- From: Henry Story <henry.story@bblfish.net>
- Date: Wed, 5 Jun 2019 11:48:50 +0200
- To: Graham Klyne <gk@ninebynine.org>
- Cc: semantic-web <semantic-web@w3.org>
> On 5 Jun 2019, at 10:54, Graham Klyne <gk@ninebynine.org> wrote: > > On 04/06/2019 09:37, Henry Story wrote: >> In a recent article on Deep Fakes in the Washington Post, >> Assistant Prof. of Global Politics Dr. Brian Klaas, University >> College London, wrote >> "You thought 2016 was a mess? You ain't seen nothing yet.” >> https://www.washingtonpost.com/opinions/2019/05/14/deepfakes-are-coming-were-not-ready/ >> >> Deep fakes are produced by new technological breakthroughs that allows one to >> realistically create live videos of real people, to make them say whatever one >> wants them to say with the right tone of voice too. There is no turning back >> this technology, and this will bring us back to a pre-photographic world, >> where trust in the coherence and authorship of a story is all we have to go >> by for believability. > > This, from Tim Bray?: > > "How about camera companies install a signed cert on each device, and the device signs each photo/video-clip before saving? #TruthTech" > > -- https://twitter.com/timbray/status/942176960632971264 > > (There's some discussion in replies about extracting signing keys from the device, but I think that presumes physical access to the device.) Yes, there are many good remarks in that discussion. Note that if one can fake images one can then also fake live voice. Imagine a tool where with enough recording of someone’s voice you can completely fake their intonation, accent, and mannerisms. With this and a bit of extra information a scammer could call someone and get important information from them or even get them to transfer money. (You actually don’t even need voice manipulation software as faking the caller ID is already so easy in the US. There are demos of this online. Most people seeing the caller ID don’t even pay that much attention to voice changes, which can also be faked to sound like a bad quality line.) So if you follow this ”not fake” certification idea, you’d need this signature to sign phone conversations too. So say telephone companies or device manufacturers start signing voice calls as ”NotFake”. How would a client device know that the telephone call is signed by a real phone device company? Similarly how would I know that the ”NotFake” photo were signed by a camera company? Or that a video were signed by a real video camera company? Clearly we don’t want to limit competition and innovation by enforcing a closed list of such companies. We need that list to be open. But then we again need the Institutional Web of Trust, tied into a Web of nations. For our client verification software would need to know what the signing institution is, that the key is really theirs, where the company is registerd, under which legal framework, and what the diplomatic relations our country entertained with that country. We can extend this to all the use cases of the Verifiable Credentials WG [1]. If someone shows a credential that they can drive, how would your verifier know that the insitution signing it is in that country enabled to make such claims? Of if someone shows a Verifiable Credential about their need for medication, how does software built for global use decide that the signing institutions is a hospital or a pharmacy? ... The institutional Web of Trust [2] is a prerequisite for a globally smoothly functioning verifiable credentials system to be deployed. Henry [1] https://www.w3.org/TR/verifiable-claims-use-cases/ [2] https://medium.com/cybersoton/stopping-https-phishing-42226ca9e7d9 > #g >
Received on Wednesday, 5 June 2019 09:49:18 UTC