15Redstones

joined 1 year ago
[โ€“] 15Redstones@sh.itjust.works 1 points 11 months ago

In this case you'd still need a way to know who the photographer is and whether they can be trusted. The photographer at the beginning of the chain can sign anything, regardless of if it's a real photograph or edited (or a real photograph of a staged scene with fake location/time data). The cryptography system could only tell you that the image originates with the same person or organisation who is associated with a specific cryptographic key.

[โ€“] 15Redstones@sh.itjust.works 2 points 11 months ago (2 children)

How would they be made secure against faking?

If the cryptographic key itself was extractable, it'd be easy to sign fake images with just a bit of custom software.

If it isn't, there's still workarounds. Buy a professional photography camera, disassemble it, extract the chip that does the signature, feed it fake GPS and image data, and you have a modified image signed as legit. A country's intelligence agency could easily do that.

Even if the camera was made completely unmodifiable, you could put it in a Faraday cage, feed it a spoofed GPS signal for fake date/time/location data, and take a picture of a high resolution screen showing your photoshopped image.

Building a system where end users are told "this image is cryptographically confirmed to be legit" just makes it easier to convince users that your fake images are legit.