Is there a high level overview of how this is supposed to work? Is there anything to keep people from just lying? E.g. Oh this deepfake of a politician eating people is totally real. See the C2PA content provenance metadata says it was filmed by a BBC journalist’s cellphone camera!
The camera creates a hash of the raw image data and signs that with a private key => If the camera firmware is secure, you can't fake this.
Photoshop modifies the image => hash of the new image data is signed by your personal private key + signature includes camera hash => if someone steals your image, you can prove that your created the Jpeg based off your raw
But yes, it doesn't protect against you using your camera to take a photo of your screen showing a deepfaked image. It might just make this more expensive to fake if it includes GPS into the signature.
>If the camera firmware is secure, you can't fake this.
that's a big if.
>Photoshop modifies the image => hash of the new image data is signed by your personal private key + signature includes camera hash => if someone steals your image, you can prove that your created the Jpeg based off your raw
I don't get what this part is supposed to solve. Desktop editing software allow arbitrary manipulation of image, and there's basically no hope of some sort of TEE to keep the private key secure. Therefore it's useless for guaranteeing authenticity (ie. the image faithfully represents what was captured), and is really only useful for ensuring that a given publication endorses such image. In other words, it's basically gpg signing an image. That's not done today, but you can already verify whether an image comes from a publication by checking linking directly to their site (eg. if a given image is claimed to be from nytimes, you link to nytimes.com).
>> If the camera firmware is secure, you can't fake this.
> that's a big if.
while I agree, I think it's important to start somewhere. using Fear Uncertainty & Doubt as an excuse not to try is to admit defeat forever always. this is a good enough start.
> I don't get what this part is supposed to solve.
This seemed clear to me so I'm not sure what the confusion is. The previous stated it clearly: if someone steals your image, you can prove that your created the Jpeg based off your raw. This seems like a pretty clear boon. Your disbelief seems rested upon the premise that even trying is futile:
> and there's basically no hope of some sort of TEE to keep the private key secure.
Again, I agree that there's a lot of difficulty in securing systems, in locking down keys. Generally I think that weights far more in society & civilization's favor than it's disadvantage. Even if this system proves unworkable, the idea of it seems on target, & correct. The idea that we can take a work, sign it, and create derivate works, which are signed by yet another party, seems like a generally positive mechanism that I want to see.
The agent I see missing is being able to use Certificate Transparency to sign your own (ideally rotating) key. Relying on Polaroid to sign your photos is probably only semi-ok, yeah, them & everyone else will probably have their private keys extracted from the devices in short enough time, and those keys aren't going to rotate (at least in the current world). But if I an artist can declare in a semi-public way my keys, rotate them every hour, and sign my photos with those keys, and- chiefly- have Certificate Transparency make that timestamped key attestable- then we're going somewhere.
Please let's not just accept defeat. Please let's try to imagine how technologies can work, not just how everything is worthless & we should give up. This is a noble & good specification.
> And that’s all security measures can ever do, drive up the cost of bad behavior and reduce the domain in which it’s accessible and economic. Looks to me like C2PA will do that.
