SoylentNews is people
SoylentNews
Scientists prove that deepfake detectors can be duped:
Universities, organizations and tech giants, such as Microsoft and Facebook, have been working on tools that can detect deepfakes in an effort to prevent their use for the spread of malicious media and misinformation. Deepfake detectors, however, can still be duped, a group of computer scientists from UC San Diego has warned. The team showed how detection tools can be fooled by inserting inputs called "adversarial examples" into every video frame at the WACV 2021 computer vision conference that took place online in January.
[...] The UC San Diego scientists found that by creating adversarial examples of the face and inserting them into every video frame, they were able to fool "state-of-the-art deepfake detectors." Further, the technique they developed works even for compressed videos and even if they had no complete access to the detector model. A bad actor coming up with the same technique could then create deepfakes that can evade even the best detection tools.
So, how can developers create detectors that can't be duped? The scientists recommend using adversary training, wherein an adaptive adversary keeps generating deepfakes that can bypass the detector while it's being trained, so that the detector can continue to improve in spotting inauthentic images.
(Score: -1, Troll) by Anonymous Coward on Tuesday February 16 2021, @02:54PM (3 children)
If you see a video of Biden saying he's not going to come for your guns, then you know it's a deepfake.
(Score: 2, Informative) by Anonymous Coward on Tuesday February 16 2021, @03:17PM (1 child)
And Trump saying he didn't bang half of Epsteins stable. Totally a deep fake.
(Score: 0) by Anonymous Coward on Thursday February 18 2021, @12:29AM
I doubt he's physically capable. Cups and steps throw him off.
(Score: 4, Informative) by meustrus on Tuesday February 16 2021, @05:52PM
- Donald Trump, Feb 28 2018 [usatoday.com]
If there isn't at least one reference or primary source, it's not +1 Informative. Maybe the underused +1 Interesting?
(Score: 4, Insightful) by DannyB on Tuesday February 16 2021, @03:24PM (5 children)
First, someone trained an AI using real images, to create deep fakes that a human could not detect.
Then, someone trained an AI using deep fakes, to distinguish deep fakes from the real thing. A deep fake detector.
Next, someone trained an AI by using that deep fake detector to create deeper fakes.
So here we are.
Prediction: someone will train an AI using those deeper fakes to detect the deeper fakes. A deeper fake detector.
Can anyone here can predict what will follow next? Raise your hand if you can.
If you eat an entire cake without cutting it, you technically only had one piece.
(Score: 3, Informative) by rigrig on Tuesday February 16 2021, @04:08PM
The AI realizes that eradicating all humans is the most efficient way to prevent deepfake detection, but a solar flare flips a goal bit and it converts the universe into paperclips [decisionproblem.com] instead?
No one remembers the singer.
(Score: 4, Insightful) by FatPhil on Tuesday February 16 2021, @04:22PM (1 child)
However, when the state of the art (in faking vids) is moved forward, eventually detection will become impossible. This is a competition with a clear eventual winner. Eventually the tells in the output will become smaller than the noise floor, and at that point the game's lost (well, won for the faker). Of course, part of that depends on the probabilities of the type-I and type-II errors (false positives and false negatives), if even one of those can be kept low enough, then there might be some use in still trying to detect the fakes, but still the faker always has the option of putting in more effort to reduce, or at least obscure, his signal.
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 2) by DannyB on Tuesday February 16 2021, @05:40PM
"But Judge! The caption on the sting web site said it was deep fake pr0n, honest! And it also said she/he was of legal age!"
If you eat an entire cake without cutting it, you technically only had one piece.
(Score: 0) by Anonymous Coward on Tuesday February 16 2021, @06:55PM
A totally easy prediction, that one.
(Score: 2) by Mykl on Wednesday February 17 2021, @12:31AM
Reminds me of The Big Hit [imdb.com].
Later in the movie, someone uses a Trace-buster-buster-buster on him
(Score: 3, Insightful) by looorg on Tuesday February 16 2021, @03:25PM (4 children)
How high is the false positive on these deepfake detectors? As in they believe or say that reality is deepfake? That would be quite a problem if the systems can't tell fact from fiction or reality from deepfake anymore.
(Score: 5, Interesting) by Tork on Tuesday February 16 2021, @04:43PM (2 children)
That might sound defeatist but I wouldn't call it that. I have a friend who does digital paintings and one of the things she does to prove her ownership of the work is she records a video of the progress of the painting as it goes along. It's easy to screen-cap something and go "i made this" but it's a lot harder to fake the in-between steps of an original art creation... oh and pulling that off fraudulently would actually be kinda neat in its own way, too. Imitation can be a form of art, too. Now that's one solution to one of a zillion problems, but the point is when we eventually do reach that point where deep fakes are totally convincing it's not necessarily a dead-end. From where I sit it's more about what we do today to limit damage in the future.
