At the recent QCon San Francisco conference, Kate Sills gave a talk about combating AI-generated fake images using existing JavaScript libraries. She advocated for using cryptographic timestamping to ensure the time photos were taken and using digital signatures to verify that the image was made by a legitimate source. She emphasized that in order to address the societal risk of AI-generated images we have to raise the bar for what we expect from real images and that software engineers need to build systems that allow us to meet that high bar.
The field of AI-generated images has improved massively over the last few years. These tools have become so accurate that they can create realistic images, making it tough to distinguish between real and AI-generated pictures. Unfortunately, this ability of AI to render photos has led to a societal shift wherein we can no longer rely on photos as solid proof of truth.
However, Kate Sills suggested that it is possible to detect characteristics of AI in generated photos — these are what she calls the "classic tells". But even this approach does not escape the issue that AI continues to improve, meaning these tells would eventually disappear. This culminates in an escalating arms race between image generation and detection technology.
Besides looking at the actual image, there is also a lot of information on the authenticity of an image in the metadata. One can look at the timestamp, author, etc. However, the metadata can also be tampered with, and it's possible to take the metadata of a valid image and add it to an AI-generated image.
Sills thus has two solutions one can implement using Javascript: timestamping and digital signatures. Timestamping is a service that timestamps a submitted image, providing proof that the image existed before a given point in time. For this, Sills recommends using the cryptographic hash, which she explains as a digest of the image content. For an effective implementation of the hash, she suggests using the web crypto API and the noble hashes package.
Digital Signatures help authenticate the source of an image. Public key cryptography allows signing a piece of data such that the original data can't be forged. In this case, multiple things can potentially be signed. From the time and location the photo was taken, to what is in the photo itself, such that it can't be tampered with. It's even possible to encode the existence of multiple images by publicly publishing the root of a so-called Merkle tree.
Last but not least, Sills emphasizes the necessity of raising our expectations of real images. She argues for a new norm wherein all real images must be timestamped, have credible metadata, and be supported by verifiable documents, ensuring their authenticity. She argues that the only measure we can take against fake images is for developers to provide a more reliable and trustworthy way of dealing with images.