this post was submitted on 11 Feb 2024
639 points (97.9% liked)

Technology

59429 readers
3270 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

The White House wants to 'cryptographically verify' videos of Joe Biden so viewers don't mistake them for AI deepfakes::Biden's AI advisor Ben Buchanan said a method of clearly verifying White House releases is "in the works."

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 12 points 9 months ago (3 children)

The best way this could be handled is a green check mark near the video that you could click on it and it would give you all the meta data of the video (location, time, source, etc) with a digital signature (what would look like a random string of text) that you could click on and your browser would show you the chain of trust, where the signature came from, that it's valid, probably the manufacturer of the equipment it was recorded on, etc.

[–] [email protected] 2 points 9 months ago (1 children)

Do not show a checkmark by default! This is why cryptographers kept telling browsers to de-emphasize the lock icon on TLS (HTTPS) websites. You want to display the claimed author and if you're able to verify keypair authenticity too or not.

[–] [email protected] 1 points 9 months ago (1 children)

Fair point, I agree with this. There should probably be another icon in the browser that shows if all, some, or none of the media on a page has signatures that can be validated. Though that gets messy as well, because what is "media"? Things can be displayed in a web canvas or SVG that appears to be a regular image, when in reality it's rendered on the fly.

Security and cryptography UX is hard. Good point, thanks for bringing that up! Btw, this is kind of my field.

[–] [email protected] 1 points 9 months ago (1 children)

I run /r/crypto at reddit (not so active these days due to needing to keep it locked because of spam bots, but it's not dead yet), usability issues like this are way too common

[–] [email protected] 1 points 9 months ago

I ran /r/cryptotechnology for years, and am good friends with the /r/cc mods. Reddit is a mess though, especially in the crypto areas.

[–] [email protected] 4 points 9 months ago (2 children)

The issue is making that green check mark hard to fake for bad actors. Https works because it is verified by the browser itself, outside the display area of the page. Unless all sites begin relying on a media player packed into the browser itself, if the verification even appears to be part of the webpage, it could be faked.

[–] [email protected] 2 points 9 months ago* (last edited 9 months ago) (1 children)

The only thing that comes to mind is something that forces interactivity outside the browser display area; out of the reach of Javascript and CSS. Something that would work for both mobile and desktop would be a toolbar icon that is a target for drag-and-drop. Drag the movie or image to the "verify this" target, and you get a dialogue or notification outside the display area. As a bonus, it can double for verifying TLS on hyperlinks while we're at it.

Edit: a toolbar icon that's draggable to the image/movie/link should also work the same. Probably easier for mobile users too.

[–] [email protected] 2 points 9 months ago* (last edited 9 months ago) (1 children)

If you set the download manager icon in the browser as permanently visible, then dragging it there could trigger the verification to also run if the metadata is detected, and to then also show whichever metadata it could verify.

[–] [email protected] 1 points 9 months ago

That's a tad obscure, but makes it much easier to code up a prototype. I like it.

[–] [email protected] 4 points 9 months ago

Hope verification gets built in to operating systems as compromised applications present a risk too.

But I’m sure a crook would build a MAGA Verifier since you can’t trust liberal Apple/Microsoft technology.

[–] [email protected] 7 points 9 months ago (1 children)

Just make sure the check mark is outside the video.

[–] [email protected] 3 points 9 months ago

Browser controlled modal.