Welcome to Incremental Social! Learn more about this project here!
Check out lemmyverse to find more communities to join from here!

The White House wants to 'cryptographically verify' videos of Joe Biden so viewers don't mistake them for AI deepfakes

The White House wants to 'cryptographically verify' videos of Joe Biden so viewers don't mistake them for AI deepfakes::Biden's AI advisor Ben Buchanan said a method of clearly verifying White House releases is "in the works."

helenslunch ,
@helenslunch@feddit.nl avatar

I mean they could just create a highly-secure official Fediverse server/account?

stockRot ,

What problem would that solve?

helenslunch ,
@helenslunch@feddit.nl avatar

An official channel to post and review deepfakes for accuracy.

otl ,
@otl@hachyderm.io avatar

A link to the video could be shared via ActivityPub.
The video would be loaded over HTTPS; we can verify that the video is from the white house, and that it hasn't been modified in-transit.

A big issue is that places don't want to share a link to an independently verifiable video, they want you to load a copy of it from their website/app. This way we build trust with the brand (e.g. New York Times), and spend more time looking at ads or subscribe.
@stockRot @technology

stockRot ,

A big issue is that places don't want to share a link to an independently verifiable video, they want you to load a copy of it from their website/app.

Exactly. This "solution" doesn't take into account how people actually use the Internet. Unless we expect billions of people to change their behavior, this is just a pointless comment.

otl ,
@otl@hachyderm.io avatar

Might be closer than you think. The White House is just using Instagram right now: https://www.whitehouse.gov
(See section “featured media”)

@stockRot @technology

hyperhopper ,

Just because you're writing this on the fediverse doesn't mean it's the answer to everything. It's certainly not the answer to this.

helenslunch ,
@helenslunch@feddit.nl avatar

Sick Strawman bro

drathvedro ,

I've been saying for a long time now that camera manufacturers should just put encryption circuits right inside the sensors. Of course that wouldn't protect against pointing the camera at a screen showing a deepfake or someone painstakingly dissolving top layers and tracing out the private key manually, but that'd be enough of the deterrent from forgery. And also media production companies should actually put out all their stuff digitally signed. Like, come on, it's 2024 and we still don't have a way to find out if something was filmed or rendered, cut or edited, original or freebooted.

GeneralVincent ,

They're doing something like that I think

https://www.techradar.com/cameras/photography/sony-canon-and-nikon-set-to-combat-deepfakes-with-digital-signature-tech-in-future-cameras

drathvedro ,

Oh, they've actually been developing that! Thanks for the link, I was totally unaware of C2PA thing. Looks like the ball has been very slowly rolling ever since 2019, but now that the Google is on board (they joined just a couple days ago), it might fairly soon be visible/usable by ordinary users.

Mark my words, though, I'll bet $100 that everyone's going to screw it up miserably on their first couple of generations. Camera manufacturers are going to cheap out on electronics, allowing for data substitution somewhere in the pipeline. Every piece of editing software is going to be cracked at least a few times, allowing for fake edits. And production companies will most definitely leak their signing keys. Maybe even Intel/AMD could screw up again big time. But, maybe in a decade or two, given the pace, we'll get a stable and secure enough solution to become the default, like SSL currently is.

petrol_sniff_king ,

You might find this interesting.
https://www.hackerfactor.com/blog/index.php?/archives/1010-C2PAs-Butterfly-Effect.html

drathvedro ,

Oh, so Adobe already screwed it up miserably. Thanks, had a good laugh at it

Natanael , (edited )

Oof.

They need to implement content addressing for "sidecar" signature files (add a hash) both to prevent malleability and to allow independent caches to serve up the metadata for images of interest.

Also, the whole certificate chain and root of trust issues are still there and completely unaddressed. They really should add various recommendations for default use like not trusting anything by default, only showing a signature exists but treating it unvalidated until the keypair owner has been verified. Accepting a signature just because a CA is involved is terrible, and that being a terrible idea is exactly the whole reason who web browsers dropped support for displaying extended validation certificate metadata (because that extra validation by CAs was still not enough).

