Podcast
Join Viktor, a proud nerd and seasoned entrepreneur, whose academic journey at Santa Clara University in Silicon Valley sparked a career marked by innovation and foresight. From his college days, Viktor embarked on an entrepreneurial path, beginning with YippieMove, a groundbreaking email migration service, and continuing with a series of bootstrapped ventures.
Links
Follow Me
Follow Me
Join Viktor, a proud nerd and seasoned entrepreneur, whose academic journey at Santa Clara University in Silicon Valley sparked a career marked by innovation and foresight. From his college days, Viktor embarked on an entrepreneurial path, beginning with YippieMove, a groundbreaking email migration service, and continuing with a series of bootstrapped ventures.
Exploring the C2PA Standard with Dom Guinard from Digimarc
Play On
12 FEB • 2024
1 hour 1 min
Share:
In this episode, I’m joined by Dom Guinard from Digimarc to explore the fascinating world of digital content standards. Dom’s extensive experience in IoT and digital standards offers unique insights into how we can protect and authenticate content in an increasingly AI-driven world.
We start with a deep dive into the C2PA (Coalition for Content Provenance and Authenticity) standard. What particularly caught my attention was how this technology combines metadata, watermarking, and hardware integration to establish content trustworthiness. Dom’s explanation of how these elements work together reveals the complexity of ensuring digital authenticity.
The conversation gets especially interesting when we explore the practical implications of C2PA. Dom breaks down how this standard helps combat deepfakes and unauthorized content use, while also empowering creators with more control over their work. His insights into the recent US executive order on AI and its connection to digital content standards highlight the growing importance of these initiatives.
I was particularly intrigued by our discussion of how C2PA integrates with existing technological ecosystems. Dom’s perspective on balancing innovation with content protection shows the careful consideration that goes into developing these standards. We also explore the practical tools available, including Digimarc’s C2PA Chrome Extension.
If you’re interested in digital content, creator rights, or the future of online authenticity, you’ll find plenty of practical insights here. For those wanting to dive deeper, here are some valuable resources:
- C2PA Standard website - Comprehensive information about the standard
- Content Authenticity Initiative - Broader applications and impact
- Digimarc’s C2PA Chrome Extension - Try the technology yourself
Transcript
Show/Hide Transcript
Hello everybody, and welcome to this episode of Nerding out to Victor.
Today I got a very good friend of mine on the show that we got no doubt about something he has been working on for the last six months or so or 12 months probably by now.
And just to give some backstory, Dom is an author and wrote the book Web of Things and invented a concept of Web of Things.
He's the co founder of Everything that was later acquired by digimark.
And Dom, do you want to say a few words that are probably missed in your introduction about your backstory?
No, I think that's it.
Very happy to be on the show, of course.
And yeah, today indeed, Everything was acquired by digimark.
And I'm the VP of innovation at digimark where I work on all kind of innovation projects, including our involvement with standards.
I've been working on standards almost my entire career.
I don't really like standards, to be honest, but I like the power of standards.
So that's why I keep working on those, actually.
Very cool.
So today's episode we're going to talk about something called C2PA, which is a part of what, which is similar to verify credentials.
And we got dive into what these two things are in detail throughout the course of this episode.
But maybe we should start Dom, and doing a quick introduction.
What even is this and why does it even matter?
Yeah, sure.
And I was thinking I could share a few slides maybe.
Let's do it.
That's not what I want.
PowerPoint.
Yeah, let's just go that way.
Right.
So, you know, I think I'm not going to break the news by saying that generative AI has been changing pretty much everything lately.
And in particular, it has made understanding what is real and what isn't, what is generated and what isn't really hard.
I mean, there are lots of examples of that.
And the one on.
Yeah, exactly.
The one on the bottom right is probably one of the most famous examples.
But there were other examples that were even a bit more impactful, like the bombing of the Pentagon, which led to a dip in the stock market and was actually a deep fake.
So that's one side of the medal.
The other side of the medal is in the upper part.
There is that content creators have their content being used by these generative AI tools for no compensation.
So these genai tools are basically taking any content and then using it to generate other images.
So we have this kind of dual side of the issue.
And C2PA is basically answer to at least a partial answer to these questions and to these things that Genai is raising.
So it's basically about looking at protecting the intellectual property of creators, and we'll probably deep dive into that, but it's not protecting it necessarily in a DRM way, but basically informing any user or any tool of who owns the copyright.
And the second part is about reestablishing trust in digital content.
I think that's really the core of where the standard is going.
And the core value of the standard is to allow users to get provenance information about the assets they're looking at, to know where it came from, how was it modified, who created it, whether or not it was generated by AI.
And so C2PA created a set of standards.
They are now known more as content credentials.
That's the marketing term for C2PA standards, content credentials.
And essentially it's metadata that's attached to assets.
So you have the asset and then you have the metadata attached to it.
For instance, in the case of JPEG images, it's via the EXIF headers.
But other formats are supported, images are supported, video are supported, and now text, as well as documents.
And I think one thing to call out is that the recent US Executive Order on Artificial Intelligence is starting to mandate the creation of such tools, the creation of standards around the authenticity of digital content and also the labeling of synthetic content.
And they mentioned C2PA, but they also mentioned tools like digital watermarking, where obviously digimark has a lot of expertise.
So that's the crux of C2.
Paul.
