How would fake content not be able to fake the proof?
What's to prevent fake content from generating cryptographically signed photos and videos that embed a JSON manifest with the same characteristics as this service?
Without giving away the keys to the kingdom, when someone registers their device to use the app, it creates a few objects on the backend and the device that generate the cryptographic signatures in the content. It's designed to prevent fakes, multiple ways. Install the app to see how it works and the question will answer it self.
I process photos a lot to remove noise, sharpen, clean up dust spots, color grade, occasionally remove distractions, and once in a while I'll ask Photoshop to draw another row of bricks at the bottom of a photo to make it visually balanced.
Making the app and the validated content files editable is actually the next major feature. Once we conquer that, its onto making it work for live content.
We haven't started that phase of development yet but the original image would still be immutable. Subsequent edits to the image metadata would be would be done via Photoshop with a plugin for tracking those edits and then saving and certifying that the original image was still locked with the added visual changes. Haven't decided how those additional changes would be tracked, but I'm guessing it's necessary to do so.
I can see this might be of value to some people, but it feels like a relatively small group. I might one day wish I had this, but it feels so unlikely I probably wouldn't have installed it. Am I missing something?
It's a chicken and egg situation. Many people have said they wish this existed, but it didn't when they said it. Now that it does, they don't know that it exists. If 2% of every mobile device user used this app to take pictures and videos, eventually someone would record something unbelievable. And the proof that it was real would make other people want to use it too.
So yes, this is the inception of a tool like this. Honestly, if someone else makes a similar tool, great. I made this because I think we shouldn't ever have that question "is it real or is it AI?". This removes the question.
Witness is a camera app that certifies your photos and videos as real the moment you take them. It embeds a cryptographic signature directly into the file, no cloud or upload. This makes every image and video self-verifiable. Free for regular users on iOS and Android.
The security in the app does. The signatures use the captured content and other data as criteria. If any of it or the file is tampered with, it fails validation. And you can only apply the signature to content captured by the camera. Can't be added afterwards.
Easier said than done, as I just went through it. And if they did, and it did all the checks to ensure the device is valid, the backend that tracks the devices and issues the certificates, accounting for the various methods of altering content to fake a valid one, then I'd applaud them.
This system works with both mobile device platforms and content created with it can be validated by the app on any other device. There will also be a web validation tool soon.
The security behind the solution is designed to withstand legal and audit challenges. Making your own signing system is not as simple as it sounds.
Yes it does. It uses the camera but creates its own content files and stores in its own location. The content files can be exported via sharing in the app.
Haven't tried that, but the big hurdle is getting validation of those test cases from App Attest and Play Integrity. Those are required for running the app.
Is there any way to sign an image/photo with the exact time/location it was taken in a way that can't be forged?
Time + location are measurements that can be fooled.
Timestamp is already there. Geo-location will be added at a later date. Some devices already add that information but the app doesn't use it. It will be added eventually though.
The timestamp is based on the device. However, some of the security data comes from the Witness validation server and others from the platform (Google Play Integrity/Apple App Attest). Altering the date/time on the device would conflict with that information, and possibly fail the device validation. One of the key criteria for using the app is it will only run on a device that passes validation from the platform. So rooted devices can't run the app, as they can't pass validation.
Is the Witness a person or something else? Can the Witness be faked?
I also have the same questions I had 48 days ago:
https://news.ycombinator.com/item?id=45364282
How would fake content not be able to fake the proof?
What's to prevent fake content from generating cryptographically signed photos and videos that embed a JSON manifest with the same characteristics as this service?
Without giving away the keys to the kingdom, when someone registers their device to use the app, it creates a few objects on the backend and the device that generate the cryptographic signatures in the content. It's designed to prevent fakes, multiple ways. Install the app to see how it works and the question will answer it self.
Witness is the app.
I process photos a lot to remove noise, sharpen, clean up dust spots, color grade, occasionally remove distractions, and once in a while I'll ask Photoshop to draw another row of bricks at the bottom of a photo to make it visually balanced.
So I'm not interested.
Making the app and the validated content files editable is actually the next major feature. Once we conquer that, its onto making it work for live content.
If I could document the process that would be great.
We haven't started that phase of development yet but the original image would still be immutable. Subsequent edits to the image metadata would be would be done via Photoshop with a plugin for tracking those edits and then saving and certifying that the original image was still locked with the added visual changes. Haven't decided how those additional changes would be tracked, but I'm guessing it's necessary to do so.
I can see this might be of value to some people, but it feels like a relatively small group. I might one day wish I had this, but it feels so unlikely I probably wouldn't have installed it. Am I missing something?
It's a chicken and egg situation. Many people have said they wish this existed, but it didn't when they said it. Now that it does, they don't know that it exists. If 2% of every mobile device user used this app to take pictures and videos, eventually someone would record something unbelievable. And the proof that it was real would make other people want to use it too.
So yes, this is the inception of a tool like this. Honestly, if someone else makes a similar tool, great. I made this because I think we shouldn't ever have that question "is it real or is it AI?". This removes the question.
Witness is a camera app that certifies your photos and videos as real the moment you take them. It embeds a cryptographic signature directly into the file, no cloud or upload. This makes every image and video self-verifiable. Free for regular users on iOS and Android.
And what prevents a malicious actor from doing exactly the same thing with an AI-generated image?
The security in the app does. The signatures use the captured content and other data as criteria. If any of it or the file is tampered with, it fails validation. And you can only apply the signature to content captured by the camera. Can't be added afterwards.
Why couldn’t someone else make their own signing system, though, and apply it to arbitrary images?
Easier said than done, as I just went through it. And if they did, and it did all the checks to ensure the device is valid, the backend that tracks the devices and issues the certificates, accounting for the various methods of altering content to fake a valid one, then I'd applaud them.
This system works with both mobile device platforms and content created with it can be validated by the app on any other device. There will also be a web validation tool soon.
The security behind the solution is designed to withstand legal and audit challenges. Making your own signing system is not as simple as it sounds.
Does this app somehow interface directly with the hardware? Last I looked iOS saved photos to files that apps had to them open up?
Yes it does. It uses the camera but creates its own content files and stores in its own location. The content files can be exported via sharing in the app.
Is it possible to run in an emulator, with a fake camera input?
Haven't tried that, but the big hurdle is getting validation of those test cases from App Attest and Play Integrity. Those are required for running the app.
[dead]
Is there any way to sign an image/photo with the exact time/location it was taken in a way that can't be forged? Time + location are measurements that can be fooled.
Timestamp is already there. Geo-location will be added at a later date. Some devices already add that information but the app doesn't use it. It will be added eventually though.
What happens if the user alters the date on their device?
The timestamp is based on the device. However, some of the security data comes from the Witness validation server and others from the platform (Google Play Integrity/Apple App Attest). Altering the date/time on the device would conflict with that information, and possibly fail the device validation. One of the key criteria for using the app is it will only run on a device that passes validation from the platform. So rooted devices can't run the app, as they can't pass validation.