And signature verification should be mandatory for every piece, dropping old signatures should not be allowed and metadata which isn't correctly signed shouldn't be displayed. There's even schemes for compressing multiple signatures into one smaller signature blob so you can do this while saving space!

And one last detail, they really should use timestamping via "transparency logs" when publishing photos like this to support the provenance claims. When trusted sources uses timestamping line this before publication then it helps verifying "earliest seen" claims.

hyperhopper ,

If you've been saying this for a long time please stop. This will solve nothing. It will be trivial to bypass for malicious actors and just hampers normal consumers.

drathvedro ,

You must be severely misunderstanding the idea. The idea is not to encrypt it in a way that it's only unlockable by a secret and hidden key, like DRM or cable TV does, but to do the the reverse - to encrypt it with a key that is unlockable by publicly available and widely shared key, where successful decryption acts as a proof of content authenticity. If you don't care about authenticity, nothing is stopping you from spreading the decrypted version, so It shouldn't affect consumers one bit. And I wouldn't describe "Get a bunch of cameras, rip the sensors out, carefully and repeatedly strip the top layers off and scan using electron microscope until you get to the encryption circuit, repeat enough times to collect enough scans undamaged by the stripping process to then manually piece them together and trace out the entire circuit, then spend a few weeks debugging it in a simulator to work out the encryption key" as "trivial"

hyperhopper ,

I think you are misunderstanding things or don't know shit about cryptography. Why the fuck are y even talking about publicly unlockable encryption, this is a use case for verification like a MAC signature, not any kind of encryption.

And no, your process is wild. The actual answer is just replace the sensor input to the same encryption circuits. That is trivial if you own and have control over your own device. For your scheme to work, personal ownership rights would have to be severely hampered.

drathvedro ,

I think you are misunderstanding things or don’t know shit about cryptography. Why the fuck are y even talking about publicly unlockable encryption, this is a use case for verification like a MAC signature, not any kind of encryption.

Calm down. I was just dumbing down public key cryptography for you

The actual answer is just replace the sensor input to the same encryption circuits

This will not work. The encryption circuit has to be right inside the CCD, otherwise it will be bypassed just like TPM before 2.0 - by tampering with unencrypted connection in between the sensor and the encryption chip.

For your scheme to work, personal ownership rights would have to be severely hampered.

You still don't understand. It does not hamper with ownership rights or right to repair and you are free to not even use that at all. All this achieves is basically camera manufacturers signing every frame with "Yep, this was filmed with one of our cameras". You are free to view and even edit the footage as long as you don't care about this signature. It might not be useful for, say, a movie, but when looking for original, uncut and unedited footage, like, for example, a news report, this'll be a godsend.

Natanael ,

Analog hole, just set up the camera in front of a sufficiently high resolution screen.

You have to trust the person who owns the camera.

drathvedro ,

Yes, I've mentioned that in the initial comment, and, I gotta confess, I don't know shit about photography, but to me it sounds like a very non-trivial task to make such shot appear legitimate.

hyperhopper ,

It's not. Wait till you find out how they made movies before CGI!

Natanael ,

A MAC is symmetric and can thus only be verified by you or somebody who you trust to not misuse or leak the key. Regular digital signatures is what's needed here

You can still use such a signing circuit but treat it as an attestation by the camera's owner, not as independent proof of authenticity.

hyperhopper ,

A MAC is symmetric and can thus only be verified by you or somebody who you trust to not misuse or leak the key.

You sign them against a known public key, so anybody can verify them.

Regular digital signatures is what's needed here You can still use such a signing circuit but treat it as an attestation by the camera's owner, not as independent proof of authenticity.

If it's just the cameras owner attesting, then just have them sign it. No need for expensive complicated circuits and regulations forcing these into existence.

