In the end, this boils down to polling a web API to download the decryption keys. And at that point, there's nothing stopping you from just storing them.
So their main result is: Encrypted files can be distributed in a public torrent as long as you keep the keys private.
BTW, their feature perturbation is most likely also specific to the architecture of the network being trained. Future architectures will be able to just use their "protected" images as-is.
If this takes of, it will become viable to store malware in pictures again. Perhaps this is the actual motive as it would coerce people to copyrighted ones.
In the end, this boils down to polling a web API to download the decryption keys. And at that point, there's nothing stopping you from just storing them.
So their main result is: Encrypted files can be distributed in a public torrent as long as you keep the keys private.
BTW, their feature perturbation is most likely also specific to the architecture of the network being trained. Future architectures will be able to just use their "protected" images as-is.