This all appears to be based on the user agent, so wouldn’t that mean that bad-faith scrapers could just declare themselves to be typical search engine user agent?

I’ve been thinking about setting up Anubis to protect my blog from AI scrapers, but I’m not clear on whether this would also block search engines. It would, wouldn’t it?

I have much the same:

• Files on the network with NFS
• Kodi on an old laptop under the TV so we can watch said files.
• Syncthing on our phones and laptops to pull films from there onto that file server.

The only difference is that I’m using a Synology 'cause I have 15TB and don’t know how to do RAID myself, let alone how to do it with an old laptop. I can’t really recommend a Synology though. It’s got too many useless add-ons and simple tools like rsync never work properly with it.

Yeah this was a deal-breaker for me too.

That was fantastically insightful.

Yes. Tailscale is surprisingly simple.

# systemctl start tailscale
# tailscale up

It’s funny, I flocked to Steam because I was under the impression that I was owning the games. While other companies were trying to get me to sign onto their “play everything” subscriptions and Google had their “Stadia” (remember them?), Steam let me download the game and install it on my (Linux!) computer with no license key checks, working offline etc. etc. I feel like the assumption that I was in fact buying my games, rather than a license to play them when Steam saw fit was a reasonable one. This discovery was quite enraging.

Yeah I’ve not looked into that before, but I’ll check it out. I just want to keep the flexibility of the Deck: scoop it out of the TV and hop on the train. If I then have to go through a painful process of switching from family mode to “just let me play my games” mode, I’ll still probably be annoyed, but I’ll give it a try.

Yeah I’ve recently started tinkering with GOG in part due to this issue. I’m using Lutris in Linux rather than Heroic. I’m not sure if there’s a benefit to one over the other, but either way the size of the library of available games is quite small by comparison and of course I have lots of games trapped in Steam now.

Thanks, I’ll look into that.

Absolutely. This is less a criticism of the Deck (which I love) and more about my own coming up against this annoying DRM that I never even knew existed because I only had one place to play.

I had the same reaction until I read this.

TL;DR: it’s 10-50x more efficient at cleaning the air and actually generates both electricity and fertiliser.

Yes, it would be better to just get rid of all the cars generating the pollution in the first place and putting in some more trees, but there are clear advantages to this.

What a great idea!

I live firmly in the #FuckCars camp, but I honestly think this is fantastic. Standards and conformity breed massive changes within an industry if they’re permitted to take root, and this is already bucking the “monster truck” trend that’s killing people and ruining cities.

Imagine the potential of a city buying a few thousand of these to serve as work vehicles: interchangeable parts would drastically reduce costs as you could canibalise one vehicle to service many, and you could easily re-task vehicles with minor, off-the-shelf (or even custom) modifications.

The real test though will be whether (a) the establishment car companies will allow it to survive, and (b) whether its US origins will make it radioactive to the rest of the world given their current fall toward fascism.

I was one of the people who based my opinion of Proton on that tweet and swore off them until someone else shared that link with me. It’s excellent, thorough, and makes a convincing case that Yang is actually left-leaning. I can only assume that you’re getting downvotes from people who haven’t read it.

I think you’re misunderstanding the purpose behind projects like c2pa. They’re not trying to guarantee that the image isn’t AI. They’re attaching the reputation of the author(s) to the image. If you don’t trust the author, then you can’t trust the image.

You’re right that a chain isn’t fool-proof. For example, imagine if we were to attach some metadata to each link in the chain, it might look something like this:

At any point in the chain, someone could change the image entirely, claim “cropping” and be done with it, but what’s important is the chain of custody from source to your eyeballs. If you don’t trust the AP photo editing department to act responsibly, then your trust in the image they’ve shared with you is already tainted.

Consider your own reaction to a chain that looks like this for example:

It doesn’t matter if you trust Alice, AP, and Facebook. The fact that Infowars is in the mix means you’ve lost trust in the image.

Addressing your points directly:

1. I’m not sure how a TPM applies to this as I haven’t dug deep into c2pa other than the quick review I did this morning. I’m more interested in the high-level: “can we solve this by guaranteeing the origin” question, and I think the answer to that is yes. See my other comment for my own take on this.
2. I don’t think we need any sort of controls on defining the types of edits at all. If AP said they cropped the image, and if I trust AP, then I trust them as a link in the chain.
3. Worrying about MITM attacks is not a reasonable argument against using a technology. By the same token, we shouldn’t use TLS for banking because it can be compromised.
4. Absolutely, but you can prevent someone from taking a picture of an AI image and claiming that someone else took the picture. As with anything else, it comes down to whether I trust the photographer, rather than what they’ve produced.

Yes, but starting a new chain would necessarily reallocate the ownership. So if reuters.com created a real image and then Alex Jones modified it, stripped the headers, and then re-created them, then the image would no longer appear to be from Reuters, but rather from infowars.com.

Absolutely, but that’s not really the point. If you remove the chain, then the file becomes untrusted. We’re talking about attaching trust to an image, and a signature chain is how you ensure that that trust.

Thanks! And no, this is absolutely nothing like NFTs.

NFTs require the existence of a blockchain and are basically a way of encoding a record of “ownership” on that chain:

Alice owns this: https://something.ca/...

If the image at that URL changes (this is called a rug pull) or a competing blockchain is developed, then the NFT is meaningless. The biggest problem though is the wasted effort in maintaining that blockchain. It’s a crazy amount of resources wasted just to establish the origin.

Aletheia is much simpler: your private key is yours and lives on your computer, and your public key lives in DNS or on your website at a given URL. The images, videos, documents, etc. are all tagged with metadata that provides (a) the origin of the public key (that DNS record or your website) and a cryptographic proof that this file was signed by whomever owns the corresponding private key. This ties the file to the origin domain/site, effectively tying it to the reputation of the owners of that site.

The big benefit to this is that it can operate entirely offline once the public keys are fetched. So you could validate 1 million JPEG images in a few minutes, since once you fetch the public key, everything is happening locally.

Much of these problems can be solved by introducing a signature chain:

• Company A created the image
• Company B resized it

In this example, “Company A” can be a reliable news source, and “Company B” could be an aggregator like Mastodon or Facebook. So long as the chain is intact, the viewer can decide whether they trust every element in the chain and therefore trust the image.

This even allows people to use AI for responsible editing, because you’re attacking the real problem: the connection between the creator (in whom you may or may not vest a certain amount of trust) and the media you’re looking at.