Why? Don’t do this. Society is built on an implicit assumption of trust. You will erode the foundation that enables any success you might have in the short term.
IMHO you cannot base your trust on something that is so easy to work around.
Trust should be between people, not a person and some data.
So showing how easy to generate "false" data, this makes it more obvious for people focus on other people. Trusting people makes life much easier in my experience, while focusing on data, again in my experience, is a game of cat and mouse.
> Trusting people makes life much easier in my experience
Sure, but how do you apply that to a society at large where powerful people are interested in making everybody distrust all reliable sources of information?
AI watermarks are no panacea, but at least they are a clear signal of what not to trust.
The Kentucky primary had $1.7 million spent on deepfake political ads which were seen 49 million times. Don't know how much it effected the result, but it's not a good sign of where things are headed.
Information is default low-trust unless you have reason to extend trust to the source and that's been the case for thousands of years, if not the entirety of human existence.
We now have the tools to increase trust in specific information, for example: by signing images that need high trust for things like news reporting using camera hardware root of trust with time and geo stamping. If signatures are removed, that's back to a default low-trust state.
It is best not to extend blanket trust to a specific source at all.
That is how we ended up with the situation where "reputed" media organizations peddle daily lies or selective truths that are useful to their benefactors.
The distortion is shockingly visible in images. Especially with any amount of generational iteration https://streamable.com/9x3s4r
That said, this tool is incredibly lossy, garbling text, completely changing shapes. It also fails to remove the new gemini spark / placement that moved since yesterday.
How is a hidden watermark that only police and providers can read better than a hidden watermark that the people can also read if they go out of their way to setup some project like this? Also your argument makes zero sense because bad guys will do this anyway. At least there's also an open source project for normal people, and it's interesting from a stenography standpoint.
Watermarks exists to create a chain of custody or attribution that can be used to establish culpability. Just like the government requires printer companies to add a dot matrix watermark to printed pages to prevent currency forgery.
Making untraceable assets means parties can’t be held liable for harms.
Just because a bad actor might poison a toddler doesn’t mean you should sell them the arsenic.
Just because the effects of arsenic on the neurons of a brain are interesting means you should feed them to a toddler and watch the effects unfold.
I support the legal freedom to pursue any idea, but we should also mentor our colleagues about the consequences of our projects and avoid unnecessary harm.
There's an underappreciated comment in the other thread about SynthID and OpenAI [0] that captures what (IMO) the hacker ethos on this should be. We care about privacy, we should not accept tools that barcode our every digital move. (note that the counter of "well, they don't do that yet" is not particularly convincing)
Building a tool that tries (and probably fails) to remove the watermark (due to the arms race that large corporate machines will win) is tacitly accepting the barcode. The hacker ethos should be, first and foremost, to run open source models locally without relying on a corporation.
>due to the arms race that large corporate machines will win
Much like how the entirety of Hollywood, book publishers, academic publishers, and game developers have won against piracy despite being some of the largest corps on earth and dedicating untold billions to the issue over the past 30 years?
They didn’t win because of DRM. They won because of the regulations that grant a monopoly for a specific term in the form of a copyright. Society has recognized that incentivizing creative acts requires a temporary grant of monopoly to ensure the necessary scarcity to make money and recover the costs of creation. The real problem is Disney keeps expanding that time period so things never enter the public domain
By the time you're building (or buying) the necessary highly esoteric and expensive ultracentrifuge setup I think you would be well outside the realm of "hobbyist" unless someone insists on the most unreasonably pedantic definition for the term.
Unless we're only considering final assembly. Just gotta get that weapons grade fissile material supplier lined up. That might or might not qualify as rich hobbyist territory depending on how high a price tag is permissible.
In theory, there's also direct laser-based isotope separation. It's a technology that is being actively suppressed, and that's one case where I very much in favor of that.
This subthread starts off with the argument that the big corps will never beat the little determined hackers, one of the founding myths of the early internet. And then every now and then a strong little branch of the argument runs up against an example and it becomes well sure, the little hobbyist hackers don't have anything there but that is because the big corps/gov/billionaires/whatever put so much into beating them.
I mean reading it all certainly sounds like the people on the little guy's side are overestimating the value of pluck, an observation Hollywood generally makes just before the heroes with pluck win for ever!