Right, so let's zoom in on this.
Like, who really cares about this?
Right, because that's the big question.
This is cool, but who's this for?
And who do you think really cares about this?
Yeah, it's a good point.
I think ultimately everyone should care about it.
Whether we all care about it today is a big question.
And I think the tools are still maturing.
It's not like C2P is widely deployed yet.
It's proliferating very quickly.
But it's not like every single Image has a C2Pmanifest that you can check.
And I don't know if it will ever be the case.
I think it's more for images that have high value.
I can really imagine.
And there's a lot of traction in the, in the news industry around that because obviously that is things, you know, the news we see are things we.
Information we really want to be able to trust.
So that's a really a core value of C2PA.
I think yeah, I think ultimately everyone will be a user, whether we'll be active users or simply we'll have that little PIN icon appearing and we'll look at it like half look at it and we'll look at it when something seems fishy or whether you are a content creator.
And I think content creators are all the core users of C2PA because they want to be able to stamp their content, apply their credentials and their copyright to it, and also they want to make sure it's not manipulated without their consent, actually.
Right.
But it's really like a catch 22 or a network problem, really at its core it's not valuable until it's very largely deployed because unless you have this as part of essentially every image, it's hard to maintain much trust, I guess, in a sense.
Right.
So it's a bit of a difficult one because if you have a photo without that, you can't.
I guess it's a positive indicator if you do have it, but it doesn't mean that it isn't valid just because it doesn't have that.
If that makes sense.
Yeah, yeah.
I mean, apologies.
Yes, you're right.
I mean, and I think it's really a question of network effect and we need to have enough images that have these credentials because an image that doesn't have a credential, that doesn't have content credentials, then how do you judge it?
Right.
So, yeah, I think the critical mass is important.
What I'll just say is that there are really strong forces behind C2PA has been driven by Adobe, Microsoft, BBC, intel and others.
So there's really a big uptake, it's going to take time and ultimately I think it will start in places where we really need to have trusted content.
I can think of the US elections, for instance, a good example.
So it, you know, but it has to start somewhere and I think it's proliferating quickly.
But you're right for journalism, I completely understand it, like to be able to trust like a BBC, whatever reputable news outlet, they need to be verified this and so that.
It makes a lot of sense.
Right.
I'm thinking more like a general use case on the Internet at large.
And it's a bit of a mis in match incentives in some ways.
Right.
Because the average user probably do not care too much about it in general.
Right.
Unless they're affected by it, which is kind of the.
If it's deep fakes, for instance.
And I guess we tie the conversation to deepfakes, which is one of the Main areas I guess trying to address here is for this to really work, you need to basically enforce all gen AI toolings to do kind of watermarking that it is a gen AI tool and that's kind of a misincentive for some of these tools.
And maybe you can get OpenAI to do it and some of the bigger US firms to do it.
But will the open source LLMs do this?
How are you thinking about that or how do you see about that?
Yeah, so.
So I think we need to look at two angles, right.
The one angle is that C2PA can help LLMs and Gen AI providers flagging their content as AI generated.
That's one side.
There are other technologies that can help.
For instance, the Executive order is citing watermarking, which is another way to help.
And I think we can talk about the differences and the strengths of each technology.
So yeah, I think them adopting it is primarily a question of regulation, I'd say.
So legislation will certainly work for companies and like OpenAI.
I'm thinking like Dall E or some great video generation like Synthesia and companies like that do video content generation using AI.
But you can't really enforce stuff open source and that's a bit challenging, I guess, because they're not really entities that you can enforce thus for.
In the same way.
No, but open source projects still have to respect the regulation in place.
So I.
But they're not enforced globally though.
So they're US centric, largely.
You mean the regulations.
Yes.
The US Executive Order is a US only entity.
Right.
Or US.
Yeah, that's right.
But there's the.
There's almost the same kind of regulation that's in preparation in the European Community.
And then there is.
Yeah.
China for instance, was the first country to make a move to make it mandatory to watermark content from generative AI.
So, you know, I don't think it's a US only thing.
Okay, so you anticipate this being kind of global legal framework in a sense.
Yeah.
And they're all similar, in particular the European regulation.
I mean, there's no regulation yet, but there are drafts and discussions is going very much along the way of the US Executive Order, which is also not a regulation.
Right.
But a set of guidelines.
Right, right.
Okay, interesting.
Let's take a step back.
Verify credentials and CTPA are kind of similar.
My understanding is the VC or verified credentials, they're backed by W3C standard.
Do you want to walk me through the difference and how they are similar, but how they are different?
As well?
Well, yeah, I don't think they are similar.
I don't think similar is necessarily the right word.
I think they're very complementary.
Verifiable credentials.
W3C.
Verifiable credentials basically give.
Allow you to use identity, decentralized identity did.
To sign claims.
Right.
So you can now use your credentials to sign claims, all kind of claims.
Right.
So it's a generic framework for signing claims, digital claims of all sorts.
C2PA is a framework for providing provenance information from and about assets.
Now, the place where they meet and will meet in a more tightly coupled way in the future is that to be able to provide provenance information about assets.
It is very interesting to be able to sign these provenance information and different claims that you're making about an asset.
And so that's where verifiable credentials meet C2PA.
And actually they already.
You can already use verifiable credentials to sign C2PA claims today, but it's not 100% integrated yet.
