zlacker

[parent] [thread] 4 comments
1. widder+(OP)[view] [source] 2026-02-06 20:00:32
"and can't be easily extracted" is doing a lot of work there. People are very good at reverse-engineering. There would soon be a black market for 'clean' private keys that could be used to sign any video you want.
replies(2): >>munk-a+11 >>nerdsn+g2
2. munk-a+11[view] [source] 2026-02-06 20:05:34
>>widder+(OP)
There would also be a requirement for all playback to actually properly check the private keys and for all the parties involved in the process to be acting in good faith. Not only would you have a black market for individuals to scalp clean keys but you'd likely have nation states with interests putting pressure on local manufacturers to give them backdoors.

We'd probably hit a lot of that with SSL if it wasn't so unimportant from a political perspective[1]... but if the thing we were trying to secure is going to boost or damage some prominent politician directly then the level of pressure is going to be on a whole different scale.

1. And we might still have that corruption of SSL when it comes to targeted phishing attacks.

replies(1): >>cheeze+u2
3. nerdsn+g2[view] [source] 2026-02-06 20:12:03
>>widder+(OP)
There's also always the "analog loophole". Display the AI-generated video on a sufficiently high-resolution / color gamut display and record it on whatever device has convenient specs for making the recording, then do some light post-processing to fix moire/color/geometry. This would likely be detectable, but could shift the burden of (dis-)proof to the defendant, who might not have the money for the expert witnesses required to properly argue the technical merits of their case.

More likely, the signing would have to use compression-resistant steganography, otherwise it's pretty easy to just remux/re-encode the video to strip the metadata.

◧◩
4. cheeze+u2[view] [source] [discussion] 2026-02-06 20:13:25
>>munk-a+11
> There would also be a requirement for all playback to actually properly check the private keys

I don't think that's true. Only for someone who wanted to prove authenticity to grab the signature. No private keys would be exposed (except those which were hacked.)

If Netflix and Amazon can't keep their 4k HDR webrips from being leaked (supposedly via extracted licenses from Nvidia Shields), I have no idea how we'd expect all camera manufacturers to do it. Maybe iPhones and flagship Apple devices, but even then we'd find vulns in older devices over time.

replies(1): >>munk-a+V5
◧◩◪
5. munk-a+V5[view] [source] [discussion] 2026-02-06 20:34:17
>>cheeze+u2
I was thinking more about the spread of disinformation at large - but yea, that playback requirement would only be necessary for anything that wanted to be considered a potential source and trying to protect against disinformation platforms is a much larger problem then technology can solve on its own.
[go to top]