this post was submitted on 11 Feb 2024
593 points (97.9% liked)

Technology

72865 readers
1782 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 2 years ago
MODERATORS
 

The White House wants to 'cryptographically verify' videos of Joe Biden so viewers don't mistake them for AI deepfakes::Biden's AI advisor Ben Buchanan said a method of clearly verifying White House releases is "in the works."

top 50 comments
sorted by: hot top controversial new old
[–] CyberSeeker@discuss.tchncs.de 161 points 1 year ago (3 children)

Digital signature as a means of non repudiation is exactly the way this should be done. Any official docs or releases should be signed and easily verifiable by any public official.

[–] otter@lemmy.ca 15 points 1 year ago (12 children)

Would someone have a high level overview or ELI5 of what this would look like, especially for the average user. Would we need special apps to verify it? How would it work for stuff posted to social media

linking an article is also ok :)

[–] AbouBenAdhem@lemmy.world 24 points 1 year ago* (last edited 1 year ago) (2 children)

Depending on the implementation, there are two cryptographic functions that might be used (perhaps in conjunction):

  • Cryptographic hash: An arbitrary amount of data (like a video file) is used to create a “hash”—a shorter, (effectively) unique text string. Anyone can run the file through the same function to see if it produces the same hash; if even a single bit of the file is changed, the hash will be completely different and you’ll know the data was altered.

  • Public key cryptography: A pair of keys are created, one of which can only encrypt data (but can’t decrypt its own output), and the other, “public” key can only decrypt data that was encrypted by the first key. Users (like the White House) can post their public key on their website; then if a subsequent message purporting to come from that user can be decrypted using their public key, it proves it came from them.

[–] Serinus@lemmy.world 9 points 1 year ago (4 children)

a shorter, (effectively) unique text string

A note on this. There are other videos that will hash to the same value as a legitimate video. Finding one that is coherent is extraordinarily difficult. Maybe a state actor could do it?

But for practical purposes, it'll do the job. Hell, if a doctored video with the same hash comes out, the White House could just say no, we punished this one, and that alone would be remarkable.

[–] AbouBenAdhem@lemmy.world 8 points 1 year ago* (last edited 1 year ago) (1 children)

Finding one that is coherent is extraordinarily difficult.

You’d need to find one that was not just coherent, but that looked convincing and differed in a way that was useful to you—and that likely wouldn’t be guaranteed, even theoretically.

load more comments (1 replies)
load more comments (3 replies)
load more comments (1 replies)
[–] AtHeartEngineer@lemmy.world 12 points 1 year ago (9 children)

The best way this could be handled is a green check mark near the video that you could click on it and it would give you all the meta data of the video (location, time, source, etc) with a digital signature (what would look like a random string of text) that you could click on and your browser would show you the chain of trust, where the signature came from, that it's valid, probably the manufacturer of the equipment it was recorded on, etc.

[–] ulterno@lemmy.kde.social 7 points 1 year ago (1 children)

Just make sure the check mark is outside the video.

load more comments (1 replies)
load more comments (8 replies)
[–] pupbiru@aussie.zone 6 points 1 year ago* (last edited 1 year ago) (1 children)

it would potentially be associated with a law that states that you must not misrepresent a “verified” UI element like a check mark etc, and whilst they could technically add a verified mark wherever they like, the law would prevent that - at least for US companies

it may work in the same way as hardware certifications - i believe that HDMI has a certification standard that cables and devices must be manufactured to certain specifications to bear the HDMI logo, and the HDMI logo is trademarked so using it without permission is illegal… it doesn’t stop cheap knock offs, but it means if you buy things in stores in most US-aligned countries that bear the HDMI mark, they’re going to work

[–] LodeMike@lemmy.today 8 points 1 year ago* (last edited 1 year ago) (2 children)

There’s already some kind of legal structure for what you’re talking about: trademark. It’s called “I’m Joe Biden and I approve this message.”

