Donning my tinfoil hat for a moment, YouTube is in a position here to simultaneously iterate on automatic AI video detection while also working out how to make AI generated video that's impossible to detect.
I think that "impossible to detect" is not something realistic if camera manufacturers are willing to start adding encryption signatures to their cameras outputs and are willing to vouch for them.
I realize this would still allow fakes to be presented by governments in all likelihood, but not everyone.
Who posts raw output from cameras anywhere? This doesn't seem useful outside some niche use-cases (like security camera footage). At a minimum just about every recording is going to be re-compressed for streaming.
Synthid is a watermark which indicates the video is AI-generated, not a digital signature indicating it's real. Completely different use case and threat model.
I'm not aware of any secure digital signature schemes that don't require the thing they signed to be bit-for-bit identical to pass verification. There are perceptual hashing algorithms that could theoretically be used to build such a scheme, but such hashes are not second preimage resistant, so someone could create a modified video that still passes signature verification.
I'm not even sure what you're hypothetically describing here. You want a system that authenticates that an image hasn't been manipulated, but which still allows you to compress and transcode it? It's feasible in the same way that synthid was feasible, but I don't think there's actually a use case for it. You either want it to be unedited or you don't. I'm not sure how you can say "edited, but only exactly this much editing is allowed."
I suppose the validator could do a fuzzy match and just output a similarity score that compares the result to the original image. IE - This image is 75% similar to the original with something like a perceptual hash. Then it's the users problem to decide if 75% is close enough for their trust.
I bet the cameras' companies will start automatically uploading the real footage to their servers for attestation, and allow the camera owners to get those links, so people will just add that link on YouTube or whatever and say "See, its real, Sony vouches for it", heck maybe they will make their buyers to sign up with YouTube and do it for them.
How on top of security do you think all the camera manufacturers are going to be? That is, how long until people can sign videos that were not, in fact, shot with their camera?
Proving that you were able to upload something that is not real would go viral so it's very attractive to people to share such findings, meaning it would not last long, then they fix it and that's it, specially because they can require you to upgrade your camera's firmware if you want to keep using their attestation service.
Perhaps that could work in certain situations, but you don't even necessarily need digital signatures for that. A link to a reputable news site claiming they've verified the footage as real would be good enough in like 95% of cases, people just don't bother to check.
You'd also need close to 100% adoption for this to be effective, otherwise people will just assume the fakes were recorded with one of the cameras that doesn't have that feature, or that they didn't bother to upload the raw footage anywhere.
Joking and all but sexting would benefit from this technology, if it can vouch about the time, GPS location and email address of the owner then the receiver can have some certainty about the pic (if the sender decides to share such attestation link/info, of course)
Attention is valuable these days, so making people go to their websites for people to check if something is real is good for them, its people they can try to sell more cameras (or phones) and all that.
I don't think it needs do be raw output. I'm pretty sure that signatures can exist within image and sound outputs that are reproducible when changing to other formats.
Leica started doing this a few years ago in response to the first wave of AI images[0]. Other, bigger manufacturers (Nikon, Canon, Sony as well I believe) have also joined, though with less fanfare. Adobe is in the loop.
As someone with a passing interest in infosec and cryptography, I'm sceptical of the long-term viability of this kind of product; it only takes one person successfully extracting a signing key to undermine the entire project.
Yes, you're correct about private keys getting exposed, but it's better than nothing. I suspect though, even after key exposure there may be a way to make new private keys so that compromised keys have a known point when they are compromised, which makes public how much skepticism we should all have about authenticity.
I just think there is a world of difference between "certainty" and "plausibility" when it comes to videos on the internet. Yes, state actors might circumvent it, and skepticism should remain, but there is a world of difference between North Korea trying to convince me of some political scandal, and Pepsi Co trying to convince me that someone I trust loves Pepsi.
I currently use a 2008 Fujifilm camera and a 2018 Sony. The Fujifilm doesn’t even have a firmware update mechanism, and the Sony camera doesn’t get updated anymore. These devices are rarely connected to the internet and never go obsolete so they get used until they break.
There might be a specialised line of cameras for forensics that signs the output and has lidar to detect when the camera is pointed at a screen, but the average person won’t have a camera with this kind of crypto. It would just be too easy for hackers to extract the keys from.
You still ultimately have the analogue hole here - pull the camera apart, splice your own hardware somewhere between the sensor and the thing that adds the signatures (or in front of the sensor).
Or just straight up point the camera at a computer monitor, without even trying to hide it. Most of the security camera footage online is already uploaded this way.
I intentionally didn't say that because I feel like people might dismiss that with "oh but you can tell the difference with sufficient analysis etc" whereas literally sending data directly through the same path as the real sensor would be potentially less detectable (or more, if the sensor itself has some kind of noticeable fingerprint)
Why do we keep on seeing that elementary misconception? Cryptographic verification != reality of the underlying data fed to it! Plus vouching for hardware that is in consumer hands? There is the gaping analog hole of 'recording' arbitrary data streams. All that system would do is make it easier to deanonmyize speech.
I feel it wouldn't be too difficult to get a social-media video to look convincing enough even with just a regular camera and monitor, at least after compression (if end users aren't served raw footage directly, and instead trust the attestation of the site).
