[danShumway]

Agreed, but at that point, why have the edits anymore; particularly if you expect people to actually check.

Obscuring faces for privacy, cropping would no longer work. And even minor touchups like lighting would be of questionable value since you're expecting users not to look at the edited photo or at least to primarily look at the edited photo next to the original.

I suspect in practice that doing edits on top of a signed photo would be basically the same as not having editing capability at all; and even that's assuming users would compare the edited and non-edited versions at all, which is not a safe assumption in my mind given how hard it is to even get people to click into a full article past the headline.

[AnthonyMouse]

The value isn't that the users are going to do it under normal circumstances. They would see the edited photo. You'd only care about the signature if its provenance came into question.

You could also handle cropping and omissions by having the original device sign the picture as a grid of individual tiles. Then you could omit some and still prove that the others are original.

[danShumway]

I'm still skeptical that this would end up working well in practice, but I do want to say:

> You could also handle cropping and omissions by having the original device sign the picture as a grid of individual tiles.

is a pretty good idea, I like that quite a lot. Not saying it means I'm on board with signatures overall (I mean, we're still in agreement that this would require locking down devices to at least some degree) but I do think that's an elegant solution for the cropping/censoring part of it.