Re: Cryptography could help us figure out if a photograph is real or an AI fake

[John Clark]

On Tue, Nov 7, 2023 at 3:12 PM Jason Resch  wrote:

*> GPS works entirely passively on the receiver side. There would be no
> external validation of the GPS coordinates.*
>

I know, but I don't think it would be very difficult to add that
functionality. Or you could have the cell phone providers do it, although
I'd trust the GPS people more.

John K ClarkSee what's on my new list at  Extropolis

nvd


>

-- 
You received this message because you are subscribed to the Google Groups 
"Everything List" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to everything-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/everything-list/CAJPayv2%3DpBmFkiiXkS0Xt1uRbnDY%3D7%3DPyHzz0GvbnL3rcU9zsA%40mail.gmail.com.

Re: Cryptography could help us figure out if a photograph is real or an AI fake

[Jason Resch]

On Tue, Nov 7, 2023, 3:04 PM John Clark  wrote:

>
>
> On Tue, Nov 7, 2023 at 1:59 PM Jason Resch  wrote:
>
>
> *> How does Apple (or whoever is signing the image and its metadata) know
>> it was taken by an iphone at a particular location?*
>>
>
> Regardless of how the picture was  produced, the GPS timestamp created by
> the GPS people can verify exactly when it was made, and can verify where
> the picture was claimed to have been made.
>

GPS works entirely passively on the receiver side. There would be no
external validation of the GPS coordinates.


And Apple Corporation can verify that the iPhone that was supposed to have
> taken the picture has been registered to Mr. Joe Blow. So if the picture is
> an embarrassing picture of a politician and if the picture is phony then
> Mr. Blow must be involved.  Mr. Blow is either an innocent bystander who
> got his iPhone hacked and his secret key stolen, or he is actively engaged
> in deception because he wants the politician to lose the next election.
> But if there's no evidence of any hacking and if Mr. Blow has no history of
> criminality and seems pretty apolitical and if it's not impossible that the
> politician could have been at that place at that time, then it would be
> reasonable to conclude that the photograph was real.
>

Yes, and note, that again it reduces entirely to whatever trust you have or
don't in Mr. Blow. Apple adds no additional trust to the veracity of the
images, it only serves in establishing the identity of Mr. Blow. But there
are better and existing schemes for this which don't require sending all
your images to Apple (certificate authorities).


>
> That's certainly an improvement to what we have now;  a photograph with
> no provenance at all, an anonymous person just posts a picture on the
> Internet with no hint about where or when the picture was taken or by who.
>

I agree. But it's important to recognize what problems cryptography does it
doesn't solve. It can solve the problem of provenance (who generated the
image) but it can't solve the more general problem of is this a deep fake
or not.

Jason



>
>   John K ClarkSee what's on my new list at  Extropolis
> 
> qoz
>
> q0z
>
> --
> You received this message because you are subscribed to the Google Groups
> "Everything List" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to everything-list+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/everything-list/CAJPayv1r1TOfKn7k7CqCHba5Kg7BMY6SQKr6KXSKmoktSTSRog%40mail.gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Everything List" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to everything-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/everything-list/CA%2BBCJUi9bduPJBiTHJEb4kA996X7CLaHra%2BLJRD89QVFadPH5A%40mail.gmail.com.

Re: Cryptography could help us figure out if a photograph is real or an AI fake

[John Clark]

On Tue, Nov 7, 2023 at 1:59 PM Jason Resch  wrote:


*> How does Apple (or whoever is signing the image and its metadata) know
> it was taken by an iphone at a particular location?*
>

Regardless of how the picture was  produced, the GPS timestamp created by
the GPS people can verify exactly when it was made, and can verify where
the picture was claimed to have been made. And Apple Corporation can verify
that the iPhone that was supposed to have taken the picture has been
registered to Mr. Joe Blow. So if the picture is an embarrassing picture of
a politician and if the picture is phony then Mr. Blow must be involved.
Mr. Blow is either an innocent bystander who got his iPhone hacked and his
secret key stolen, or he is actively engaged in deception because he wants
the politician to lose the next election.  But if there's no evidence of
any hacking and if Mr. Blow has no history of criminality and seems pretty
apolitical and if it's not impossible that the politician could have been
at that place at that time, then it would be reasonable to conclude that
the photograph was real.