And I know that work in the next version of C2PA will make this a lot more supported in a lot better way.
Okay, so it's a kind of semi related, substandard, but not exactly the same C2PA can fit into the framework of VCs in the long run, in a sense.
Yeah.
And you know, C2PA started before verifiable credentials or actually almost at the same time.
And within the C2PA community, there's no an understanding of the power of verifiable credentials.
And so there's an evolution to start to adopt that for signing claims.
Okay.
Okay, interesting.
One thing that I found interesting was the hardware integration in cameras for the, sort of.
For the C2PA standard.
You want to talk a bit about that?
Because I think that's super powerful.
Yeah, I think that's very powerful.
The closer to the source you are, the better it is.
You don't want to be too late in the workflow to add a manifest to your assets.
And so being able to add it to the cameras is a wonderful idea.
And I had the chance a couple of weeks ago.
I was at Stanford for the CAI summit, so the C2PA community summit and Leica was present there.
And I tested the.
I think it's the M11 Leica camera that has native C2PA capability.
So literally you configure a camera to say who you are, that generates a key for you and then that key is used to sign the claims and Basically whenever you take a picture, it basically certifies that it was taken by this camera at this time.
You can even add things like geolocation and so on.
Right.
So you can cryptographically say this photo was taken at this protest and I took it because I cryptographically signed it as a photographer, essentially.
Yeah, exactly.
And then the news outlet can say, oh, actually we know by the mere cryptography of this that it is not tampered with.
And you can validate that this is actually not a fake.
So I can see that power workflow, end to end being super powerful.
Yeah.
Cool.
Now let's dive into technical stuff because I think that's where it really gets interesting.
Right.
So my understanding is there are two elements to the C2 pack.
There is the metadata, which can be stored in EXIF, as you mentioned, for JPEGs, for instance, and there is the watermarking feature of this, because if you only store in exif, stripping that out is trivial for anybody with even the basic understanding of tech.
So walk me through these, the actual technology behind the watermarking.
Behind the watermarking, you mean behind both.
The watermarking and the exif, I guess, and how that actually works.
And we can dive into this to designing and the recovery process in a moment.
I'm just curious about how it's structured on a big picture level.
Yeah.
Okay, so I think I'll share my screen again because I want to show you something because I think it's important to say that today C2PA exists without digital watermarks.
And there's a bit of confusion on the market and in the news about that because the executive order mentions watermarking.
The executive order also mentioned other things such as manifests.
I mean, they're not the same.
Currently C2PA is not watermark based.
So currently in C2PA you basically add manifests to assets.
And there are a few issues with that.
Primarily two issues, right, is that you can remove the manifest and we can show that a little later in a little demonstration.
And so if you remove the manifest from the asset, well then it's gone.
And then you have no provenance information about the this asset.
Another issue is that the manifest can be switched for another manifest.
So if you're a malicious actor, you can basically strip off the manifest and add a new manifest that's cryptographically going to be perfectly okay, except you just stole my asset or you unflagged an asset that was AI generated and you make it not AI generated in the manifestation.
These are the type of attacks that are fairly easy to perform, and the latter.
So the switch of a manifest is an attack.
The former, I think, very importantly, is not an attack.
Like if you upload an image that has a C2PA manifest on pretty much any social media platform, then the manifest is going to be stripped off.
Right.
Actually, I did a little experiment not long ago.
I was writing a blog post about our C2PA extension.
We launched a C2PA Chrome extension at Digimarc, and I was trying to find one platform that would actually not remove the, you know, the manifest from my images.
And I failed to do so until I realized GitHub doesn't.
Because GitHub is really not touching the images at all.
All the other platforms, all the blogging platforms, all the social media platforms are basically stripping the manifesto.
For good reasons though, Right?
Because they do it for privacy reasons.
Largely because EXIF data usually includes location.
So for safety reasons, most of them do that.
Right, Absolutely.
And I think as creators, the long tail of content creators, we don't necessarily realize what these manifests contain.
And so that's why the social networks and the platforms generally strip them off.
I think some of them, they strip them off consciously, indeed.
To preserve privacy.
Some of the tools just strip them off because they don't, you know, they.
They don't really mind and they don't really care about ensuring that these manifests are kept.
And that's the case of many photo editing tools, for instance, or image editing tools.
Yeah.
And they replace it even with their own EXIF data.
Yeah.
Rotators, for instance.
Right.
Yeah.
I think counter example is the Adobe suite of tool.
Obviously Adobe being such a strong actor behind C2PA, their tools respect the C2PA workflows and they don't remove the manifest.
But many other tools do.
Right, Right.
Okay.
So tying this back into the camera.
So when you mentioned the Leica cameras supporting exif.
Sorry, supporting ctpa, is that purely then in the form of exif or are they doing something beyond exif?
No, today it's purely in the form of exif.
And this is when digimarc entered the game.
And it's not like we broke the news in the C2PA community by saying watermarks could help.
Right.
They already imagined watermarks could help.
And the C2PA standard already has a mechanism called soft binding, which is a way to bind the manifest to the actual image.
Because that's the problem.
It's creating a strong link between, on the one hand side, the manifest, and on the other Hand side the image.
And they already had defined soft bindings.
And in soft bindings, they describe two techniques for soft binding.
One of them is perceptual hashes and the other one is watermarking.
But they were just described at a high level.