Natanael ,

You can't use a MAC for public key signatures. That's ECC, RSA, and similar.

Drewelite ,

Thank you, lol. This is what people end up with when they think of the first solution that comes to mind. Often just something that makes life harder for everyone EXCEPT bad actors. This just creates hoops for people following the rules to jump though while giving the impression the problem was solved, when it's not.

npaladin2000 ,
@npaladin2000@lemmy.world avatar

If the White House actually makes the deep fakes, do they count as "fakes?"

FrostKing ,

Can someone try to explain, relatively simply, what cryptographic verification actually entails? I've never really looked into it.

0xD ,

I'll be talking about digital signatures which is the basis for such things. I assume basic understanding of asymmetric cryptography and hashing.

Basically, you hash the content you want to verify with a secure hashing function and encrypt the value with your private key. You can now append this encrypted value to the content or just release it alongside it.

To now verify this content they can use your public key to decrypt your signature and get the original hash value, and compare it to their own. To get that, they just need to hash the content themselves with the same function.

So by signing their videos with the white house private key and publishing their public key somewhere, you can verify the video's authenticity like that.

For a proper understanding check out DSA :)

Natanael ,

Only RSA uses a function equivalent to encryption when producing signatures, and only when used in one specific scheme. Every other algorithm has a unique signing function.

abhibeckert , (edited )

Click the padlock in your browser, and you'll be able to see that this webpage (if you're using lemmy.world) was encrypted by a server that has been verified by Google Trust Services to be a server which is controlled by lemmy.world. In addition, your browser will remember that... and if you get a page from the same server that has been verified by another cloud provider, the browser (should) flag that and warn you it might be

The idea is you'll be able to view metadata on an image and see that it comes from a source that has been verified by a third party such as Google Trust Services.

How it works, mathematically... well, look up "asymmetric cryptography and hashing". It gets pretty complicated and there are a few different mathematical approaches. Basically though, the white house will have a key, that they will not share with anyone, and only that key can be used to authorise the metadata. Even Google Trust Services (or whatever cloud provider you use) does not have the key.

There's been a lot of effort to detect fake images, but that's really never going to work reliably. Proving an image is valid, however... that can be done with pretty good reliability. An attack would be at home on Mission Impossible. Maybe you'd break into a Whitehouse photographer's home at night, put their finger on the fingerprint scanner of their laptop without waking them, then use their laptop to create the fake photo... delete all traces of evidence and GTFO. Oh and everyone would know which photographer supposedly took the photo, ask them how they took that photo of Biden acting out of character, and the real photographer will immediately say they didn't take the photo.

FrostKing ,

Thanks a lot, that helped me understand. Seems like a good idea

VampyreOfNazareth ,

Government also puts backdoor in said math, gets hacked, official fakes released

Squizzy ,

Or more likely they will only discredit fake news and not verify actual footage that is a poor reflection. Like a hot mic calling someone a jackass, white House says no comment.

HawlSera ,

This is sadly necessary

Eezyville ,
@Eezyville@sh.itjust.works avatar

Maybe the White House should create a hash of the video and add it to a public blockchain. Anyone can then verify if the video is authentic.

hyperhopper ,
  1. Anybody can also verify it if they just host the hash on their own website, or host the video itself.
  2. Getting the general populace to understand block chain implementations or how to interface with it is an unrealistic task
  3. What does a distributed zero trust model add to something that is inherently centralized requiring trust in only 1 party

Blockchain is the opposite of what you want for this problem, I'm not sure why people bring this up now. People need to take an introductory cryptography course before saying to use blockchain everywhere.

makeasnek ,
@makeasnek@lemmy.ml avatar

Putting it on the blockchain ensures you can always go back and say "see, at this date/time, this key verified this file/hash".. If you know the key of the uploader (the white house), you can verify it was signed by that key. Guatemala used a similar scheme to verify votes in elections using Bitcoin. Could the precinct lie and put in the wrong vote count? Of course! But what it prevented was somebody saying "well actually the precinct reported a different number" since anybody could verify that on chain they didn't. It also prevented the precinct themselves from changing the number in the future if they were put under some kind of pressure.

hyperhopper ,

All of this could be done without blockchain. Once they sign a signature with their private key they can't unsign it later. Once you attest something you cannot un-attest it.

