The problem here is that if this is unreliable – and I’m skeptical that Google can produce a system that will work across-the-board – then you have a synthesized image that now has Google attesting to be non-synthetic.
Maybe they can make it clear that this is a best-effort system, and that they only will flag some of them.
There are a limited number of ways that I’m aware of to detect whether an image is edited.
If the image has been previously compressed via lossy compression, there are ways to modify the image to make the difference in artifacts in different points of the image more visible, or – I’m sure – statistically look for such artifacts.
If an image has been previously indexed by something like Google Images and Google has an index sufficient to permit Google to do fuzzy search for portions of the image, then they can identify an edited image because they can find the original.
It’s possible to try to identify light sources based on shading and specular in an image, and try to find points of the image that don’t match. There are complexities to this; for example, a surface might simply be shaded in such a way that it looks like light is shining on it, like if you have a realistic poster on a wall. For generation rather than photomanipulation, better generative AI systems will also probably tend to make this go away as they improve; it’s a flaw in the image.
But none of these is a surefire mechanism.
For AI-generated images, my guess is that there are some other routes.
Some images are going to have metadata attached. That’s trivial to strip, so not very good if someone is actually trying to fool people.
Maybe some generative AIs will try doing digital watermarks. I’m not very bullish on this approach. It’s a little harder to remove, but invariably, any kind of lossy compression is at odds with watermarks that aren’t very visible. As lossy compression gets better, it either automatically tends to strip watermarks – because lossy compression tries to remove data that doesn’t noticeably alter an image, and watermarks rely on hiding data there – or watermarks have to visibly alter the image. And that’s before people actively developing tools to strip them. And you’re never gonna get all the generative AIs out there adding digital watermarks.
I don’t know what the right terminology is, but my guess is that latent diffusion models try to approach a minimum error for some model during the iteration process. If you have a copy of the model used to generate the image, you can probably measure the error from what the model would predict – basically, how much one iteration would change an image or part of it. I’d guess that that only works well if you have a copy of the model in question or a model similar to it.
I don’t think that any of those are likely surefire mechanisms either.
I guess this would be a good reason to include some exif data when images are hosted on websites, one of the only ways to tell an image is true from my little understanding.
I guess, but the original image would be somewhere to be scraped by google to compare and see an earlier version. Thats why you don’t just look at the single image, you scrape multiple sites looking for others as well.
Theres obviously very specific use cases that can take advantage of brand new images that are created on a computer, but theres still ways of detecting that with other methods as explained by the user I responded to.
It seems like you’re assuming that file modified times are fixed…? Every piece of metadata like that can be altered. If you took a picture and posted it somewhere, I could take it and alter it to my liking, then add in some fake exif data as well as make it look like I modified the image before your actual original version.
You can’t use any of that metadata to prove anything.
No, but it seems like you’re assuming they would look at this sandboxed by itself…? Of course there is more than one data point to look at, when you uploaded the image would noted, so even if you uploaded an image with older exif data, so what? The original poster would still have the original image, and the original image would have scraped and documented when it was hosted. So you host the image with fake data later, and it compares the two and sees that your fake one was posted 6 months later, it gets flagged like it should. And the original owner can claim authenticity.
Metadata provides a trail and can be used with other data points to show authenticity when a bad actor appears for your image.
You are apparently assuming to be looking at a single images exif data to determine what? Obviously they would use every image that looks similar or matches identical and use exif data to find the real one. As well as other mentioned methods.
The only vector point is newly created images that haven’t been digitally signed, anything digitally signed can be verified as new, unless you go to extreme lengths to fake and image and than somehow recapture it with a digitally signed camera without it being detected fake by other methods….
To prove the legibility of the image? It’s a great data point that’s pretty anonymous, they don’t need to include the Mac, sim, serial or other information.
You can use metadata to prove an image is real, you can’t prove something is real without it, so it’s the only current option. It tells you a lot, you just don’t want people to know it apparently, but that doesn’t change it can be used to legitimatize an image.
What’s disgusting about knowing if an image was taken on a Sony dslr, and Android or an iPhone? And entitled…? This is so you can prove your image is real? The hell you talking about here?
No, you cannot use metadata as even extremely weak evidence that an image is real. It is less than trivial to fake, and the second anyone even hints at making it a standard approach, it will be on every photo anyone uses to mislead anyone.
Most photos on the internet are camera phones, and you absolutely are not entitled to know what phone someone has. Knowing someone’s phone has infinitely more value to fingerprinting a user than including metadata could ever theoretically have to demonstrate whether a photo is legitimate or not.
Photos without a specific, on record provenance from a credible source are no longer useful for evidence of anything. You cannot go back from that.
looks dubious
The problem here is that if this is unreliable – and I’m skeptical that Google can produce a system that will work across-the-board – then you have a synthesized image that now has Google attesting to be non-synthetic.
Maybe they can make it clear that this is a best-effort system, and that they only will flag some of them.
There are a limited number of ways that I’m aware of to detect whether an image is edited.