That's certainly an improvement to what we have now;  a photograph with no
provenance at all, an anonymous person just posts a picture on the Internet
with no hint about where or when the picture was taken or by who.

  John K ClarkSee what's on my new list at  Extropolis

qoz

q0z

-- 
You received this message because you are subscribed to the Google Groups 
"Everything List" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to everything-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/everything-list/CAJPayv1r1TOfKn7k7CqCHba5Kg7BMY6SQKr6KXSKmoktSTSRog%40mail.gmail.com.

Re: Cryptography could help us figure out if a photograph is real or an AI fake

[Jason Resch]

On Tue, Nov 7, 2023, 1:28 PM John Clark  wrote:

> On Tue, Nov 7, 2023 at 1:06 PM Jason Resch  wrote:
>
> >> I don't care if Joe Blow signs it or not with his private key that's
>>> on his iPhone because I have no reason to trust Mr. Blow. I want the Apple
>>> Corporation and the people who run the GPS satellites to sign a hash
>>> function of the picture and the GPS data with their private keys, and their
>>> private keys are not on anybody's phone, they're locked up somewhere in a
>>> deep underground vault, or the cyber security equivalent.
>>>
>>
>> *> But how would Apple, in your scenario, authenticate the picture was
>> really taken from the camera of an iPhone?*
>>
>
> The person claims the picture was taken by an iPhone, if he is lying about
> that then that is a very strong reason to suspect the picture is phony.
>

How does Apple (or whoever is signing the image and its metadata) know it
was taken by an iphone at a particular location?

Presumably, if the signing key is kept in some secure location, there will
have to be a remotely invocable API, which accepts from the sender, any
possible image data and any valid GPS coordinates, etc.

By what means can the signer verify that the data provided was captured
from a camera and not generated or manipulated? I see no way to solve this
problem.

Jason


Why else would he lie about it?  And even if I couldn't be sure how the
> picture was made I'd still know when and where it was made. So you couldn't
> claim to have a compromising picture of me when I was a teenager, or claim
> to have a picture of me taken in Bangkok the day before yesterday when I
> can prove that the day before yesterday I was in Las Vegas.
>
>  John K ClarkSee what's on my new list at  Extropolis
> 
> ilv
>
>
>
>> --
> You received this message because you are subscribed to the Google Groups
> "Everything List" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to everything-list+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/everything-list/CAJPayv14KpZtQ_MLhoM9MYuiOZhxcdw5cMMucKLO5NOy5%3DH2Jw%40mail.gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Everything List" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to everything-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/everything-list/CA%2BBCJUgrOGbYx_6pe52zUHCyCs9UuKQfJM9VC4Y55boQaPyLxg%40mail.gmail.com.

Re: Cryptography could help us figure out if a photograph is real or an AI fake

[John Clark]

On Tue, Nov 7, 2023 at 1:06 PM Jason Resch  wrote:

>> I don't care if Joe Blow signs it or not with his private key that's on
>> his iPhone because I have no reason to trust Mr. Blow. I want the Apple
>> Corporation and the people who run the GPS satellites to sign a hash
>> function of the picture and the GPS data with their private keys, and their
>> private keys are not on anybody's phone, they're locked up somewhere in a
>> deep underground vault, or the cyber security equivalent.
>>
>
> *> But how would Apple, in your scenario, authenticate the picture was
> really taken from the camera of an iPhone?*
>

The person claims the picture was taken by an iPhone, if he is lying about
that then that is a very strong reason to suspect the picture is phony. Why
else would he lie about it?  And even if I couldn't be sure how the picture
was made I'd still know when and where it was made. So you couldn't claim
to have a compromising picture of me when I was a teenager, or claim to
have a picture of me taken in Bangkok the day before yesterday when I can
prove that the day before yesterday I was in Las Vegas.

