Would be good if content publishers did something like digitally signing their content along with embedded metadata so if e.g. you see a video circulating you can see that the BBC attested that it was released by them & its original air date was such & such.
Or if you see a quote claiming to be from Emmanuel Macron or Boris Johnson, you can see it was released with a digital signature from a Guardian journalist & they add whatever date/time/location details they want to validate the information.
If instead I release something (on Twitter or wherever) that I say is a screen-capture of my TV, _I_ add the metadata (originally seen on BBC on 27 Jul, 1:55pm) and sign and then you know that you only trust it as much as you trust _my_ reputation rather than the BBC.
Wouldn't solve the problem entirely but it might create a bit of an audit trail for stuff and encourage people not to trust unvetted material.
Exactly, so if I upload something and say "Look what I just recorded off the BBC!" you _shouldn't_ believe me if creating a deep-fake becomes as easy as recording the real thing.
In that scenario, you'd want people to say "but wait, there's no signature on this, it could be fake" and then only trust the video as much as you trust the source (not the claimed source).
The problem is how to do you make that signature or digital artifact accessible by the general public.
Any visual artifact can be mocked, so we end up with the same problem as clickbait titles, where the conclusion one arrives at from just a title can be disproved, but it doesn't prevent the false information from going viral.
What good is it to say "that video you saw was fake!" after the video has spread around and done the damage already?
It's hard to come up with a solution to this problem just because the solution has to preempt the problem. A cryptographic visual artifact _could_ work, but it's still likely that misinformation via deep-fakes will cause problems for society at large.
Yeah agreed — making security & authenticity understandable to a layperson is always going to be tricky.
Websites like Twitter adopting a "blue tick" for a validated profile on their platform though is a model people seem to get. If we had some equivalent of a "blue tick" at a user-agent level, e.g. a for your browser to take a signature and display it in a standardised, human way to say "this video is signed by bbc.co.uk" it could work. (With a similar model for user-agents elsewhere e.g. you'd probably need adoption in apps like WhatsApp to get traction.)
The other side of it (like privacy discussions) is how much the average person will care — tabloid journalism often skirt the borders of what they can get away with at the moment & they nominally have a duty currently to only write factual information. If Fox News or the Daily Mail release videos and put their own signature to it, then you arguably lend them legitimacy ("it's on the news so it must be true. It's signed by them and all!").
I wonder if there's a startup opportunity there. In the coming years, this problem of deepfakes and lack of trust in media is only going to get worse. Crypto could mitigate this. Maybe a hardware company who sells very high end cameras for media outlets, that digitally signs and adds to a blockchain, all recorded media?
But why store the signature in a blockchain? If you do not trust the certificates in the first place, the storage location won't make any difference. And if you trust the certificates, the storage location is completely irrelevant. Because the certificates alone provide the trust.
For the same reason as certificate transparency logs; you want to avoid trusting something that has a history of certifying false statements. You also need to handle throwaways, so it's definitely not sufficient (and might turn out to not be necessary once a complete solution is found), but it does seem useful.
Well, my thinking was that you would want to store the data cryptographically signed, on a block chain, for the same reasons (more or less) that NFTs exist on a blockchain. Predominately, the public ledger of ownership seems like an important aspect of digital content. Is it necessary for trust? Not at all, but it certainly doesn't hurt it?
Disclaimer: I am an armchair crypto fan. Not an authority.
Then, when someone videos an atrocity, they need to choose between publishing publicly (risking retribution) or publishing anonymously (if they even know how) and risk being disbelieved.
Well, they could contact a news outlet on the condition of anonymity & the news outlet satisfies themselves as to the validity of the footage.
Similar to how anonymous 'tip-off' stories with protected sources work in general at the moment — the media outlet put their own reputation on the line on the basis of the source & we trust (to a certain degree) reputable news outlets to validate & vet their sources correctly. This is true for stuff that's easily forgable at the moment, e.g. a whistle-blower releasing documents.
They could use ring signatures (like what Monero and other do), where the signature only validated that it came from one of several possible private keys.
Or if you see a quote claiming to be from Emmanuel Macron or Boris Johnson, you can see it was released with a digital signature from a Guardian journalist & they add whatever date/time/location details they want to validate the information.
If instead I release something (on Twitter or wherever) that I say is a screen-capture of my TV, _I_ add the metadata (originally seen on BBC on 27 Jul, 1:55pm) and sign and then you know that you only trust it as much as you trust _my_ reputation rather than the BBC.
Wouldn't solve the problem entirely but it might create a bit of an audit trail for stuff and encourage people not to trust unvetted material.