Just make the public key known and sign things. Please stop shoehorning blockchain where it doesn't belong, especially when you aren't even giving any examples of things that blockchain is doing for you with 100000x the cost and complexity, that normal crypto from the 80s/90s cant do better.

Natanael ,

Trusted timestamping protocols and transparency logs exists and does that more efficiently

M500 ,

Wouldn't this be defeated by people re-uploading the video? I think all these sites will re-encode the videos uploaded so the hash will not match, then people will use that as proof that the video is not real.

recapitated ,

There are many unnecessary steps in that.

recapitated ,

Guys, it doesn't need to be on a block chain. Asymmetric key cryptography is enought to verify authenticity.

dgmib ,

Don’t need to involve a blockchain to make cryptographically provable authenticity. Just a digital signature.

The only thing a hash in a blockchain would add is proof the video existed at the time the hash was added to the blockchain. I can think of cases where that would be beneficial too, but it wouldn’t make sense to put a hash of every video on a public blockchain.

Natanael ,

Transparency logs like that are helpful to show when media was first seen / published

recapitated ,

It's a good idea. And I hope to see more of this in other types of communications.

Snapz ,

We need something akin to the simplicity and ubiquity of Google that does this, government funded and with transparent oversight. We're past the point of your aunt needing a way to quickly check if something is obvious bullshit.

Call it something like Exx-Ray, the two Xs mean double check - "That sounds very unlikely that they said that Aunt Pat... You need to Exx-Ray shit like that before you talk about it at Thanksgiving"

Or same thing, but with the word Check, CHEXX - "No that sounds like bullshit, I'm gonna CHEXX it... Yup that's bullshit, Randy."

csm10495 ,
@csm10495@sh.itjust.works avatar

Man some Chex mix sounds good right now. They have this one that has chocolate pieces now.

cooopsspace ,

You mean to tell me that cryptography isn't the enemy and that instead of fighting it in the name of "terrorism and child protection" that we should be protecting children by having strong encryption instead??

Thirdborne ,

When it comes to misinformation I always remember when I was a kid I'm the early 90s, another kid told me confidently that the USSR had landed on Mars, gathered rocks, filmed it and returned to earth(it now occurs to me that this homeschooled kid was confusing the real moon landing.) I remember knowing it was bullshit but not having a way to check the facts. The Internet solved that problem. Now, by God , the Internet has recreated the same problem.

FlyingSquid ,
@FlyingSquid@lemmy.world avatar

I don't blame them for wanting to, but this won't work. Anyone who would be swayed by such a deepfake won't believe the verification if it is offered.

tacosplease ,

Agreed and I still think there is value in doing it.

FlyingSquid ,
@FlyingSquid@lemmy.world avatar

I honestly do not see the value here. Barring maybe a small minority, anyone who would believe a deepfake about Biden would probably also not believe the verification and anyone who wouldn't would probably believe the administration when they said it was fake.

The value of the technology in general? Sure. I can see it having practical applications. Just not in this case.

Natanael ,

It helps journalists, etc, when files have digital signatures verifying who is attesting to it. If the WH has their own published public key for signing published media and more then it's easy to verify if you have originals or not.

FlyingSquid ,
@FlyingSquid@lemmy.world avatar

I don't even think that matters when Trump's people are watching media that won't verify it anyway.

EatATaco ,

The world is not black and white. There are not just trump supporters and Biden supporters. I know it's hard to grasp but there are tons of people in the the toss up category.

You're right that this probably won't penetrate the deeply perverted world of trump cultists, but the wh doesn't expect to win the brainwashed over. They are going for those people who could go one way or another.