 John K ClarkSee what's on my new list at  Extropolis

ilv



>

-- 
You received this message because you are subscribed to the Google Groups 
"Everything List" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to everything-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/everything-list/CAJPayv14KpZtQ_MLhoM9MYuiOZhxcdw5cMMucKLO5NOy5%3DH2Jw%40mail.gmail.com.

Re: Cryptography could help us figure out if a photograph is real or an AI fake

[Jason Resch]

On Tue, Nov 7, 2023, 12:31 PM John Clark  wrote:

> On Tue, Nov 7, 2023 at 11:54 AM Jason Resch  wrote:
>
> >> I agree, but I think most people, myself included, would trust that
>>> the entire GPS satellite system is unlikely to be part of some grand
>>> conspiracy of deception, nor is it likely that the Apple Corporation is
>>> stupid enough to do so either because if such deception was ever made
>>> public, and secrets that huge can never be kept for long, it would be the
>>> ruin of the trillion dollar company.  At any rate I'd certainly trust
>>> them more than I'd trust any politician. Or Fox News.
>>>
>>
>>
>> *> I don't know how feasible it would be for  any device maker to prevent
>> someone from extracting a private key from a hardware device which is
>> already is in the hands of the person who seeks to extract it.*
>>
>
> I don't care if Joe Blow signs it or not with his private key that's on
> his iPhone because I have no reason to trust Mr. Blow. I want the Apple
> Corporation and the people who run the GPS satellites to sign a hash
> function of the picture and the GPS data with their private keys, and their
> private keys are not on anybody's phone, they're locked up somewhere in a
> deep underground vault, or the cyber security equivalent.
>

But how would Apple, in your scenario, authenticate the picture was really
taken from the camera of an iPhone?

Jason



Well OK, it's theoretically possible that anybody's secret key can get
> hacked, so even that isn't 100% secure, but then nothing is. However I
> think such a scheme could provide pretty good evidence that a picture was
> genuine.
>
>  John K ClarkSee what's on my new list at  Extropolis
> 
>
> los
>
>
>>> --
> You received this message because you are subscribed to the Google Groups
> "Everything List" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to everything-list+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/everything-list/CAJPayv3Fvu4t_Anju7gifuE5UcPXhp_L1kfSnULGOXFiiSTZmw%40mail.gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Everything List" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to everything-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/everything-list/CA%2BBCJUj7uA5JgBH7Y21MOnNo58Ui-e0R3qi%2BqFvGyh1y5kE3pA%40mail.gmail.com.

Re: Cryptography could help us figure out if a photograph is real or an AI fake

[John Clark]

On Tue, Nov 7, 2023 at 11:54 AM Jason Resch  wrote:

>> I agree, but I think most people, myself included, would trust that the
>> entire GPS satellite system is unlikely to be part of some grand conspiracy
>> of deception, nor is it likely that the Apple Corporation is stupid enough
>> to do so either because if such deception was ever made public, and secrets
>> that huge can never be kept for long, it would be the ruin of the trillion
>> dollar company.  At any rate I'd certainly trust them more than I'd
>> trust any politician. Or Fox News.
>>
>
>
> *> I don't know how feasible it would be for  any device maker to prevent
> someone from extracting a private key from a hardware device which is
> already is in the hands of the person who seeks to extract it.*
>

I don't care if Joe Blow signs it or not with his private key that's on his
iPhone because I have no reason to trust Mr. Blow. I want the Apple
Corporation and the people who run the GPS satellites to sign a hash
function of the picture and the GPS data with their private keys, and their
private keys are not on anybody's phone, they're locked up somewhere in a
deep underground vault, or the cyber security equivalent.  Well OK, it's
theoretically possible that anybody's secret key can get hacked, so even
that isn't 100% secure, but then nothing is. However I think such a scheme
could provide pretty good evidence that a picture was genuine.

 John K ClarkSee what's on my new list at  Extropolis


los


>>

-- 
You received this message because you are subscribed to the Google Groups 
"Everything List" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to everything-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/everything-list/CAJPayv3Fvu4t_Anju7gifuE5UcPXhp_L1kfSnULGOXFiiSTZmw%40mail.gmail.com.

