[yetanotherloss]

The cryptography to support this has been around for ever and it's been next to impossible to make the decision makers at companies and large organizations care, much less end users.

Small time players like GE routinely fail to correctly sign industrial control software, the odds of people recording video paying enough attention to get it right and the meme crowd bothering to check even if they did seems vanishingly small without a lot of educational effort.

[jacobr1]

Yeah, you need adoption for it to work, and that in tern means there needs to be some kind of financial or regulatory incentive. But it does seem to me to be more technically feasible. Fingerprinting AI seems ... just not workable at this point.

We are starting to see adoption of software supply-chains with SBOMS, albeit imperfectly. We are starting to see increased adoption of things like DMARC in the email space to better authentic the originator of an email. Both are highly imperfect systems ... but you can start kludging something together ... and if the incentives are there I think you can build out more of a workable system.

[AnthonyMouse]

> The cryptography to support this has been around for ever

It's not the cryptography which is the problem. It's, who do you trust with the signing keys? The list inherently has to include every camera maker, despite that industry generally not having a great security culture, as well as every camera's country of origin, and every country with a security service capable of infiltrating some other country's camera maker. Which is probably all of them.

Worse, the keys have to be in the camera. Every camera. Break one of any model and you can forge images with it. Break one of any model and publish the break and you call into question every image from every camera of that type.

Then, even if a camera hasn't given up its keys, someone can use it to take a picture of a picture.

None of this requires a cryptographic break of public key signatures.

[tomrod]

> Small time players like GE routinely fail to correctly sign industrial control software, the odds of people recording video paying enough attention to get it right and the meme crowd bothering to check even if they did seems vanishingly small without a lot of educational effort.

I've wanted to build a product in this space ever since I heard about deepfakes. Mix of keybase and appropriate file hash, and hash gen for subsets of sections of video. Maybe it needs to be a protocol, maybe a product, not sure, but the need seems apparent to me.

[tornato7]

For practical uses the cryptography is quite new. Essentially if you cryptographically sign an image coming out of a sensor then you’re only getting whatever original version of it is and if you modify it even just to resize it for web for example, then it’s going to break the cryptographic chain of trust. You need to use zero knowledge proofs to allow for necessary image manipulations while keeping a signature.

[Nick87633]

At the very least an HTML link to the signed original so that people can verify the source material.