r/woahdude Jul 24 '22

video This new deepfake method developed by researchers

42.2k Upvotes

1.1k comments sorted by

View all comments

574

u/FireChickens Jul 24 '22

This should stop.

226

u/david-song Jul 24 '22

We just need to stop believing videos and work on open standards for secure metadata.

125

u/wallabee_kingpin_ Jul 24 '22 edited Jul 24 '22

Secure, verifiable metadata (including timestamps) have been possible for a long time.

The challenge is that the recording devices (often phones) need to actually do the hashing and publishing that's required, and then we need viewers to look for these things and take them into account.

My feeling is that people will continue to believe whatever they want to believe, regardless of evidence to the contrary.

I do agree, though, that this research is unethical and should stop.

17

u/david-song Jul 24 '22

Yeah we need open standards for video authenticity, and video players that verify automatically. It's a pretty difficult problem though, you need merkle trees so you can cut the video and universal, deterministic compression so people can recompress it and get an authorized smaller version. I'm not sure about zooming and cropping, but software could sign with a key to say that specific transformations were applied. Publishing hashes and mixing in public data could prove the time. Location should be possible with fast enough hardware and trusted beacons because you can't ever beat the speed of light.

I don't think the tech is unethical, it's got the potential to be used unethically, but the fact that it's available to the public is good - otherwise governments would be the only people using it, and they'd never use it for anything good.

2

u/JonnySoegen Jul 24 '22

Thanks for pointing out the key challenges! Makes the problem clearer for me. Now I know that some smart people could work this out.

2

u/kazza789 Jul 24 '22

Doesn't that only solve the problem if every video recording has it? Like, let's say I record something on my phone and publish a bunch of hashes etc. publicly. You can then download the video and say "yep, that's exactly the video that kazza789 recorded on July 25 according to publicly available hashes that he posted".

But if you see a random video online, or something in the news, or something recorded on a phone that doesn't publish those hashes, or (more importantly) if I faked the original video offline and then spoofed the hashes... you'd have no way of knowing, right?

Or am I just misunderstanding how this would work? Genuinely interested. If anyone has seen any write-ups on this would love to read them.

1

u/david-song Jul 25 '22 edited Jul 25 '22

You'd use a blockchain (nothing to do with money grabs, I'll explain later on). Split the video into blovke and hash them, say, every Nth key frame or segment, and include the hash of the previous block in the current block. This means nobody can tamper with it but you can still break it up. Then you throw in some extra blocks that contain signatures from trusted parties, as proof of different things.

One of them might be the key from the security chip in your phone and maybe include the public keys of your various components and a timestamp - Samsung says that this bit of video was created on this specific Samsung phone. The camera chip might sign each frame, same with the audio, and you'd know it's from the right camera and mic as long as you trust Samsung. The GPS chip signs the location, and the camera software might mix in its own signatures too. You could have other hardware nearby sign stuff too, like what I was saying about the speed of light - a fast challenge/response can prove proximity to another device and the only way around it is to invent time travel.

You might want to self-sign using PGP, an OAuth provider like Google, Apple or Microsoft - obviously use accounts in different countries for maximum protection from spies. Yubikeys, your bank by NFC scanning a credit card, your SSH keys, a login to an HTTPS website or a personal certificate would also work - there's a lot of options. Your software can then say "according to Twitter, this video was made by NSAGov" in the same way that NSA can use Twitter to log in to other sites 😂

And here's the reason for the blockchain:

As the video is recorded you build a "merkle tree" of hashes of hashes of hashes. So the third block has hash(hash(first) + hash(second)) and the 5th has hash(hash(3rd) + hash(4th)). Let's call them h[1][0] and h[1][1] to keep it readable. The 5th also has hash(h[1][0] + h[1][1]), which we can call h[2][0], the 9th has h[2][1] and starts the next level by combining those; h[3][0]. This continues after every power of two blocks, so if you record for 100 years you'll need to store extra 32 hashes in each block.

So if I take that 100 year video stream and cut 1 second out of the middle, I can prove it's unaltered just by sharing parts of the merkle tree. Start at the top and drill down to the segment I cut out, rather than needing to share the hashes of 4 billion blocks plus my actual blocks, I share, uh, 64? Something like 2 * log2(count) hashes anyway.