So there's nothing in the standard that tells you how to do that just for the sake of completeness.
A perceptual hash is unlike a traditional hash, is a hash that if you modify a little bit an image, say for instance, you could still have the same hash.
Whereas the typical SHA256 hashes, you modify any pixel, you have a completely different hash.
Perceptual hashes are resilient to some changes.
So like if you were to crop the image, for instance, you would still retain the hash?
Yeah, I mean, depending on the perceptual hashing algorithm you use.
But, yeah, it could be resilient to that type of issues.
So now you have a way, in theory, using a perceptual hash to find a manifest.
Given an image, you can find if there's a manifest for it.
I see.
Okay.
So that takes me into the next part, which is a big part of it, which is the recovery process of recovering a signature or an owner, really, I guess, for a photo in this case.
So that's how it works.
It's basically a lookup table based on.
The hash, essentially based on a perceptual hash.
But again, the problem with perceptual hashes is that they're very brittle.
You can have, and there are a couple of interesting blog posts on that.
You can have drastically different images that give the same perceptual hash.
Or you can have.
Yeah, well, yeah, it's not even collision, but it's simply the algorithm sees it as the same thing.
And there are a couple of good examples that we can post.
The other problem is, yeah, some tiny modifications might actually lead to a different perceptual hash as well.
It's brittle.
There's another problem, which is it requires an active lookup.
So you have to basically go into a database and you have to query that database and find the corresponding manifest.
So this is where watermarks, we believe, are a much stronger proposition because you literally embed inside the image an imperceptible signal that ties back to the manifest and that is a lot stronger.
Also pretty resilient to many of the modifications that you can make.
Right, yeah, he's going back to the hashing of that.
So that essentially means that in some ways it's void if you can do a fuzzing attack essentially on an image and you can create the same image twice.
That means that you can impersonate another image and have that look up to the same.
So you can basically fake a real photo with a fake photo from say, a demonstration.
Right.
With a.
Presumably not too difficult.
Well, if you have somewhat decent resources at your disposal, you could fake like a nation state, for instance, could fake a photo from a protest, essentially.
In theory, then, yeah, you could start.
Doing these kind of things.
You could also, by making tiny modifications to an image, making it impossible to find the.
To find the manifest, the original manifest.
So you could make things that are generated by AI flag that's not generated by AI.
So yeah, you could perform all kinds of things.
Yeah, I guess there's no way to.
Yeah, there's no way to detect that it is a collision.
Right.
Because you don't really know unless you have pointed to the original image where you actually upload the original image as well.
So then you have a reference to what the real is.
Even if you have a collision.
You can say, oh, actually these images are off the same.
Yeah.
If you can establish they're the same and you can tie it back to the original image, then yeah, you could.
So there's no this database.
Are you speaking up here?
So that's only like a text database, essentially, with the metadata.
It doesn't have a reference to the real image of any way, shape or form.
Right.
Well, it could, actually.
That depends on the implementation.
It could also have the reference image.
Yeah, interesting.
Okay, cool.
All right, let's go into the watermark, because I think that's a lot more interesting and far more bulletproof.
Right.
So let's talk a bit about the watermarking, how that actually could work and how.
Well, I guess Digitmark is working on that to solve that problem.
Yeah, so with the idea of the watermark is that you basically, again, create that strong link between the image and the manifest because you embed inside the image an imperceptible signal that ties it back to the manifest.
So now if you basically decouple the image from its manifest, then the watermark says, hey, well, actually there is a manifest for this image, and here is where you can find a manifest or even here is the actual manifest.
So you can implement a recovery process based on.
Based on the watermark.
Right.
And watermark, I mean, that's.
That's nothing new.
Right.
That's been all the big stock photo imagery site, they've been toying with these things for Quite some time.
Right.
Because that's a major problem they have.
So, so walk me through the unique approach I guess that digimark is taking on this compared to what's been using for the, for some while.
For some while to do attribution on images in watermarks.
Yeah, it's true that watermarking is a, you know, set of technologies that exists for a while.
I think the real USP of Digimark is the experience.
Digimark has been one of the pioneers for more than 20 years in the watermarking space.
An example is helping the world central banks with watermarking and we have helped all kinds of companies in the digital space, in the physical space.
So there's a lot of expertise.
Digimarc also has a lot of IP in the watermarking space and generally a lot of experience in making things as imperceptible as it can be and making these watermarks as strong as they can be.
Now, a watermark is also not bomb proof.
You can remove it.
Given enough time and compute power, you can remove a watermark from an image.
But that's very different from stripping off the manifest, which is trivial and again done by almost all the tools out there already.
Yeah.
So it's already a step change in the, in the advantage.
So walk me through, I guess, how if I crop an image, for instance, if I crop like 25% of an image, I kick off 75% of an image.
What, what is the minimum ratio, I guess, or minimum size of an image do you need in order to recover that watermark?
Recover the manifest for that watermark?
What's the, like how, what's the fault tolerance?
I guess for this.
Yeah, that is a very hard question to answer in absolute terms.
What I'll say though is that the watermarks, the digimarc watermarks are implemented with a lot of redundancy and so even a, you know, a fraction of the image will, might still contain the full payload.
So there's a lot of redundancy in watermarking.
Answering that question in absolute terms is very hard because it really depends on the image, the type of media, the colors that you have, and so on.