Re: Cryptography could help us figure out if a photograph is real or an AI fake

[Jason Resch]

On Tue, Nov 7, 2023 at 10:44 AM John Clark  wrote:

> On Tue, Nov 7, 2023 at 11:11 AM Jason Resch  wrote:
>
> *> I think such protocols are only useful for verifying whether the image
>> came from an already known and trusted source. I don't see that it could
>> verify whether some content is genuine or not if you didn't already
>> know/trust the entity it is purported to come from (and trust that they
>> would not provide you with false content).*
>>
>
> I agree, but I think most people, myself included, would trust that the
> entire GPS satellite system is unlikely to be part of some grand conspiracy
> of deception, nor is it likely that the Apple Corporation is stupid enough
> to do so either because if such deception was ever made public, and secrets
> that huge can never be kept for long, it would be the ruin of the trillion
> dollar company.  At any rate I'd certainly trust them more than I'd trust
> any politician. Or Fox News.
>


I don't know how feasible it would be for  any device maker to prevent
someone from extracting a private key from a hardware device which is
already is in the hands of the person who seeks to extract it.

There are methods to make it difficult, but I don't think it can be made
impossible. And once one of the keys is removed from the device which
contained it, any extra information, such as GPS coordinates, etc. could be
falsely generated and then signed by that key.

Jason


>
>  John K ClarkSee what's on my new list at  Extropolis
> 
> 3ep
>
>
>
>
>
>
>>
>> Jason
>>
>> On Tue, Nov 7, 2023 at 8:14 AM John Clark  wrote:
>>
>>> Now that AI art is so good it's becoming impossible to determine if a
>>> photograph is real or fake, but a new open-source internet protocol
>>> called "C2PA" may offer a solution. If camera and smartphone makers
>>> agree to do so their products would all have a feature (which I hope you
>>> would be allowed to turn off if you wish) that would make a cryptographic
>>> hash of the picture and, thanks to GPS satellites, also have information on
>>> the time and place the picture was taken, and on the type of camera and
>>> exposure settings. Any alteration to the picture could easily be
>>> determined. And if social media companies cooperated you could even figure
>>> out when it was first posted on them. You could find out all of this stuff
>>> with just one click, it would work something like this:
>>>
>>> What happens if real is actually fake? 
>>>
>>> Of course you could refuse to use C2PA, but if you did that would make
>>> somebody deeply suspicious that your photograph is real.
>>>
>>> Cryptography may offer a solution to the massive AI-labeling problem
>>> 
>>>
>>>
>>> 5tt
>>>
>>>
>> --
> You received this message because you are subscribed to the Google Groups
> "Everything List" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to everything-list+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/everything-list/CAJPayv1KZ_ArPbSPe0nTrTKvHkRUw2xeofkNS3BrOVytbZexXg%40mail.gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Everything List" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to everything-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/everything-list/CA%2BBCJUgQW_A7SqBAi7eYNgNw8UHidoZnH8mF_Pt4MqDBA%3DjpZg%40mail.gmail.com.

Re: Cryptography could help us figure out if a photograph is real or an AI fake

[John Clark]

On Tue, Nov 7, 2023 at 11:11 AM Jason Resch  wrote:

*> I think such protocols are only useful for verifying whether the image
> came from an already known and trusted source. I don't see that it could
> verify whether some content is genuine or not if you didn't already
> know/trust the entity it is purported to come from (and trust that they
> would not provide you with false content).*
>

I agree, but I think most people, myself included, would trust that the
entire GPS satellite system is unlikely to be part of some grand conspiracy
of deception, nor is it likely that the Apple Corporation is stupid enough
to do so either because if such deception was ever made public, and secrets
that huge can never be kept for long, it would be the ruin of the trillion
dollar company.  At any rate I'd certainly trust them more than I'd trust
any politician. Or Fox News.