FlyingSquid ,
@FlyingSquid@lemmy.world avatar

I find it hard to believe that there are too many people who truly can't decide between Trump and Biden at this point. The media really wants a horse race here, but if your mind isn't made up by this point, I think you're unlikely to vote in the first place.

I'll be happy to be proven wrong and have this sway people who might vote for Trump to vote for Biden though.

EatATaco ,

So, the race is basically already decided but there is a conspiracy among the media and polling companies to make it look like the race is actually close and that there are undecides. Of course, the only way to prove this wrong would be with polls, but we've conveniently already just rejected that evidence. Very convenient.

FlyingSquid ,
@FlyingSquid@lemmy.world avatar

Ah yes, our oh-so-accurate polls.

https://news.vanderbilt.edu/2021/07/19/pre-election-polls-in-2020-had-the-largest-errors-in-40-years/

EatATaco ,

A couple of things.

First, your link is outdated: https://fivethirtyeight.com/features/2022-election-polling-accuracy/

Yes, 2020 was a bad year, but last year was actually a very good year. Basically what you are saying is that "4 years ago polls were bad, so that allows me to just believe whatever I want."

Second, if you believe you have no metric by which to measure something, the correct thought is "I'm not sure what the answer is" not "what I think is true must be true."

Plus, don't believe it was missed that you just outright ignored the whole part of your post that this is some conspiracy, of course thrown out there with zero evidence.

FlyingSquid ,
@FlyingSquid@lemmy.world avatar

Basically what you are saying is that “4 years ago polls were bad, so that allows me to just believe whatever I want.”

How on Earth am I saying that?

Second, if you believe you have no metric by which to measure something, the correct thought is “I’m not sure what the answer is” not “what I think is true must be true.”

Have you met the average Fox viewer?

Plus, don’t believe it was missed that you just outright ignored the whole part of your post that this is some conspiracy, of course thrown out there with zero evidence.

Conservative media not giving a shit about the truth isn't a conspiracy theory, it's a fact. Hence Fox having to pay a billion dollars to Dominion.

EatATaco ,

How on Earth am I saying that?

Sorry I got it wrong. What exactly are you saying with that point?

Have you met the average Fox viewer?

What does the average Fox viewer have to do with you and your point?

Conservative media not giving a shit about the truth isn’t a conspiracy theory, it’s a fact. Hence Fox having to pay a billion dollars to Dominion.

Wait, now we are just talking about conservative media? I thought we were talking about the media wanting you to think there was actually a race?

FlyingSquid ,
@FlyingSquid@lemmy.world avatar

Yes, I was just talking about conservative media. The media as a whole loves a horse race, but they aren't generally willing to lie to get it.

That said, polls right now are all over the place, which does put the media in general in a good place because a contentious election means more viewers.

https://projects.fivethirtyeight.com/polls/president-general/

But that's not a conspiracy, that's just capitalism- an exciting election equals more news viewers equals higher advertising rates. Would, say, CBS news lie about the polls to achieve that? I doubt it. Would Fox? Absolutely.

EatATaco ,

So how does this tie into your original point that it's hard for you to believe that anyone isn't decided? The whole point of bringing up polls in general was to show that this shouldn't be hard to believe at all. The claim that you were always just talking about the conservative media seems like a massive non-sequitur.

FlyingSquid ,
@FlyingSquid@lemmy.world avatar

Yes, when polls are all over the place, it's hard to believe them. I gave you the link to see for yourself.

skulblaka ,
@skulblaka@startrek.website avatar

It is impossible to escape political propaganda in modern America. It's on your internet, it's on your radio, it's on your cable TV, it's on your streaming TV, it's on your super bowl ads, it's on your gas station pumps, it's on your news sources, it's on your social media. "Oh I don't pay attention to politics" is no longer a reasonable excuse because that is impossible, it's shoved down the throat of every citizen nonstop from every angle. The two candidates, in this case Trump and Biden, are such polar opposites of each other in every single possible regard that the only way someone can be undecided between the two is if their multiple personalities are arguing over it.

