Click the padlock in your browser, and you’ll be able to see that this webpage (if you’re using lemmy.world) was encrypted by a server that has been verified by Google Trust Services to be a server which is controlled by lemmy.world. In addition, your browser will remember that… and if you get a page from the same server that has been verified by another cloud provider, the browser (should) flag that and warn you it might be

The idea is you’ll be able to view metadata on an image and see that it comes from a source that has been verified by a third party such as Google Trust Services.

How it works, mathematically… well, look up “asymmetric cryptography and hashing”. It gets pretty complicated and there are a few different mathematical approaches. Basically though, the white house will have a key, that they will not share with anyone, and only that key can be used to authorise the metadata. Even Google Trust Services (or whatever cloud provider you use) does not have the key.

There’s been a lot of effort to detect fake images, but that’s really never going to work reliably. Proving an image is valid, however… that can be done with pretty good reliability.