May 2024: the CEO of WPP, the world's largest advertising agency, takes a video call. The voice, the face, the gestures all check out. The only problem: the person on the other end doesn't exist. It's a deepfake. That scam narrowly failed. A company in Hong Kong was less lucky: in February 2024 it lost $25 million to a faked CFO video call, with every other participant in the conference AI-generated. Attacks like these are known as CEO fraud, and deepfakes take them to a whole new level. In North America, the number of cases rose by 1,740 per cent between 2022 and 2023.
And it isn't just a problem for CEOs. It affects everyone.
Traditional forensic methods give you clues, like fingerprints: helpful, but open to dispute. C2PA signatures work like a DNA match: effectively conclusive, with a collision probability of 2-256. Where clues only yield probabilities, cryptographic signatures give you mathematical certainty. Not absolute, but secure to a degree that is physically impossible to break.
Table of Contents
Verification Tool
Free forensic analysis
What are deepfakes?
Definition and technology
Two Sides of the Coin
Creative use vs. dangers
Conclusion
Key takeaways
Check an image or video – now and for free
Found a suspicious image or video? Check it here in seconds. Our forensic tool analyses media on four levels: metadata, cryptographic signatures (C2PA), technical traces of manipulation, and AI-generated artefacts.
How it works:
- Upload an image or video (or paste a YouTube/Vimeo link)
- The analysis runs automatically, with no registration and no installation
- You get an authenticity score with a detailed breakdown
Echt oder Fake?
So funktioniert's
Laden Sie ein Bild oder Video hoch – wir analysieren es auf 4 Ebenen:
Bild oder Video hier ablegen
JPEG, PNG, WebP, MP4, WebM – max. 20 MB
Beta · Ergebnisse dienen zur Orientierung und sind rechtlich nicht bindend.
How should you read the results?
The authenticity score sums up the forensic indicators on a scale of 0–100%:
| Score | Meaning | Explanation |
|---|---|---|
| 90–100% | Cryptographically verified | C2PA signature validated – mathematically provable origin |
| 75–89% | No indicators | Forensic analysis unremarkable, but no absolute certainty without C2PA |
| 50–74% | Inconclusive | Mixed signals, which can also result from legitimate editing |
| 35–49% | Inconsistencies | Technical anomalies detected; further checking recommended |
| 0–34% | Strong indicators | Multiple signs of manipulation; high probability of forgery |
Direction: the higher the score, the more authentic; the lower the score, the more suspicious. Without a C2PA signature, around 85% is the ceiling.
Sources: C2PA Specification · HFMF: Hierarchical Fusion (WACV 2025) · MIT JPEG Forensics · Visual Counter Turing Test (2024)
Read more: What are deepfakes? · 6 Types · Protective measures
What are deepfakes?
The term blends "Deep Learning" and "Fake". It refers to media (images, videos, audio) that AI has altered or generated entirely from scratch so convincingly that it looks real.
The technology behind it: GANs, Diffusion Models and Autoencoders.
Six types of synthetic media
1. Face Swap
One person's face is swapped for another frame by frame. The AI learns to translate faces into a kind of "mathematical fingerprint" (Latent Space). The Encoder breaks both faces down into these codes, and the Decoder reassembles them, putting Person A's face on Person B's head. This used to require hundreds of photos of both people, as with DeepFaceLab. Today, modern tools like SimSwap need just a single image.
Face Swap in action: A face is seamlessly transferred to another body – Wikimedia Commons / CC BY-SA 4.0
Real vs. DeepFake: Nicolas Cage's face on Elon Musk – how Face Swap works – Wikimedia Commons / CC BY-SA 4.0
WIRED: Researcher explains Face Swap and deepfake technology
Outlook: one-shot face swapping will soon let you swap a face from a single reference image. Current research such as GHOST 2.0 and DynamicFace focuses on temporal consistency in video and preserving identity in extreme poses. Diffusion-based approaches promise even higher quality with less training.
