Phenom Drop

C2PA verification-gated media upload portal for UAP content submissions.

Categories:

Phenom Drop

Phenom Drop is the secure intake gateway for The Phenom App’s UAP evidence pipeline. Media must pass C2PA content credential verification before it can be uploaded. AI-generated content is automatically detected and blocked.

Overview

Phenom Drop (drop.thephenom.app) enforces cryptographic verification of media provenance before allowing upload to the Phenom backend. It uses the C2PA (Coalition for Content Provenance and Authenticity) standard to verify that submitted media:

Contains valid content credentials (C2PA manifests)
Has an intact cryptographic signature
Was signed by a trusted certificate authority
Was not generated by AI tools

All verification happens entirely in the browser — no media data leaves the user’s device during the verification step.

Repository

GitHub: Phenom-earth/phenom-drop
Docker Hub: applepublicdotcom/phenom-drop

Technology Stack

Component	Technology
Framework	React 18 + TypeScript 5 (Strict Mode)
Build Tool	Vite 5
Styling	Tailwind CSS 3
C2PA SDK	`@contentauth/c2pa-web` 0.6.0 (WebAssembly)
Hosting	Docker (nginx Alpine)
Upload Backend	AWS S3 pre-signed URLs via Lambda

Three-Step Verification Flow

Step 1: Select Media

Users drag-and-drop or browse for image or video files. The portal accepts any media format supported by the C2PA specification including JPEG, PNG, HEIC, TIFF, WebP, MP4, and MOV.

Step 2: Verify Content Credentials

The file is analyzed using the @contentauth/c2pa-web SDK:

C2PA Manifest Parsing — Extracts the manifest store, active manifest, claim generator, signature info, ingredients, and validation results
Cryptographic Signature Validation — Verifies the content signature is intact and the file has not been modified since signing
Trust Anchor Verification — Checks the signing certificate against a bundled PEM trust anchor list
RFC 3161 Timestamp Validation — Accepts files with expired signing certificates if they contain a valid trusted timestamp from before expiry
AI Content Detection — Scans claim generators, IPTC digitalSourceType fields, and C2PA assertion labels for 20+ known AI generation tools

After verification, users receive:

A verification status badge (Trusted, Valid, Invalid, or Unsigned)
Detailed signature and signer information
Status pills for Signature, Trust, and Timestamp validity

Step 3: Upload or Block

Authentic media (valid C2PA + not AI-generated) proceeds to a password-protected upload
AI-generated content is blocked with a detailed alert showing the specific AI tool and source type
Invalid or unsigned files are rejected with an explanation

AI Content Detection

Phenom Drop rejects AI-generated media to ensure only authentic, device-captured content enters the UAP evidence pipeline. Detection is based exclusively on C2PA manifest data — no external API calls or ML inference required.

Detection Methods

Claim Generator Matching — The claim_generator field is checked against 20+ known AI tool patterns
IPTC Digital Source Type — Actions are checked for trainedAlgorithmicMedia, compositeWithTrainedAlgorithmicMedia, and algorithmicallyEnhanced source types
AI Assertion Labels — C2PA assertions are checked for com.adobe.generative-ai, c2pa.ai_generative_training, and related labels
Software Agent Matching — Individual action softwareAgent fields are checked against the AI generator database

Detected AI Generators

The following tools are detected when declared in C2PA metadata:

Adobe Firefly, DALL-E (OpenAI), Stable Diffusion, Midjourney, Sora (OpenAI), Runway ML, Bing Image Creator, Google Imagen, Amazon Titan, Leonardo AI, Ideogram, FLUX (Black Forest Labs), NightCafe, Canva AI, Pika, Kling AI, HeyGen, ChatGPT, Microsoft Copilot Designer, Grok (xAI), Google Gemini, Typecast AI.

Block Alert UI

When AI content is detected, the upload is blocked and the user sees:

AI Source — The specific tool(s) identified (e.g., “Adobe Firefly”, “DALL-E (OpenAI)”)
Source Type — The IPTC classification (e.g., “Fully AI-generated content”)
The verification badge and certificate are still generated for informational purposes

Verification Proof System

After successful verification, Phenom Drop provides two forms of portable proof:

Verifieddit Badge

An SVG badge showing the verification status. Available in the “classic” style with four status variants:

Status	Color	Meaning
Trusted	Green	Valid signature + trusted certificate authority
Valid	Amber	Valid signature but signer not in trust list
Invalid	Red	Signature integrity failure
Unsigned	Gray	No C2PA credentials found

Badges can be downloaded as SVG files for embedding in reports, publications, or evidence documentation.

