Security researchers: am I overly cynical, or are all the "content authenticity" initiatives meant to prove a photo is real a giant waste of time?
If the photo is cryptographically signed by the camera, the private key will just get pulled from the device.
Even if the photos are signed, you can just strip the metadata. Users will default to trust.
Even if the photo maintains a chain of trust, you can just fake a photo by taking a photo of a screen.
What am I missing?
@sandofsky Hi Ben, have you heard of the The Coalition for Content Provenance and Authenticity (C2PA)? We are members along with Adobe, Amazon, BBC, OpenAi etc. Might be worth a read and is a great initiative.
@sandofsky lol - not really I'm afraid - you are correct in your post.
Unless a platform supports methods like the C2PA initiative, and the whole end to end chain of events is managed (as you say, thats not possible in reality), the only way to prove a photo, video or image is real, is to stay within the verification ecosystem from capture/creation to viewing. News agencies/broadcasters could do this of course. Outside of those methods, it will be open to abuse. 1/2
Matt Dickoff
Ben Sandofsky
S★m V★rm★
Chris Mackay 🇨🇦
Simon Harper