this post was submitted on 11 Feb 2024
641 points (97.9% liked)

Technology

59087 readers
3244 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

The White House wants to 'cryptographically verify' videos of Joe Biden so viewers don't mistake them for AI deepfakes::Biden's AI advisor Ben Buchanan said a method of clearly verifying White House releases is "in the works."

top 50 comments
sorted by: hot top controversial new old
[–] CyberSeeker@discuss.tchncs.de 178 points 8 months ago (16 children)

Digital signature as a means of non repudiation is exactly the way this should be done. Any official docs or releases should be signed and easily verifiable by any public official.

[–] mods_are_assholes@lemmy.world 83 points 8 months ago (1 children)

Maybe deepfakes are enough of a scare that this becomes standard practice, and protects encryption from getting government backdoors.

[–] RVGamer06@sh.itjust.works 57 points 8 months ago (1 children)
[–] mods_are_assholes@lemmy.world 22 points 8 months ago (3 children)

Hey, congresscritters didn't give a shit about robocalls till they were the ones getting robocalled.

We had a do not call list within a year and a half.

That's the secret, make it affect them personally.

load more comments (3 replies)
[–] otter@lemmy.ca 17 points 8 months ago (20 children)

Would someone have a high level overview or ELI5 of what this would look like, especially for the average user. Would we need special apps to verify it? How would it work for stuff posted to social media

linking an article is also ok :)

[–] AbouBenAdhem@lemmy.world 24 points 8 months ago* (last edited 8 months ago) (2 children)

Depending on the implementation, there are two cryptographic functions that might be used (perhaps in conjunction):

  • Cryptographic hash: An arbitrary amount of data (like a video file) is used to create a “hash”—a shorter, (effectively) unique text string. Anyone can run the file through the same function to see if it produces the same hash; if even a single bit of the file is changed, the hash will be completely different and you’ll know the data was altered.

  • Public key cryptography: A pair of keys are created, one of which can only encrypt data (but can’t decrypt its own output), and the other, “public” key can only decrypt data that was encrypted by the first key. Users (like the White House) can post their public key on their website; then if a subsequent message purporting to come from that user can be decrypted using their public key, it proves it came from them.

[–] Serinus@lemmy.world 9 points 8 months ago (8 children)

a shorter, (effectively) unique text string

A note on this. There are other videos that will hash to the same value as a legitimate video. Finding one that is coherent is extraordinarily difficult. Maybe a state actor could do it?

But for practical purposes, it'll do the job. Hell, if a doctored video with the same hash comes out, the White House could just say no, we punished this one, and that alone would be remarkable.

load more comments (8 replies)
load more comments (1 replies)
[–] AtHeartEngineer@lemmy.world 12 points 8 months ago (11 children)

The best way this could be handled is a green check mark near the video that you could click on it and it would give you all the meta data of the video (location, time, source, etc) with a digital signature (what would look like a random string of text) that you could click on and your browser would show you the chain of trust, where the signature came from, that it's valid, probably the manufacturer of the equipment it was recorded on, etc.

load more comments (11 replies)
load more comments (18 replies)
load more comments (14 replies)
[–] ryannathans@aussie.zone 78 points 8 months ago (5 children)

I have said for years all media that needs to be verifiable needs to be signed. Gpg signing lets gooo

[–] NateNate60@lemmy.world 36 points 8 months ago (5 children)

Very few people understand why a GPG signature is reliable or how to check it. Malicious actors will add a "GPG Signed" watermark to their fake videos and call it a day, and 90% of victims will believe it.

load more comments (5 replies)
[–] captain_aggravated@sh.itjust.works 22 points 8 months ago (7 children)

I just mentioned this in another comment tonight; cryptographic verification has existed for years but basically no one has adopted it for anything. Some people still seem to think pasting an image of your handwriting on a document is "signing" a document somehow.

load more comments (7 replies)
load more comments (3 replies)
[–] pineapplelover@lemm.ee 56 points 8 months ago (10 children)

Huh. They actually do something right for once instead of spending years trying to ban A.I tools. I'm pleasantly surprised.

