this post was submitted on 15 Jul 2024
65 points (93.3% liked)
Technology
59287 readers
4174 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
But then what? So you have a camera signing its files and we pretend that extraction of the secret key is impossible (which it probably isn't). You load the file into your editing program because usually, the source files are processed further. You create a derivative of the signed file and there's no connection to the old signature anymore, so this would only make sense if you provide the original file for verification purposes, which most people won't do.
I guess it's better than nothing but it will require more infrastructure to turn it into something usable, or of this was only used in important situations where manual checking isn't an issue, like a newspaper posting a picture but keeping the original to verify the authenticity.
Also at least last time I heard about these cameras, only specific proprietary editors (like Adobe) were compatible, which introduces all sorts of other problems.
Yes, that's exactly what I'm imagining. You're keeping receipts for after-the-fact proof, in case it needs to be audited. If you have a newsworthy photograph, or evidence that needs to be presented to the court system, this could provide an important method of proving an untampered original.
Maybe a central trusted authority can verify the signatures and generate a thumbnail for verification (take the signed photo and put it through an established, open source, destructive algorithm to punch out a 200x300 lossy compressed jpeg that at least confirms that the approximate photo was taken at that time and place, but without sufficient resolution/bit depth to compete with the original author on postprocessing.