I was thinking about how hard it is to accurately determine whether a screenshot posted online is real or not. I’m thinking there could be an option in the browser to take a “secure screenshot”, which would tag the screenshot with the date, url, and whether the page was modified on your computer. It could then hash both the tag and the image data and automatically upload this hash to some secure server somehow. There would need to be a way to guarantee that only the browser could do this, or at least some way to tell exactly what the source was. I’m not much of a cryptography person, but I would be surprised if it isn’t possible to do this. Then, you could check if the screenshot you see is legitimate by seeing if it’s hash exists in the list of real hashes.

  • AbouBenAdhem@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    20 hours ago

    The more basic question is, why are you regarding the web browser as the “source” of an image that needs to be verified? Anyone could make a fake website with fake images, in which case the web browser confirming that the screenshots of the site are “real” would be meaningless.

    If the web page is (say) photos taken at an event, a better solution would be to have the original photographer post hashes of the photos at the time they’re taken (or have a camera that does this automatically).

    • AdrianTheFrog@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      1
      ·
      20 hours ago

      That’s why having the URL as part of the hash is important. I’m thinking less for real photos and more for ‘screenshot of a deleted tweet’ sort of things.

      What got me thinking about this actually was whether there would be a way to verify which screenshots of the Google search AI are real and which are fake.

      • AbouBenAdhem@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        edit-2
        19 hours ago

        If you’re on your own network with your own DNS servers, you can make the real URLs point to your fake site.

        But if the connection was over SSL/TLS, you could capture the web packet data before your browser decrypts it—then anyone could re-decrypt a copy of the data with the site’s public key to verify the source.