this post was submitted on 22 Aug 2023
341 points (81.6% liked)
Technology
60058 readers
2505 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The obvious thing is that at some point any camera worth it’s salt will have a nice embedded key that it signs it’s output traceable to a vendor’s CA at the least. No signature, the image would be considered fake.
Yeah, I think that there may be something like that -- the ability to prove things with a camera is useful -- but it's gonna be more-complicated than just that. It's consumer hardware. If you just do that, someone is gonna figure out how to extract the keys on at least one model and then you can forge authenticated images with it.
As a programmer, I gotta say, that's probably not technically feasible in a sensible way.
Every camera has got to have an embedded key, and if any one of them leaks, the system becomes worthless.
No, that would actually be feasible with enough effort.
The real question is what do you do if someone takes a screenshot of that image? Since the picture must be in a format that can be shown, nothing is stopping people from writing software that just strips the authentication from the camera file.
Edit: misread the problem. You need to get a private key to make forgeries and be able to say "no look, this was taken with a camera". Stripping the signature from photographs is the opposite of what we want here.
The point is, without the signature then there’s plausible deniability that it wasn’t real. If you want to prove something happened, then it should have a signature and be validated.
If someone is showing off a screenshot of an image then in the future (now really) one probably needs to assume it’s fake unless there’s some overriding proof otherwise.