Right, my point is that this should default to "untrustworthy." The idea is that a camera would at the very least include a timestamp and camera type in the signature. That signature should usually be reproducible when being filmed by another camera (these signatures can be part of the physical image). This should mean that a cameras filming screens would have multiple ways to show the images are not legitimate (as something as simple of shadows not matching time of day could show the video is illegitimate).
If I were creating a verification system, I'd include a Timestamp, camera used, and UUID. If I were selling products to news teams, I'd likely include fields that the firm wanted included like name of company, and if applicable, gps location.
> "while also working out how to make AI generated video that's impossible to detect."
what gives you that impression?
Google is spends millions of dollars researching and implementing SynthID [0]; ensuring all videos generated have a watermark to ensure they can be detected. As well as using SynthID to detect AI-generated videos, which is what I am guessing they are using @ YT to detect and label the AI videos.
I am far from a Google or AI fanboy, closer to an admiring hater, but I just don't see how they are making AI generated video impossible to detect if they are going out of the way to ensure SynthID /AI watermarks are present in any video generated on the platform.
unless you mean impossible to detect by human eyes; but if that's the case, so is everyone else.
except everyone else is NOT spending resources on research for watermarking and keep the detection algorithms ahead of the curve.
Yeah, like Google doesn't know other hundreds of companies are also generating videos and will without the slightest shred of doubt will use reinforced learning to bypass this detection, meaning directly asking Google's AI if a picture they modified is AI or not to improve their algorithms, they know vouching for video is as useful as vouching for AI generated texts, zero.
I like react if I'm the one writing all the code. But it's too easy to write something an order of magnitude more complex than it needs to be if you don't know what you're doing. And just easy enough to maintain that complexity that you never realise you're doing something wrong.
Chasing "driver engagement" during regular driving at/below speed limit on regular public roads strikes me as a bit pointless. You're just trying to add friction to the process because there happened to be friction in the past.
And when you're not going the speed limit on regular public roads here's plenty of "driver engagement" to be had going too fast round tight corners (hopefully on a track, but we can't all be perfect ;)) regardless of whether there's some weird obfuscation between you and the actual mostly flat torque curve of the electric engine as long you build good suspension, body stiffness, put decent tires on it, don't make it too heavy etc.
I would love Lotus to make another road legal go-kart and slap an electric engine in it.
Surely if you were that security conscious you'd never trust some third party to put the keys on the drives and not keep a copy for themselves - you'd just buy two regular drives and put the key on there yourself.
I find if I ask most LLMs to write a self contained script/utility, even in codebases that are 90-100% written in some other language most will default to using python for it, or sometimes bash.
Usually those kinds of utility scripts are one-shotted without any further input from me, and once they're there and doing what I need I usually don't bother converting them to whatever I would have written them in otherwise (bash would be my usual preference for really small scripts, typescript or rust for bigger utilities, I hate writing python but reading it is fine... kind of).
The funny thing is you absolutely can do things which improve both speed and quality at the same time (basic good engineering), but they're like 3 or 4 orders of effect removed from those outcomes and impossible to do when you have someone breathing down your neck asking "does this make us go faster" at every step of the way.
Also "our velocity is 3x higher than it would be in the imaginary invisible universe where we made worse decisions 6 months ago" is impossible to measure, whereas "we cut a bunch of corners and shipped a piece of garbage on an arbitrary deadline" is very measurable.
Similarly, in 1790s America, farmers west of the Appalachians were growing plenty of corn, but because of bad roads the only feasible way to transport it to the much larger markets east of the mountains was as whiskey. When Alexander Hamilton imposed a tax on distilled spirits, the result was a "Whiskey Rebellion" in which George Washington himself rode out at the head of an army against other American citizens.
This type of trivia is why I found Bill Bryson’s “At Home” so entertaining. Tariff on windows? People cover them with bricks. Tariff on glass? Windows made of other materials. Tariff on… well, maybe stop designing tariffs if you can’t predict the outcome!
Anecdotal counterpoint, the best teams I've been on have always had a good mix of a couple of really senior/decent intermediate people and a few either totally fresh grads or juniors (at the beginning of the project). Those fresh people have a good chance of becoming pretty formidable pretty quickly with the right mentoring, and without them seniors have a tendency to just remain experts on whatever tech stack they're familiar with but not think out of the box.
Hiring a mediocre senior is much worse than hiring a grad because they will never get any better, and it's very hard to know at hiring time that they're mediocre.
I'd also add that top-heavy engineering organizations are sometimes incapable of delivering anything useful because everyone wants to work on the hard problems, establish the frameworks, define the processes, and so on, and no one wants to operate the damn business. It's good to have a mix of perspectives in a team.
Fully agree actually. Not sure its a counterpoint at all really, but its a great point. My comment wasn't intended to be "juniors were never worth it", but instead "juniors WERE worth it before but not because they produced amazing ROI themselves, why does the introduction of an LLM change that?" I'm solidly against the narrative that now all of a sudden juniors aren't worth hiring anymore because a senior with an LLM = 100x engineer.
If I was hiring a single new staff member in an already staffed cafe (and I trust the existing staff to be good mentors), sure, hire anyone, train them up.
But if I'm hiring the first handful of employees, especially if I'm trying to make good coffee and run a smooth operation, I'd want someone with some experience already - their PhD doesn't really tell me anything about their ability to work in a cafe. This goes doubly so when I'm some ethereal AI that isn't going to be working alongside them.
reply