I'm not claiming I have answers to all of the problems deep fakes cause, I mean at best I'm suggesting everything's fake until it can be proved. But on the flip side if we can adapt to that it'll be a lot harder to influence people from the outside.
🏳️🌈 Proud Ally 🏳️🌈
(Score: 0) by Anonymous Coward on Wednesday February 17 2021, @04:54AM (1 child)
Whilst I agree with the thrust of what you said, the problem is way bigger then just deepfakes. Propagandists have edited videos since the technology existed to convince people of things that are not true. And they are easily convinced, particularly when the message matches their preconceived biases. I've even seen links to these sorts of video posted here. Getting people to be a bit more critical of the media they consume is a noble goal, but a very difficult thing to achieve. I think maybe people are just wired to assume that if they see something it must be true.
(Score: 2) by Tork on Wednesday February 17 2021, @04:57PM
🏳️🌈 Proud Ally 🏳️🌈
(Score: 1, Touché) by Anonymous Coward on Tuesday February 16 2021, @07:01PM
A censorship system is all about quiet removal of problems.
Tell me, Mr. Anderson, what good is a phone call when you are unable to speak?
(Score: 2) by RedGreen on Tuesday February 16 2021, @03:56PM
From the No Shit Sherlock department once again, I just commented on another story elsewhere about this very thing, the blindingly obvious being presented as "news". Who would have every thought, a system developed by an imperfect being could be beaten and the arrogance of thinking it can be done to start with, the creation of an unbeatable system ...
"I modded down, down, down, and the flames went higher." -- Sven Olsen
(Score: 0) by Anonymous Coward on Tuesday February 16 2021, @05:17PM (8 children)
Let's build an internet that can't be censored
(Score: 2) by DannyB on Tuesday February 16 2021, @05:56PM (7 children)
Let's let those who spend money to build their portions of the internet have their own policies on just how far things can go before they decide to say: no more, not here.
Imagine the gall of a property owner allowing members of the public to have a party on a certain field, and then having to tell a few people their behavior is unacceptable and intolerable and they must leave. The ignorance of that property owner. He censored their free speech and free expression!
I think that "big tech" had been incredibly lenient for way too long. Especially Twitter. But finally, eventually Twitter had enough and said no more. So there was Parler. The behavior of their "guests" was so bad that Amazon had to pull the plug. At the time I had said that Parler is free to build their own infrastructure at their own expense, or find someone else willing to host them. And they apparently have. It seems things are working as they should be.
(just a thought: if your message is so repulsive, so repugnant, so outrageously offensive to the sensibilities of most people that you cannot even find an infrastructure provider (looking at you too 8chan!), then maybe you should step back and reconsider some things? Just a thought. Not a demand.)
Free speech is not free of consequences. Nobody is forced to listen to your free speech. Nobody is forced to host it on their property. Go ahead and shout fire in a crowded theater -- there will be consequences.
If you eat an entire cake without cutting it, you technically only had one piece.
(Score: 0) by Anonymous Coward on Tuesday February 16 2021, @07:11PM (3 children)
Imagine a property owner buying a nice law that bars any commoner from competing.
No, wait, you do not need imagining, you can google for those!
https://ilsr.org/preemption-detente-municipal-broadband-networks-face-barriers-in-19-states/ [ilsr.org]
https://en.wikipedia.org/wiki/Software_patent [wikipedia.org]
Is surrendering your honesty a requirement for joining your Party, or must you be born without one, comrade?
(Score: 2) by DannyB on Tuesday February 16 2021, @08:03PM (2 children)
Municipal broadband is irrelevant to what we were discussing about properties such as Facebook or Twitter.
Software patents might be relevant if your server uses some technique that someone has patented, and they can prove you are using their patented technique. Software patents are evil. But they are also a two edged sword. More often it is a small patent troll who sues a big successful company for shakedown money over some ridiculous software patent.
Both of these points you raise are simply distractions to chase off into the weeds in some other direction than what we were talking about.
A property owner not being able to kick someone off for outrageous bad behavior.
If you eat an entire cake without cutting it, you technically only had one piece.
(Score: 0) by Anonymous Coward on Tuesday February 16 2021, @09:36PM (1 child)
The usual state of affairs in Europe is that you cannot evict a tenant on your whim, you need to go to court. Do you want to argue we here do not own real property?
If your government allows your monopolies to use unconscionable contracts, it is not something you should be flaunting before civilized people.
