• FaceDeer@kbin.social
    link
    fedilink
    arrow-up
    21
    arrow-down
    1
    ·
    1 year ago

    And if the credentials get published to a suitable public timestamped database you can also say “we know this photo existed in this form at this specific time.” One of the examples mentioned in the article is the situation where that hospital got blown up in Gaza and Israel posted video of Hamas launching rockets to try to prove that Hamas did it, and the lack of a reliable timestamp on the video made it somewhat useless. If the video had been taken with something that published certificates within minutes of making it that would have settled the question.

    • BitSound@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      edit-2
      1 year ago

      That doesn’t really work. If the private key is leaked, you’re left in a quandary of “Well who knew the private key at this timestamp?” and it becomes a guessing game.

      Especially in the scenario you posit. Nation-state actors with deep pockets in the middle of a war will find ways to bend hardware to their will. Blindly trusting a record just because it’s timestamped is foolish.

      • 4am@lemm.ee
        link
        fedilink
        English
        arrow-up
        9
        arrow-down
        1
        ·
        1 year ago

        You’re right, it isn’t perfect so we shouldn’t bother trying. 🙄

        • BitSound@lemmy.world
          link
          fedilink
          English
          arrow-up
          4
          arrow-down
          1
          ·
          1 year ago

          In this case yes, because if it’s not perfect, then it’s perfectly useless

            • lolcatnip@reddthat.com
              link
              fedilink
              English
              arrow-up
              3
              ·
              1 year ago

              We’re talking about a signature that’s published in a public database. The camera’s timestamp doesn’t matter, just the database’s.

      • FaceDeer@kbin.social
        link
        fedilink
        arrow-up
        5
        arrow-down
        1
        ·
        1 year ago

        If all that you’re interested in is the timestamp then you don’t even really need to have a signature at all - just the hash of the image is sufficient to prove when it was taken. The signature is only important if you care about trying to establish who took the picture, which in the case of this hospital explosion is not as important.

          • FaceDeer@kbin.social
            link
            fedilink
            arrow-up
            3
            ·
            1 year ago

            You post it publicly somewhere that has a timestamp. A blockchain would be best because it can’t be tampered with.

            • lolcatnip@reddthat.com
              link
              fedilink
              English
              arrow-up
              1
              ·
              1 year ago

              Ah, I thought you were saying the hash proved something on its own. Lots of weird ideas about crypto in this thread.

        • BitSound@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 year ago

          They would, but each camera’s private key can be extracted from the hardware if you’re motivated enough.

          If Alice’s fancy new camera has the private key extracted by Eve without Alice’s knowledge, Eve can send Bob pictures that Bob would then believe are from Alice. If Bob finds out that Alice’s key was compromised, then he has to guess as to whether any photo he got from Alice was actually from Eve. Having a public timestamp for the picture doesn’t help Bob know anything, since Eve might’ve gone and created the timestamp herself without Alice’s knowledge.

          • floofloof@lemmy.caOP
            link
            fedilink
            English
            arrow-up
            2
            ·
            edit-2
            1 year ago

            Still, unique keys for each camera would lessen the risk of someone leaking a single code that undermines the whole system, as happened with DVDs.

            And if an interested party wanted to steal a camera’s private key to fake an image’s provenance they’d need to get physical access to that very camera. Perhaps a state-sponsored group could contrive this (or intervene during manufacturing), but it is a challenge and an even bigger challenge for everyone else.

            • BitSound@lemmy.world
              link
              fedilink
              English
              arrow-up
              2
              ·
              1 year ago

              Physical access means all bets are off, but it’s not required for these attacks. If it’s got a way to communicate with the outside world, it can get hacked remotely. For example here’s an attack that silently took over iphones without the user doing anything. That was used for real to spy on many people, and Apple is pretty good at security. Most devices you own such as cameras with wifi will likely be far worse security-wise.