If the image has been previously compressed via lossy compression, there are ways to modify the image to make the difference in artifacts in different points of the image more visible, or – I’m sure – statistically look for such artifacts.
If an image has been previously indexed by something like Google Images and Google has an index sufficient to permit Google to do fuzzy search for portions of the image, then they can identify an edited image because they can find the original.
It’s possible to try to identify light sources based on shading and specular in an image, and try to find points of the image that don’t match. There are complexities to this; for example, a surface might simply be shaded in such a way that it looks like light is shining on it, like if you have a realistic poster on a wall. For generation rather than photomanipulation, better generative AI systems will also probably tend to make this go away as they improve; it’s a flaw in the image.
But none of these is a surefire mechanism.
For AI-generated images, my guess is that there are some other routes.
Some images are going to have metadata attached. That’s trivial to strip, so not very good if someone is actually trying to fool people.
Maybe some generative AIs will try doing digital watermarks. I’m not very bullish on this approach. It’s a little harder to remove, but invariably, any kind of lossy compression is at odds with watermarks that aren’t very visible. As lossy compression gets better, it either automatically tends to strip watermarks – because lossy compression tries to remove data that doesn’t noticeably alter an image, and watermarks rely on hiding data there – or watermarks have to visibly alter the image. And that’s before people actively developing tools to strip them. And you’re never gonna get all the generative AIs out there adding digital watermarks.
I don’t know what the right terminology is, but my guess is that latent diffusion models try to approach a minimum error for some model during the iteration process. If you have a copy of the model used to generate the image, you can probably measure the error from what the model would predict – basically, how much one iteration would change an image or part of it. I’d guess that that only works well if you have a copy of the model in question or a model similar to it.
I don’t think that any of those are likely surefire mechanisms either.
And the problem if it is reliable is that everyone becomes dependent on Google to literally define reality.
Fun fact about AI products (or any gold rush economy) it doesn’t have to work. It just has to sell.
I mean this is generally true about anything but it’s particularly bad in these situations. Also PT Barnum had a few thoughts on this as well.
I guess this would be a good reason to include some exif data when images are hosted on websites, one of the only ways to tell an image is true from my little understanding.
Exif data can be faked.
I guess, but the original image would be somewhere to be scraped by google to compare and see an earlier version. Thats why you don’t just look at the single image, you scrape multiple sites looking for others as well.
Theres obviously very specific use cases that can take advantage of brand new images that are created on a computer, but theres still ways of detecting that with other methods as explained by the user I responded to.
It seems like you’re assuming that file modified times are fixed…? Every piece of metadata like that can be altered. If you took a picture and posted it somewhere, I could take it and alter it to my liking, then add in some fake exif data as well as make it look like I modified the image before your actual original version.
You can’t use any of that metadata to prove anything.
No, but it seems like you’re assuming they would look at this sandboxed by itself…? Of course there is more than one data point to look at, when you uploaded the image would noted, so even if you uploaded an image with older exif data, so what? The original poster would still have the original image, and the original image would have scraped and documented when it was hosted. So you host the image with fake data later, and it compares the two and sees that your fake one was posted 6 months later, it gets flagged like it should. And the original owner can claim authenticity.
Metadata provides a trail and can be used with other data points to show authenticity when a bad actor appears for your image.
You are apparently assuming to be looking at a single images exif data to determine what? Obviously they would use every image that looks similar or matches identical and use exif data to find the real one. As well as other mentioned methods.
The only vector point is newly created images that haven’t been digitally signed, anything digitally signed can be verified as new, unless you go to extreme lengths to fake and image and than somehow recapture it with a digitally signed camera without it being detected fake by other methods….
deleted by creator
No, the default should be removing everything but maybe the date because of privacy implications.
Thats what I said.
Date, device, edited. That can all be included, location doesn’t need to be.
The device is no more anyone else’s business than anything else.
It should absolutely not be shared by default.
To prove the legibility of the image? It’s a great data point that’s pretty anonymous, they don’t need to include the Mac, sim, serial or other information.
A. It’s not even the weakest of weak evidence of whether a photo is legitimate. It tells you literally zero.
B. Even if it was concrete proof, that would still be a truly disgusting reason to think you were entitled to that information.
You can use metadata to prove an image is real, you can’t prove something is real without it, so it’s the only current option. It tells you a lot, you just don’t want people to know it apparently, but that doesn’t change it can be used to legitimatize an image.
What’s disgusting about knowing if an image was taken on a Sony dslr, and Android or an iPhone? And entitled…? This is so you can prove your image is real? The hell you talking about here?
No, you cannot use metadata as even extremely weak evidence that an image is real. It is less than trivial to fake, and the second anyone even hints at making it a standard approach, it will be on every photo anyone uses to mislead anyone.
Most photos on the internet are camera phones, and you absolutely are not entitled to know what phone someone has. Knowing someone’s phone has infinitely more value to fingerprinting a user than including metadata could ever theoretically have to demonstrate whether a photo is legitimate or not.
Photos without a specific, on record provenance from a credible source are no longer useful for evidence of anything. You cannot go back from that.