2. Face Reenactment (Facial Expression Transfer)
One person's facial expressions are mapped onto another face: the "puppeteer" technique. Face2Face (Thies et al., Stanford/TU Munich) extracts landmark points from the target face and transfers expressions in real time. The technology makes it possible to put any words in a person's mouth without cloning their voice.
Shakespeare awakens: AI animates historical portrait – Wikimedia Commons / Public Domain
Pharaoh Tutankhamun: 3,300-year-old death mask awakens – Wikimedia Commons / Public Domain
Face2Face: Real-time facial expression transfer – Stanford/TU Munich (CVPR 2016)
Outlook: audio-driven face animation combines speech synthesis with facial animation for fully synthetic video calls. Research on neural head reenactment is improving how extreme head movements are rendered.
3. Voice Clone
AI generates speech in a specific person's voice. Tacotron 2 (Google) and VALL-E (Microsoft) need only a few seconds of audio to produce convincing results. The technology analyses voice characteristics such as pitch, speech rhythm and timbre, then synthesises any text you like in that voice.
Elvis is alive? AI-generated image shows the King in various stages of life – Midjourney / Wikimedia Commons / Public Domain
Prigozhin as AI art: When AI images go more viral than real photos – Wikimedia Commons / CC BY-SA 4.0
ElevenLabs: Cloning voices with a few seconds of audio
Outlook: zero-shot voice cloning copies a voice with no training on the target at all. Emotional voice synthesis adds realistic feeling: joy, sorrow, anger.
4. Lip Sync (Lip Synchronisation)
Lip movements are matched to a different audio track. Wav2Lip (IIIT Hyderabad) maps phonemes to visemes (visual mouth shapes) for frame-accurate synchronisation. Someone appears to "say" things they never said, which is especially dangerous when combined with voice cloning.
StyleGAN faces: These people do not exist – synthetic faces as a basis for Lip Sync – Wikimedia Commons / CC BY-SA 4.0
REAIM 2023: 'Real or Fake?' – Deepfake detection in a military context – Dutch Ministry of Foreign Affairs / CC BY-SA 2.0
Wav2Lip: AI perfectly synchronises lips to any audio
Outlook: high-fidelity lip sync with diffusion models is improving quality dramatically. Multilingual lip sync enables automatic dubbing across language barriers.
5. Full Body Puppetry (Full-Body Control)
One person's body movements are transferred to another, like a digital puppet. The First Order Motion Model (Siarohin et al., University of Trento) extracts keypoints from a driving video and applies them to a static source image. This lets anyone "dance" any routine.
DigiDoug at TED2019: Real-time full-body puppetry – a human controls the digital avatar – Wikimedia Commons / CC BY-SA 4.0
AI caricature: Macron in front of protestors – even stylised images can appear deceptive – Wikimedia Commons / CC BY-SA 4.0
First Order Motion Model: Full-body animation from a single image – University of Trento
Outlook: 3D-aware body motion transfer accounts for depth and perspective. Neural body avatars enable photorealistic full-body deepfakes in real time.
6. Fully Synthetic (Completely Invented)
Entirely invented people, scenes or events. StyleGAN (NVIDIA Research, Karras et al.) and Stable Diffusion generate photorealistic faces of people who never existed. This Person Does Not Exist shows just how convincing they are.
Viral March 2023: Pope in a designer puffer jacket – millions thought it was real – Midjourney / Wikimedia Commons / Public Domain
January 2025: Fake image of the burning Hollywood sign went viral during the wildfires – Wikimedia Commons / Public Domain
StyleGAN: Journey through the latent space – morphing from face to face
Outlook: video diffusion models generate whole clips synthetically. Controllable generation gives precise control over the age, expression and gaze direction of generated faces.
