Trend report · hn_ai · 2026-06-17
Show HN: I built 184 free browser tools – PDF, image, dev, AI tasks, no upload
Browser-based tools that process files locally feel safe because nothing leaves your machine. But when you export that "cleaned" file and upload it to Instagram or TikTok, it still gets flagged—because the signals that trigger detection aren't visible in the image. They're embedded in the file structure itself.
What Actually Flags Your File
Platforms in 2026 don't just look at what an image or video looks like. They scan the invisible metadata layer underneath. The primary flag is C2PA / Content Credentials—a cryptographic manifest stored as JUMBF atoms that explicitly states "this was generated by AI." A single Sora export can contain 18 of these JUMBF atoms, 16 C2PA references, and an XMP property DigitalSourceType: trainedAlgorithmicMedia. That metadata survives cropping, re-encoding, and most basic "cleaning" tools.
Video files carry additional signals. An AI-exported MP4 typically contains encoder fingerprints—SEI (Supplemental Enhancement Information) nals with Lavc (FFmpeg's libavcodec) or x264 markers that are absent from real phone recordings. Combined with a missing GPS coordinate, a capture timestamp in the wrong timezone, and a non-phone device model, this forms a detection profile that automated systems flag within seconds of upload.
The third layer is perceptual hashing—pHash or pdash hashes that algorithms generate from the actual pixel content. This is where visible watermarks like Sora's sparkle corner logo matter. But even here, the metadata layer is what survives re-encoding: strip the C2PA manifest and encoder fingerprints, and you remove the most automated and reliable detection signal.
How Calabi Handles It
Calabi runs a three-stage pipeline that processes your file and returns a forensic proof card showing exactly what changed. The approach is surgical: it strips the AI detection signals and injects authentic phone-capture identity instead of attempting to alter pixels.
Stage 1 — Strip: All C2PA / JUMBF manifests are removed entirely. XMP properties like DigitalSourceType and IllustratorTool are deleted. In video, Lavc and x264 SEI nals are stripped. The result: a raw AI export that might have 144 metadata tags gets reduced to roughly 94 neutral structural tags—the ones any JPEG or MP4 naturally carries.
Stage 2 — Inject: Calabi writes authentic phone-capture identity into the file. You can select a device profile (iPhone 15 Pro, Pixel 8 Pro, Galaxy S24 Ultra) or provide specific metadata. This includes Make, Model, Software version, GPS coordinates, capture timestamp, and a real-phone encoder name. The file now looks structurally identical to one your phone would produce.
Stage 3 — Verify: Before download, you receive a forensic proof card—generated by ExifTool, the same tool newsrooms and platform trust systems use. It shows the before/after state: JUMBF atoms reduced from 18 to 0, C2PA references from 16 to 0, trainedAlgorithmicMedia removed. This isn't marketing; it's the actual output.
What This Actually Changes
The distinction matters: Calabi doesn't change how the image looks. It changes what automated systems read when they scan your upload. A visible watermark like Sora's sparkle logo is a pixel in the corner—cropping removes it. What cropping doesn't remove is the C2PA manifest that says "generated by Sora 1.5." That's what Calabi strips.
For invisible pixel watermarks (notoriously difficult), a re-encode disrupts some patterns but results vary by embedding technique and platform scanning method. The claim here is narrower: Calabi reliably removes the metadata, manifest, and encoder signals that form the backbone of automated AI detection on Instagram, TikTok, YouTube, and Reddit. No tool can guarantee a platform won't flag you—results vary by platform and source model—but stripping the metadata layer removes the most consistent and automated detection signal.
Step-by-Step
- Upload your AI-generated file—image or video. No account required for the free tier.
- Calabi's pipeline runs automatically—stripping C2PA/JUMBF manifests, XMP AI flags, and encoder fingerprints, then injecting phone device identity.
- Review the forensic proof card—see exactly which signals were removed and what was injected, verified by ExifTool output.
- Download the cleaned file—structurally identical to a real phone recording, ready for upload.
FAQ
- Does this work on videos from Runway or Pika? Yes—the pipeline strips H.264/H.265 encoder fingerprints (Lavc, x264 SEI nals) and C2PA manifests that those exports carry. Video processing follows the same strip-and-inject logic as images.
- What if my file already has GPS and timestamp metadata? That's fine—the strip stage removes AI-specific flags regardless. The inject stage then ensures the device profile matches the metadata consistently (e.g., an iPhone 15 Pro wouldn't report a Pixel's software version).
- Can platforms still detect my content after cleaning? Perceptual hashes derived from pixel content may still flag some images, particularly those with strong AI artifacts or visible watermarks. Stripping the metadata layer removes the most automated and reliable detection signal. Results vary by platform and source model.
Browser tools that process files locally solve a real privacy problem—nothing hits a server. But when your export still carries a C2PA manifest that explicitly labels it AI-generated, that privacy advantage evaporates the moment you upload. Calabi closes the metadata gap that local processing leaves open.
→ Try Calabi free at calabilabs.com — 10 cleans, no card.