[teravor]

i wouldn't have any confidence in being able to remove a 0.5 bit watermark (presence/absence). what you see is probably a functional decoy.

[yorwba]

You can use the verification tool to check whether the watermark is still detectable and iterate until you successfully removed it .

Of course if you need to regenerate the image with an unwatermarked image-generation model to remove it, it more or less still serves its purpose.

[tux3]

How confident are you that the verification tool detects all of the watermark, and not just one layer?

I would layer two watermarks and let the public remove the most visible one.

[soraminazuki]

What good does a totally imaginary AI watermark that'll never be revealed to the public even do?

[PxldLtd]

You can reveal it later when you come up with a new mechanism and out all the fake images. Basically the first layer is first defence, second layer is cleanup when releasing a new mechanism. That way your generated images will always be identifiable eventually.

[ndr]

It might not be intended for the public.

Similar to your printer fingerprinting: https://en.wikipedia.org/wiki/Printer_tracking_dots

[unglaublich]

It's to mark the images for exclusion during training.

[ZiiS]

A better way of looking at it is you only need to introduce a .5 bit error.