I was thinking about how hard it is to accurately determine whether a screenshot posted online is real or not. I’m thinking there could be an option in the browser to take a “secure screenshot”, which would tag the screenshot with the date, url, and whether the page was modified on your computer. It could then hash both the tag and the image data and automatically upload this hash to some secure server somehow. There would need to be a way to guarantee that only the browser could do this, or at least some way to tell exactly what the source was. I’m not much of a cryptography person, but I would be surprised if it isn’t possible to do this. Then, you could check if the screenshot you see is legitimate by seeing if it’s hash exists in the list of real hashes.
Yes, I can imagine a world in which some company has a system like this, and then could discreetly delete hashes from the database if they see the original image and realize that it shows evidence of something they don’t like.
If it would be used for actual investigative journalism or criminal evidence, its giving that company a lot of power.
The more basic question is, why are you regarding the web browser as the “source” of an image that needs to be verified? Anyone could make a fake website with fake images, in which case the web browser confirming that the screenshots of the site are “real” would be meaningless.
If the web page is (say) photos taken at an event, a better solution would be to have the original photographer post hashes of the photos at the time they’re taken (or have a camera that does this automatically).
That’s why having the URL as part of the hash is important. I’m thinking less for real photos and more for ‘screenshot of a deleted tweet’ sort of things.
What got me thinking about this actually was whether there would be a way to verify which screenshots of the Google search AI are real and which are fake.
If you’re on your own network with your own DNS servers, you can make the real URLs point to your fake site.
But if the connection was over SSL/TLS, you could capture the web packet data before your browser decrypts it—then anyone could re-decrypt a copy of the data with the site’s public key to verify the source.