 John K ClarkSee what's on my new list at  Extropolis

3ep






>
> Jason
>
> On Tue, Nov 7, 2023 at 8:14 AM John Clark  wrote:
>
>> Now that AI art is so good it's becoming impossible to determine if a
>> photograph is real or fake, but a new open-source internet protocol
>> called "C2PA" may offer a solution. If camera and smartphone makers
>> agree to do so their products would all have a feature (which I hope you
>> would be allowed to turn off if you wish) that would make a cryptographic
>> hash of the picture and, thanks to GPS satellites, also have information on
>> the time and place the picture was taken, and on the type of camera and
>> exposure settings. Any alteration to the picture could easily be
>> determined. And if social media companies cooperated you could even figure
>> out when it was first posted on them. You could find out all of this stuff
>> with just one click, it would work something like this:
>>
>> What happens if real is actually fake? 
>>
>> Of course you could refuse to use C2PA, but if you did that would make
>> somebody deeply suspicious that your photograph is real.
>>
>> Cryptography may offer a solution to the massive AI-labeling problem
>> 
>>
>>
>> 5tt
>>
>>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Everything List" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to everything-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/everything-list/CAJPayv1KZ_ArPbSPe0nTrTKvHkRUw2xeofkNS3BrOVytbZexXg%40mail.gmail.com.

Re: Cryptography could help us figure out if a photograph is real or an AI fake

[Jason Resch]

I think such protocols are only useful for verifying whether the image came
from an already known and trusted source. I don't see that it could verify
whether some content is genuine or not if you didn't already know/trust the
entity it is purported to come from (and trust that they would not provide
you with false content).

Jason

On Tue, Nov 7, 2023 at 8:14 AM John Clark  wrote:

> Now that AI art is so good it's becoming impossible to determine if a
> photograph is real or fake, but a new open-source internet protocol
> called "C2PA" may offer a solution. If camera and smartphone makers agree
> to do so their products would all have a feature (which I hope you would be
> allowed to turn off if you wish) that would make a cryptographic hash of
> the picture and, thanks to GPS satellites, also have information on the
> time and place the picture was taken, and on the type of camera and
> exposure settings. Any alteration to the picture could easily be
> determined. And if social media companies cooperated you could even figure
> out when it was first posted on them. You could find out all of this stuff
> with just one click, it would work something like this:
>
> What happens if real is actually fake? 
>
> Of course you could refuse to use C2PA, but if you did that would make
> somebody deeply suspicious that your photograph is real.
>
> Cryptography may offer a solution to the massive AI-labeling problem
> 
>
>  John K ClarkSee what's on my new list at  Extropolis
> 
> 5tt
>
> --
> You received this message because you are subscribed to the Google Groups
> "Everything List" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to everything-list+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/everything-list/CAJPayv3QwOgZmxztpqErch8BuCi8Ffv5fN7WGpFYvFO%3DzotRHg%40mail.gmail.com
> 
> .
>

-- 
You received this message because you are subscribed to the Google Groups 
"Everything List" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to everything-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/everything-list/CA%2BBCJUga656BaAOd6PBc2LF8mK84t_JOs69xx6DJY5gs7spzXg%40mail.gmail.com.

Cryptography could help us figure out if a photograph is real or an AI fake

[John Clark]

Now that AI art is so good it's becoming impossible to determine if a
photograph is real or fake, but a new open-source internet protocol
called "C2PA"
may offer a solution. If camera and smartphone makers agree to do so their
products would all have a feature (which I hope you would be allowed to
turn off if you wish) that would make a cryptographic hash of the picture
and, thanks to GPS satellites, also have information on the time and place
the picture was taken, and on the type of camera and exposure settings. Any
alteration to the picture could easily be determined. And if social media
companies cooperated you could even figure out when it was first posted on
them. You could find out all of this stuff with just one click, it would
work something like this:

What happens if real is actually fake? 

Of course you could refuse to use C2PA, but if you did that would make
somebody deeply suspicious that your photograph is real.

Cryptography may offer a solution to the massive AI-labeling problem


 John K ClarkSee what's on my new list at  Extropolis

5tt

-- 
You received this message because you are subscribed to the Google Groups 
"Everything List" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to everything-list+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/everything-list/CAJPayv3QwOgZmxztpqErch8BuCi8Ffv5fN7WGpFYvFO%3DzotRHg%40mail.gmail.com.