• WolfLink@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    7
    ·
    edit-2
    2 months ago

    Even if you assume the images you care about have this metadata, all it takes is a hacked camera (which could be as simple as carefully taking a photo of your AI-generated image) to fake authenticity.

    And the vast majority of images you see online are heavily compressed so it’s not 6MB+ per image for the digitally signed raw images.

    • cmnybo
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      1
      ·
      2 months ago

      You don’t even need a hacked camera to edit the metadata, you just need exiftool.

      • WolfLink@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        1
        ·
        edit-2
        2 months ago

        It’s not that simple. It’s not just a “this is or isn’t AI” boolean in the metadata. Hash the image, then sign the hash with digital signature key. The signature will be invalid if the image has been tampered with, and you can’t make a new signature without the signing key.

        Once the image is signed, you can’t tamper with it and get away with it.

        The vulnerability is, how do you ensure an image isn’t faked before it gets to the signature part? On some level, I think this is a fundamentally unsolvable problem. But there may be ways to make it practically impossible to fake, at least for the average user without highly advanced resources.