But generally it's resilient to this type of attacks to a certain level.
But I think one important point is that the idea of introducing watermarking into C2PA is primarily first and foremost to resolve the non malicious issues.
Resolving the malicious issues is almost like a cherry on top Right.
Because right now the thing that really for me we can see 2 pa is all the non malicious issues, basically.
Yeah.
You create your image with a Leica camera.
Great.
You have a signature, it's digitally signed by Victor, it's all good.
Then you upload it pretty much anywhere and the manifest is gone.
Right.
And so that's really, I think, the primary issue that has to be solved and where watermarks can help.
Right.
And that's, I mean, particularly going back into the, I guess, hoppiest journalism that happens.
A lot of people take a photo on their cell phone and that being shared on social media and picked up by news outlets and sourced as a credential evidence of something happened.
Right.
In reality that might not at all be a real event.
So I guess, yeah.
Particular the problematic element of these social media platforms, stripping that metadata is obviously for good reasons to be fair, but is obviously kind of undermining the whole narrative around C2PA, if that is one of the use cases.
Right, yeah.
And I have to say here, to be totally fair to the C2PA standard, that there are discussions with the social media platforms to ensure that they don't strip off CP simply all the manifests and all the headers of assets, but that they selectively do so.
And so they would keep potentially in the future they would keep the C2Pmanifest or at least the part that's not an issue from a privacy standpoint.
But yeah, it's a long road also with different kind of incentives to do so depending on who you are.
And the social media platforms don't necessarily are not necessarily ones benefiting the most from pushing this type of technology.
So I think that's where really the watermark can help bridging until we get there, if we ever get there, to be honest.
What's the roadmap like for getting watermarking into the C2PA standard and more commonly adopted in.
I guess you still have some proof.
Already got some proof concept as I presume.
But in terms of getting that into the lightcast of the world to get them to implement the watermarking, because I assume they're a lot more computationally heavy to do on a camera as well.
Yes and no.
And this is also where digimark has a lot of experience in the embedded side of watermarking.
We've been embedded in many devices, billions of devices already.
And so it, you know, we have expertise, others as well.
Right.
But that's one of the core advantages.
So it's not necessarily a footprint Problem.
It's not necessarily going to be really the issue, but I think first of all, we need the watermarking standard to be part of the CTP standard.
And basically, as it says on this slide, there was a task force created in September 2023 that I actually co chair together with someone from Adobe.
And the idea is really, it's very early stage right now, but the idea is really to gather the use cases, understand what the industry wants from the watermark, and then start to make small modifications to the C2P standard so that it really embraces watermark as a soft binding technique with clear ways of binding the image and the watermark together.
So it's work in progress.
It has started, work in progressing well.
Any and anyone wanting to join you can actually join C2PA and help us.
It's a really open consortium, so joining it is pretty easy for anyone, any company.
Cool.
All right, let's dive into the sighting process because I think that's really interesting to me and that really starts with an identity.
And you said in the case of Leica cameras, it's some kind of cryptographic key that generated on the device, I presume you can export that key and is that the X509 key or what?
Actually, behind the scenes, what's the cryptographic standard?
I guess behind this?
Yeah, so today it's really SSL like and this is where I think the standard is also going to evolve to embrace a lot more verifiable credentials and technique.
But today basically, Leica acts.
In the case of Leica Camera, Leica would act as a certification authority and their certificate would then generate a certificate for you or a key for you and then you sign that.
And yeah, the same.
If you use Photoshop today and you enable content credentials, then you'll have an Adobe generated certificate.
So the trust authority is going to be Adobe and then they are signing for you.
So you have a certificate that's generated for you.
So here you have a very interesting attack vector, right.
So if you can export the private key from your Leica camera in an attack, you can essentially impersonate that person and kind of exploit the CTPA program.
So if I can get a camera, if I can export one of the cameras from say a BBC photojournalist, I could impersonate that person with an AI generated image and BBC would be non devisor.
How is the threat modeling around that?
Have you had any conversation with camera vendors like is it TPM based or can you export the key or some kind of Trusted platform.
Yeah, I mean I don't have all the details, but obviously these keys are stored in a safe place and they have crypto chips in the camera that store these keys.
And so yeah, I'm not too worried about that in the sense that it's a general problem.
It's not dissimilar to what you have with crypto wallets and hardware wallets and so on.
So I think that's not necessarily an issue.
I think what's more an issue is the trust model above and beyond the key.
Because if you Google a bit and look at C2PA attacks, you can see that actually you could also create your own certificate and say you are, say you're the BBC and create an alternative BBC certificate and start signing things as the BBC.
As long as there is not a set of trusted routes.
It's a little bit the wide West.
Right.
So there is no equivalent to the root of trust that you have with CAS on the public Internet.
In that sense.
Yeah, your browser has a set of root certificates that it trusts.
We need to get to a similar construct for C2PA.
Right.
And that kind of makes me think a lot about PGP in the early days.
Well, still PDP still a thing of course and it's still use it once in a while but because there you have a decentralized and I guess predating the whole web three by a good 20 years of trust.
Right.
With signing parties and whatnot.
But that's obviously not scalable for a commercial model, which is why you have these.
But so you're thinking that it would be more mimicking the regular CAT structures then.
And will be the same actually.
Will, will that be just leveraging the existing PKI infrastructure you have for the public Internet with root certificates?