EatATaco ,

So what are you saying, exactly? That the polls are made up and there is some conspiracy to mislead? What you are saying sounds potentially reasonable, but at the same time the numbers don't support it.

skulblaka ,
@skulblaka@startrek.website avatar

Personally, I've never been polled. Not once. And neither has anyone else I've ever met in my life. I'm not saying they're made up wholesale, because frankly, I have no idea. But I am saying that, at the very least, they're not likely to be an accurate representation of the American citizenry as a whole. If nothing else, the percentage of "undecided" voters raises some eyebrows for me for the reasons I just stated. If you've lived in America the last 8-16 years and are somehow still a fence sitter, you've managed to ignore a veritable deluge of information being sprayed directly into your eyeballs with all the delicacy and care of a fire hose.

I understand the average person is probably pretty dumb, but I have faith in humanity that a significant percentage of us aren't that dumb. Being on the bell curve means you're plenty intelligent enough to understand whether you want to vote for red or for blue and for what reasons. I refuse to believe that there are people in America legitimately weighing if they would rather vote for protected freedoms for American citizens or vote for banning books that speak about protected freedoms for American citizens. The two choices are so wildly opposed to each other in structure and in intent that there isn't a choice to be made, all people will land on one side or the other of this argument and there is no center ground to waffle around.

Twenty years ago, I understood undecided voters, because there still remained some small amount of nuance in the way American politics were carried out. We have now lost that. Our political landscape is now Blue Team vs Anti-Blue Team and the fence that the undecided voters were previously sitting on is now uninhabitable rubble, because there is now no component of our government that can come to a sensible cross-aisle decision. The independent, moderate voter is now a relic of the past in our supercharged, hyper-partisan pre-civil-war violence mockery of a civilized government.

EatATaco ,

I feel like this was a whole lot of words to dodge the actual question. I get that you don't believe that people can be still undecided, and I full understand the sentiment (although, I also recognize that I am a lot more in tune with politics than other people, this isn't calling them stupid, but simply focused on other things).

But the numbers tell a different story. So what are you saying about those numbers? That they're faked?

jj4211 ,

Problem is that broadly speaking, you would only sign the stuff you want to sign.

Imagine you had a president that slapped a toddler, and there was a phone video of it from the parents. The white house isn't about to sign that video, because why would they want to? Should the journalists discard it because it doesn't carry the official White House blessing?

It would limit the ability for someone to deep fake an official edit of a press briefing, but again, what if he says something damning, and the 'official' footage edits it out, would the press discard their own recordings because they can't get it signed, and therefore not credible?

That's the fundamental challenge in this sort of proposal, it only allows people to endorse what they would have wanted to endorse in the first place, and offers no mechanism to prove/disprove third party sources that are the only ones likely to carry negative impressions.

Natanael ,

But then the journalists have to check if the source is trustworthy, as usual. Then they can add their own signature to help other papers check it

jj4211 ,

To that extent, we already have that.

I go to 'https://cnn.com', I have cryptographic verification that cnn attests to the videos served there. I go to youtube, and I have assurances that the uploader is authenticated as the name I see in the description.

If I see a repost of material claimed to be from a reliable source, I can go chase that down if I care (and I often do).

AA5B ,

It’s not a challenge, because this is only valid for photos and videos distributed by the White House, which they already wouldn’t do.

The challenge is that it would have to leave out all the photos and videos taken by journalists and spectators. That’s where the possible baby slapping would come out, and we would still have no idea whether to trust it

throw4w4y5 ,

If a cryptographic claim/validation is provided then anyone refuting the claims can be seen to be a bad faith actor. Voters are one dimension of that problem but mainstream media being able to validate election videos is super important both domestically, but also internationally as the global community needs to see efforts being undertaken to preserve free and fair elections. This is especially true given the consequences if america’s enemies are seen to have been able to steer the election.