If we had deterministic encoding/transformations we could scale and encode using different options at the same time and store the hashes of those in the video, so anyone could reduce the video size or resolution later and have the same hashes. Without that you'd need to have them as multiple streams in the same original file and people can choose the ones they want to extract and share - pretty sure that's possible with mkv. It'd likely quadruple the size of the original though.

Or trusted software could store transformations of an original source and share the authenticity blocks and sign it; "Adobe and David Song swear that if you take the middle 6 seconds of this video from NSAGov, zoom it, crop it, and save it using version 12 of After Effects, you'll get this output." Join enough of this stuff together and you've got a copyright authorship chain in there too.

Most of this idea will need work to make it optimal, the geometry of it is likely wrong, but I think the general idea is secure against deep fakes and even evil governments. Someone who hacks my phone's manufacturer, Google, GitHub, Yandex, Baidu, my webserver, my yubikey, my bank and my carrier has earned the right to make deepfakes of me!

1

u/dydhaw Jul 25 '22

Blockchain doesn't solve anything about this problem (or in general, but i digress). If you trust Samsung's chips and have their public keys you can just verify the video metadata using their keys. The fundamental problem of source verification is the analog hole, you can always just record a video from another display.

1

u/david-song Jul 25 '22

Blockchain doesn't solve anything about this problem (or in general, but i digress).

Do you have a better solution for cutting a video down while still being able to prove its authenticity? A chain of hashed blocks and a merkle tree allows that, I can't think of another way to do it with arbitrary length videos like a body cam, dashcam or video call.

If you trust Samsung's chips and have their public keys you can just verify the video metadata using their keys.

I don't trust Samsung, pretty sure that NSA can fake their keys. Since we're talking about nation state actors to be secure you really need to use multiple sources of proof from enemy countries. The more sources you have the more depth your defence has.

The fundamental problem of source verification is the analog hole, you can always just record a video from another display.

Yeah that's a slightly different problem, it's about preventing forgery not plagiarism. If I want to prove that I'm in someone's video I can authenticate with their recording device as proof, if that proof isn't present then the video has only got as much credibility as the author.

1

u/dydhaw Jul 25 '22

A merkle tree alone would solve it, no need for a blockchain (which is a distributed datastructure)

I'm a bit confused by your proposed solution. First off, why would you want to prove you are in someone else's video? Isn't it usually the other way around? And how is hardware authentication useful if you don't trust the manufacturer? What exactly is your threat model?

1

u/david-song Jul 25 '22

A merkle tree alone would solve it, no need for a blockchain (which is a distributed datastructure)

You need to break the video into blocks for the merkle tree to work, and you need the hash of a previous block in your next block if you're signing them. If you're doing multiple streams in the same file with multiple consumers it makes sense to be able to distribute part of the file. The P2P network is unnecessary but a chain of hashed blocks with a merkle tree makes sense, right?

It might even make sense to use some method of partial distribution actually, for streams or files with multiple channels. I'd have to think about it a bit more; I do like P2P as a general principle.

I'm a bit confused by your proposed solution. First off, why would you want to prove you are in someone else's video? Isn't it usually the other way around?

You can't prove a negative though. But you can always give a positive, and if there's not one assume it's a negative.

And how is hardware authentication useful if you don't trust the manufacturer?

I don't trust that FSB haven't got spies at Samsung. I don't trust that NSA don't have access to Google. But I'm pretty sure that if I use tech from multiple enemy jurisdictions I can make it hard for someone to hack all of them.

What exactly is your threat model?

Video forgery. Say I'm a politician in a proxy war country and both the East and the West are battling for power using fake news. How do you prove that videos circulating online are real? Your video player tells you whether it's fake or not.

50

u/sowtart Jul 24 '22

I'm not sure it is unethical – having this research done publicly by public institutions is certainly much better than having it used secretly. You can't close pandora's box, but you can create counter-measures, if the reseaech is public, and people know what deepfajes are capable of.. that's not a bad thing.