[–] CyberSeeker@discuss.tchncs.de 9 points 8 months ago* (last edited 8 months ago)

Bingo. If, at the limit, the purpose of a generative AI is to be indistinguishable from human content, then watermarking and AI detection algorithms are absolutely useless.

The ONLY means to do this is to have creators verify their human-generated (or vetted) content at the time of publication (providing positive proof), as opposed to attempting to retroactively trying to determine if content was generated by a human (proving a negative).

load more comments (9 replies)
[–] DrCake@lemmy.world 47 points 8 months ago (15 children)

Yeah good luck getting to general public to understand what “cryptographically verified” videos mean

[–] patatahooligan@lemmy.world 21 points 8 months ago (2 children)

The general public doesn't have to understand anything about how it works as long as they get a clear "verified by ..." statement in the UI.

load more comments (2 replies)
[–] BradleyUffner@lemmy.world 17 points 8 months ago (1 children)

It could work the same way the padlock icon worked for SSL sites in browsers back in the day. The video player checks the signature and displays the trusted icon.

load more comments (1 replies)
[–] FunderPants@lemmy.ca 14 points 8 months ago (4 children)

Democrats will want cryptographically verified videos, Republicans will be happy with a stamp that has trumps face on it.

load more comments (4 replies)
load more comments (12 replies)
[–] FlyingSquid@lemmy.world 45 points 8 months ago (3 children)

I don't blame them for wanting to, but this won't work. Anyone who would be swayed by such a deepfake won't believe the verification if it is offered.

[–] tacosplease@lemmy.world 33 points 8 months ago (23 children)

Agreed and I still think there is value in doing it.

load more comments (23 replies)
[–] ilinamorato@lemmy.world 11 points 8 months ago

I don't think that's what this is for. I think this is for reasonable people, as well as for other governments.

Besides, passwords can be phished or socially engineered, and some people use "abc123." Does that mean we should get rid of password auth?

load more comments (1 replies)
[–] surewhynotlem@lemmy.world 33 points 8 months ago (4 children)

Fucking finally. We've had this answer to digital fraud for ages.

load more comments (4 replies)
[–] ZombiFrancis@sh.itjust.works 32 points 8 months ago (7 children)

It would become quite easy to dismiss anything for not being cryptographically verified simply by not cryptographically verifying.

I can see the benefit of having such verification but I also see how prone it might be to suppressing unpopular/unsanctioned journalism.

Unless the proof is very clear and easy for the public to understand the new method of denial just becomes the old method of denial.

load more comments (7 replies)
[–] JasSmith@sh.itjust.works 31 points 8 months ago (9 children)

This doesn’t solve anything. The White House will only authenticate videos which make the President look good. Curated and carefully edited PR. Maybe the occasional press conference. The vast majority of content will not be authenticated. If anything this makes the problem worse, as it will give the President remit to claim videos which make them look bad are not authenticated and should therefore be distrusted.

[–] cynar@lemmy.world 16 points 8 months ago (7 children)

It needs to be more general. A video should have multiple signatures. Each signature relies on the signer's reputation, which works both ways. It won't help those who don't care about their reputation, but will for those that do.

A photographer who passes off a fake photo as real will have their reputation hit, if they are caught out. The paper that published it will also take a hit. It's therefore in the paper's interest to figure out how trustworthy the supplier is.

I believe canon recently announced a camera that cryptographically signs photographs, at the point of creation. At that point, the photographer can prove the camera, the editor can prove the photographer, the paper can prove the editor, and the reader can prove the newspaper. If done right, the final viewer can also prove the whole chain, semi-independently. It won't be perfect (far from it) but might be the best will get. Each party wants to protect their reputation, and so has a vested interest in catching fraud.

For this to work, we need a reliable way to sign images multiple times, as well as (optionally) encode an edit history into it. We also need a quick way to match cryptographic keys to a public key.

An option to upload a time stamped key to a trusted 3rd party would also be of significant benefit. Ironically, Blockchain might actually be a good use for this. In case a trusted 3rd can't be established.

load more comments (7 replies)
load more comments (8 replies)
[–] nutsack@lemmy.world 26 points 8 months ago

the technology to do this has existed for decades and it's crazy to me that people aren't doing it all the time yet

[–] andrew_bidlaw@sh.itjust.works 22 points 8 months ago

Why not just official channels of information, e.g. White house Mastodon instance with politicians' accounts, government-hosted, auto-mirrored by third parties.

