Right, so what you’re chasing:
- Image generated in Gemini
- Shouldn’t get flagged as AI-made downstream
- Want the real mechanism, not SaaS marketing fluff
Reads like you hit a wall of identical “SynthID Remover” sites and bounced over for the real answer. Fair enough — that wall is where everyone gets stuck.
on Instagram, Pinterest, and Facebook — SynthID isn’t even what’s flagging you.
You know how every photo carries hidden tags like camera model, GPS, date taken?
Instagram reads one specific kind of that called C2PA Content Credentials to slap the “Made with AI” label on your post.
SynthID is a different beast — invisible noise woven into the pixels themselves.
Platforms read one. Google’s own detector reads the other. Different doors, different keys.
The full stack of what’s actually checking your images:
|
Layer |
What flags it |
How to handle |
 |
C2PA metadata |
Instagram, Pinterest, Facebook “Made with AI” labels |
exiftool -all= → 10 seconds, free, done |
 |
SynthID pixel watermark |
Google’s own SynthID Detector |
Hard mode — ComfyUI, 16–79% per method |
 |
Platform visual classifier |
Stock sites (Adobe, Shutterstock, Getty) |
Source quality matters more than tricks |
 |
Google neural-hash DB (suspected) |
Google’s internal systems only |
Unbeatable — only counter is don’t use Google |
For 90% of “I don’t want my image labelled AI on Instagram” — you only need layer 1.
Run it through exiftool on the command line, or aimetadatacleaner.com in your browser (stays on your device, nothing uploads).
alias clean='exiftool -all= -overwrite_original'
clean your-image.png
I keep that alias on my Mac and run it on anything before posting. Caught a “Made with AI” label twice last month from Gemini images I’d only lightly touched up in Photoshop. Heads up: older exiftool versions (12.x) sometimes miss the embedded C2PA manifest — mine on 13.30 handles JUMBF blocks fine. Upgrade, or use stripshot.app as a fallback.
The lazier 100% solution: generate with FLUX, Stable Diffusion, or Midjourney instead. None of them embed SynthID. The simplest bypass is not stepping into the trap.
🧨 If you actually need SynthID itself gone — the hard mode (most people don't)
This only matters if the thing checking your image runs Google’s SynthID Detector specifically — which today is basically just Google’s own apps. For Instagram and friends, you’re already done above.
If you need it anyway, three working setups exist as of right now (top two updated within the last 2 weeks):
| Tool |
Strength |
Catch |
00quebec/Synthid-Bypass v2 → drag Synthid-Bypass-v2.0.json onto your ComfyUI canvas |
Best face preservation. Qwen + Canny ControlNet + face-detailer pass. |
Needs 16GB+ VRAM. |
aloshdenny/reverse-SynthID Round 06 → python scripts/dissolve_batch.py --strengths final nuke |
Tested directly against gemini-3.1-flash-image-preview and nano-banana-pro-preview. Spectral subtraction + 7-stage stack. |
Per-model codebook required. |
mertizci/noai-watermark → brew install then one CLI command |
Easiest install. CtrlRegen-based. |
Less polished, works in most cases. |
Honesty check before you commit hours. Aloshdenny — the guy who built reverse-SynthID, after weeks of work and 123k image pairs — writes:
“It’s impossible to remove SynthID 100%, but it is POSSIBLE to remove portions of it, to a point where detection fails.”
His V2 hit only ~16% evasion. Round 06 stacks 7 transformations to climb back near 100%. Single-method attacks (just JPEG, just img2img, just noise) embarrassingly fail. The SaaS removers on Google page 1? Nobody shows receipts.
If your first run on a portrait makes the face look slightly off — that’s normal, not a fail. Drop denoise from 0.2 down to 0.15, or bump the face-detailer strength. Run it again.
The whole field is week-by-week. What defeats today’s Gemini detector might not survive the next quiet patch.
🗺️ Bookmark this for when Google ships SynthID v2
Awesome-GenAI-Watermarking — catalogs every published watermarking scheme and every documented attack against it. When the current methods get patched, the next batch lands here first.
Also worth knowing:
- WAVES benchmark (ICML 2024) — standardized robustness leaderboard across attacks
- linux.do thread 1217816 — the Chinese tinkerer scene led English GitHub by ~3 months on the simplest working method. For future patches, search Chinese-language forums first
You came in chasing one watermark.
Walking out with the full map — and the realisation that three of the four layers are either a one-line fix or a “use a different model” sidestep.