Hacker News new | past | comments | ask | show | jobs | submit login

There are lots of problems with this approach, but one of the bigger ones is that if everyone has their own keys, then everyone can create signed images that have been manipulated.

So even if you you can get people to actually verify images (and bear in mind how hard it is to get people to manage keys and use something like GPG), not to mention the technical issues with image reproduction, this would only give you protection in cases where someone is claiming that an image was created by a specific individual and it wasn't. But that's not the problem in the vast majority of instances.




isn't it? when I see an AI-generated image of something that can cause public outrage (or any other sort of virality), the first thing in my mind is: what's the source? and, is it authentic?

If the image comes from John Doe, I probably couldn't care less about it. But if it is from a reputable source, then I definitely want to make sure it is authentic.

keys are hard to manage and use just because they never reached mainstream. A solution like this would have easy-to-use tools to verify such images, perhaps even online tools to do so. I don't expect my mom to know anything about private/public key pairs, but she should be able to run a simple verification on an image


> keys are hard to manage and use just because they never reached mainstream.

I think they never reached mainstream because there is a fundamentally difficult problem to solve that hasn't been solved.

Identity. There are so many similarly named people and organizations that a signature doesn't mean much, unless you understand the identity, and identity is fundamentally hard to understand.

Add on to that, images have a very long lifetime, and signatures become difficult to verify over time. After the key is changed, the old key may no longer be published. It can be difficult to verify when a signature was made, although there's options for signing services that can help... but when those services rotate keys or disappear, it can be difficult to validate their old signatures.


> from a reputable source

And who/what defines that? The problem with your concept is not technical, it is social and systemic. If someone controls the definition of who is reputable, it is centralized control which will both be gatekeeping and susceptible to corruption. If no one controls it, it is personal opinion, not verification. Either way, it is susceptible to manipulation.

It is better to just treat all this the same as any other misinformation - by thinking about what we see. Education and critical thought go a long way, and we need to encourage people to use such tools when consuming media.


We do have certificate authorities, something similar could be used. Nothing stops you from signing your own keys, but it's worth what it's worth. The thing is, if I'm famous and my website has my public key, anyone can use it to check




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: