Provenance-First Capture and Review
Trust in Digital Media Is Collapsing.
TotalView preserves integrity and review context. It establishes where footage came from — at the moment of capture — instead of trying to detect fakes after they spread.
The Liar’s Dividend
When anything can be faked, anything real can be denied. The mere existence of deepfakes lets bad actors wave away authentic footage as “AI-generated.”
AI-generated content, edited clips, and algorithmic manipulation have made unbiased review of video evidence nearly impossible. One image, one video, one person rarely tells the full story.
The Shift
Detecting fakes after the fact is a losing race — generation keeps outpacing detection. Proving where a recording came from, at the moment it’s captured, is winnable. That is the shift TotalView makes.
Why, How, and What
Trust in digital media is collapsing. In a world of AI-generated content, edited clips, and competing narratives, people need a way to verify critical footage and understand the broader context of what happened.
TotalView uses the chain of trust methodology to preserve integrity and connect footage across multiple angles.
TotalView is a trusted media capture and review platform. Users record event footage through a mobile app, and can examine that footage through a web-based map organized by time, location, and event context.
How It Works
Five steps turn a recording into a record anyone can check — from capture to offline verification.
- 01
Capture
Recording starts inside a closed ecosystem.
Footage is recorded only through the TotalView app's own camera, in ~30-second chunks. There is no importing, editing, filtering, or deleting — once you hit record, it uploads.
chunk_id: chk_01 duration: ~30s event: evt_intersection_01 media_sha256: e80c2f78…ee2fe10c prevChunkHash: null — first chunk in the recording (chain origin) source: in-app camera only · no edit / delete / filter
- 02
Attest
The device proves it is genuine hardware.
On first launch the device generates hardware-backed keys in the Android Keystore (StrongBox or TEE) and produces a Google-signed attestation chain. The server confirms it is real Android hardware in a verified-boot, non-rooted state before the device is trusted.
attestation chain: leaf → batch → vendor → Google Hardware Attestation Root security_level: STRONGBOX verified_boot: VERIFIED
- 03
Sign
Each chunk is signed and hash-linked.
Every chunk is signed on-device with the hardware-backed signing key and wrapped in a C2PA manifest. A three-tier certificate chain plus a hash link to the previous chunk make any later change tamper-evident.
signing chain (x5chain): TotalView Device chk_01 → TotalView Intermediate CA → TotalView Root CA manifest: c2pa:chk_01 · COSE_Sign1 over claim assertion: org.totalview.device_attestation integrity: chunks hash-linked head → tail (tamper-evident)
- 04
Upload
Footage moves with store-and-forward.
Signed chunks upload automatically through a resilient queue. If the network drops, the chunk waits and retries — nothing is held back or altered.
POST /api/v1/upload Authorization: Bearer enroll_tok_alex_active queue: pending → uploading → confirmed on failure: retry with backoff (retryCount)
- 05
Verify
Anyone can verify the result, offline.
Using the file plus two public trust anchors — the TotalView Root CA and Google's attestation root — anyone can verify a chunk without contacting TotalView. Verification reports one of four states: Valid, Software-only, Expired, or Invalid.
trust anchors: TotalView Root CA · Google Attestation Root timestamp: RFC-3161 (DigiCert) states: Valid · Software · Expired · Invalid offline-verifiable: yes
The Trust Model
Provenance answers four questions about a recording, and reports one of four honest states. TotalView establishes who recorded a clip, that it has not been altered, and when and where it was captured — it does not decide whether what the footage shows is true.
The Four Questions
Captured by a hardware-attested TotalView device.
The footage has not been modified since capture.
A trusted RFC-3161 timestamp records the capture time.
Location is captured with accuracy (e.g. ±6.8 m).
Four Honest States
Signature valid · integrity verified · hardware attestation · cert in date.
Signature valid, but no hardware backing (emulator). Integrity may still hold.
Valid at signing; the 7-day cert has lapsed.
Signature or integrity check failed.
Built on Open Standards
Many Angles, One Event
The Full Picture
One event, captured from many angles. Each witness records independently — TotalView lines those captures up by time and location, so a moment can be reviewed from every verified vantage point, not just the one clip that spread the fastest.
Downtown Intersection Incident
Many independent angles of one event, aligned by time and location — reviewed in full in the demo.
Open This Event in the DemoPhilosophy
No editing footage, no filters, no deleting footage, no content from outside the ecosystem; once you hit record it uploads — integrity and transparency [are] everything.
Where TotalView Fits
TotalView establishes where footage came from at the moment of capture — a different job from the tools that try to spot fakes after the fact.
Who It's For
- 01 Open CaptureRecords in-app; no importing, editing, or deleting.
- 02 Record the MomentA ~30-second chunk with location and a hardware-attested device.
- 03 Saved SecurelyStore-and-forward queues and uploads it; nothing is held back.
- 04 Verified in the LibraryThe chunk lands with a Valid badge, ready to share.
Alex never edits or selects. The moment he stops recording, the chunk is signed on the device and queued for upload — so by the time it is shared, it already carries its provenance: who captured it, that it is unaltered, and when and where it happened.
- 01 Open the MapPins and geofences show captures by time and place.
- 02 Find the EventThe timeline narrows to the incident window.
- 03 Open an AngleOne of several independent angles of the same moment.
- 04 Verify in SecondsA Valid result with trust anchors, offline-verifiable.
- 05 Read the ManifestThe C2PA manifest: assertions, signing chain, timestamp.
Maya does not take footage on faith. She checks it against public trust anchors offline, reads the C2PA manifest, and reaches a verdict in seconds instead of the hours manual review would take.
The Honest Boundary
What TotalView Does — and Doesn't
No. TotalView establishes provenance at capture — where a recording came from — instead of analyzing footage afterward to guess whether it is fake. Detecting fakes is a losing race; proving origin is the winnable problem.
No. TotalView preserves integrity and review context. It does not claim to be court-ready or admissible, and it does not assert that what footage shows is true.
Those focus on forensic analysis, open-source capture, or closed public-safety ecosystems. TotalView combines provenance-first capture and multi-angle review in one closed ecosystem, so origin and context travel with the footage.
Yes. Using the file plus two public trust anchors — the TotalView Root CA and Google's attestation root — anyone can verify a clip offline, without contacting TotalView.
No — changes are tamper-evident. The C2PA signature and the hash link between chunks reveal any modification after capture.
That a clip's provenance is intact: who captured it, that it is unaltered, and when and where it was recorded. It does not decide what the footage means or whether the events it shows are true.