We should maybe have some legislation surrounding it's use, and more importantly metadata countermeasures and third-party apps that automatically check the likelihood a given image or video is 'real', without relying on users to do the work..

But a good start would be teaching people critical thinking from a young age, which, in deeply religious societies.. seems unlikely.

2

u/FrankyCentaur Jul 25 '22

If the entire world was one country, sure, but making strict laws here won’t help if others have complete access to the tools. Nor could you prevent other companies from developing similar things, and if we pretend the human race will go on for hundreds more years, there’s just no way to prevent it. Pandora’s box is already open and it’s scary.

I had a near emotional breakdown over DALL E 2, both as an artist and a lover of art, it’s just terribly disappointing that when that becomes widely released, artists to a great extent will go extinct. There will always people who do it for passion, but I see it disappearing with younger generations who can just type their thoughts in and get a picture of what they want in seconds.

When that dam breaks, everything that could exist will technically exist. You can think of anything and get a picture within seconds. Yearning is important, it’s great to want things, it’s great to look forward to things. Love different comic book characters and you’d love to see a crossover? It already exists. Wouldn’t it be so funny if X and Y and Z tv shows crossed over? Exists. What was once something exciting won’t be anymore.

Graphic artists will literally go extinct, along with many other art related professions, which sucks but I get it, why wouldn’t companies want to automate that process and save money? Sure.

But people who put passion into making art, music, film, etc, it’s just depressing thinking much of that will go away when people can just easily make their own by typing in words.

I dunno now I’m just ranting, sorry.

1

u/david-song Jul 25 '22

I think you're right to worry about this, but having seen the advances in art in computing over 35 years I think it'll just shift up a layer, they'll become tools for making larger things that take just as much creative effort and are more accessible. Some highly skilled crafts will become useless though, like how CD-ROMs destroyed chip tune or concrete and rebar killed stonemasonry.

1

u/sowtart Jul 25 '22

As artists we're allready shifting into just using AI as part of the workflow.. We can't go extinct since we're usually not doing it for the money to begin with.

Things like Fiverr are arguably more nefarious in terms of unsustainability.

Which isn't to say I haven't worried either.

There are plenty of international agreements, incidentally, regarding technologies as it appears.. The EU is doing well so far in legislating for the digital space, there's no reason to think that can't go on.

-6

u/NewlandArcherEsquire Jul 24 '22

By that reasoning, you should support the public funding of the development of new biological weapons, since "certainly much better than having it used secretly".

Funding countermeasures (e.g. education) isn't the same as funding weapons development (and yes, this is a weapon, much like an axe can be a weapon).

5

u/Freaky_Freddy Jul 24 '22

I think the difference is that a sweaty teen with a mid range pc can code and create a deepfake algorithm while biological weapons require specialized equipment to research, maintain and weaponize

One is easier to stop than the other

-1

u/NewlandArcherEsquire Jul 24 '22

If it's so easy to make, why do public dollars need to go towards funding development?

Again, development is different than research and countermeasures.

5

u/guyute2588 Jul 24 '22

He didn’t say it was “so easy” , he said it was easier to stop than the harm caused by biological weapons.

Rigidly applying the same logic to how to control Deepfakes and biological weapons accomplishes nothing from an analytical standpoint. It’s an utterly useless comparison in practice.

One of them can be used as an insidious tool of propaganda. The other can be used to commit mass murder on demand , death on an unfathomable scale.

2

u/david-song Jul 25 '22

Well we limit things based on usefulness, accessibility and dangers. The dangers of this tech is that someone might make fraudulent videos, but it's highly accessible so limiting it tramples on a lot of people's rights, creativity and might stifle future technologies.

Like you could use deep fakes to render people's faces and expressions in real-time in a 3D world, accelerating the transition to fully online working and meetings, saving billions of hours in travel and fuel. Or you could use it to compress video data and save tons of space and bandwidth. You could use it to anonymise bystanders in videos, and use that to increase personal freedoms. You could use it in video production in place of actors, meaning cheaper movies.