Because BBC already, obviously they already have their own certificates of course, and so would any, so would Leica.
Right.
Is that something that you think would be merged into that or is it more taking the path down blockchain?
Well, I think it's going to be a mix of both.
Right.
I think there's value in leveraging the infrastructure that's already in place.
And you said it, BBC already have a certificate.
Digimarc have one, Adobe have one.
So why don't we use that?
I think where it gets interesting is to start leveraging Web3 and dids and verifiable credentials to also allow not only big entities to sign, but also individuals to sign.
So I think the two worlds will get closer and closer to one another.
I think what's Also interesting in the crypto world is when you sign up for, let's say, a crypto exchange account, then you have a proper KYC that's put in place.
So we know that this key belongs to Victor and we have verified who Victor is.
So there's really value in being able to reuse that kind of thing.
I think we're at the beginning of this discussion and I think the next C2PA, the next iterations of C2P will really have a much more complete and complete verifiable digital signature side of things.
I expect a lot of evolutions there.
Yeah.
I mean, if you go into the web 3 like a lot of OG crypto people are obviously very much against the KYC side of crypto and says it goes against the ethos of course, of decentralized systems.
But I would love to.
Yes.
And I understand that in the crypto space, but like, if you consider VCs verifiable credentials above and beyond what we can do with crypto today, and if you consider them in frame of C2PA, there's a real value in actually identifying people.
Right.
And in being able to tie these keys to people.
If you want to, if you want to own an asset that you created, well, then at some point you need to disclose your identity.
Right.
Well, I mean, I'm just thinking from the artist.
Right.
Banksy springs to mind, obviously, as anonymous artist that has a very big public Persona despite not being a famous person.
I, I don't know enough about the art world, but definitely in the web3nft world there are plenty of anonymous artists that would leverage from something similar to this, where you can say, and they obviously, with NFTs obviously already tied to a cryptographic wallet that may or may not be as part of a, an exchange.
So I guess there is an argument for having them both, I guess, because I definitely think there's an argument for having decentralized identity as well.
Yeah.
But yeah, I think if you take the NFT space and you're the Bored Apes team, then there's a way to know that the key that creates an NFT asset really belong to the Bored Apes.
Right.
So we need something similar here.
It's not necessarily identifying you as an individual and allowing people to track you, but it's really, we need to be able to trust these keys and know that they tie back to the original artist.
Absolutely.
And I mean, identity is kind of one of the core parts of Web3 and crypto in general.
And it's an age old problem that hasn't quite been solved because the problem with identity is that you can't both have it decentralized and centralized simultaneously.
And that's.
And to make it accessible to the average user, it kind of needs to be centralized with a recovery process, which kind of goes against the ethos.
Right.
But I'm curious about if we can zoom in a bit on verifiable credentials and how that ties into Web3, because obviously you've been involved with that as well to some extent.
Because my understanding is they have multiple signing processes.
Right.
Both.
It can be x509, but it can also be on the blockchain.
Do you want to say a few words on that?
Because I'm curious about how that looks and it's shaped up or structured.
Yeah.
I'm not a specialist of verifiable credentials.
I've been a user of VERIFYR credentials in several of the pilots that we've been running, but I wasn't part of the standard process.
Just as a disclaimer.
Sure.
And far more next but than me.
Yeah, well, I don't know about that.
But yeah, again, the idea of verifiable credentials is that you have a did so you have a decentralized identity which is essentially a private public key pair and then you have verifiable claims or claims that you want to be able to sign with this signature.
One example could be, well, Victor has done a KYC and Company X made the kyc and we are saying now on the blockchain that this key belongs to Victor and Victor was verified and that would basically verify that claim.
And you have all kinds of ways of generating the signatures.
You also have all kinds of ways of verifying them and all of that is basically described in the standard and so can work in an automated way ultimately.
And I guess that's relevant because it's tying into.
If C2PA becomes kind of part of verified credentials and that is the identity side of it.
These are super relevant elements, I guess to it.
Cool.
Let's do a quick show and tell on how this actually works because I know you have.
You want to showcase your new Chrome extension that Digimarch just released.
So I would love to see how this actually works end to end and perhaps do the stripping off this recovery process and we can talk to what actually happens behind the scenes.
Yeah, let's do that.
So I'll share another screen here.
So yeah, I can show you a couple of things.
We have basically launched this content credential extension that you can now download from the Chrome Store.
And the idea was just when we started playing with C2PA, we felt like there was a lack of a independent way of verifying and displaying the C2PA manifest of the content credentials.
Because if you go on a site.
Let me just turn this off.
But if you go on.
Trupik is one of the big actors also behind the C2PA standard, and you go on their site, you have great examples of C2PA manifest right here on the images.
Now, the problem I have with that is that the way it works currently is that they basically embed the JavaScript verification library themselves.
So if you actually are a malicious actor, then it becomes pretty easy to fool your audience by simply, you know, faking it here.
Right, because you embed it.
So we felt that was a limitation.
And also that generally the idea of every site must embed the whole C2PA verification and displaying functionality didn't really make sense.
And I mean, it's a bootstrap, right?
Everyone knows that's the way to get started.
But that's why we thought, hey, there's a need for making your browser the one that verifies and displays content credentials.
And that's where the extension enters the game.
And now, so if I turn it on and I go, say on the Digimarc blog, and I take, for instance, this blog post, then I'll see that I start to have little CR icons appearing on the images.