Zink ,

Sure, the grandparents that get all their news via Facebook might see a fake Biden video and eat it up like all the other hearsay they internalize.

But, if they’re like my parents and have the local network news on half the damn time, at least the typical mainstream network news won’t be showing the forged videos. Maybe they’ll even report a fact check on it?!?

And yeah, many of them will just take it as evidence that the mainstream media is part of the conspiracy. That’s a given.

OsrsNeedsF2P ,

Deepfakes could get better. And if they do, a lot more people will start to get fooled

ilinamorato ,

I don't think that's what this is for. I think this is for reasonable people, as well as for other governments.

Besides, passwords can be phished or socially engineered, and some people use "abc123." Does that mean we should get rid of password auth?

recapitated ,

I've always thought that bank statements should require cryptographic signatures for ledger balances. Same with individual financial transactions, especially customer payments.

Without this we're pretty much at the mercy of trust with banks and payment card providers.

I imagine there's a lot of integrity requirements for financial transactions on the back end, but the consumer has no positive proof except easily forged statements.

phoenixz ,

Yeah but that would require banks to actually invest money to improve customer trust... Not something banks are very interested in, really. It's easier and cheaper to just have the marketing department come up with some nonsense claim and advertise that instead.

Darkassassin07 ,
@Darkassassin07@lemmy.ca avatar

I'm more interested in how exactly you'd implement something like this.

It's not like videos viewed on tiktok display a hash for the file you're viewing; and users wouldn't look at that data anyway, especially those that would be swayed by a deep fake...

aodhsishaj ,

Likely it would be a service provided by the Whitehouse press corps and media outlets then could rehost the videos with the whitehouse watermark

AA5B ,

Digital signature. A watermark may be useful so that an unauthorized user can’t easily hide their source without noticeably defacing the photo, but it doesn’t prevent anyone from modifying it

A digital signature is a somewhat similar idea except that signature verification fails if there are any changes. This is tough to do with a photograph, where some applications may be blindly re-encoding or modifying the resolution so those may need to be fixed.

You could argue this is a good use case for blockchain, certainly much better than those stupid monkey images. When John Stewart parodies a politician, there should be a verifiable chain of evidence from the White House release to the news bureau to his studio, before they alter the lighting to highlight orange skin tone for yucks.

Knock_Knock_Lemmy_In ,

The question is how does the USER verify the authenticity. They just see a video, not a signature.

AA5B ,

They shouldn’t have to actively verify that, but yeah, I don’t know if there is a relevant file format though

I once worked with signed xml, where the signature field is really no different than any other field, but with binary data. That data used a private key to sign a checksum if the file. For tools that understand the format, you just verify the trust chain against cert authority public keys using your local keystore. It just worked, with no action required of the user and no internet required

  • if you edit the signature, the trust chain will fail validation
  • if you edit other data, the signed checksum would not match and validation would fail
  • if you edit the checksum, the key would no longer match and validation would fail

It’s actually been a lot of years, so I hope I’m remembering it accurately

cley_faye ,

Like you said, the issue is in verification by the end-user. It is trivial to provide a digitally signed (and timestamped) file. It is also trivial to provide trusted tools to verify these files. It is immensely difficult to provide a solution user will care about; which is why more often than not the most people asks companies in the data authenticity business is "can we show a green check on screen? That would be perfect!".

And we end up with something that nobody checks beyond the "it's probably ok" phase. If the goal is to teach the masses about trusting their source, either they have a miracle solution, or it just won't work.
(and all that is assuming people actually care about checking the authenticity of the stuff they see, which is not a norm as it is…)

nutsack ,

the technology to do this has existed for decades and it's crazy to me that people aren't doing it all the time yet

  • All
  • Subscribed
  • Moderated
  • Favorites
  • technology@lemmy.world
  • random
  • incremental_games
  • meta
  • All magazines
    •