Comment by scoofy
21 hours ago
I think that "impossible to detect" is not something realistic if camera manufacturers are willing to start adding encryption signatures to their cameras outputs and are willing to vouch for them.
I realize this would still allow fakes to be presented by governments in all likelihood, but not everyone.
Who posts raw output from cameras anywhere? This doesn't seem useful outside some niche use-cases (like security camera footage). At a minimum just about every recording is going to be re-compressed for streaming.
Synthid and the like survive compression and decent quality rerecording.
Synthid is a watermark which indicates the video is AI-generated, not a digital signature indicating it's real. Completely different use case and threat model.
I'm not aware of any secure digital signature schemes that don't require the thing they signed to be bit-for-bit identical to pass verification. There are perceptual hashing algorithms that could theoretically be used to build such a scheme, but such hashes are not second preimage resistant, so someone could create a modified video that still passes signature verification.
I bet the cameras' companies will start automatically uploading the real footage to their servers for attestation, and allow the camera owners to get those links, so people will just add that link on YouTube or whatever and say "See, its real, Sony vouches for it", heck maybe they will make their buyers to sign up with YouTube and do it for them.
Perhaps that could work in certain situations, but you don't even necessarily need digital signatures for that. A link to a reputable news site claiming they've verified the footage as real would be good enough in like 95% of cases, people just don't bother to check.
You'd also need close to 100% adoption for this to be effective, otherwise people will just assume the fakes were recorded with one of the cameras that doesn't have that feature, or that they didn't bother to upload the raw footage anywhere.
How on top of security do you think all the camera manufacturers are going to be? That is, how long until people can sign videos that were not, in fact, shot with their camera?
2 replies →
Only if you're paying them
1 reply →
They can attest pictures of my hairy pendulous ballsack.
1 reply →
I don't think it needs do be raw output. I'm pretty sure that signatures can exist within image and sound outputs that are reproducible when changing to other formats.
Yeah I’m not sure this makes sense when images are getting their third ifunny watermark.
Leica started doing this a few years ago in response to the first wave of AI images[0]. Other, bigger manufacturers (Nikon, Canon, Sony as well I believe) have also joined, though with less fanfare. Adobe is in the loop.
As someone with a passing interest in infosec and cryptography, I'm sceptical of the long-term viability of this kind of product; it only takes one person successfully extracting a signing key to undermine the entire project.
Yes, you're correct about private keys getting exposed, but it's better than nothing. I suspect though, even after key exposure there may be a way to make new private keys so that compromised keys have a known point when they are compromised, which makes public how much skepticism we should all have about authenticity.
I just think there is a world of difference between "certainty" and "plausibility" when it comes to videos on the internet. Yes, state actors might circumvent it, and skepticism should remain, but there is a world of difference between North Korea trying to convince me of some political scandal, and Pepsi Co trying to convince me that someone I trust loves Pepsi.
Cameras have a very long lifespan. People will still be using those cameras 20 years after the keys for their model get leaked.
2 replies →
You still ultimately have the analogue hole here - pull the camera apart, splice your own hardware somewhere between the sensor and the thing that adds the signatures (or in front of the sensor).
Or just straight up point the camera at a computer monitor, without even trying to hide it. Most of the security camera footage online is already uploaded this way.
I intentionally didn't say that because I feel like people might dismiss that with "oh but you can tell the difference with sufficient analysis etc" whereas literally sending data directly through the same path as the real sensor would be potentially less detectable (or more, if the sensor itself has some kind of noticeable fingerprint)
Pointing the camera at a screen could potentially evade that.
Right, but my point is that a video of a screen should be less believable than the source video insofar as verifying legitimacy.
I feel it wouldn't be too difficult to get a social-media video to look convincing enough even with just a regular camera and monitor, at least after compression (if end users aren't served raw footage directly, and instead trust the attestation of the site).
7 replies →
What if you can't tell it's a video of a screen?
wouldn't that just encourage monopolistic behavior and lockdown of these devices?
they're already locked down as-is.
Why do we keep on seeing that elementary misconception? Cryptographic verification != reality of the underlying data fed to it! Plus vouching for hardware that is in consumer hands? There is the gaping analog hole of 'recording' arbitrary data streams. All that system would do is make it easier to deanonmyize speech.