ProofMode: a camera app for verifiable photography

Posted Jun 25, 2017 23:39 UTC (Sun) by droundy (subscriber, #4559)
Parent article: ProofMode: a camera app for verifiable photography

I don't understand how they can even theoretically prevent someone from copying the generated keys and fabricating a "proof." Can anyone explain this? Or is the theory just that no one will bother?

ProofMode: a camera app for verifiable photography

Posted Jun 26, 2017 5:34 UTC (Mon) by mjthayer (guest, #39183) [Link] (1 responses)

To my mind the main proof that a picture is not faked would be sharing the hash of the image too close to the time of the event in question for there to have been time to fake it. (As long as we have not reached the point where "Siri, fake that picture" is feasible. Who knows then that will be.) I don't see much value in the location data and so on either. It seems to me that if the algorithm is known and there is time to fake anything at all then there will be time to fake the meta data.

ProofMode: a camera app for verifiable photography

Posted Jun 26, 2017 7:59 UTC (Mon) by hifi (guest, #109741) [Link]

I think it works only to prove that you are the author of an image by providing the hash as early as you can. A neutral third party site that you can upload a hash of the raw/source image can be proof of ownership. Whoever uploaded the hash first owns the picture. The site doesn't need to store anything else than the hash, uploader and the upload time for verification purposes. Whatever the image metadata itself says about the time and place isn't verifiable.

This could help fight against *other* people doctoring your image and claiming it to be the original as you can always prove that the original image file you have had been hashed before the fake image proving you have the original.

I don't see any way to unanimously prove when/where a picture was taken, only the earliest time when it was publicly known to exist and who claimed to own it at that time.

ProofMode: a camera app for verifiable photography

Posted Jun 26, 2017 5:48 UTC (Mon) by felixfix (subscriber, #242) [Link]

My first thought was, how can the proof app tell that its source picture came from the camera app and not from several hours of fakery? If it has some way of telling what app the picture came from, and how quickly, what prevents somebody from faking that app with the fakery app and presenting it to the proof app as just having been taken?

One clue is the time stamp and location. If it's an incident where time or location matters, then any delay or going offsite for quiet manipulation will show up as a discrepancy.

Can the proof app's actions be duplicated by a fakery program? That would make delayed offsite manipulation feasible.

But if the proof app immediately broadcasts a hash of the raw picture, then transmission of the full proofed picture can wait, and manipulation may be impossible.