Browser-based C2PA remover

Most C2PA tooling is desktop-only and ships through Adobe Bridge, c2patool CLI, or commercial pipelines that re-upload your file. GhostMeta is the simple alternative: a pure-browser C2PA remover that detects the JUMBF box, identifies the claim_generator (Sora, Midjourney, Adobe, OpenAI, Google), and strips the manifest via canvas re-encode in milliseconds. No account, no upload, no install. Open the page, drop your image, download a clean copy. Because everything runs client-side, the tool works fully offline — load the page once, switch on airplane mode, and you can still process files, which is the surest proof nothing is uploaded. This matters for the common case of cleaning a screenshot or marketplace listing image on a work laptop where a desktop install or an outbound upload is blocked by IT policy. After stripping, you can confirm the result by re-opening the clean file in any public Content Credentials viewer (contentcredentials.org/verify): a stripped image returns "no Content Credentials found" instead of the original manifest.

FAQ

How does this differ from Adobe's c2patool?

c2patool is a CLI binary that runs locally but requires installation and a Rust toolchain. GhostMeta runs in any modern browser without install. For batch ops c2patool is faster; for one-off cleanup GhostMeta is friction-free.

Does the manifest reattach if I save the image again?

Only if the saving tool re-adds it (Photoshop with Content Credentials enabled, Adobe Bridge, etc). A normal Windows/macOS Save As keeps the file clean.

What formats are supported for C2PA strip?

JPEG (APP11 segment) and PNG (caBX chunk) in v1. WebP and HEIC support is in progress.

What exactly is inside the JUMBF box that gets removed?

A C2PA manifest is stored in a JUMBF (JPEG Universal Metadata Box Format) container holding a claim, an assertion store, and a cryptographic signature. The claim references a content_binding hash of the image bytes; the assertions list the generator, edits, and timestamps; the signature is the producer's certificate chain. GhostMeta drops the whole JUMBF structure during canvas re-encode rather than editing individual boxes, so no partial manifest fragment is left behind.

Why is a browser tool more auditable than a desktop one?

You can open your browser's developer tools, watch the Network tab while you process a file, and confirm zero outbound requests are made. With a desktop binary or a server-side API you have to trust a privacy policy instead of observing the behavior. The processing happens via the Canvas API on the page you already loaded, so the network panel staying empty is direct, reproducible evidence.

Will a stripped image still display and upload normally everywhere?

Yes. Removing the C2PA manifest only deletes the metadata layer; the decoded pixels are re-encoded to a standard JPEG or PNG that opens, displays, and uploads like any ordinary image. Content Credentials are optional provenance data, not a format requirement, so a clean file is not rejected by viewers or upload forms — a C2PA viewer simply reports no credentials present instead of the original signature.