Why not go with some kind of certificate chain instead?
Here’s the image… signed… here’s who signed it.
Is it for edit/changes?
Here’s an image that was edited based on an earlier image. Here’s who signed that… and it’s base images hash which can then be looked up if they decided to see what those images were?
That only works if everyone plays by the rules. Literally everyone.
Here’s the image, signed. Here’s an unauthorized copy of the image or copy of a portion of the image, with the pixels extracted and saved as a .jpeg with none of the identifying signature or certificate data. Here’s that same image posted to 4chan and reddit.
A certificate chain would only work if every image displaying piece of software in the world not only played by its rules, but were also incapable of displaying or modifying an unsigned image. I don’t think I have to spell out for you what kind of nightmare that would be.
Yes, if it’s truly metadata that’s not in the image itself. For instance, it could theoretically be digitally watermarked (this technology already exists, actually) in a manner that humans can’t see or is tough to notice, but an algorithm looking for it can spot. That can be defeated, too, although depending on the robustness of the watermark technology it may take more effort.
The output loophole always exists: Any time you produce any output capable of being understood by a human (eyes, ears, both…) somebody can record and reproduce it. Probably not bit-for-bit, pixel-for-pixel, but you can always point a camera at the screen. (Or put your screen face down on a flatbed scanner that’s had its lightbar defeated, or put a microphone in front of the speakers, or…)
That is the metadata solution tied to the image itself. It doesn’t work because all I have to do is strip the metadata. This is why there is almost a ritualistic worship of certs in software development and internet traffic.
The key is that you need the validation to be decoupled from the image. Computer Vision is pretty much perfect f or this and is why I specifically referenced how DMCA violations are detected now. Google and Amazon do the scan, not the end user.
I think that’s not the problem that this technology is intended to solve.
It’s not a “Is this picture copied from someone else?” technology. It’s a “Did a human take this picture, and did anyone modify it?” technology.
Eg: Photographer Bob takes a picture of Famous Fiona driving her camaro and posts it online with this metadata. Attacker Andy uses photo editing tools to make it look like Fiona just ran over a child. Maybe his skills are so good that the edits are undetectable.
Andy has two choices: Strip the metadata, or keep it.
If Andy keeps the metadata, anyone looking at his image can see that it was originally taken by Bob, and that Fiona never ran over a child.
If Andy strips the metadata (and if this technology is widely accessible and accepted by social media, news sites, and everyday people) then anyone looking at the image can say “You can’t prove this image was actually taken. Without further evidence I must assume that it’s faked”.
I think spinning this as a tool to fight AI is just clickbait because AI is hot in the news. It’s about provenance and limiting misinformation.
Because the vast majority of “paparazzi” and controversy pictures aren’t taken by Jake Gyllenhal. They are taken by randos on the street with phones who when sell their picture to TMZ or whatever.
And they aren’t going to be paying for an expensive leica camera. And samsung and apple aren’t going to be licensing that tech.
5.1, 5.2, 5.3, 5.5, and 5.6 all require basically universal adoption for this to at all be useful. And 5.4 and 5.7 (as well as many of the rest) already fall apart once you realize this is metadata that people have to opt in to keeping. 5.4 in particular feels like it is prone to breaking if there are edits in a video for flow or to remove sensitive information.
Much like “The Blockchain” and NFTs, this sort of touches on an issue but is a horrendously bad and pointless implementation.
I don’t quite get why some of those cases require universal adoption. News photos: You just need one big news company to say “we’re giving all our photographers a camera with this tech” and then it serves its purpose.
You see a headline “SHOCKING photo published by MegaNewsCorp will send you into a coma!” then you can validate that it came from a MegaNewsCorp photographer. If you trust MegaNewsCorp, then the tech has done its job. If you didn’t trust MegaNewsCorp already, then this tech changes nothing. I think there is moderate value in that, overall.
The story of this tech is getting picked up and thrown around by bad tech journalism, being game-of-telephone’d into some kind of game changer.
Plenty of open standard live and die by whether or not one big player decides to adopt them.
… I literally just explained that a lot of those photos are crowd sourced. Which gets back to needing more or less universal adoption. And even then: Maybe I’ll give CNN a picture of a republican beating a child if I can strip the metadata. I am not giving that if it is going to trace back to me.
So then news orgs who care about provenance have to stop copying social media posts and treating them like well-researched journalism. Seems like a win to me.
This is nothing like a block chain. Blockchains are distributed and assume 0 trust in any actor. This is just a database that you have to have full trust in. Literally the opposite.
Why not go with some kind of certificate chain instead?
Here’s the image… signed… here’s who signed it.
Is it for edit/changes?
Here’s an image that was edited based on an earlier image. Here’s who signed that… and it’s base images hash which can then be looked up if they decided to see what those images were?
