Meta's Un-Stable Signature(hackerfactor.com)
hackerfactor.com
Meta's Un-Stable Signature
https://hackerfactor.com/blog/index.php?/archives/1098-Metas-Un-Stable-Signature.html
17 comments
I don't see anything about watermarking in the linked article, it's about labelling requirements. It describes situations where you are required to disclose if an image was AI-generated.
How can a watermark be unremovable?
The actual rules don't say that I think, it's more about the intention that the watermark is embedded with the image/multimedia itself, so it's persisting even if someone "right-click > save" the image or takes a screenshot, not literally regulated the watermark has to be unremovable.
> (Summary) The icon should be directly embedded into the deep fake or published text (except for creative works), unless equivalent alternatives are available such as a user interface overlay. The icon must be visible when content is reshared or downloaded.
> (Summary) The icon should be directly embedded into the deep fake or published text (except for creative works), unless equivalent alternatives are available such as a user interface overlay. The icon must be visible when content is reshared or downloaded.
It says the icons are optional. So that icon must not be what the other person was talking about.
> It says the icons are optional. So that icon must not be what the other person was talking about.
What "watermark" are they talking about if not the label/icons? The label/icon in question are what the whole "EU Icons for labelling AI-generated content" thing is about, someone correct me if I'm having a big brain fart.
What "watermark" are they talking about if not the label/icons? The label/icon in question are what the whole "EU Icons for labelling AI-generated content" thing is about, someone correct me if I'm having a big brain fart.
I imagine the goal is for everything to use something like Google's synthid.
That sounds like one possible implementation, not the goal per se. The goal (the explicit/stated one at least) is to give people a heads up what's AI generated vs not, when that's unclear.
[deleted]
The point is to embed a particular signature, which was generated randomly, in the image. The distance function discussed is the same as the popcount of the xor. It's well know that the xor of random data with correlated data is statistically random. Hence, however well correlated the signatures of unwatermarked images may be with each other, they would show no correlation with the signature of a watermarked image. That is, unless the watermark by extremely bad luck happened to be near one of these clusters the author discovered. This does represent a genuine flaw, but an extremely minor one, and one that can be easily mitigated with no changes to the underlying algorithm,
How common is it for peer reviewed papers like this to be so far off their claimed findings?
“According to Google's peer-reviewed and published paper, they claim to have a true positive rate (TPR) above 99.97% -- meaning that they will miss their own watermarks less than 1 in 10,000 times. However, my own empirical testing found that is it much closer to 1 in 20.”
“According to Google's peer-reviewed and published paper, they claim to have a true positive rate (TPR) above 99.97% -- meaning that they will miss their own watermarks less than 1 in 10,000 times. However, my own empirical testing found that is it much closer to 1 in 20.”
If there were bounties for invalidating peer reviewed research, I suspect this would be a lot leas common.
also, easily bypassed now: https://twotensors.ai/
There is actually an older method for countering steganography and adversarial image generation attacks: https://en.wikipedia.org/wiki/Gaussian_blur
https://digital-strategy.ec.europa.eu/en/policies/eu-icons-l...
If Facebook already embeds user IDs in images (AI or no AI) I can only drool to think what kind tracking, advertising and mass surveillance opportunities are coming.