Notarizing a photo is easy, but verification is a bigger problem

Remember that case of the guy who was accused of a violent crime, and was saved from prosecution by a selfie posted on social media?

Link: Selfie clears man facing 99 years in prison for crime he didn’t commit

Things should have never gotten that far, but it shows that notarization of photos is easier than ever. All you have to do is post them to a website which would not allow the user to tamper with the time stamp. Flicker, Instagram, Twitter and Facebook are a few examples.

But how do we authenticate a photo? We're not talking about who owns it, we're talking about whether or not it's a camera original, free from manipulation, and an objective representation of reality at a given time and a given place. A RAW file helps, even though it's not an absolute guarantee. But not everyone wants to shoot RAW.

Of course, it's not always impossible to tell if a published photo has been altered. For example, if we assume that we start with a JPEG, and then we alter it before saving it as a new file, we can sometimes see that this manipulation occurred. See FotoForensics for instance. Or see the app JPEG Snoop (https://www.impulseadventure.com/photo/jpeg-snoop.html) for a different method.

But that can only tell us if an image is a fake. And sometimes you get false readings. What we want is to prove that an image was taken with a camera, and that literally nothing was done to it. Perhaps this sounds impossible. After all, we don't consider downsizing, exposure or WB corrections as manipulation, but even changing the value of one pixel very slightly will immediately trigger a verification warning.

Thankfully, the issue of small corrections doesn't apply where it's needed most: the press. Press photographers mostly shoot JPEGs, and they usually don't have the time or the inclination to correct them (though some do). Wildlife photographers could also fall into that group - it is unethical to manipulate an image intended to document wildlife, for obvious reasons (although RAW formats are often used). So, in these cases, a camera original JPEG will be published as-is.

But, you may ask, what about file size? Are we to load a 12MB 24Mpx image each time? For this, we have an easy solution: we can allow the camera to generate two or three different JPEGs, each separately verifiable. A better solution would be to move to a standard like JPEG 2000, which would reduce the number of variants for each file, but that's another story for another time. And what about cropping? No problem! The photo editor can specify the CSS clip-path property - at least for web pages.

Okay, so we've established that verifiable, camera generated images can be useful to a large number of publishers. But we need to figure out how to make an image self-authenticating. This is the tricky part.

You could generate an SHA hash with the image combined with its metadata. To make this work, the SHA hash is published along with the original - for example, on a social media post. The posted image on social media is merely a visual reference for the larger image, to be used alongside the SHA hash. This would allow the end user to verify that the photo as published on websites, including the metadata, hasn't been changed by a third party. But this is not the solution we wnat, because it doesn't allow a photo to authenticate itself. How do we know that the published image hasn't been altered before the SHA hash has been generated?

What we need do is find a way for the camera to generate a hash for each image and include that in the metadata. This has to be done is such a way that a manipulated image cannot authenticate itself post hoc, even if a new hash is generated to match the altered image. Authentication would be done by the browser matching the hash to the image. But this only makes sense if the only way to authenticate a camera original is by the camera itself.

Can this be done? Does anyone have any idea how? Every time I think of a scheme, it all comes undone, because you can always manipulate an image and then generate a new hash for it.

A possible pathway could be to look at how software keys are generated. If you buy a key for an application, it will be much longer than necessary. The reason is to prevent the random generation of keys. When you enter the key, a server verifies it. For instance, a copy of Doom might have the key, ABCD-EFGH-IJKL-MNOP. The server knows that this is a valid key. But it also knows that some keys are invaldid, such as AAAA-BBBB-CCCC-DDDD. If you try and enter that key while installing Doom, the server will reject it.

But, here we have two problems: firstly, the product key is not mathematically generated from the application. Secondly, the key is not intended to prove anything other than the validity of the purchase. And, worse, a lot of product keys have been 'hacked', and we know how they are generated. I'm not sure that redundant values for hashes are the right solution, if they are even possible.

And so at this point I'm stuck. So, if anyone out there is studying (so called) computer science, or just has an interest in this sort of thing, I'd be curious to know if this can be done.

First, I want to know if YOU wrote this post or someone else did?

I agree this site seems to be losing any cred with all these “mental-masturbation” questions from posters who don’t show their website. Why are photographers photographing if they don’t even show their images. I don’t care if you’re clients are incredible, your work is in moma it would be more relevant to know than some faceless poster who’s obviously got history trolling this site with what if questions

Moderators there’s a reason this site is decaying you’re not stepping up

The most effective way of dealing with posts you consider "questionable" is to boycott them.

If no one replies....

I agree this site seems to be losing any cred with all these “mental-masturbation” questions from posters who don’t show their website. Why are photographers photographing if they don’t even show their images. I don’t care if you’re clients are incredible, your work is in moma it would be more relevant to know than some faceless poster who’s obviously got history trolling this site with what if questions

 

 

Moderators there’s a reason this site is decaying you’re not stepping up

Well for me photography is just a hobby. I like fixing and using old cameras. I have no website.