If you’re talking about HDCP you can break that with an HDMI splitter so IDK.

load more comments (2 replies)
load more comments (9 replies)
[–] pupbiru@aussie.zone 7 points 1 year ago (12 children)

i wouldn’t say signature exactly, because that ensures that a video hasn’t been altered in any way: no re-encoded, resized, cropped, trimmed, etc… platforms almost always do some of these things to videos, even if it’s not noticeable to the end-user

there are perceptual hashes, but i’m not sure if they work in a way that covers all those things or if they’re secure hashes. i would assume not

perhaps platforms would read the metadata in a video for a signature and have to serve the video entirely unaltered if it’s there?

[–] thantik@lemmy.world 10 points 1 year ago* (last edited 1 year ago) (1 children)

You don't need to bother with cryptographically verifying downstream videos, only the source video needs to be able to be cryptographically verified. That way you have an unedited, untampered cut that can be verified to be factually accurate to the broadcast.

The White House could serve the video themselves if they so wanted to. Just use something similar to PGP for signature validation and voila. Studios can still do all the editing, cutting, etc - it shouldn't be up to the end user to do the footwork on this, just for the studios to provide a kind of 'chain of custody' - they can point to the original verification video for anyone to compare to; in order to make sure alterations are things such as simple cuts, and not anything more than that.

load more comments (1 replies)
load more comments (11 replies)
[–] ryannathans@aussie.zone 72 points 1 year ago (4 children)

I have said for years all media that needs to be verifiable needs to be signed. Gpg signing lets gooo

[–] NateNate60@lemmy.world 33 points 1 year ago (2 children)

Very few people understand why a GPG signature is reliable or how to check it. Malicious actors will add a "GPG Signed" watermark to their fake videos and call it a day, and 90% of victims will believe it.

[–] optissima@lemmy.world 7 points 1 year ago (3 children)

As soon as VLC adds the gpg sig feature, it's over.

[–] NateNate60@lemmy.world 11 points 1 year ago

No, it's not. People don't use VLC to watch misinformation videos. They see it on Reddit, Facebook, YouTube, or TikTok.

load more comments (2 replies)
load more comments (1 replies)
load more comments (3 replies)
[–] pineapplelover@lemm.ee 49 points 1 year ago (10 children)

Huh. They actually do something right for once instead of spending years trying to ban A.I tools. I'm pleasantly surprised.

[–] CyberSeeker@discuss.tchncs.de 8 points 1 year ago* (last edited 1 year ago)

Bingo. If, at the limit, the purpose of a generative AI is to be indistinguishable from human content, then watermarking and AI detection algorithms are absolutely useless.

The ONLY means to do this is to have creators verify their human-generated (or vetted) content at the time of publication (providing positive proof), as opposed to attempting to retroactively trying to determine if content was generated by a human (proving a negative).

load more comments (9 replies)
[–] FlyingSquid@lemmy.world 44 points 1 year ago (3 children)

I don't blame them for wanting to, but this won't work. Anyone who would be swayed by such a deepfake won't believe the verification if it is offered.

[–] tacosplease@lemmy.world 30 points 1 year ago (22 children)

Agreed and I still think there is value in doing it.

load more comments (22 replies)
[–] ilinamorato@lemmy.world 11 points 1 year ago

I don't think that's what this is for. I think this is for reasonable people, as well as for other governments.

Besides, passwords can be phished or socially engineered, and some people use "abc123." Does that mean we should get rid of password auth?

load more comments (1 replies)
[–] DrCake@lemmy.world 42 points 1 year ago (5 children)

Yeah good luck getting to general public to understand what “cryptographically verified” videos mean

[–] patatahooligan@lemmy.world 19 points 1 year ago (2 children)

The general public doesn't have to understand anything about how it works as long as they get a clear "verified by ..." statement in the UI.

load more comments (2 replies)
[–] FunderPants@lemmy.ca 16 points 1 year ago (4 children)

Democrats will want cryptographically verified videos, Republicans will be happy with a stamp that has trumps face on it.

load more comments (4 replies)
[–] BradleyUffner@lemmy.world 15 points 1 year ago (1 children)

It could work the same way the padlock icon worked for SSL sites in browsers back in the day. The video player checks the signature and displays the trusted icon.

load more comments (1 replies)
load more comments (2 replies)
[–] surewhynotlem@lemmy.world 33 points 1 year ago (4 children)

Fucking finally. We've had this answer to digital fraud for ages.

load more comments (4 replies)
[–] nutsack@lemmy.world 23 points 1 year ago

the technology to do this has existed for decades and it's crazy to me that people aren't doing it all the time yet

[–] cooopsspace 20 points 1 year ago

You mean to tell me that cryptography isn't the enemy and that instead of fighting it in the name of "terrorism and child protection" that we should be protecting children by having strong encryption instead??

