danielquinn

I was one of the people who based my opinion of Proton on that tweet and swore off them until someone else shared that link with me. It's excellent, thorough, and makes a convincing case that Yang is actually left-leaning. I can only assume that you're getting downvotes from people who haven't read it.

Well, welcome to the Free side fellow traveller :-) I too ditched Windows for (different) political reasons 25 years ago, and haven't looked back. You'll love it here, 'cause if you don't, you now have the power to change it 'til you do.

Sorry, I was on mobile so I over-simplified 'cause digging up the details on Wikipedia wasn't so easy while also juggling my kid :-) I'll try to amend the original post.

I don't know what to tell you. I've been shouted down more than a few times for suggesting that Ubuntu is a bad gateway distro.

I'll likely be downvoted for this, but if you're committed to Linux, you might want to reconsider using Ubuntu (or Fedora for that matter). Ubuntu has a well-earned reputation for trying to make things "easy" by obfuscating what it's doing from the user (hence that useless error message). They're also a corporate distro, so their motivations are for their profit rather than your needs (wait 'til you had about Snap).

A good starting distro is Debian (known for stable, albeit older) software. It's a community Free software project and the 2nd-oldest Linux distro that's still running as well as the basis for a massive number of other distros (including Ubuntu). The installer is straightforward and easy too.

Or if you're feeling ambitious, I'd recommend Arch or Gentoo. These distros walk you through the install from a very "bare metal" perspective with excellent documentation. Your first install is a slog, but you learn a great deal about the OS in the process, ensuring that you have more intimate knowledge when something goes wrong.

I think you're misunderstanding the purpose behind projects like c2pa. They're not trying to guarantee that the image isn't AI. They're attaching the reputation of the author(s) to the image. If you don't trust the author, then you can't trust the image.

You're right that a chain isn't fool-proof. For example, imagine if we were to attach some metadata to each link in the chain, it might look something like this:

| Author | Type | |

|

| | Alice the Photographer | Created | | AP photo editing department | Cropping | | Facebook | Resizing/optimisation |

At any point in the chain, someone could change the image entirely, claim "cropping" and be done with it, but what's important is the chain of custody from source to your eyeballs. If you don't trust the AP photo editing department to act responsibly, then your trust in the image they've shared with you is already tainted.

Consider your own reaction to a chain that looks like this for example:

| Author | Type | |

|

| | Alice the Photographer | Created | | AP photo editing department | Cropping | | Infowars | Cropping | | Facebook | Resizing/optimisation |

It doesn't matter if you trust Alice, AP, and Facebook. The fact that Infowars is in the mix means you've lost trust in the image.

Addressing your points directly:

1. I'm not sure how a TPM applies to this as I haven't dug deep into c2pa other than the quick review I did this morning. I'm more interested in the high-level: "can we solve this by guaranteeing the origin" question, and I think the answer to that is yes. See my other comment for my own take on this.
2. I don't think we need any sort of controls on defining the types of edits at all. If AP said they cropped the image, and if I trust AP, then I trust them as a link in the chain.
3. Worrying about MITM attacks is not a reasonable argument against using a technology. By the same token, we shouldn't use TLS for banking because it can be compromised.
4. Absolutely, but you can prevent someone from taking a picture of an AI image and claiming that someone else took the picture. As with anything else, it comes down to whether I trust the photographer, rather than what they've produced.

Yes, but starting a new chain would necessarily reallocate the ownership. So if reuters.com created a real image and then Alex Jones modified it, stripped the headers, and then re-created them, then the image would no longer appear to be from Reuters, but rather from infowars.com.

Absolutely, but that's not really the point. If you remove the chain, then the file becomes untrusted. We're talking about attaching trust to an image, and a signature chain is how you ensure that that trust.

Thanks! And no, this is absolutely nothing like NFTs.

NFTs require the existence of a blockchain and are basically a way of encoding a record of "ownership" on that chain:

Alice owns this: https://something.ca/...

If the image at that URL changes (this is called a rug pull) or a competing blockchain is developed, then the NFT is meaningless. The biggest problem though is the wasted effort in maintaining that blockchain. It's a crazy amount of resources wasted just to establish the origin.

Aletheia is much simpler: your private key is yours and lives on your computer, and your public key lives in DNS or on your website at a given URL. The images, videos, documents, etc. are all tagged with metadata that provides (a) the origin of the public key (that DNS record or your website) and a cryptographic proof that this file was signed by whomever owns the corresponding private key. This ties the file to the origin domain/site, effectively tying it to the reputation of the owners of that site.

The big benefit to this is that it can operate entirely offline once the public keys are fetched. So you could validate 1 million JPEG images in a few minutes, since once you fetch the public key, everything is happening locally.

Much of these problems can be solved by introducing a signature chain:

• Company A created the image
• Company B resized it

In this example, "Company A" can be a reliable news source, and "Company B" could be an aggregator like Mastodon or Facebook. So long as the chain is intact, the viewer can decide whether they trust every element in the chain and therefore trust the image.

This even allows people to use AI for responsible editing, because you're attacking the real problem: the connection between the creator (in whom you may or may not vest a certain amount of trust) and the media you're looking at.

I actually spent a few years of my life writing a whole software project for exactly this purpose, and I still think that it's the only practical way to solve this problem.

Called "Aletheia", it ditches the idea that software can spot a fake entirely and instead provides a way to guarantee the author of a piece of media. If you trust the source, you can trust the image/video/document/whatever.

If you're curious, here are a few relevant links:

• White paper
• Documentation
• Source code (Python, AGPL)
• The talk I gave at PyCon UK about it

Do AI bots really spam Lemmy of all places for this sort of thing? Ick. Well thank you very much, this is very useful. My intent is to drop Tilix in favour of GNOME's default terminal (or maybe one of the sexy alternatives that the cool kids keep talking about like Kitty), but I couldn't switch without understanding this first.

Your config works for me with one exception: bind -n M-| effectively means that I have to hit Alt+Shift+\, since | is only available via Shift+\. I amended this to be bind -n M-\\ and it works gloriously. Thank you so much!

It turns out that I didn't need to use set -g xterm-keys on, but I'm curious: what does it do?