The White House wants to ‘cryptographically verify’ videos of Joe Biden so viewers don’t mistake them for AI deepfakes::Biden’s AI advisor Ben Buchanan said a method of clearly verifying White House releases is “in the works.”

  • @[email protected]
    link
    fedilink
    English
    7910 months ago

    I have said for years all media that needs to be verifiable needs to be signed. Gpg signing lets gooo

    • @NateNate60
      link
      English
      3610 months ago

      Very few people understand why a GPG signature is reliable or how to check it. Malicious actors will add a “GPG Signed” watermark to their fake videos and call it a day, and 90% of victims will believe it.

      • @optissima
        link
        English
        710 months ago

        As soon as VLC adds the gpg sig feature, it’s over.

        • @NateNate60
          link
          English
          1110 months ago

          No, it’s not. People don’t use VLC to watch misinformation videos. They see it on Reddit, Facebook, YouTube, or TikTok.

        • @QuaternionsRock
          link
          English
          410 months ago

          …how popular do you think VLC is among those who don’t understand cryptographic signatures?

        • @TheKingBee
          link
          English
          110 months ago

          And that will in no way be the first step on the road to VLC deciding which videos it allows you to play…

      • Ð Greıt Þu̇mpkin
        link
        fedilink
        English
        410 months ago

        Yeah but all it takes is proving it doesn’t have the right signature and you can make the Social Media corpo take every piece of media with that signature just for that alone.

        What’s even better is that you can attack entities that try to maliciously let people get away with misusing their look and fake being signed for failing to defend their IP, basically declaring you intend to take them to court to Public Domainify literally everything that makes them any money at all.

        If billionaires were willing to allow disinformation as a service then they wouldn’t have gone to war against news as a service to make it profitable to begin with.

    • Captain Aggravated
      link
      fedilink
      English
      2210 months ago

      I just mentioned this in another comment tonight; cryptographic verification has existed for years but basically no one has adopted it for anything. Some people still seem to think pasting an image of your handwriting on a document is “signing” a document somehow.

      • @[email protected]
        link
        fedilink
        English
        410 months ago

        It doesn’t help that in a lot of cases, this is actually accepted by a shit ton of important institutions that should be better, but aren’t.

        • Captain Aggravated
          link
          fedilink
          English
          110 months ago

          I mean, part of it is PGP is the exact opposite of streamlined and you’ve got to be NSA levels of paranoid to bother with it.

          • @[email protected]
            link
            fedilink
            English
            110 months ago

            It’s automated in all mainstream email clients, you don’t even have to think about it if a contact has it set up

            • @NateNate60
              link
              English
              3
              edit-2
              10 months ago

              if a contact has it set up

              Well, there’s your problem.

              The most commonly-used mail client in the world is the Gmail web client which does not support it. Uploading your PGP key to Gmail and having them store it server-side for use in a webmail client is obviously problematic from a security standpoint. Number 2 I would guess is Outlook, which appears also not to support it. For most people, I don’t think they understand the value of cryptographically signing emails and going through the hassle of generating and publishing their PGP keys, especially since Windows has no built-in easy application for generating and managing such keys.

              There’s also the case that for most people, signing their emails provides absolutely no immediate benefit to them.

                • @NateNate60
                  link
                  English
                  19 months ago

                  Yeah, almost nothing has good PGP integration.

                  Except Git, apparently.

    • @[email protected]
      link
      fedilink
      English
      210 months ago

      The average Joe won’t know what any of what you just said means. Hell, the Joe in the OP doesn’t know what any of you just said means. There’s no way (IMO) of simultaneously creating a cryptographic assurance and having it be accessible to the layman.

      • @NateNate60
        link
        English
        110 months ago

        There is, but only if you can implement a layer of abstraction and get them to trust that layer of abstraction.

        Few laymen understand why Bitcoin is secure. They just trust that their wallet software works and because they were told by smarter people that it is secure.

        Few laymen understand why TLS is secure. They just trust that their browser tells them it is secure.

        Few laymen understand why biometric authentication on their phone apps is secure. They just trust that their device tells them it is secure.

        • @[email protected]
          link
          fedilink
          English
          39 months ago

          Each of those perfectly illustrates the problem with adding in a layer of abstraction though:

          Bitcoin is a perfect example of the problem. Since almost nobody understands how it works, they keep their coins in an exchange instead of a wallet and have completely defeated the point of cryptocurrency in the first place by reintroducing blind trust into the system.

          Similarly, the TLS ecosystem is problematic. Because even though it is theoretically supposed to verify the identity of the other party, most people aren’t savvy enough to check the name on the cert and instead just trust that if their browser doesn’t warn them, they must be okay. Blind trust one again is introduced alongside the necessary abstraction layers needed to make cryptography palatable to the masses.

          Lastly, people have put so much trust in the face scanning biometrics to wake their phone that they don’t realize they may have given their face to a facial recognition company who will use it to help bring about the cyberpunk dystopia that we are all moving toward.