And that's basically what the plugin does.
The plugin basically looks for images that you're looking at and then checks if they have a manifest.
If they have no manifest, it does nothing.
But if they have a manifest, it verifies it.
So it verifies all the signatures using the process that's described in the standard, and then it displays it.
Right, so you can see the producer there.
So how would these.
How will these generate these images?
Because are these with Photoshop or how do we actually.
Well, what do you think?
I mean, one of them is generated by AI, the other one not.
Right.
So one of them is.
One of them is an AI generated image, I presume, and one is a photo.
Yeah, exactly.
Which one is which?
Well, that's actually very difficult in this day and age.
Until I would imagine the top one might be a photo and the bottom one might be AI.
You're good.
You're good.
Usually people say the opposite, actually, but yeah, you're good.
This one was generated, this one I took last winter.
Oh, wow.
And this One, Yeah.
Was basically produced by me in that case.
And this one was generated by AI trained using the original image here.
That's why the mountains look pretty similar.
But, yeah, and so you can see directly the tool here helps you distinguish what was generated by AI and what.
What wasn't.
So you have the mention here.
And this was signed by digimarc then, right?
Yeah, in this case, it was signed by digimarc.
And you can also have an independent audit of the image.
If you click on View more, then that drives you to contentcredentials.org where you have a verification tool and you can see all about the image and its provenance.
So this is essentially what the tool allows you to do.
Okay, so let's.
Yeah.
Do you want to show me, like, there was a really cool example on your blog where you stripped and recovered metadata.
Is that something that is possible to showcase or is that something.
Yeah, exactly.
So we actually have designed a little tool here.
I mean, that's not generally available to the public yet, but it's a demonstration tool that we use that basically integrates our Digimark validate technology with the C2PA standard.
And we used this as a showcase when we started Talking to the C2PA crew about watermarking.
So here, what you can do is you can basically upload an image and I'll upload.
Domad Mountaineering.
Yes, exactly.
It's actually one of the highest mountains I climbed.
So I'm showing off my watch here.
Look at that.
That had the altitude.
So basically here we're checking everything about the image.
We're creating a manifest, because he didn't have one before.
I actually signed into the tool with my.
With my wallet.
Okay, and by wallet, you mean your.
Your crypto wallet or.
Yeah, with my crypto wallet.
Okay, so integrate with MetaMask or something like that or.
Yeah, well, actually I can show you.
That if you want, but, yeah, that'd be cool.
It's a demo tool, so it's not, by far, not bone proof in terms of security.
Just a disclaimer.
Fair enough.
Yeah.
So here I'm registering and then it's asking me whether I want to link a wallet.
Yep.
So I.
I will link it here.
Right.
And now I can start the process again.
And now MetaMask will be used to sign the transactions as well.
So you.
So digimarc doesn't actually.
Well, actually.
So when you actually sign it now, do you have to sign it using your wallet then, or would it sign using some kind of halfway bridge tool?
Yeah, so it's actually a mix of both.
Right.
Because of the current state of the C2P standard.
So we'll use a Digimark certificate to sign the manifest, but there's also then a verifiable credential that's going to be embedded in the manifest, and that's using then my wallet.
My private.
All right, so digimarch digimark signs it, but in the signature, it points to the fact that it was signed by your wallet or engage, like, engaged by you with your wallet.
Yeah.
Except right now, these two things are separated and manifest.
So you don't have a strong link between the two, but that's the kind of things that are being worked on.
Right.
So in the long run, you would essentially sign this, would say metamask directly.
Yeah, yeah, got it.
Right.
So next I'm basically gonna.
The tool is gonna add a manifest, but it's also then gonna generate a.
A watermark and add the watermark to the image and then tie the two.
The two togethers.
And here you can see that.
Yeah, I'm basically creating a verifiable credential that I'm signing with my key here.
So metamask popped up and now I can sign it, and it's adding the watermark to the image.
And then I'll be able to show you that the image now contains a.
So I can download the image and it now contains a manifest.
And visually, it obviously, because it's XIM data, it is not visible to the eye.
Yeah, well, yeah, so it contains now an EXIF manifest where you have the C2PA content credential, but it also contains a watermark.
Now, being able to see a digimarc watermark is tough.
Right.
You need a lot of training.
So it's really imperceptible, but it's not invisible.
Right.
But it's just very hard to see.
So now, yeah, I can do.
Can use the CTP toolchain to basically get the manifest that's attached to this image, and that's a rendering of the manifest as JSON.
And you can see there are loads of things in there, right?
Yeah.
Like the different signatures, the different claims, different modifications that were applied.
For instance, the fact the watermark was applied is tracked.
And this is what we're working on in the standard.
In making these actions.
Standard actions.
And if I was making any modification to the image, like, I don't know, cropping it or adding something else to the image, this would all be logged in the C2Pmanifest.
Okay.
So that assuming you're using a tool that maintains.
Yeah, yeah.
Okay.
So if you use Photoshop, for instance, it will retain that data.
So if I edit this image in Photoshop, I'll have additional actions that are being applied that correspond to the modifications that I made.
So how.
I mean, obviously I think it's kind of trivial, but how much space does this add?
Because it's quite a few bytes, I presume, but it's, I guess, trivial in the grand scheme of things.
