This new tool could protect your pictures from AI manipulation
This new tool could protect your pictures from AI manipulation
PhotoGuard, created by researchers at MIT, alters photos in ways that are imperceptible to us but stops AI systems from tinkering with them.
The nuances of this are beyond me, but I feel like it's likely this would eventually be overcome.
Your best protection from having your images manipulated is to keep them off the internet if at all possible (we can only control what we post).
Basically I'm saying to treat the internet as hostile. Which is unfortunate, but accurate.
This'll work for about a week. The image generation applications' devs will get hold of some of the inner workings and figure out how to make their networks detect and ignore those minor manipulations. It'll turn into yet another arms race with no winner or loser, just rapid, incremental changes.
It might become a bit harder for the big AI companies to claim they're legitimate, trustworthy companies if there's evidence they're actively trying to get around what it effectively a form of DRM on images, though. They wouldn't just be scraping copyrighted works from the internet, they'd be designing their AIs to work around protections put on those images.
So it wouldn't stop bad actors, the same way that copyright protections and DRM in other forms of media don't stop piracy, but when a big company is doing it, they lose all the "we're not evil" credibility they're trying to create in the media right now.
I think the best PR strategy there would be to just say nothing. Just like they did when they were mirroring folks' sites to collect images and text to train their models on. By the time folks realized that their stuff had been used for training without their consent it was far too late, and here we are.
In other words, it won't stop AI companies because they're already bad actors, and they're acting just like bad actors do anyway. Even "we're not evil" isn't even a thing they bother saying anymore, because everybody already knows it's only meaningless mouth noises (case in point, the Big G).
Permanently Deleted
This would be so easily bypassed that the whole concept, while technologically cool, is completely useless. Someone could apply a very subtle smoothing filter and then do whatever they wanted with it after via stable diffusion (or use the myriad of alternative methods to remove the "protection").
Or, just keep synthesizing the images from scratch and compositing them.
What happens if you take a picture of the screen with your phone? Not ideal in terms of quality but I'm willing to bet it would work as a stupid easy bypass.
What I'd like to see is an image format that is digitally signed by default so that modifications can be flagged and the source can be verified. Yeah people could modify them for malicious use cases (I don't think it will be possible to ever prevent that unfortunately) but at least we'd know that it wasn't the original. This doesn't work for cases where people want to be anonymous but for things like social media selfies and posts where people are visible it could be helpful in preventing people spreading deepfakes and claiming they're real.
I'm not well versed in this at all, but would this also work if the "attacker" were to take a screenshot of the image they wanted to alter, and plug that into an AI tool? It sounds more like metadata tweaking from the article, which would be bypassed by a screenshot.
There's another tool called Glaze that does this for artwork, and what that one does is selectively edits individual pixels in a way that makes the artwork look normal to a human, but is rendered as a distorted mess by AIs. Because it's pixels within the image being edited, not the metadata, a screenshot preserves the edits. I think it's also resistant to blending and smoothing tools, because what the AI reads is different to what the human eye sees, and blending and smoothing tools are designed with a human eye in mind.
Interesting, thanks for the insight!
This is promising. Glaze was simply too intrusive for most people to be willing to use it regularly.