[kkielhofner]

It's been really interesting to see another recent uptick in media (and HN) coverage of deepfakes, modified media, etc lately.

There are virtually endless ways to generate ("deepfake") or otherwise modify media. I'm convinced that we're (at most) a couple advancements of software and hardware away from anyone being able to generate or otherwise modify media to the point where it's undetectable (certainly by average media consumers).

This comes up so often on HN I'm beginning to feel like a shill but about six months ago I started working on a cryptographic approach to 100% secure media authentication, verification, and provenance with my latest startup Tovera[0].

With traditional approaches (SHA256 checksums) and the addition of blockchain (for truly immutable and third party verification) we have an approach[1] that I'm confident can solve this issue.

[0] https://tovera.com

[1] https://www.tovera.com/tech

[kc0bfv]

But this only works if all views of the images employ your client... If I download an image (screenshot if necessary), modify it, and host it myself, how does the system work then?

And, unless all users trust only things viewed securely, and distrust things viewed nonsecurely (out of your client), then misinformation and fake photos can still propagate, right? (Or, how does the system handle this?)

[tsimionescu]

Block chain can at best give you chain-of-custody, but it can't help with the real problem - the original source. Trusting the original source requires, well, trust, so a block chain really adds very little to the solution.

[kkielhofner]

In our implementation the source/creator of the media is verified as well. I think of our approach as "Twitter blue checkmark meets certificates" (sort of). Of course a user can always take media and re-upload it via any number of ways but they can't do so as any other user. One of our next steps is to have identity verification by way of social media accounts and Stripe identity or another identity verification platform.

The primary verification source is our API that interacts with a traditional data store. Blockchain only serves to add additional verification that we (or anyone else) isn't modifying or otherwise tampering with our verification record.