Slogging #26: How Scared You Are Of Deepfakes?

How scared you are of deepfakes?

It's tricking my brain

I am scared in the sense that I know there are a lot of people who will easily be fooled by them.

Many people (Americans) already blindly trust what politicians say without checking the facts. Imagine if disinformation had a very credible deepfake video to go with it?

I know we will have deepfake-detector technology in the future made by the likes of Twitch and Youtube to flag videos as fake. But until then, I’m worried people can use them for disinformation campaigns.

@Limarc While YouTube will have anti-deepfake algo soon or later, I think their main goal will be to protect their ad revenue.
And it will generate a next level of censorship on this platform.
But at least it will reduce some problems.

From the other side. What if I'll made a deepfake video and will share it without uploading on big platforms? like via AirDrop or Protonmail

I mean we still can't figure out how to remove spam calls on our phones... Or how to protect our children from "bad websites"

agree with @Limarc on the above, but also wanted to add: what i also worry about is the eventual cat-and-mouse game with deepfakes, like we have with ads/ad blockers and malware/anti-malware

@Arthur those last examples are great examples of the cat and mouse game we're going to see between deepfakes and the prevention tech

eventually cryptographic signing could end it, but...that's assuming we have a good PKI in place, and good software that hides the cryptography. no one gives a shit about a signature, they just want that "verified" checkmark

@Austin about cryprographic sign.

i think we already must have and use those things. But we still have tons of passwords for different websites.

@Arthur what i'm describing isn't so much to do with passwords. what i'm describing is a special cryptographic signature on a video, by the creator, that verifies that person made that video and it wasn't tampered with.

we have things like sha/md5 hashes, but those are geared more for developers (and say nothing about who authored it, whether the website/source was tampered with, etc)

can't really just have a "verified" checkmark though either, right? seems like you'd just be kicking the can down the road. you'd need to trust your own software to run the verification yourself too.

well that's what i mean by having a reliable PKI in place. if anyone with the knowhow can verify the signature, and you can get a reliable public key from the internet, then any trickery on the software/website/whatever's showing the checkmark would be discovered very quickly. you could even write software as a sort of "canary in the coalmine", an alert if someone's signature underneath the checkmark doesn't match

@Austin I get it. Especially if it will be incorporated into major tools, but controlled by an outside company that will "verify" that everything is protected.

What I mean that while we have power to get rid of login forms - we still using them and exposing everything.

Another thing, for protection - it probably will be controlled by some monopoly. Like Alphabet bought ReCaptcha years ago.

@Richard-Kubina what i mean to do here is make it less of a cat and mouse game like ad blocking/detection, and more of a cryptography problem that's much harder to crack for the adversary, the person or people doing the tampering

@Arthur right, so i'm picturing more of a distributed PKI infra, but that's probably a pipe dream 😕 a few big companies could do it though.

as for logins: biometrics ftw. kill the password, i totally agree

yea, the more layers the harder it is to fake. Just thinking you also need to consider your own machine might not be trust worthy! Like we saw with the Meltdown and Spectre vulnerability. :tinfoil-hat: Might end up seeing a happy green checkmark that shouldn't be there. I think you will always have this cat and mouse game, it just comes down to how lucrative it is to crack or how high the stakes are to put up the fight. I am definitely not a cryptography expert though...

@Richard-Kubina oh damn 😱 you've got me thinking about the "management engine" inside the vast majority of PCs now... :tinfoil-hat:

you've got me there, though. ultimately it would take a lot of consensus, on the part of verifiers, and it's still a cat and mouse game...i thought it would be harder to crack, and it is, if and only if the author's machine isn't compromised 🙃 and high profile targets like public figures, would prooobably get hacked. i don't get how people work in computer security without going insane

so it's just turtles all the way down, then? can we just throw computers away and start over because i have thoughts on that

haha naw I don't mean to win an argument, I just figure there's always that risk of not being able to trust the handy ✅ . like with Apple approving malware in their store https://techcrunch.com/2020/08/31/apple-notarized-mac-malware/

oh wow @ the malware thing....did not hear about that one 👀 but nah, not arguing here, i'm just genuinely curious! like...is it possible to ensure security, and if so, what's the confidence level? how much consensus is "enough"?

with all the layers of current computers, i'm honestly not sure

yea, there were other ones with microsoft's windows updater that was downloading malware.. I forget which software download site also was compromised and serving up executables with malware.. https looked fine at point.. but it didn't matter

I do like the idea of 'consensus' though...

would be nice to have security experts weigh in here! 👋

oh god... you're killing me here man 😂 i'm gonna wind up making software for little embedded chips that don't talk to the internet just to be safe...

it's a great point though. so how sure can we be that certain systems aren't already compromised?? like...what percentage of consumer PCs are vulnerable to attack if you do something simple like click a link? i'd wager close to 98-99% but not 100%

yeah lots of "what ifs" here haha 😅 would be very nice to get an expert opinion

i guess going back to deep fakes, it's a people problem and not a tech problem, right? you just gotta double check everything.. if someone emails you or calls you sounding like your boss telling you to send money somewhere, you may wanna verify that on another channel.. sorta like two-factor ...verification. Get on your landline and call them up ☎ and hope you aren't getting phreaked!!1 😅

two factor is a sorta consensus, that not all lines of communication are compromised .. better odds

Sorry for the off-topic.

For two years in our national tech university, I have only two teachers who did something real in terms of our "coding profession".

One teacher created cool simulation software for meteorites that falling on earth and breaking down into small pieces. I mean, like real software that was used.

The second teacher was the youngest professor in our division. He actually creates some extension to one of the big crypto-algos(like SHA or something). He pissed off old professors because he gets grants money from local coding companies and has a cool separate computer lab.

I'm sure it's affected me somehow...

It's interesting to re-read articles from 2019 about deepfakes technology. like 2 years time-machine

https://hackernoon.com/why-do-we-need-a-solution-to-deepfake-b81f3yi7
https://hackernoon.com/the-deepfake-challenge-nyf1k31kn
https://hackernoon.com/the-light-side-of-deepfakes-how-the-technology-can-be-used-for-good-4hr32pp
https://www.forbes.com/sites/johnkoetsier/2019/07/17/viral-app-faceapp-now-owns-access-to-more-than-150-million-peoples-faces-and-names/amp/
https://www.digitaltrends.com/news/faceapp-photos-privacy-terms-of-service/

Here is a collection of cool deepfakes, that available on YouTube. it's also easy to see how technology evolving: not only editing, capturing, but ML algorithms can do much more work, even with smaller datasets