That only works if everyone plays by the rules. Literally everyone.
Here’s the image, signed. Here’s an unauthorized copy of the image or copy of a portion of the image, with the pixels extracted and saved as a .jpeg with none of the identifying signature or certificate data. Here’s that same image posted to 4chan and reddit.
A certificate chain would only work if every image displaying piece of software in the world not only played by its rules, but were also incapable of displaying or modifying an unsigned image. I don’t think I have to spell out for you what kind of nightmare that would be.
Basically, screenshots bypass any security built into the Metadata?
Double checking as I assume that is the case but don’t know for certain.
Yes, if it’s truly metadata that’s not in the image itself. For instance, it could theoretically be digitally watermarked (this technology already exists, actually) in a manner that humans can’t see or is tough to notice, but an algorithm looking for it can spot. That can be defeated, too, although depending on the robustness of the watermark technology it may take more effort.
The output loophole always exists: Any time you produce any output capable of being understood by a human (eyes, ears, both…) somebody can record and reproduce it. Probably not bit-for-bit, pixel-for-pixel, but you can always point a camera at the screen. (Or put your screen face down on a flatbed scanner that’s had its lightbar defeated, or put a microphone in front of the speakers, or…)
That is the metadata solution tied to the image itself. It doesn’t work because all I have to do is strip the metadata. This is why there is almost a ritualistic worship of certs in software development and internet traffic.
The key is that you need the validation to be decoupled from the image. Computer Vision is pretty much perfect f or this and is why I specifically referenced how DMCA violations are detected now. Google and Amazon do the scan, not the end user.
I think that’s not the problem that this technology is intended to solve.
It’s not a “Is this picture copied from someone else?” technology. It’s a “Did a human take this picture, and did anyone modify it?” technology.
Eg: Photographer Bob takes a picture of Famous Fiona driving her camaro and posts it online with this metadata. Attacker Andy uses photo editing tools to make it look like Fiona just ran over a child. Maybe his skills are so good that the edits are undetectable.
Andy has two choices: Strip the metadata, or keep it.
If Andy keeps the metadata, anyone looking at his image can see that it was originally taken by Bob, and that Fiona never ran over a child.
If Andy strips the metadata (and if this technology is widely accessible and accepted by social media, news sites, and everyday people) then anyone looking at the image can say “You can’t prove this image was actually taken. Without further evidence I must assume that it’s faked”.
I think spinning this as a tool to fight AI is just clickbait because AI is hot in the news. It’s about provenance and limiting misinformation.
Which does not solve that at all
Because the vast majority of “paparazzi” and controversy pictures aren’t taken by Jake Gyllenhal. They are taken by randos on the street with phones who when sell their picture to TMZ or whatever.
And they aren’t going to be paying for an expensive leica camera. And samsung and apple aren’t going to be licensing that tech.
There’s no accounting for adoption, true. Seems like the use cases still have value though: https://c2pa.org/specifications/specifications/1.3/explainer/Explainer.html#_use_case_examples
As for licensing, the specs are released under Creative Commons, so anyone should be able to implement it.
People can write whatever they want
5.1, 5.2, 5.3, 5.5, and 5.6 all require basically universal adoption for this to at all be useful. And 5.4 and 5.7 (as well as many of the rest) already fall apart once you realize this is metadata that people have to opt in to keeping. 5.4 in particular feels like it is prone to breaking if there are edits in a video for flow or to remove sensitive information.
Much like “The Blockchain” and NFTs, this sort of touches on an issue but is a horrendously bad and pointless implementation.
I don’t quite get why some of those cases require universal adoption. News photos: You just need one big news company to say “we’re giving all our photographers a camera with this tech” and then it serves its purpose.
You see a headline “SHOCKING photo published by MegaNewsCorp will send you into a coma!” then you can validate that it came from a MegaNewsCorp photographer. If you trust MegaNewsCorp, then the tech has done its job. If you didn’t trust MegaNewsCorp already, then this tech changes nothing. I think there is moderate value in that, overall.
The story of this tech is getting picked up and thrown around by bad tech journalism, being game-of-telephone’d into some kind of game changer.
Plenty of open standard live and die by whether or not one big player decides to adopt them.
… I literally just explained that a lot of those photos are crowd sourced. Which gets back to needing more or less universal adoption. And even then: Maybe I’ll give CNN a picture of a republican beating a child if I can strip the metadata. I am not giving that if it is going to trace back to me.
So then news orgs who care about provenance have to stop copying social media posts and treating them like well-researched journalism. Seems like a win to me.
Well, that’s exactly what a Blockchain is. Just in public and not part of the image itself.
This is nothing like a block chain. Blockchains are distributed and assume 0 trust in any actor. This is just a database that you have to have full trust in. Literally the opposite.