Is there something in particular wrong with Karim's post that make's it not suitable for Casual Photo Conversations?

a website which would not allow the user to tamper with the time stamp. Flicker

It's flickr. And you can change both the upload date and the date taken easily. I don't upload to the others mentioned - maybe someone else can verify the claim made by the OP?

And so at this point I'm stuck... I'd be curious to know if this can be done.

Why are you interested in this at all? Any possible solution will be of value for a few select instances only - so why burden everyone who records a photo with some notarization/verification scheme? As you state yourself, any solution you could come up with falls apart upon closer examination. You mention wildlife photographers - there are many who take quite some artistic license when editing their images - and the only drawback is that those images no longer qualify for some photo contests or publication in certain journals and magazines. Press photographers - they also record a possibly quite distorted version of the reality as they see it. Point of view, focal length selection and moment of shutter release can quite substantially influence the photo being produced; what's the point of verification here?

they also record a possibly quite distorted version of the reality as they see it.

My favorite kinds of photos. Unless they’re photojournalistic. Distorted reality is the best reality! :)

My favorite kinds of photos. Unless they’re photojournalistic. Distorted reality is the best reality! :)

I agree. Outside of journalism and when photographs are used as evidence, I don't know how important it is to know the degree to which a photo has been modified.

FWIW, iPhones stores photos in HEIC format rather than RAW or jpeg. I don't seem them moving to something like jpeg 2000.

Well for me photography is just a hobby. I like fixing and using old cameras. I have no website.

Hobby or not, why not share? Could it be your level of expertise would be questioned

 

Is there something in particular wrong with Karim's post that make's it not suitable for Casual Photo Conversations?

Yes it’s not a genuine question it’s a post to see how many pages of diatribe they can create.

While I agree the best way is just ignore this site use to be a wealth of information and advice because people were honest and genuine now it’s a bunch of pontification

Why should I care because I like photography and this use to be a site that wasn’t 100% gear talk

Well, ahem, I tend to get quite a lot of useful and informative info from this site's users, perhaps because I ask legitimate questions? (decide for yourself, I guess)

This does feel like a wind up. But who is to judge?

While admittedly, this "question" seems to fall into the tiniest of micro niches, isn't everything segmented into infinite such niches now-a-days?

But to address the actual question:

The phrase "who cares" certainly comes to mind in this case.

I mean, now that my mind has un-numbed itself after slogging through that mind numbing opening salvo. I couldn't tell if this guy dotted all his Is and crossed all his Ts as I went all cross-eyed and got T'd off from reading his post!

I think, most important of all here, we need to remember that photo dot net is just one of gazillions of possible stops on the impossibly vast & never ending road that is The Internet. Of course there will be trolls under every imaginary "bridge". Conversely, there will also be those imagining trolls under every imaginary bridge. Then again, there ARE trolls under every imaginable bridge. Seek, and ye, too will find. Seek it where you find it. Or find it where you seek it.

I hope I've made myself perfectly clear.

Thanks and have a nice day.

And so at this point I'm stuck. So, if anyone out there is studying (so called) computer science, or just has an interest in this sort of thing, I'd be curious to know if this can be done.

Not my area of expertise but I don't think it's practical and maybe not possible to have a file authenticate/validate itself using only itself as the source of truth since anything in the file can be modified. If you think about it, any sort of verification that's done now, - say verifying that the web site you're visiting is who they claim to be, depends on checking with an independent trusted source.

So what would have to be stored in a trusted location is either a checksum or hash generated from the original image data or a copy of some subset of the original image data that was determined to be sufficient to identify another image as essentially the same.

Where would this location be? How would the information get there? How could we know the image wasn't already altered before this data was sent?

Passing a significantly modified print to Reuters is a breach of ethics. Passing the same print with false affirmation to a notary is perjury.

Passing lots of gas in a crowded elevator is just plain wrong... :eek:

I did not mean that people should boycott the entire site for the sins, real or imagined, of one or two posters. I, for one, still find items of interest and value here. If you don't, why are you still here ?

There have always, not just recently, been a few burrs under the saddle on this site. I am obliged to note that a few of them have become, well, milder with the passage of time.

: |

Passing lots of gas in a crowded elevator is just plain wrong... :eek:

Some people can't help ...

Not my area of expertise but I don't think it's practical and maybe not possible to have a file authenticate/validate itself using only itself as the source of truth since anything in the file can be modified. If you think about it, any sort of verification that's done now, - say verifying that the web site you're visiting is who they claim to be, depends on checking with an independent trusted source.

 

So what would have to be stored in a trusted location is either a checksum or hash generated from the original image data or a copy of some subset of the original image data that was determined to be sufficient to identify another image as essentially the same.

 

Where would this location be? How would the information get there? How could we know the image wasn't already altered before this data was sent?

As far as I know, you can do this with a blockchain. The purpose of using blockchain for cryptocurrency is proof that it is real, and proof that it hasn't been previously spent.

You can use blockchain, including the existing cryptocurrency chains, for other cryptographic hash use. That allows one to later prove that one had some data set on or before the timestamp. You can't prove any modifications weren't made before that time, but can prove that none were made later.

Otherwise, for cameras, it is easy to change the clock before taking the picture, and probably easy to change the timestamp after.