Two Sides of the Coin
A deepfake is a tool, like a knife or a hammer. The technology itself is neutral; what matters is what you do with it.
| Area | Applications |
|---|---|
| Entertainment & Film | Digitally rejuvenating actors, posthumous appearances, lip synchronisation |
| Satire & Art | Political satire, digital art projects, creative experiments |
| Accessibility | Sign language avatars, personalised learning videos, communication aids |
| Gaming & VR | Personalised avatars, realistic NPCs, immersive experiences |
8 million deepfakes are expected to be shared in 2025, up from 500,000 in 2023. According to Europol, up to 90% of online content could be synthetically generated by 2026. The EU Commission estimates that 98% of all deepfakes are pornographic.
Detecting Deepfakes
Perfect deepfakes are rare. Most leave traces, if you know what to look for.
Facial Edges
Look for unnatural transitions between the face and the background. The edges often flicker, or the face seems to float slightly above the body. This is most noticeable during head movements.
Blinking
Early deepfakes never blinked. Newer models are better, but watch for asymmetrical blinking or a fixed, glassy stare.
Lip Synchronicity
Do the mouth movements match the audio exactly? Voice-clone overlays often introduce tiny delays, especially on "p", "b" and "m" sounds.
Shadows & Light
A single light source produces consistent shadows. In composited images, shadows sometimes point in different directions, which is physically impossible.
Eye Reflections
Eyes reflect their surroundings. In deepfakes, the reflections in the left and right eyes sometimes show different scenes.
Hair & Details
Hair is difficult to fake. Look out for unnaturally smooth contours, "melting" strands, or hair passing through objects.
What is metadata?
Metadata is "data about data": invisible information stored inside media files. It often reveals more about an image or video than the visible content does.
| Type | What it contains | Forensic utility |
|---|---|---|
| EXIF (Exchangeable Image File Format) | Camera model, lens, aperture, ISO, exposure time, date/time, GPS coordinates | Shows what a photo was taken with and where. AI-generated images often have no EXIF data or only generic EXIF data. |
| IPTC (International Press Telecommunications Council) | Title, description, keywords, copyright, creator, contact details | Standard for news agencies. Professional photos have comprehensive IPTC data. |
| XMP (Extensible Metadata Platform) | Editing history, software used, presets, versions | Shows how an image was edited. Adobe software writes detailed XMP data. |
| ICC Profile | Colour space (sRGB, Adobe RGB, ProPhoto RGB) | Checking consistency: does the colour space match the purported recording device? |
| Thumbnail | Embedded preview | Sometimes the thumbnail shows the original image prior to manipulation! |
Example EXIF data:
Verification Tools
Reverse Image Search
Upload the image to Google Images, TinEye, or Yandex. Can you find older versions or the origin?
C2PA / Content Credentials
Some cameras and software cryptographically sign media. Tools like Content Authenticity Verify show the editing history.
C2PA – Der kommende Standard
Die Coalition for Content Provenance and Authenticity etabliert einen offenen Standard für kryptografische Mediensignatur. Hardware und Software attestieren Herkunft, Aufnahmezeitpunkt und Bearbeitungshistorie – eine lückenlose Chain of Custody für digitale Medien.
Steering Committee
Adobe
BBC
Google
Meta
Microsoft
OpenAI
Publicis Groupe
Sony
TruepicContent Credentials: The CR Icon
C2PA = technical standard. Content Credentials = visible "CR" icon for users.
What does the CR icon show?
- Who created the media? (Camera, person, AI)
- Which software was used to edit it?
- Was AI used for generation?
- Which editing steps took place?
The trick: All details are cryptographically signed. If someone alters even a single pixel, the signature becomes invalid – manipulation is immediately recognisable.
Logo & Icon: Open Source · Linux Foundation
Check Now
Use our free verification tool at the top of the article to check images and videos for manipulation.
Rule of Thumb
The more important a piece of information is, the more sources you should check. A viral video without a verifiable source warrants scepticism – regardless of how authentic it appears.
Deepfake Detection Skill
Technical documentation for developers: PRNU analysis, IGH classification, DQ artefacts, semantic forensics, and LLM-augmented sensemaking.
What to do?
If you identify a deepfake
- Don't share it — not even "as a warning". Every share extends its reach.
- Check the source — where was the material first published? Is there independent confirmation?
