The evil maid could take a copy of a legitimate image, modify it, publish it, and say that the original image was faked. If there’s a public timestamp of the original image, just say “Oh, hackers published it before I could, but this one is definitely the original”. The map is not the territory, and the blockchain is not what actually happened.
Digital signatures and public signatures via blockchain solve nothing here.
The evil maid could take a copy of a legitimate image, modify it, publish it, and say that the original image was faked.
No she could not, the original image’s timestamp has already been published. The evil maid has no access to the published data.
“Oh, hackers published it before I could, but this one is definitely the original”
And then the evil maid is promptly laughed out of the building by everyone who actually understands how this works. Your evil maid is depending on “trust me, bro” whereas the whole point of this technology is to remove the need for that trust.
original image’s timestamp has already been published
“Oh the incorrect information was published, here’s the correct info”. Again, the map is not the territory.
the whole point of this technology is to remove the need for that trust.
And it utterly fails to achieve that here. I’ll put it another way: You have this fancy camera. You get detained by the feds for some reason. While you’re detained, they extract your private keys and publish a doctored image, purportedly from your camera. The image is used as evidence to jail you. The digital signature is valid and the public timestamp is verifiable. You later leave jail and sue to get your camera back. You then publish the original image from your camera that proves you shouldn’t have been jailed. The digital signature is valid and the public timestamp is verifiable. None of that matters, because you’re going to say “trust me, bro”. Introducing public signatures via the blockchain has accomplished absolutely nothing.
You’re trying to apply blockchain inappropriately. The one thing that publishing like this does is prove that someone knew something at that time. You can’t prove that only that person knew something. You can prove that someone had a private key at time X, but you cannot prove that nobody else had it. You can prove that someone had an image with a valid digital signature at time X, but you cannot prove that it is the unaltered original.
“Oh the incorrect information was published, here’s the correct info”. Again, the map is not the territory.
And again, your “attack” relies on the evil maid saying “just trust me bro” and people taking her word on that. The “incorrect information” is provably published before the supposed “correct information” was.
The whole point of building this stuff into the camera is so that the timestamp can be published immediately. Snap the photo and within seconds the timestamp is out there. If the photographer doesn’t have that enabled then he’s not actually using the system as designed, so he shouldn’t be surprised if it doesn’t work right. If he uses it as designed then it will work.
The one thing that publishing like this does is prove that someone knew something at that time. You can’t prove that only that person knew something.
So? That’s not the goal here.
