LWN: Comments on "ProofMode: a camera app for verifiable photography"

ProofMode: a camera app for verifiable photography

branden — Thu, 29 Jun 2017 21:37:25 +0000

"CameraV takes a number of steps to ensure that images are not altered while on the user's device, lest the app then be used to create phony attestations and undermine trust in the system. First, the MD5 hash"

>cringe<

ProofMode: a camera app for verifiable photography

pboddie — Mon, 26 Jun 2017 12:32:15 +0000

It depends if the thing you're documenting only exists at a certain location or not. If some bad thing or other occurs in multiple locations, identifying a single location might help identify those known to be present at that location and give clues about the identity of the photographer or people that assisted the photographer.

Also the picture might be documentation of an object rather than an event. Let us suppose that you meet someone who shows you evidence of some bad thing or other that you cannot just take away with you and show to everyone. You might want to withhold geolocation data in order to prevent identifying your helpers who might already be tracked and therefore be easily associated with the published picture later on.

But I think that withholding geolocation data is optional, if I understood the article properly.

ProofMode: a camera app for verifiable photography

hifi — Mon, 26 Jun 2017 07:59:05 +0000

I think it works only to prove that you are the author of an image by providing the hash as early as you can. A neutral third party site that you can upload a hash of the raw/source image can be proof of ownership. Whoever uploaded the hash first owns the picture. The site doesn't need to store anything else than the hash, uploader and the upload time for verification purposes. Whatever the image metadata itself says about the time and place isn't verifiable.

This could help fight against *other* people doctoring your image and claiming it to be the original as you can always prove that the original image file you have had been hashed before the fake image proving you have the original.

I don't see any way to unanimously prove when/where a picture was taken, only the earliest time when it was publicly known to exist and who claimed to own it at that time.

ProofMode: a camera app for verifiable photography

eru — Mon, 26 Jun 2017 06:33:19 +0000

A bit odd to worry about erasing geolocation data, if the goal is to improve the credibility of the shot. I mean, if the picture is supposed to document human rights abuses in Cruelia, its metadata should show it was taken there.

ProofMode: a camera app for verifiable photography

felixfix — Mon, 26 Jun 2017 05:48:52 +0000

My first thought was, how can the proof app tell that its source picture came from the camera app and not from several hours of fakery? If it has some way of telling what app the picture came from, and how quickly, what prevents somebody from faking that app with the fakery app and presenting it to the proof app as just having been taken?

One clue is the time stamp and location. If it's an incident where time or location matters, then any delay or going offsite for quiet manipulation will show up as a discrepancy.

Can the proof app's actions be duplicated by a fakery program? That would make delayed offsite manipulation feasible.

But if the proof app immediately broadcasts a hash of the raw picture, then transmission of the full proofed picture can wait, and manipulation may be impossible.

ProofMode: a camera app for verifiable photography

mjthayer — Mon, 26 Jun 2017 05:34:18 +0000

To my mind the main proof that a picture is not faked would be sharing the hash of the image too close to the time of the event in question for there to have been time to fake it. (As long as we have not reached the point where "Siri, fake that picture" is feasible. Who knows then that will be.) I don't see much value in the location data and so on either. It seems to me that if the algorithm is known and there is time to fake anything at all then there will be time to fake the meta data.

ProofMode: a camera app for verifiable photography

droundy — Sun, 25 Jun 2017 23:39:09 +0000

I don't understand how they can even theoretically prevent someone from copying the generated keys and fabricating a "proof." Can anyone explain this? Or is the theory just that no one will bother?