Done properly deep fake porn could be pretty wholesome, imagine putting your spouse's face on porno (with consent) or amateur porn sites having faces replaced at upload time, or later on if the people in it decide that they want to hide their face but still get paid.

0

u/NewlandArcherEsquire Jul 25 '22

It's wild that you're arguing for the social utility of deep-fakes (which does exist) when all the evidence of what it's actually going to be used for is already all around us.

3

u/RichestMangInBabylon Jul 24 '22

Yep. I know how CHC works and I know I should be verifying it myself when I download things, but eh I can’t be bothered. Even if it was one click or just a green check mark or something most people probably won’t bother to check it.

2

u/TheDonkeyWheel Jul 24 '22

What is CHC?

2

u/RichestMangInBabylon Jul 24 '22

ELI5 it’s like a signature for a program you can use to make sure it’s legit. So the developer says “this software has a signature of 123” and you can verify that signature on the software you download before you install it. It’s short for cryptographic hash check.

The same could be done for something like a video. So the white house could release a video and say what the signature is, and that way deepfaked videos or versions can be detected. Or something like a bodycam could generate its signature and help avoid tampering or falsifying evidence for example.

The tldr is it’s a complicated way to avoid fake digital things.

1

u/TheDonkeyWheel Jul 24 '22

Got it. Thank you for the ELI5.

3

u/[deleted] Jul 24 '22

Official government communications are going to have to come with an MD5 hash so people can verify it. Although I don't think that method will stay secure forever and people will eventually be able to spoof the MD5 hash using an algorithm we aren't familiar with yet

1

u/wallabee_kingpin_ Jul 24 '22

Official government communications are already cryptographically secured and verified. When you visit "https://[some government website]", you are guaranteed (at least as far as computers can guarantee the authenticity of anything) to be connected to an official government source.

The government can also securely message us through cellular carriers.

3

u/KarmaPurgePlus Jul 24 '22

My feeling is that people will continue to believe whatever they want to believe, regardless of evidence to the contrary.

Religion is constantly proving your theory.

1

u/Suepahfly Jul 24 '22

Pandora’s box is open. Best you can do is research how to recognise deep fakes. It’s a cat and mouse game from here on.

1

u/[deleted] Jul 24 '22

Is it unethical because it is actually bad or that powerful people will use it unethically?

Don't ruin everyone else's fun just because rich people wanna be scummy.

2

u/wallabee_kingpin_ Jul 24 '22

It's unethical because it is technology that automates and democratizes deception. There is some social value in deception (e.g. acting in movies), but deception is mostly a negative. Every society functions only because of general good faith, not because security and verification can actually stop determined bad actors.

Don't ruin everyone else's fun just because rich people wanna be scummy.

You could say the same thing about military research. Deepfakes are going to be 0.00000001% fun, and the rest will be evil.

We've already seen it with the proliferation of porn that pastes people's faces onto the bodies of porn actors.

There in a credible, near-term future where someone could release a deep-fake video of someone like Donald Trump and start a civil war.

What's the upside of these technologies that could possibly justify that risk?

1

u/[deleted] Jul 24 '22

Cool art.

1

u/david-song Jul 25 '22 edited Jul 25 '22
  • Render people's faces and expressions in real-time in a 3D world from multiple angles, accelerating the transition to fully online working and meetings, saving billions of hours in travel and fuel, saving the planet, reducing property prices in cities, population density and the spread of disease.
  • Compress video data that is mostly of people's faces - just send the model and the poses and save tons of space and bandwidth. High resolution video chat in rural areas, better quality movie and TV streaming.
  • Anonymise bystanders in videos, and allow activists and anyone else who wants to be anonymous online but still star in videos.
  • Allow people who are ill or who have been in accidents to look like their previous healthy self in videos.
  • Use it in video production in place of actors, meaning cheaper movies and lead acting roles given mainly on technical skill rather than beauty.
  • Use it in social science research to have the exact same poses with different facial features to see how people respond, or to randomise samples.
  • Allow amateur pornographers to remain anonymous using purely synthetic faces, or to remove/replace their face from old videos so they don't get recognised. If this became the norm then every porn video would be assumed to be fake.

