this post was submitted on 11 Feb 2024
643 points (97.9% liked)

Technology

59596 readers
3431 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

The White House wants to 'cryptographically verify' videos of Joe Biden so viewers don't mistake them for AI deepfakes::Biden's AI advisor Ben Buchanan said a method of clearly verifying White House releases is "in the works."

you are viewing a single comment's thread
view the rest of the comments
[–] cynar@lemmy.world 16 points 9 months ago (4 children)

It needs to be more general. A video should have multiple signatures. Each signature relies on the signer's reputation, which works both ways. It won't help those who don't care about their reputation, but will for those that do.

A photographer who passes off a fake photo as real will have their reputation hit, if they are caught out. The paper that published it will also take a hit. It's therefore in the paper's interest to figure out how trustworthy the supplier is.

I believe canon recently announced a camera that cryptographically signs photographs, at the point of creation. At that point, the photographer can prove the camera, the editor can prove the photographer, the paper can prove the editor, and the reader can prove the newspaper. If done right, the final viewer can also prove the whole chain, semi-independently. It won't be perfect (far from it) but might be the best will get. Each party wants to protect their reputation, and so has a vested interest in catching fraud.

For this to work, we need a reliable way to sign images multiple times, as well as (optionally) encode an edit history into it. We also need a quick way to match cryptographic keys to a public key.

An option to upload a time stamped key to a trusted 3rd party would also be of significant benefit. Ironically, Blockchain might actually be a good use for this. In case a trusted 3rd can't be established.

[–] JasSmith@sh.itjust.works 6 points 9 months ago (1 children)

Great points and I agree. I also think the signature needs to be built into the stream in a continuous fashion so that snippets can still be authenticated.

[–] cynar@lemmy.world 3 points 9 months ago (1 children)

Agreed. Embed a per-frame signature it into every key frame when encoding. Also include the video file time-stamp. This will mean any clip longer than around 1 second will include at least 1 signed frame.

[–] Natanael@slrpnk.net 1 points 9 months ago

Merkle tree hashes exists for this purpose

Note that videos uses "keyframes" so you can't extract arbitrary frames in isolation, you need to pull multiple if the frame you're snapshotting isn't a keyframe itself

[–] General_Effort@lemmy.world 5 points 9 months ago (1 children)

I don't think that's practical or particularly desirable.

Today, when you buy something, EG a phone, the brand guarantees the quality of the product, and the seller guarantees the logistics chain (that it's unused, not stolen, not faked, not damaged in transport, ...). The typical buyer does not care about the parts used, the assembly factory, etc.

When a news source publishes media, they vouch for it. That's what they are paid for (as it were). If the final viewer is expected to check the chain, they are asked to do the job of skilled professionals for free. Do-your-own-research rarely works out, even for well-educated people. Besides, in important cases, the whole chain will not be public to protect sources.

[–] cynar@lemmy.world 5 points 9 months ago

It wouldn't be intended for day to day use. It's intended as a audit trail/chain of custody. Think of it more akin to a git history. As a user, you generally don't care, however it can be excellent for retrospective analysis, when someone/something does screw up.

You would obviously be able to strip it out, but having it as a default would be helpful with openness.

[–] LarmyOfLone@lemm.ee 3 points 9 months ago

I've thought about this too but I'm not sure this would work. First you could hack the firmware of a cryptographically signed camera. I already read something about a camera like this that was hacked and the private key leaked. You could have an individual key for each camera and then revoke it maybe.

But you could also photograph a monitor or something like that, like a specifically altered camera lens.

Ultimately you'd probably need something like quantum entangled photon encoding to prove that the photons captured by the sensor were real photons and not fake photons. Like capturing a light field or capturing a spectrum of photons. Not sure if that is even remotely possible but it sounds cool haha.

[–] Natanael@slrpnk.net 1 points 9 months ago

Look up transparency logs for that last part, it's already used for TLS certificates