How to prove a picture was taken before a certain date?

In general, the problem of Secure Timestamping is actually a complex topic with no single right answer. There are two general approaches: 1) a trusted "Timestamping Authority" keeps logs of when stuff happened and everybody believes them because that's literally their job. 2) Using cryptography in some way. In general the crypto approaches don't work very well and can only prove that photo A was logged before photo B, but not the exact time.

There are lots of companies on the market who offer timestamping services based on one of these two approaches. How much you want to trust them depends on how transparent the company is with their practices, and what local law apply.

So, for your situation: it sounds like somebody is requiring you to do this (maybe for legal reasons?). You should find out level of trust they need in the timstamping authority. What you have come up with is to use Picassa or Flickr as a trusted Timestamping Authority. Depending on what you need the timestamp for, that might be ok. For example, if it's your friend to win a bet, then the upload time on Picassa or Flickr is probably fine. If this is to prove ownership of multi-billion dollar real estate holdings, then you may want to involve a notary.

Basically, ask yourself this question: is the dollar value that you stand to gain or lose greater than what it would cost to hack or bribe Picassa into changing a timestamp? If no then you're fine. If yes, then you need a more official timestamping service.

You can use the Bitcoin blockchain for that.

Create a file with both your original file (in case of text it can be inline, otherwise use a container like a ZIP archive) as well as a message stating who you are and that you have a copy of the file. Take the SHA1 of the resulting file/container and use it as a Bitcoin address to send some coins to. This will permanently store the hash in the blockchain with a timestamp precise up to a few hours.

This is anonymous and doesn't reveal anything about the file, but when the time comes you can just reveal the hashed file as well as the hash and anyone can verify the timestamp independently.

Yes - if the person you want to prove it to trusts the service not change the timestamps.

This is an excellent question - one that has been asked and answered, in various forms, since at least Galileo's time:

Early astronomers used anagrams [...] to lay claim to new discoveries before their results were ready for publication. Galileo used smaismrmilmepoetaleumibunenugttauiras for Altissimum planetam tergeminum observavi ("I have observed the most distant planet to have a triple form") for discovering the rings of Saturn.

Nowadays, this process is usually called trusted timestamping, and usually works with a commitment scheme, very much like Galileo's anagram. On digital media (text, pictures, video), the commitment is usually the result of applying a hash function to the original.

While the process of deriving a commitment is very much a solved problem, it's only a part of the process. Often, the difficult part is knowing to whom do you want to prove the timestamp.

For example, let's say you want to prove to a person P that you've taken a picture at time T. If you know that ahead of time, it's trivial: just derive a commitment C at time T and send it to P directly.

However, if you only learn who the person is after you've taken the picture, this is much harder - because you need to know, ahead of time, who (or what) the person trusts without knowing who the person is.

If you have absolutely no idea who P is, a good compromise is to send your commitment to entities a lot of people trust

Now let's put all that we've learned to practice!

Step 1 - derive a commitment

• 1.1 - Choose a cryptographic hash function. SHA-512 is as popular and secure as it gets for 2016.

• 1.2 - Get software for your computer that enables you to calculate the hash. Quick Hash GUI is open source and works on Windows, Mac and Linux. If you're a command line user, you can just type sha512sum.

• 1.3 - Calculate the file hash, and save both the hash and a copy of the file. Be aware that many tools for viewing pictures can corrupt the file, making the hash change. The same is true for (non-plain) text and, to a lesser degree, video.

• 1.4 - You'll need to keep the original copy until you make the proof. This is easier said than done - see this article

Step 2 - distributing the commitment

If you want to be as safe as possible, just go for a shotgun approach:

• Send it over a reputable email service (where you can't edit your messages after sending them).
• Publish it on a reputable blog or forum service (that doesn't allow silent editing of posts)
• Publish it on a blockchain, such as Bitcoin, if you suspect P will be technically able to read it (or willing to get someone they trust to do it)
• Ask a notary

Obviously, if you don't care about the confidentiality of the photo itself, you can send the photo instead of the commitment - use a reputable photo hosting service, like you mention.

Send the photos via email to gmail and another mail service provider using your mobile phone. The IP address of your mobile phone and timestamp embeded in the emails should be good enough as a proof.

From the other answers: you need a timestamping authority. Whatever you decide you use, keep in mind that the first requirement is that it has to survive until the time when you need to prove your claim. If they pull a Geocities and disappear, you are out of luck.

From this point of view, I would consider Bitcoin to be the most reliable long-term solution. Even if it were to disappear, there are good chances that the blockchain will be available for download somewhere.

Make a git repository on github (it wont let you date back commits in any way), upload either the pictures or their hashes if you don't want to share them yet. Anybody can see exactly when the commits were made from that point.