Yes. Winning against piracy doesn't mean you completely eliminate piracy. It means you scare enough people into not doing it and make it a bit harder to do for others.
Losing to piracy would see companies like Netflix and Spotify not thriving.
> It means you scare enough people into not doing it and make it a bit harder to do for others.
By which definition they utterly failed.
> Losing to piracy would see companies like Netflix and Spotify not thriving.
Not at all. Netflix and Spotify do well because they are a good value proposition for the average customer. Piracy is free at point of "purchase" but is (and always has been) expensive in terms of various sorts of overhead.
As long as enough people keep the pirate bays open, it will be there as an alternative when the services start their inevitable enshittification.
I for one do not enjoy the “Which service has the classic film I wanted to watch this week?” Nor having to switch services every time I want to see a new TV series.
We need (and have!) similar “free” alternatives to the watermarked generative services. Just like I hate the yellow dots on my printed images, I am not happy to have my creative assets (I do nothing nefarious) stained with SynthID.
It's already possible to lie with text. Pixels are pixels. If we can't blindly believe pixels to show the truth, we will be simply back to the pre-photography era which managed to have a concept of truth regardless.
Fair enough. While I would kind of wish AI could be reliably detected, deep down I know this is impossible and it would be pretty bad if we had, say, a prosecution that succeeded because "this 'provably-non-AI' photo places you at the scene of the crime" because only a few underground people know how to remove a watermark.
I also wonder if being able to prove that an image or video isn’t AI generated would lend credence to it, while in reality there are other methods to produce falsified video.
What stops someone from adding a watermark to an actually photographed (carefully framed?) picture to discredit it? There is no certainty either way, just suggestions from someone else about what the truth might be.
The concept of truth? A bit overblown don't you think? Because some guy can make a realistic looking fake videos that destroys the "concept" of truth? How?
Stalin had all the resources imaginables at his disposal.
Now Nancy, a tech-phobic waitress who has a grudge against her coworker can make up an entire scenario with one prompt and her colleagues might blindly believe her.
Let's not pretend they're the same thing.
Gen AI is inevitable. Watermarking is likely futile. But in my opinion it is still very important to discuss how, as a society, we're going to live in a post-truth world now that anybody can, IN SECONDS, not only fabricate a story but also spread it to thousands of people through their social media.
When that idea was originated, the advice was more like:
"Don't trust what you see on the Internet. Trust instead what you read in a reputable daily newspaper, or Peter Jennings or Tom Brokaw on the nightly news, or BBC World News."
Today, the Internet, especially the part which is not trustable, has nearly finished killing most of the "trustworthy" news sources, by outcompeting them for ad dollars - by being way better at targeting ads (e.g. Meta) and by scientifically perfecting addiction (e.g. TikTok). What remains is mostly controlled by governments and has far from a perfect record of being fact-based and impartial.[1] There are a ton of independent people out there in good faith posting facts on the Internet, but we just agreed that we shouldn't trust what we see on the Internet.
So doesn't this become "Don't trust anything"? And doesn't that, in practice, get implemented as "Don't trust anything that challenges what you believe to be true"? This feels like a really, really bad change to our society - and I'd argue it's already completely happened.
This isn't just ads, trust in the mainstream media, itself, is very low [1], deservedly so in my opinion. The continuous lies by omission, the outright incorrect headlines/articles that they edit after a day, the lock-step messaging, alignment, and avoidance of topics, pushed by their respective political parties/billionaire owners (6 companies own 90% of media [2]), made me switch to more independent journalists.
Adequately implementing solves one problem (the making up a story because of a grudge), but creates a whole new set of likely much worse problems: how does one maintain a democracy / civil society? It's not just the trust of "social media" that you've eroded, you've almost certainly killed trust in traditional news reporting as well, especially considering just how much of traditional media is discovered via social media.
Effective democracy requires an informed voter base. Society requires its constituents to be invested in its continuity. Neither of those is achievable when we completely discard trust.
Yes, it's happened. Except a lot of people do have an exception - they'll trust the slop that reinforces their existing biases, or even if they know in their hearts it's not true, viewing their side's lies regularly still has an effect on the way they think.
Good point. Sometimes I wonder if social media, just almost every aspect of it, is the real cancer. Allowing just about anyone (globally) to anonymously deploy information warfare via the social media vector just seems bound to have horrible outcomes. It's just as bad with text as with images or video. Because of social media, we've trained at least 3 separate generations to self-sort into camps with customized ideological info sources that have incredibly-low standards for fact-checking and every incentive to tell their audience (1) exactly what they want and (2) whatever will enrage them most.