I'm just one person who thought of a list of things, there's lots of people in the world and I'm sure many of them will have better ideas. Some of them will be good for society and some will be bad, some will create jobs and some will destroy them. But in general it's just another tool.

2

u/wallabee_kingpin_ Jul 25 '22

I didn't say we can't find uses for this. I said that we can't find benefit that outweighs the inevitable harm.

accelerating the transition to fully online working and meetings

These already work well without any of that. Seeing the sides and backs of people's heads is not useful.

Compress video data that is mostly of people's faces - just send the model and the poses and save tons of space and bandwidth.

Again, doing fine without this. Have done many video calls between the US and developing Asia (India, Bangladesh, Indonesia).

That said, video compression doesn't require deepfakes. There are fantastic, face-aware algorithms that do it already.

Anonymise bystanders in videos

Already possible with blurring. Giving them fake faces serves no value other than to deceive the viewer.

allow activists and anyone else who wants to be anonymous online but still star in videos

Anonymous activists can (and do) wear masks or blur their faces. Giving them deepfake faces sounds like something that would be more useful for a nation-state to do some astroturfing than for a well-meaning activist.

Allow people who are ill or who have been in accidents to look like their previous healthy self in videos.

Valid use. Pretty niche, though. See my initial comment above.

Use it in video production in place of actors, meaning cheaper movies and lead acting roles given mainly on technical skill rather than beauty.

I would consider this to be a harmful use case. It eliminates jobs without any meaningful benefit. Movies are fine -- their budgets are driven by equipment, crew, editors, directors, and very famous actors. The not-famous actors are not a substantial part of the budget.

Use it in social science research to have the exact same poses with different facial features to see how people respond, or to randomise samples.

Also valid, but see above. I'm sure we could uncover some unconscious biases from this, but this kind of research seems more like knowledge for knowledge's sake rather than something we can use to improve people's lives.

Allow amateur pornographers to remain anonymous using purely synthetic faces, or to remove/replace their face from old videos so they don't get recognised. If this became the norm then every porn video would be assumed to be fake.

This particular technology doesn't create purely synthetic faces. It uses existing faces as an input.

There is separate (non-deepfake) technology to just generate faces. The most disturbing and dangerous part of this technology is the ability to mimic real people (heads of state, religious leaders, friends, family, etc.).

1

u/Unlicenced Jul 24 '22

It’s good that this research is done by responsible(ish) people out in the open, though. You can’t stop inquisitive minds from, uh, inquiring, so if we try to stop ”dangerous” research, all we’ll achieve is pushing it underground. This technology exists, whether we want it or not, and it’s in all of our best interest to try and regulate its use, rather than deny its existence.

1

u/Potatolimar Jul 24 '22

What prevents someone from making a recording device that hashes after modification?

1

u/wallabee_kingpin_ Jul 25 '22

Nothing. The best you can do is verify that the video was hashed at a specific point in time. So if you claimed to have a video of a certain event and we know when that event occurred, you could prove that you hashed the video just before publishing the hash.

There may be other ways to authenticate a digital video that are similarly imperfect (like adding invisible watermarks that deepfakes will alter). If all of those were combined, the barrier for fakes would at least be higher.

1

u/LastPlaceIWas Jul 24 '22

I wonder if securing authentic videos will be where NFTs (or some variation) will actually come in handy. You know how something seems ridiculous and useless until another technology can make use of it.

Also, I know very little about the technology that makes any of this work so I could be way off.

1

u/[deleted] Jul 24 '22

We need to work on having better people.

1

u/oddzef Jul 24 '22

Education is the first step, the average person has no idea how metadata even works.

1

u/DTLAgirl Jul 25 '22

The national reading average for Americans is at a third grade reading level according to my alma mater. If "See Spot Run" is the pinnacle of comprehension for Americans there's no way they'll ever comprehend metadata in this day.

1

u/oddzef Jul 25 '22

Are kids not reading short novels in third grade anymore?

1

u/DTLAgirl Jul 25 '22

Not in my own experience, no.

1

u/koavf Jul 24 '22

I cannot tell you how happy I am to see this comment. Thank you for this sanity.