Comment by big_toast
8 hours ago
What information is included in the metadata or SynthID? How many bits can be encoded in a SynthID?
Can it be used to create something like nutritional labels for synthetic content? 10% synthetic text, 30 synthetic images.
Your reality was 15% synthetic today (75% mega corp, 25% open-weight neocloud).
I guess the SynthID-Image paper from Oct 2025[0] was an encoder-decoder for which they tested checking a flag or a 136 bit payload in 512x512 images and the watermark's robustness after various transformations.
Presumably the deployed version is meaningfully different.
[0]:https://arxiv.org/html/2510.09263v1
This is very similar to audiowmark
https://github.com/swesterfeld/audiowmark
You can stuff per-item database unique IDs, user IDs, geohashes, and other nefarious things inside.
We need to protest this LOUDLY.
Our devices are being locked down, we're having attestation and trusted computing forced on us, the internet all over the world is undergoing age verification with full ID verification.
Just because this is on "ai images" today doesn't mean it won't be on all images - screenshots, your camera reel, etc. - in the fullness of time.
This is scary.
These are the tools of 1984. They've been boiling the water slowly, but in the last year things have really started to pick up pace. Please push back. Loudly.
Everyone at Google and OpenAI working on this: WHAT THE FUCK ARE YOU DOING. STOP.
We have laws and mechanisms to prevent revenge porn, CSAM, defamation, etc. They are robust and can be made even stronger. We do not need to sacrifice the security of our privacy and our speech to fight imagined harms when the real danger is turning into an authoritarian society.
The point of SynthID is to make generated images identifiable, in an attempt to prevent 1984-esque situations where you can't believe your eyes and ears. Applying it to screenshots and camera output defeats its only purpose.
If the powers-that-be want to enforce age verification, watermarking camera output is not the correct technology to do so. It would be something like HDCP, where camera manufacturers are given keys and a whole trusted media path is built so that the relying party can cryptographically enforce that a trusted camera is being used to capture live images.
2 replies →
I'm going to save my protests for anyone trying to watermark real images.
Zero watermarks is a lot worse than semi-effective AI watermarks.
3 replies →
Most cameras already produce metadata. You can remove this metadata. Can you not also detect and remove watermarks?
2 replies →
Or perhaps a user id or fingerprint to an individual. We added that to printers long ago, this would easily enable that for every photo and image you generate too.
Don’t think that would be possible. If I paste a synthetic piece into an otherwise organic image, the synth id isn’t going to know that.
Synth ID can detect parts of images with the watermark.