AI kind of makes this worse, but also only barely. Because most people really ought to know by now that almost any content could be AI, a video of, say, Trump kicking a baby or violating a goat wouldn't convince anyone that those acts happened (unless they already believed they happened).
Thing is, we're so flooded in biased BS, and no one has any incentive to produce non-sensational, factual news. I absolutely see 'post-truth' as the inevitability. You can't "weed a garden" when it is 100% weeds. The term "news" will cease to mean facts, and just become a branch of entertainment. Kind of the way "Reality TV" went from being supposedly a documentary (e.g. COPS) to just being a flavor of entertainment, where nothing needs to be real.
Why are humans powerless to do anything about this? Aren't we making the technology? It's kind of a big problem for the future of the justice system and politics.
I'm pretty sure watermarking is (or soon will be) a requirement for AI generated images in software used in the EU, as part of their regulations for AI transparency.
If i had a dollar for every time an American cried about literally any non-US jurisdiction having an iota of effect on them I could quit my job and leave this terrible website forever.
If I had a dollar for every regulation to come out of Brussels serving no purpose other than to extract money or exert control over American companies because they have no relevant competitors to worry about impacting in the EU I could do the same.
Its what happens when people in power are paranoid dark-triad types and want to be able to catch anyone who threatens their power and stick it to them..
It already happened with Trump claiming any unfavorable content of his administration is "AI-generated" as a defense to dismiss real, unedited media. He literally said, “If something happens that’s really bad, maybe I’ll have to just blame AI.”
ie the video of garbage being thrown out the windows that his team already confirmed was real:
Maybe we do care about truth, freedom and privacy but the majority of rest of society will happily accept any T&Cs just to get access to whatever the next digital sliced pan is and as for truth and accountability, if they were two sides of the same coin on the ground people wouldn't bend down to pick it up as possesing it looks too much like responsibility and inconvenience.
The watermarking should be on those things we want to verify as something that was not generated or manipulated. Something you'd add to, for instance, cameras. Putting them on the generated/manipulated is backwards as you can never get every model to watermark.
That model is equally bad though. Given that you're writing this in a discussion about gen AI watermarks, how in the world did you come up with the idea that Gen AI wouldn't be able to add a watermark?
The human ethos should be to never be misleading about the origin and truth of any content you create, forward, or pass on. If we care about honesty we should jail anyone who does so.
That's not what the previous comment is referring to. They're referring to false positives, i.e "Gemini did not generate this (or process it) yet it says SynthID confirmed"
So imagine the damage you could do to an artist by having Gemini flag it then saying “see here’s the proof they’re using AI art!” That person would get eaten alive.
You can count on them doing it in a way that's economical for them. It's how email spam filters and ad blockers work. Sure somebody will always find a way to bypass it, and that's the arms race. A filter with zero false positives that removes 80% of slop is pretty darn good though.
Are markers being removed here the same or similar to ones tools might add if you use an AI tool just to edit a photo? like a more complicated object removal in a photo editor?
I find the casual malevolence of this kind of thing breathtaking. Every time someone raises potential issues with AI misuse, they're dismissed as fear-mongering while a host of people immediately rush to demonstrate that not only is the fear justified, it's gleefully anticipated under the vaguest colour of lofty ideals.
People want to dismiss the potential harms of deepfakes while also excitedly releasing the deepfake-hider-3000 and saying they just really, really care about privacy (for people who make deepfakes).
Didn't work at all for me. Hive Moderation still shows "gemini3: 99.9%". Tried their online version and it went from gemini3: 99.9% to midjourney: 64.7% + stablediffusionxl: 16.1%.
This is a bit misleading as for Gemini it only properly removes the visible watermark. To remove SynthID it has to regenerate the image at low noise with SDXL, which will likely destroy a lot of small details, plus won't work for higher res properly (NB2 and GPT Image 2 support up to 4K image outputs)
Nano Banana 2 only supports 1K resolution (1024x1024) natively. Anything above that is upscaling. So this matches SDXL. GPT Image 2 does support 4k natively (but experimentally).