Yeah, I mean, it could become big.
Like if there are lots of modifications of the image.
Yeah, it could become significant.
It's not stored as JSON.
Right.
So it stores in the, in the headers in a much more optimized way.
Yeah.
And yeah, so, but yeah, it could be significant.
Does it really matter nowadays?
I'm not entirely sure it does.
Probably not.
It's not going to be gigabytes of data.
Right, right.
But it could be like a percent off the image size in metadata or few percentages.
Well, to make this not too big, it's using the CBOR format, which is kind of an alternative to JSON that's much more compressed.
So that's the actual format that's that used there.
Okay.
But back to our example.
Now what I can do is basically I can simulate being an attacker and just go on any tool here and take the file and remove the headers.
Now again, I don't even need to be an attacker, Right.
I could basically upload this image to Twitter, to X or Facebook and it would remove the manifest.
But here, just for the sake of example, I just took an online tool, right?
And now I have this other image.
So if I go here and now I look at the tool on that new image, then it tells me There are no C2Pmanifest.
Right.
Right.
But if I go back to our tool and I go on the verify side of our tool and I take.
This image, you see, the rotation was lost as well because you stripped the EXIF data.
Yeah, yeah, that's a good point actually.
Yeah.
Right.
And here it gets spotted.
Right.
So this is basically the crux of the strength of watermarks that the strengths watermarks add to.
So this image did have a watermark as part of it.
It is not just EXIF data.
Okay, yeah, exactly.
We watermarked it when we did the protect step, we basically watermarked it.
We created the manifest and watermarked it through digimarc validates watermarks.
Right.
And if you had only used the non watermark approach, I guess you would not.
Would have you be able to restore it the same way?
No.
Basically, if I don't watermark it and I verify, then it's going to tell me it knows nothing about this image.
So even if you haven't altered it based on the hash, that it would not have been able to look it up reverse.
Look that up on the image without the watermark with only.
Well, no.
If you had a soft binding, like a perceptual hash, and then you were querying the right repository, then it would tell you, potentially if you made no modification, then the soft binding should work.
If you made no modification, even a hard binding would work like an actual hash.
But there's a problem with that, which is who do you ask?
Right.
Because the idea is that, yeah, not all images will be in a central place.
Right.
And not all manifests will be centralized.
So without the watermark, there's a real problem of knowing which repository do you ask for manifests when you don't have a manifest?
Of course.
And with the Chrome extension, if you were to say, browse a website that has this image with the EXIF data stripped, would it be able to say, actually this should be attributed to this person?
I mean, essentially you would be ddosing, essentially digimarc servers as you were browsing the Internet, I guess.
But I'm curious if that would be like a reverse lookup.
So you could say, actually this is stolen from there.
Or in the case of stock image.
Yeah, well, I'd say if you don't have a watermark, you'll be DDOSing the manifest repository.
But if you don't have a watermark, in theory, not.
Right.
Because you will only check when you see the watermark.
So as watermarks become widespread, that's a clear signal of, well, this image had a manifest and here's the watermark vendor, so you should go and query their repository.
No, I meant more in the case.
Let's say you upload this image to Twitter strips the EXIF data.
We would not pick up that it is a verified image.
Right.
Because that would be an interesting feature to have for, say, Twitter, where you actually can traverse back and say this is actually the real image.
Yeah.
So this, in theory, the extension could do that.
Right.
I mean, we created the extension to be 100% standard compliant.
So currently it doesn't include a watermark because it's not yet part of the standard.
But the next version of the extension, we will basically look for watermarks, look for Digital validate watermarks.
And we will then reconcile the watermark with the manifest on the fly.
When there is a watermark.
Right.
So we could start doing what you said, right.
Like if there's no manifest but the watermark is still there, we could tell you.
Well, we could tell you something similar to what's here.
Right.
That was your original image.
Exactly.
That's the image you uploaded.
But we have this image that the watermark point us pointed us to with this manifest.
Yeah, exactly.
And.
All right, so we're getting to the kind of like our scheduled time for the show.
So let's start.
I would love to start wrapping things here and move forward to kind of like, where are the next steps?
Where can people learn more?
And it's been super interesting to myself as well.
And I'm just curious, where can we learn more about this stuff?
How?
Well, they find the Chrome extension.
What do you want to do a shout out about with regards to ctpa?
Yeah.
So where can you learn more about it?
Well, you have the ctp.org site where you can see the technical specification.
You have the Content Authenticity Initiative site.
That's basically the organization that predated the C2PA standard.
You have content credentials.org which is a site that shows to everyone what content credentials are.
If you want to look at the Chrome extension, well, you can just search for C2P on Chrome.
And it's the only extension.
It was the first one that digimarc released.
And then, yeah, follow Firefox.
Type Shakovic.
Yeah, I know you're a Firefox fanboy, so we'll see if we can do that as well.
And yeah, then, yeah, follow Digimarc for developments in terms of watermark and C2PA.
That's really what we're at the forefront of.
And we'll post news on that.
Amazing.
Thank you so much for coming on the show, Dom.
This has been a real pleasure to learn more about this stuff.
I know you've been super excited and telling me about this for last year or so, and I'm super excited to see do a bit of show and tell this.
So thank you so much, Dom, and have a good one.
Cheers.
Thank you very much, Victor.
Bye.
Found an error or typo? File PR against this file or the transcript.