[danShumway]

> then you make a browser extension to spot that pattern and indicate it to the users "in some way"

If that's an Open standard, and if that browser extension is Open Source, then anyone who wants to avoid that can mess with the final image until the Open Source free standard that everyone is using no longer detects the image.

The only way this is viable is with DRM or a closed service; if it's a standard everyone follows, then circumventing it is trivial. The only way it would work is if it's shrouded in secrecy and attackers can't freely use red-team against the tool. These kinds of watermarks work when there's a very limited pool of people checking for the watermarks, they don't tell people who the watermarks are generated, and they don't tell people how to check for the watermarks.

But that's not really useful for the current situation -- we don't want to further entrench these companies and we don't want it to be costly to check if an image is AI-generated.

I don't think it's viable to do this without significantly curtailing user agency or designing a system that is fully opaque and inaccessible to most people.

[ke88y]

Yeah, this is my general feeling about why this area is doomed. It's why I haven't bothered to write up a patent even though I had some good ideas a few years ago. Maybe that was a mistake since governments and corporate politicians are stupider than I assumed.

If you have a central source of authority then the problem is totally trivial and the fact that the images are AI-generated (or not) is a complete red herring.

If you don't have a central source of authority then any reasonable adversarial model makes the watermarking problem somewhere between very difficult and impossible.

Detection from known models is still possible, at least for images. But that's not really watermarking per se.