Where did you get that info from? According to Google's own docs as well as my own image generation tests via the API, it supports up to 4K natively for gemini-3.1-flash-image-preview (aka NB2).
It just defaults to 1K. But I didn't see anything in the docs stating that it's just a simple upscale for larger resolutions.
Yeah - if that's true then it's even worse because the output price says
$0.067 per 1K image*, $0.101 per 2K image*, and $0.151 per 4K image*.
But if all the "compute time" is spent on a 1K image and they're just passing it to a ESRGAN or other upscaling technique, then there’s literally zero reason to generate anything above 1K. Just save the money and upscale it yourself.
With the number of fine-tuned LoRAs and checkpoints - from a realism standpoint, yes SDXL is still very viable. From a prompt adherency perspective, absolutely not.
So I use a combination of Neo Forge and ComfyUI. Forge has an easier learning curve but ComfyUI gets all the new "hotness" almost immediately since there's so much custom nodes for it.
If you're on a Mac, I've heard that Draw Things is supposed to be pretty "batteries included" simple for image gen along the same lines as LM Studio.
Watermarking images generated from trained data on stolen copyrighted material, I get why so they can try to tell if something is real or not but something seems wrong
I think AI watermarks are kind of a lost cause anyway.
I'd be more interested in some kind of trusted Non-AI watermark.
This is something that could get integrated into cameras for example. However, considering how much AI-processing we already have in "normal" photos, it will be difficult to decide where to draw the line.
> Use cases where the threat model fits: You are preserving art or historical record against false-positive "AI-generated" labels.
Sorry, how does using AI to generate images have anything to do with this? Image generators cannot insert watermarks into things they did not generate, and it seems highly unlikely that you will get a false-positive watermark on human-generated art, especially if, as the readme says, these watermarks have high enough fidelity to trace to a specific session id. Plus the modifications to the image needed to erase watermarks would necessarily change the thing being "preserved."
[edit]: the more I read the more I'm convinced, the claimed use cases in the README are bullshit and the real reason is to provide a tool that helps people bypass "AI-generated" labels on social media for AI slop.
I mostly agree about the justification in the repo being wrong, but wanted to engage about this point:
> Image generators cannot insert watermarks into things they did not generate
It's actually very easy to take a real image, ask Gemini/ChatGPT to modify some tiny part of it (could be something as silly as lighting/shadow/etc), and often the resulting image will be detected by their watermarking tools. This way you can easily present any real image as AI-generated.
Ignoring that a watermark removal tool does not help with this threat model, the claim is still true: the original image can not be changed, and instead a copy is created.
So what? I can also open an image in Photoshop and make sure it saves out some Photoshop specific EXIF data and try to claim the image was doctored. What I can't do is go and put my deceptive altered file up in place of the original in all the places on the Internet it exists.
I had to think about it, how about if the claim were:
If you take a photograph that is misidentified as AI generated, you can “preserve the historical record“ by using this tool before publishing the image.
(Anyone know the false positive rate with watermark IDs, would’ve hoped it’s like zero)
Regardless of one's opinion about this particular project, it seems obvious to me that the path forward is proving authenticity of non-AI resources rather than attempting to watermark all the AI-generated ones.
Pretty hard problem to tackle when you can point an "authenticated" camera at a really nice screen and snap a 'definitely real' photo of anything a screen can display :(
Isn’t the goal only to prove that a photograph was taken with a particular camera? I don’t think you could ever prove that the subject was legitimate, as there are countless ways to misrepresent things. But in a world of AI slop, knowing a photo was taken on a real camera and wasn’t synthesized artificially is still a useful data point in determining trust.
There's probably a technical solution, such as the camera manufacturer cryptographically signing a GPS location and timestamp together with the pixels. Like all DRM it will probably be broken though, and more importantly, would anyone (even e.g. a newspaper editor) care enough to verify the signature?
watermarking only really works when the scheme is secret.
putting cyphertext in high frequency noise is old news. in generative land would be far more interesting to use the generative flexibility to encode in macrostructure.
I just saw the announcement about OpenAI or so going to use SynthID and all I thought was; what can d be read(located) can be removed. Seems the tool already exists, proving my point.
You're assigning emotions to people based on what you'd like them to feel, not on reality. For example, most americans probably don't feel shame about being american. But it's still a good decision not to go around showing off a bunch of american flags abroad, unless you want people to look at you in a certain way.