The White House wants to ‘cryptographically verify’ videos of Joe Biden so viewers don’t mistake them for AI deepfakes::Biden’s AI advisor Ben Buchanan said a method of clearly verifying White House releases is “in the works.”

  • ryannathans
    link
    fedilink
    English
    arrow-up
    79
    arrow-down
    1
    ·
    9 months ago

    I have said for years all media that needs to be verifiable needs to be signed. Gpg signing lets gooo

    • NateNate60@lemmy.world
      link
      fedilink
      English
      arrow-up
      37
      arrow-down
      1
      ·
      9 months ago

      Very few people understand why a GPG signature is reliable or how to check it. Malicious actors will add a “GPG Signed” watermark to their fake videos and call it a day, and 90% of victims will believe it.

        • NateNate60@lemmy.world
          link
          fedilink
          English
          arrow-up
          11
          ·
          9 months ago

          No, it’s not. People don’t use VLC to watch misinformation videos. They see it on Reddit, Facebook, YouTube, or TikTok.

        • TheKingBee@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          9 months ago

          And that will in no way be the first step on the road to VLC deciding which videos it allows you to play…

      • Ð Greıt Þu̇mpkin@lemm.ee
        link
        fedilink
        English
        arrow-up
        5
        arrow-down
        1
        ·
        9 months ago

        Yeah but all it takes is proving it doesn’t have the right signature and you can make the Social Media corpo take every piece of media with that signature just for that alone.

        What’s even better is that you can attack entities that try to maliciously let people get away with misusing their look and fake being signed for failing to defend their IP, basically declaring you intend to take them to court to Public Domainify literally everything that makes them any money at all.

        If billionaires were willing to allow disinformation as a service then they wouldn’t have gone to war against news as a service to make it profitable to begin with.

    • Captain Aggravated@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      22
      arrow-down
      1
      ·
      9 months ago

      I just mentioned this in another comment tonight; cryptographic verification has existed for years but basically no one has adopted it for anything. Some people still seem to think pasting an image of your handwriting on a document is “signing” a document somehow.

      • wizardbeard@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        4
        ·
        9 months ago

        It doesn’t help that in a lot of cases, this is actually accepted by a shit ton of important institutions that should be better, but aren’t.

      • ryannathans
        link
        fedilink
        English
        arrow-up
        2
        ·
        9 months ago

        Still trying to get people to sign their emails lol

          • ryannathans
            link
            fedilink
            English
            arrow-up
            1
            ·
            9 months ago

            It’s automated in all mainstream email clients, you don’t even have to think about it if a contact has it set up

            • NateNate60@lemmy.world
              link
              fedilink
              English
              arrow-up
              3
              ·
              edit-2
              9 months ago

              if a contact has it set up

              Well, there’s your problem.

              The most commonly-used mail client in the world is the Gmail web client which does not support it. Uploading your PGP key to Gmail and having them store it server-side for use in a webmail client is obviously problematic from a security standpoint. Number 2 I would guess is Outlook, which appears also not to support it. For most people, I don’t think they understand the value of cryptographically signing emails and going through the hassle of generating and publishing their PGP keys, especially since Windows has no built-in easy application for generating and managing such keys.

              There’s also the case that for most people, signing their emails provides absolutely no immediate benefit to them.

    • bionicjoey@lemmy.ca
      link
      fedilink
      English
      arrow-up
      2
      ·
      9 months ago

      The average Joe won’t know what any of what you just said means. Hell, the Joe in the OP doesn’t know what any of you just said means. There’s no way (IMO) of simultaneously creating a cryptographic assurance and having it be accessible to the layman.

      • NateNate60@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        9 months ago

        There is, but only if you can implement a layer of abstraction and get them to trust that layer of abstraction.

        Few laymen understand why Bitcoin is secure. They just trust that their wallet software works and because they were told by smarter people that it is secure.

        Few laymen understand why TLS is secure. They just trust that their browser tells them it is secure.

        Few laymen understand why biometric authentication on their phone apps is secure. They just trust that their device tells them it is secure.

        • bionicjoey@lemmy.ca
          link
          fedilink
          English
          arrow-up
          3
          ·
          9 months ago

          Each of those perfectly illustrates the problem with adding in a layer of abstraction though:

          Bitcoin is a perfect example of the problem. Since almost nobody understands how it works, they keep their coins in an exchange instead of a wallet and have completely defeated the point of cryptocurrency in the first place by reintroducing blind trust into the system.

          Similarly, the TLS ecosystem is problematic. Because even though it is theoretically supposed to verify the identity of the other party, most people aren’t savvy enough to check the name on the cert and instead just trust that if their browser doesn’t warn them, they must be okay. Blind trust one again is introduced alongside the necessary abstraction layers needed to make cryptography palatable to the masses.

          Lastly, people have put so much trust in the face scanning biometrics to wake their phone that they don’t realize they may have given their face to a facial recognition company who will use it to help bring about the cyberpunk dystopia that we are all moving toward.