[–] cooopsspace@infosec.pub 22 points 8 months ago

You mean to tell me that cryptography isn't the enemy and that instead of fighting it in the name of "terrorism and child protection" that we should be protecting children by having strong encryption instead??

[–] circuitfarmer@lemmy.world 19 points 8 months ago (2 children)

I'm sure they do. AI regulation probably would have helped with that. I feel like congress was busy with shit that doesn't affect anything.

[–] ours@lemmy.world 25 points 8 months ago (4 children)

I salute whoever has the challenge of explaining basic cryptography principles to Congress.

load more comments (4 replies)
[–] lemmyingly@lemm.ee 13 points 8 months ago

I see no difference between creating a fake video/image with AI and Adobe's packages. So to me this isn't an AI problem, it's a problem that should have been resolved a couple of decades ago.

[–] VampyreOfNazareth@lemm.ee 18 points 8 months ago (1 children)

Government also puts backdoor in said math, gets hacked, official fakes released

[–] Squizzy@lemmy.world 9 points 8 months ago

Or more likely they will only discredit fake news and not verify actual footage that is a poor reflection. Like a hot mic calling someone a jackass, white House says no comment.

[–] Aurenkin@sh.itjust.works 17 points 8 months ago

I think this is a great idea. Hopefully it becomes the standard soon, cryptographically signing clips or parts of clips so there's no doubt as to the original source.

[–] Thirdborne@lemmy.world 17 points 8 months ago

When it comes to misinformation I always remember when I was a kid I'm the early 90s, another kid told me confidently that the USSR had landed on Mars, gathered rocks, filmed it and returned to earth(it now occurs to me that this homeschooled kid was confusing the real moon landing.) I remember knowing it was bullshit but not having a way to check the facts. The Internet solved that problem. Now, by God , the Internet has recreated the same problem.

[–] long_chicken_boat@sh.itjust.works 15 points 8 months ago (3 children)

what if I meet Joe and take a selfie of both of us using my phone? how will people know that my selfie is an authentic Joe Biden?

load more comments (3 replies)
[–] Snapz@lemmy.world 13 points 8 months ago* (last edited 8 months ago) (1 children)

We need something akin to the simplicity and ubiquity of Google that does this, government funded and with transparent oversight. We're past the point of your aunt needing a way to quickly check if something is obvious bullshit.

Call it something like Exx-Ray, the two Xs mean double check - "That sounds very unlikely that they said that Aunt Pat... You need to Exx-Ray shit like that before you talk about it at Thanksgiving"

Or same thing, but with the word Check, CHEXX - "No that sounds like bullshit, I'm gonna CHEXX it... Yup that's bullshit, Randy."

load more comments (1 replies)
[–] recapitated@lemmy.world 13 points 8 months ago (2 children)

I've always thought that bank statements should require cryptographic signatures for ledger balances. Same with individual financial transactions, especially customer payments.

Without this we're pretty much at the mercy of trust with banks and payment card providers.

I imagine there's a lot of integrity requirements for financial transactions on the back end, but the consumer has no positive proof except easily forged statements.

load more comments (2 replies)
[–] HawlSera@lemm.ee 12 points 8 months ago

This is sadly necessary

[–] Zehzin@lemmy.world 10 points 8 months ago* (last edited 8 months ago) (2 children)

Official Joe Biden NFTs comfirmed

load more comments (2 replies)
[–] AA5B@lemmy.world 9 points 8 months ago

So should Taylor Swift

[–] drathvedro@lemm.ee 9 points 8 months ago (16 children)

I've been saying for a long time now that camera manufacturers should just put encryption circuits right inside the sensors. Of course that wouldn't protect against pointing the camera at a screen showing a deepfake or someone painstakingly dissolving top layers and tracing out the private key manually, but that'd be enough of the deterrent from forgery. And also media production companies should actually put out all their stuff digitally signed. Like, come on, it's 2024 and we still don't have a way to find out if something was filmed or rendered, cut or edited, original or freebooted.

load more comments (16 replies)
load more comments
view more: next ›