There are ways to detect splicing of JPEG images, as there are some correlations that come from the demosaic process that are destroyed in image splicing.

If one converts all to raw, splices, and then to JPEG, it might be harder, but most likely it isn't easy to do with the exact in-camera algorithm.

As far as I know, you can do this with a blockchain. The purpose of using blockchain for cryptocurrency is proof that it is real, and proof that it hasn't been previously spent.

 

You can use blockchain, including the existing cryptocurrency chains, for other cryptographic hash use. That allows one to later prove that one had some data set on or before the timestamp. You can't prove any modifications weren't made before that time, but can prove that none were made later.

 

Otherwise, for cameras, it is easy to change the clock before taking the picture, and probably easy to change the timestamp after.

 

There are ways to detect splicing of JPEG images, as there are some correlations that come from the demosaic process that are destroyed in image splicing.

If one converts all to raw, splices, and then to JPEG, it might be harder, but most likely it isn't easy to do with the exact in-camera algorithm.

A key component of a crypto-currency like bitcoin is the distributed nature of it. The history of transactions is verified by comparing to numerous other copies of that history. So you don't get away from having some sort of external/independent validation.

An image from a camera that's stored in a block-chain format could store all the edits within the block-chain itself. You'd know that it wouldn't have been tampered with and could always get the original. But this is of no use unless the block chain is distributed so there would be something to verify against. Otherwise, one could merely put an altered version of an image in a separate block chain.

A key component of a crypto-currency like bitcoin is the distributed nature of it. The history of transactions is verified by comparing to numerous other copies of that history. So you don't get away from having some sort of external/independent validation.

 

An image from a camera that's stored in a block-chain format could store all the edits within the block-chain itself. You'd know that it wouldn't have been tampered with and could always get the original. But this is of no use unless the block chain is distributed so there would be something to verify against. Otherwise, one could merely put an altered version of an image in a separate block chain.

Yes.

But you can add your hash to the bitcoin blockchain, or to any other already well distributed blockchain.

Usual system is to just add the hash, which proves that whatever you say existed actually did, though I

suppose you could store whole JPGs.

You could make your own blockchain, have it distributed, but not as well as better known ones, and

then at appropriate intervals add a hash from it to a well-known blockchain.

Even with a non-hackable built-in technology, you could still print out a manipulated file and then rephotograph it to appear unedited.

As always, technology is good for catching those who don't know what technology can do.

When fingerprinting was new, it was good for catching crooks who didn't wear gloves, but now everyone

knows to wear gloves when robbing a bank.

The losses in rephotographing might be enough to give it away. Also, the EXIF data will be way different.

Fugitive John McAfee’s location revealed by photo meta-data screw-up

at least be sure to turn off geotagging when doing fake rephotographs!

It seems that there is now software for faking the GPS coordinates for an iPhone,

and I suppose you can fake the rest of the EXIF data, too.

It occurs to me now that, if you really want a notary to do it, print out (on paper)

a cryptographic hash of a JPG (or RAW) file, and then have a real notary notarize it.

Anyone can later generate the hash and compare it to the printed copy.

It seems that using cryptography to prove an idea dates back at least to Galileo:

Galileo's Anagrams and the Moons of Mars

If someone wanted to prove that they made a discovery first, without (yet) giving

the idea away, they could publish (or privately send) an anagram of the description.

Later, when the discovery was published, one could show that previously published

anagram matched.

Yes.

 

But you can add your hash to the bitcoin blockchain, or to any other already well distributed blockchain.

 

Usual system is to just add the hash, which proves that whatever you say existed actually did, though I

suppose you could store whole JPGs.

 

You could make your own blockchain, have it distributed, but not as well as better known ones, and

then at appropriate intervals add a hash from it to a well-known blockchain.

Sure, and that would all work. But it depends on comparing a hash to another hash stored at a trusted location. This doesn't meat the OP's criteria of having a file that's self validating.

Sure, and that would all work. But it depends on comparing a hash to another hash stored at a trusted location. This doesn't meat the OP's criteria of having a file that's self validating.

Not sure what you mean about trusted location, but the whole idea behind bitcoin is the lack

of need for a trusted location.

Normal currency requires a trusted centralized backer to guarantee its value,

usually a government agency.

Bitcoin relies on decentralization for its validation.

Now, yes, if you are away from any Internet access, then it doesn't help, but in that

case you need some other trust mechanism. Notaries rely on some type of

licensing system to assure the public that their notarizations are valid.

Not sure what you mean about trusted location, but the whole idea behind bitcoin is the lack

of need for a trusted location.

 

Normal currency requires a trusted centralized backer to guarantee its value,

usually a government agency.

 

Bitcoin relies on decentralization for its validation.

 

Now, yes, if you are away from any Internet access, then it doesn't help, but in that

case you need some other trust mechanism. Notaries rely on some type of

licensing system to assure the public that their notarizations are valid.

Yes, with bitcoin you're not dependent on a single trusted location. Instead you're placing your trust in the fact that a given ledger (or block chain) agrees with multiple ledgers stored in multiple locations. Either way, the validation is external.