[–] circuitfarmer@lemmy.world 20 points 1 year ago (2 children)

I'm sure they do. AI regulation probably would have helped with that. I feel like congress was busy with shit that doesn't affect anything.

[–] ours@lemmy.world 23 points 1 year ago (2 children)

I salute whoever has the challenge of explaining basic cryptography principles to Congress.

[–] Spendrill@lemm.ee 7 points 1 year ago (2 children)

Might just as well show a dog a card trick.

load more comments (2 replies)
load more comments (1 replies)
[–] lemmyingly@lemm.ee 12 points 1 year ago

I see no difference between creating a fake video/image with AI and Adobe's packages. So to me this isn't an AI problem, it's a problem that should have been resolved a couple of decades ago.

[–] Thirdborne@lemmy.world 17 points 1 year ago

When it comes to misinformation I always remember when I was a kid I'm the early 90s, another kid told me confidently that the USSR had landed on Mars, gathered rocks, filmed it and returned to earth(it now occurs to me that this homeschooled kid was confusing the real moon landing.) I remember knowing it was bullshit but not having a way to check the facts. The Internet solved that problem. Now, by God , the Internet has recreated the same problem.

[–] VampyreOfNazareth@lemm.ee 15 points 1 year ago (1 children)

Government also puts backdoor in said math, gets hacked, official fakes released

[–] Squizzy@lemmy.world 7 points 1 year ago

Or more likely they will only discredit fake news and not verify actual footage that is a poor reflection. Like a hot mic calling someone a jackass, white House says no comment.

[–] recapitated@lemmy.world 12 points 1 year ago (2 children)

I've always thought that bank statements should require cryptographic signatures for ledger balances. Same with individual financial transactions, especially customer payments.

Without this we're pretty much at the mercy of trust with banks and payment card providers.

I imagine there's a lot of integrity requirements for financial transactions on the back end, but the consumer has no positive proof except easily forged statements.

load more comments (2 replies)
[–] Snapz@lemmy.world 12 points 1 year ago* (last edited 1 year ago)

We need something akin to the simplicity and ubiquity of Google that does this, government funded and with transparent oversight. We're past the point of your aunt needing a way to quickly check if something is obvious bullshit.

Call it something like Exx-Ray, the two Xs mean double check - "That sounds very unlikely that they said that Aunt Pat... You need to Exx-Ray shit like that before you talk about it at Thanksgiving"

Or same thing, but with the word Check, CHEXX - "No that sounds like bullshit, I'm gonna CHEXX it... Yup that's bullshit, Randy."

[–] HawlSera@lemm.ee 11 points 1 year ago

This is sadly necessary

[–] Zehzin@lemmy.world 9 points 1 year ago* (last edited 1 year ago) (2 children)

Official Joe Biden NFTs comfirmed

load more comments (2 replies)
[–] AA5B@lemmy.world 9 points 1 year ago

So should Taylor Swift

[–] drathvedro@lemm.ee 8 points 1 year ago (2 children)

I've been saying for a long time now that camera manufacturers should just put encryption circuits right inside the sensors. Of course that wouldn't protect against pointing the camera at a screen showing a deepfake or someone painstakingly dissolving top layers and tracing out the private key manually, but that'd be enough of the deterrent from forgery. And also media production companies should actually put out all their stuff digitally signed. Like, come on, it's 2024 and we still don't have a way to find out if something was filmed or rendered, cut or edited, original or freebooted.

[–] hyperhopper@lemmy.world 7 points 1 year ago (10 children)

If you've been saying this for a long time please stop. This will solve nothing. It will be trivial to bypass for malicious actors and just hampers normal consumers.

load more comments (10 replies)
[–] recapitated@lemmy.world 6 points 1 year ago

It's a good idea. And I hope to see more of this in other types of communications.

load more comments
view more: next ›