- Report it to the platform — most platforms have reporting tools for manipulated media.
- Document the context — save a screenshot with the timestamp and URL.
If you are affected yourself
If a deepfake depicts you personally:
- Secure the evidence — screenshots, URLs, timestamps
- Contact the platform — request a takedown
- Consider your legal options — in Austria: § 78 UrhG (right to one's own image), § 107c StGB (cyberbullying)
- Get support — Saferinternet.at Helpline, Rat auf Draht (147)
The Future
Generative models are evolving faster than the methods used to detect them. The strategic focus is shifting: away from reactive detection and towards proactive authentication.
C2PA: The New Industry Standard
C2PA (Coalition for Content Provenance and Authenticity) is the technical answer to AI-generated content. The standard works like a tamper-proof digital passport: every edit is cryptographically signed and added to the file's history.
Who uses C2PA today?
- AI Generators: DALL-E 3, Adobe Firefly, Google Gemini – all sign automatically
- Software: Adobe Photoshop/Lightroom save editing steps cryptographically
- Hardware: Leica M11-P, Sony cameras sign immediately upon capture; Nikon and Canon are to follow
- Smartphones: Google Pixel 10 (2025/26) with native support; Samsung Galaxy to follow
- Platforms: Microsoft 365 will introduce mandatory C2PA watermarks for AI content in 2026
In practice: a "cr" icon (Content Credentials) appears on websites. Click it and you see the full history: "Original from camera X, edited with software Y on date Z."
The catch: screenshots and social-media uploads can strip the metadata. That's why invisible watermarks are being developed to work alongside C2PA.
Forecast: within 3 to 5 years, media organisations and public authorities will trust no file that lacks cryptographic proof of origin.
Click loads YouTube (Privacy)
Synthesis Goes Mainstream
Trust in Live Communication Erodes
Probabilistic Forensics
Cryptographic Provenance
Paradigm shift: From reactive detection to proactive authentication
Resources
For Schools & Lessons
Saferinternet.at provides teaching materials on the topic of "True or False on the Internet" – free of charge and tested in practice.
Technical Depth
The webconsulting Deepfake Detection Skill documents forensic methods in detail: PRNU analysis, IGH classification, semantic forensics, and more.
Further Links
| Resource | Description |
|---|---|
| Content Authenticity Initiative | Adobe-led initiative for media provenance |
| C2PA Specification | Technical standard for Content Credentials |
| Saferinternet.at | Austrian platform for a safe internet |
| DeepfakeBench | Academic benchmark for deepfake detection |
C2PA Test Files
Download these official test images from the C2PA Organisation and run them through the forensic tool above. It's the best way to see how C2PA validation works in practice.
These files have intact cryptographic chains, so validation should report "Valid":
Complete chain: Valid Adobe certificate, verified signature, unaltered claims.
Hardware signature: Signed by a C2PA-enabled camera at the time of capture.
How C2PA Validation Works
The cryptographic chain is checked step by step. A file is only considered authentic if all four checks pass. A single break in the chain means the remaining steps can no longer be verified:
Valid C2PA Chain
Manipulated Chain
C2PA validation: Every layer must be intact – one error breaks the chain
All test files are licensed under CC BY-SA 4.0 . Source: c2pa-org/public-testfiles
Conclusion
Deepfakes aren't a vision of the future; they're already here. And the technology is evolving faster than the methods used to detect it.
Clues are like fingerprints (contestable); C2PA is like a DNA match (conclusive).
Specifically, this means:
- Today: use signal analysis and metadata as supporting clues, but don't trust them blindly
- Tomorrow: demand C2PA-verified media from cameras, software and platforms
- Always: critical thinking scales better than any algorithm
Deepfake Detection Skill
The skill in the webconsulting-skills collection documents forensic analysis methods in detail, from sensor fingerprints (PRNU/PCE) and compression artefacts to semantic forensics. Ideal for developers building detection pipelines or anyone wanting to dig deeper.
This article is for information and media-literacy purposes. For legal questions, please consult a qualified expert.