this post was submitted on 21 Nov 2023
162 points (91.3% liked)

Technology

55744 readers
2739 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
162
New Leica camera stops deepfakes at the shutter (spectrum.ieee.org)
submitted 7 months ago by floofloof@lemmy.ca to c/technology@lemmy.world
85 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] BitSound@lemmy.world 10 points 7 months ago* (last edited 7 months ago) (3 children)

That doesn't really work. If the private key is leaked, you're left in a quandary of "Well who knew the private key at this timestamp?" and it becomes a guessing game.

Especially in the scenario you posit. Nation-state actors with deep pockets in the middle of a war will find ways to bend hardware to their will. Blindly trusting a record just because it's timestamped is foolish.

[–] 4am@lemm.ee 8 points 7 months ago (1 children)

You’re right, it isn’t perfect so we shouldn’t bother trying. 🙄

[–] BitSound@lemmy.world 3 points 7 months ago (1 children)

In this case yes, because if it's not perfect, then it's perfectly useless

[–] tsonfeir@lemm.ee 2 points 7 months ago (1 children)

Couldn’t I just change the camera date?

[–] lolcatnip@reddthat.com 3 points 7 months ago

We're talking about a signature that's published in a public database. The camera's timestamp doesn't matter, just the database's.

[–] FaceDeer@kbin.social 4 points 7 months ago (1 children)

If all that you're interested in is the timestamp then you don't even really need to have a signature at all - just the hash of the image is sufficient to prove when it was taken. The signature is only important if you care about trying to establish who took the picture, which in the case of this hospital explosion is not as important.

[–] lolcatnip@reddthat.com 1 points 7 months ago (1 children)

How is a hash of the image supposed to prove anything about when it was created?

[–] FaceDeer@kbin.social 3 points 7 months ago (2 children)

You post it publicly somewhere that has a timestamp. A blockchain would be best because it can't be tampered with.

[–] lemming741@lemmy.world 1 points 7 months ago (1 children)

That proves it existed at a specific time in the past, not that it didn't exist before that. What's stopping a hash of the Mona Lisa on a block chain with today's date?

[–] FaceDeer@kbin.social 2 points 7 months ago (1 children)

It also doesn't materialize ponies out of nothing. It can't do everything, but surely you can see that there are a lot of situations where being able to say with confidence that "this picture existed in exactly this form at exactly this date" is a super useful thing?

[–] lemming741@lemmy.world 1 points 7 months ago (1 children)

It doesn't prove when it was created, only that it existed. Previous poster /u/lolcatnip is talking about creation date

[–] FaceDeer@kbin.social 2 points 7 months ago

And that's all I'm saying that it does.

As I said, it's not perfection for every possible application. But it is still highly useful in many applications.

[–] lolcatnip@reddthat.com 1 points 7 months ago

Ah, I thought you were saying the hash proved something on its own. Lots of weird ideas about crypto in this thread.

[–] floofloof@lemmy.ca 2 points 7 months ago (1 children)

Maybe each camera has a different public/private key?

[–] BitSound@lemmy.world 1 points 7 months ago* (last edited 7 months ago) (1 children)

They would, but each camera's private key can be extracted from the hardware if you're motivated enough.

If Alice's fancy new camera has the private key extracted by Eve without Alice's knowledge, Eve can send Bob pictures that Bob would then believe are from Alice. If Bob finds out that Alice's key was compromised, then he has to guess as to whether any photo he got from Alice was actually from Eve. Having a public timestamp for the picture doesn't help Bob know anything, since Eve might've gone and created the timestamp herself without Alice's knowledge.

[–] floofloof@lemmy.ca 2 points 7 months ago* (last edited 7 months ago) (1 children)

Still, unique keys for each camera would lessen the risk of someone leaking a single code that undermines the whole system, as happened with DVDs.

And if an interested party wanted to steal a camera's private key to fake an image's provenance they'd need to get physical access to that very camera. Perhaps a state-sponsored group could contrive this (or intervene during manufacturing), but it is a challenge and an even bigger challenge for everyone else.

[–] BitSound@lemmy.world 2 points 7 months ago

Physical access means all bets are off, but it's not required for these attacks. If it's got a way to communicate with the outside world, it can get hacked remotely. For example here's an attack that silently took over iphones without the user doing anything. That was used for real to spy on many people, and Apple is pretty good at security. Most devices you own such as cameras with wifi will likely be far worse security-wise.