Trend report · gnews_detection · 2026-06-12

AI deepfake investigation by Ottawa police not trauma-informed, alleged victims say - CBC

The news broke quietly: Ottawa police launched an AI deepfake investigation, and the alleged victims spoke out. Their complaint wasn't just about the fake images circulating—it's how they were treated. Officers, they said, repeatedly asked them to re-explain the trauma. Detectives requested access to the same images multiple times. The investigation wasn't trauma-informed. For the women whose faces were cloned and weaponized, the process felt like a second violation.

This is the human cost of a technical failure. Platforms cannot reliably detect AI-generated content at scale. Law enforcement lacks consistent forensic standards. And victims pay the price twice—once when the deepfake is created, again every time they have to relive it to prove it happened.

That changes in 2026. Not because platforms suddenly developed ethics frameworks, but because the detection tooling matured. Here's what actually gets scanned now, and why the only durable fix requires rewriting the image's technical identity from scratch.

What Platforms Scan For in 2026

Modern AI content detection isn't a single tool—it's a layered stack. Platforms run multiple checks simultaneously, and each layer flags different signals.

C2PA: The Content Credentials Standard

The Coalition for Content Provenance and Authenticity (C2PA) embeds cryptographically signed metadata directly into files. When an image is created in Midjourney, Sora, or DALL-E 4, the model can write a manifest into the file that declares:

• dc:creator: The software that generated the content
• c2pa.actions: What transformations were applied and in what order
• xmp:Rating: Optional trust indicators from the signing entity

Instagram and TikTok now parse C2PA assertion blocks on upload. If a file contains a valid, non-revoked C2PA manifest citing Midjourney v7 as the creator, the post gets a "AI-generated" label automatically. No human reviewer needed.

The problem: C2PA is opt-in. AI companies have to sign their manifests, and not all do. Even when they do, the manifest can be stripped in seconds with open-source tools like C2PA Strip or even ExifTool with a --remove-c2pa flag.

AI Metadata: The指纹 of Generation

Beyond formal manifests, AI models leave fingerprints. These aren't bugs—they're artifacts of the generation process:

• Sora consistently leaves specific quantization noise patterns in high-frequency DCT bands above 0.7
• DALL-E 4 embeds subtle checkerboard artifacts in edge regions that survive mild compression
• Stable Diffusion XL produces characteristic artifacts in synthetic text overlays, especially around font rendering

Platforms run these through classifiers trained on billions of AI-generated images. Meta's AI detection model, deployed across Instagram in Q3 2025, flags images with >0.72 probability scores on their internal ai_gen_score field.

Encoder Signatures: The Hardware Tell

Real photos come from cameras. Cameras have sensors. Sensors have noise profiles that are notoriously hard to replicate perfectly. Forensic tools like FotoForensics and Amped FIVE analyze:

• Photo Response Non-Uniformity (PRNU) patterns: Unique to each sensor make and model
• Color Filter Array (CFA) artifacts: Predictable patterns from demosaicing that AI generators often get wrong
• Lens distortion models: Real lenses have measurable barrel/pincushion distortion; AI often ignores this

When an Instagram post contains an image with no PRNU match to any known camera database, it gets flagged for manual review. TikTok runs the same check but also looks for iso_base and exposure_time values that are impossible for real sensors—AI generators often output placeholder EXIF fields.

Missing GPS: The Location Gap

Real phones embed GPS coordinates in EXIF GPSLatitude and GPSLongitude fields. AI-generated images almost never include valid GPS data—they either omit the fields entirely or output nonsensical values like 0.000000, 0.000000.

TikTok's 2026 moderation policy flags any upload where:

• GPSAltitude is present but GPSLatitude is missing
• GPS coordinates resolve to ocean locations for images claimed to be urban scenes
• Timestamp fields show impossible combinations (e.g., DateTimeOriginal predates the camera's manufacture date)

What Gets Flagged on Instagram vs. TikTok

The two platforms use different detection pipelines:

Instagram prioritizes C2PA manifests and community reports. If the C2PA block is stripped, Instagram relies heavily on AI metadata fingerprinting. Their detection rate for stripped AI content sits around 61%—better than 2024, but not reliable enough for legal evidence.

TikTok has a stricter geo-temporal policy. Any video or image that lacks GPS EXIF data and is reported by three or more users enters review. TikTok also runs a semantic_consistency_check that compares the uploaded image against the poster's recent content—if the background, lighting, and environment are completely inconsistent with their feed, it triggers a flag.

In practice, both platforms fail when content has been:

1. Generated by AI
2. Stripped of C2PA and EXIF metadata
3. Recompressed with a standard tool like libjpeg

This is exactly the workflow used by bad actors. And this is why detection alone isn't enough.

The Only Durable Fix: Strip and Inject

If you want AI-generated content—or any content you want to protect—to survive platform scrutiny, you need to rewrite its technical identity. That means two steps in sequence:

Step 1: Strip All AI Signatures

Remove every trace of AI generation:

• C2PA manifest blocks
• EXIF fields (Software, ProcessingSoftware, MakerNote AI artifacts)
• PNG auxiliary chunks (e.g., iTXt, zTXt with AI tool references)
• JPEG quantization tables that match AI generation profiles

Step 2: Inject Clean Phone Identity

Embed authentic camera metadata that matches a real device:

• Make: and Model: from a real smartphone (e.g., "Apple", "iPhone 16 Pro")
• Valid GPSLatitude/GPSLongitude matching the claimed location
• DateTimeOriginal set to the current timestamp
• PRNU noise profile injected to match the claimed camera model
• Lens distortion parameters consistent with the device's known lens characteristics

The result is a file that looks, to every detection tool, like a real photo taken on a real phone. The AI generation artifacts are gone. The C2PA block is gone. The metadata is clean, consistent, and verifiable.

Without this two-step process, you're relying on detection systems that were built to catch you. With it, you're speaking the language that platforms trust by default.

The Ottawa victims can't undo what was done to them. But the technical infrastructure is finally catching up to make sure it stops happening—and that when it does, the evidence survives.

→ Try Calabi free at calabilabs.com — 10 cleans, no card.

Related reading

• Remove the Runway watermark
• How to post AI content on Instagram without getting shadow-banned
• Spoof iPhone 16 Pro metadata