PDF Verification Certificate

A comprehensive printable certificate generated via the browser’s print dialog containing:

File information (name, type, size)
C2PA provenance details (signer, claim generator, signed date, ingredients)
AI detection status (if applicable)
SHA-256 file integrity hash
Shareable proof link via ddit.wtf

Certificates are branded “Submitted via Phenom Drop — Verified by Verifieddit.”

Verifieddit.com Integration

Phenom Drop registers each verification with verifieddit.com under the Phenom LLC organizational account:

Authentication — Service API key via X-Service-Key header (no user-facing login)
Registration — File hash, C2PA status, signer details, and AI detection results are submitted
Short URLs — Each verification receives a shareable proof link via the ddit.wtf short URL service
Tracking — All verifications are attributed to the Phenom LLC account for audit and compliance

The integration is non-blocking: if verifieddit.com is unavailable, local verification and upload functionality continues to work normally.

Privacy Architecture

Phenom Drop follows a strict privacy-first architecture:

Operation	Location	Data Sent
C2PA verification	Browser (WASM)	None
AI content detection	Browser	None
File hashing	Browser (Web Crypto)	None
Badge generation	Browser (SVG)	None
Certificate generation	Browser (HTML/Print)	None
Verification registration	verifieddit.com API	Metadata only (hash, status, signer)
File upload	AWS S3	File binary (after verification)

No media data is sent to any server during the verification step. Only after verification completes is minimal metadata registered with verifieddit.com, and only the file binary is uploaded to S3.

Deployment

Docker Hub

docker build -t applepublicdotcom/phenom-drop:testing .
docker push applepublicdotcom/phenom-drop:testing

NAS Testing Environment

The testing instance runs on the Phenom NAS infrastructure:

docker pull applepublicdotcom/phenom-drop:testing
docker run -d --name phenom-drop -p 83:80 --restart unless-stopped applepublicdotcom/phenom-drop:testing

Environment Variables

Variable	Description	Required
`VITE_UPLOAD_API_ENDPOINT`	S3 pre-signed URL generation endpoint	No (has default)
`VITE_VERIFIEDDIT_API_KEY`	Service API key for verifieddit.com	No (graceful fallback)

File Structure

phenom-drop/
├── src/
│   ├── App.tsx                          # Main 3-step flow + AI gate + proof section
│   ├── main.tsx                         # Entry point
│   ├── index.css                        # Tailwind + custom theme
│   ├── vite-env.d.ts                    # Environment variable types
│   ├── types/
│   │   └── metadata.ts                  # TypeScript interfaces
│   └── utils/
│       ├── c2paExtractor.ts             # Deep C2PA manifest metadata extraction
│       ├── c2paParser.ts                # Core C2PA parsing and validation
│       ├── c2paTimestampValidator.ts    # RFC 3161 timestamp + signature validation
│       ├── certificateValidator.ts      # X.509 certificate chain validation
│       ├── aiContentDetector.ts         # AI content detection (20+ generators)
│       ├── generateBadge.ts             # SVG badge generation (4 statuses, 3 styles)
│       ├── exportCertificate.ts         # PDF verification certificate
│       ├── computeFileHash.ts           # SHA-256 file hashing (Web Crypto API)
│       ├── verifiedditApi.ts            # Verifieddit.com service API client
│       └── validationExplanations.ts    # Human-readable validation status codes
├── public/
│   ├── c2pa.wasm                        # C2PA WebAssembly binary
│   └── c2pa-trust-list.pem             # Trust anchor certificates
├── Dockerfile                           # Multi-stage build (Node 18 + nginx)
├── nginx.conf                           # SPA fallback + cache headers
├── package.json
├── tsconfig.json
├── vite.config.ts
└── tailwind.config.js

Project	Relationship
Peregrine	Mobile app that captures UAP media with device sensors
Phenom Backend	Backend services including S3 upload infrastructure
Phenom Infrastructure	NAS hosting, Docker networking, deployment automation
verifieddit.com	C2PA verification platform providing badge and certificate systems

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.