(Score: 2) by DannyB on Wednesday February 17 2021, @03:03PM
So we who post on SN are tenants now and have rights against SN? I'll call my lawyer immediately!
I know you are fishing for something, but keep trying.
Do you mean posters to SN own real property by posting?
Or do you mean SN owns real property by operating a site that others can post on? I would tend to agree with that argument. A web site, whether SN or Facebook or Twitter did invest in building up its property. The New York Times website is also a property. Analogies to land owners are a good fit. Just like you can kick someone out of your house an off your property. (You kids get off my lawn!)
I'll use an anti-mask example. RWNJ says: OMG they were arrested and tazed and fined for not wearing a mask! No. They were asked to leave for not wearing a mask. They escalated things by not leaving which is now criminal trespass. They were arrested for criminal trespass. But they decided to escalate things by resisting arrest. Now they have another charge, and they got tazed. But wearing a mask is not a law! No, and vomiting and defecating in all aisles of the store may not be against the law either. But owner can ask you to leave if you do so.
Similarly the owner of a web site can ask you to leave, or effectively ban you. You can always go build your own. Nobody is stopping you. But play the victim. But I would have to do actual work to build a similar property, it's so unfair!
So is SN an monopoly? Is Twitter a monopoly? (But then ... Parler!) Is Wikipedia a monopoly? (But then ... Conservapedia!)
It is amazing how people will defend property owners but then not defend major online properties which are the product of significant investment and effort to develop.
If you eat an entire cake without cutting it, you technically only had one piece.
(Score: 2) by slinches on Tuesday February 16 2021, @09:19PM (1 child)
I would agree with you if the internet was like the real world and there were public rights of way and town squares where free speech is legally enforced. However, that isn't the case. It's just layers of privately owned spaces where the platform owners invite people to speak to each other. They have successfully gathered much of the worlds communications and that success is allowing these companies to control global discourse and manipulate public perception for their own benefit. That is not in the public's best interest.
I am typically in favor of libertarian style small government, but this is one of the times where we need government to be a check on the power that individuals or companies are allowed to wield over the fundamental rights of the general populace.
(Score: 0) by Anonymous Coward on Wednesday February 17 2021, @06:11PM
Those companies don't "control" anything. This isn't like broadcast TV with limited resources and heavy bureaucratic overhead on the transmitter. Facebook cannot stop you from competing. If they can or do, then you have case.
Tell you what, let's make it easy and just use eminent domain on anything with more than 67% of the market share.
(Score: 0) by Anonymous Coward on Wednesday February 17 2021, @06:21PM
We have to force the internet open to any host, anywhere, with a government takeover of the wire if needed. We have a right to connect by whatever means necessary
(Score: -1, Redundant) by Anonymous Coward on Tuesday February 16 2021, @06:26PM (2 children)
Deepfakes are only a problem for the obvious stupid people that believe anything they are told. Such as disciples of idiotic AOC, hypnotized zealots of CNN and their greenscreened 'live on the scene' videos, those omega-males who spend $100 for a bottle of some onlyfans girl's dirty bathwater, or the 'she posted this so it must be true why would she lie?' indoctrinated twitter terrorists?
Deepfakes are easy to spot as their quality ranges from awfully bad an noticeably fake, to others that are quite good but they don't look quite right and seem just a little off.
The people that claim how deepfakes are bad are just turning them yet another nonexistent boogyman for those same people to blame others for their past and present bad life, lifestyle, educational, societal,and behavioral choices.
(Score: 0) by Anonymous Coward on Tuesday February 16 2021, @07:10PM
Can someone run a turing test on the above AC? Sounds like a bot.
(Score: 0) by Anonymous Coward on Tuesday February 16 2021, @08:27PM
FTFY. Don't make me have to do it again!!
(Score: 0) by Anonymous Coward on Tuesday February 16 2021, @09:22PM
I'm not sure why this is an article, because "proved" is a very strong word. It's like saying we have "cured cancer" when we found the HPV vaccine... kind of true, but a much larger statement than at hand.
As for deep fakes and detection, it's an inherently adversarial relationship where both sides use the other. The best deep-fake generating algorithms will use the detection algorithms as input to avoid being detected, and the detection algorithms will use the generating algorithms to try to find what to look for. It's not unlike virus/anti-virus, or indeed physical weapons and armor in terms of battle and warfare.
I personally "believe" that in the end that the generators will win out over detection, but that's a matter of faith rather than logic or evidence. Regardless, given how long the ongoing virus/anti-virus thing has been going on, there is no reason to think a perfect-generator will appear in the near future.
(On the other hand, considering how "immune to evidence and reality" some people and groups have proven to be in recent history, that may not matter. Even an obvious fake is good enough for people who "want to believe.")