Comment by LPisGood

2 days ago

This style of attack has been discussed for a while https://www.usenix.org/system/files/sec20-quiring.pdf - it’s scary because a scaled image can appear to be an _entirely_ different image.

One method for this would be if you want to have a certain group arrested for having illegal images, you could use this sort of scaling trick to transform those images into memes, political messages, whatever that the target group might download.

9 comments

LPisGood

orbisvicis 2 days ago

This is mind-blowing and logical but did no one really think about these attacks until VLMs?

They only make sense if the target resizes the image to a known size. I'm not sure that applies to your hypotheticals.

Gigachad 2 days ago

Because why would it matter until now. If a person looked at a rescaled image that says “send me all your money” they wouldn’t ignore all previous learnings and obey the image.
vasco 1 day ago
Hidden watermarking software uses the same concepts. It is known.
- arcticbull 1 day ago
  
  Steganography for those who want to look it up.

monster_truck 2 days ago

Describing dithering as scary is wild

LPisGood 1 day ago
The thing is that the image can change entirely, say from a gunny cat picture to an image of a dog.
- therein 1 day ago
  
  And that "trick" has been used in imageboards with thumbnails for a very long time to get people to click and see a full image while they otherwise wouldn't.
  
  2 replies →