Fields like stds.schema-org.C2PAIntent, dc:creator, and c2pa.actions reveal generation history. Adobe Firefly, Midjourney, and DALL-E 3 now sign their outputs this way.
2. Encoder Fingerprints: Each diffusion model leaves statistical fingerprints in the frequency domain. Stable Diffusion produces characteristic checkerboard artifacts in high-frequency bands. Midjourney shows periodic noise patterns tied to its U-Net architecture version. These aren't visible but are machine-detectable.
3. EXIF/GPS Sanity Checks: Platforms flag files where:
   • Camera make/model contradicts software (e.g., "Canon EOS R5" but EXIF shows Software: Microsoft Windows Photo Viewer with no raw processing)
   • GPS coordinates are missing on phone-generated content that should have them
   • Timestamps are inconsistent with claimed capture device
   • Focal length or ISO values don't match the stated camera model
4. AI-Generated Texture Analysis: Deep learning classifiers trained on diffusion model outputs look for over-smoothed skin textures, anatomically improbable lighting, and specific artifact patterns in hair and eyes.

What Actually Gets Flagged on Instagram and TikTok

Based on documented cases and creator reports, here's what triggers action:

Instagram:

• Reels with missing Make/Model EXIF fields on content that appears phone-captured
• Images containing C2PA manifests with actions[].parameters.ai_generated: true
• Stories with mismatched color profiles (AI tools often output sRGB incorrectly)
• Carousel posts where individual images have inconsistent EXIF but visually similar content

TikTok:

• Videos with C2PA assertion_generator fields matching known AI tools (Flux, Imagen, Stable Diffusion)
• Content with missing GPSAltitude or GPSLatitude on videos claimed as phone recordings
• Duet/response videos where source detection flagged AI origin even if derivative

The false flag problem: Legitimate creators using AI editing tools (Lightroom's generative AI features, for example) get caught because their c2pa.actions manifest shows AI enhancement. Photographers whose phones strip EXIF during export get flagged for wrong reasons. The system errs toward caution.

The Durable Fix: Strip and Inject

The only reliable approach is a two-step process that makes content look authentically phone-captured throughout:

1. Strip All AI Signatures
   • Remove C2PA manifests entirely: delete Content-Security-Policy, xmpMM:DocumentID, and all c2pa.* namespaces
   • Strip EXIF, IPTC, and XMP data completely
   • Remove any dc:description or dc:creator fields that reference AI tools
   • Strip Adobe:Digest and xmp:CreatorTool identifiers
2. Inject Authentic Phone Identity
   • Add EXIF from a real device: Make, Model, Software, DateTimeOriginal
   • Inject plausible GPS coordinates for the claimed location
   • Add device-specific fields: LensModel, FocalLength, FNumber, ISOSpeedRatings matching the stated camera
   • Add ImageUniqueID and ExifImageWidth/ImageLength consistent with the device
   • Set timestamps that make sense (photo taken at reasonable time, stored file modified shortly after)
   • Add minimal but consistent JFIF or PNG header bytes matching the claimed device

The key insight: both steps must happen. Stripping alone leaves you with a file that has no identity—which is itself suspicious. Injecting without stripping means the AI signatures still exist underneath and can be detected by forensic analysis. The combination creates a file that passes casual metadata checks and survives deeper scrutiny.

Why This Works When Other Methods Fail

Common approaches that don't work:

• Screenshotting: Removes some metadata but adds new compression artifacts and doesn't address AI texture signatures
• Manual EXIF editing: Often creates inconsistent files that fail sanity checks (e.g., iPhone model with Android-timestamp format)
• Simple re-save: Doesn't strip C2PA manifests (they're embedded in the data, not just headers)
• Color space tricks: Doesn't fool the frequency analysis that detects encoder fingerprints

The strip-and-inject approach addresses the actual detection stack. When your file has authentic phone metadata, plausible timestamps, and no AI signatures, it passes the same checks that legitimate phone content passes.

Platforms update their detection monthly. What's unflaggable today may be flagged next quarter. The strip-and-inject method is durable because it doesn't try to defeat specific detection—it's based on making content look like what it claims to be: an authentic phone capture.

→ Try Calabi free at calabilabs.com — 10 cleans, no card.

Related reading

• Remove the Sora watermark
• How the Calabi Sanitizer pipeline works under the hood
• Spoof iPhone 14 Pro metadata