The solution is to require all videos featuring a politician to be recorded while they dance and there are disco lights everywhere.

I was just thinking: You probably filmed this in the garden because of covid, but it also just gives such a nice atmosphere compared to the videos filmed in windowless rooms. Maybe you could keep doing that even if it's no longer necessary?

It's interesting that emergency broadcasts from world leaders, surely among the videos you most badly want never to be faked, are the easiest type to fake. One face looking straight towards a camera with minimal emotion.

It's 100 degrees and Mike is still flexing on us with the sweater. Mad lad.

We should deep fake that dirt off of the paper facing camera lens!

If Dr. Mike had his own channel, I would watch every minute of it

9:30, I like how he briefly considered mentioning the most common use case and then clearly decided against it.

One of the problems of using cryptographic signing for image verification is 'what are you signing?' You're taking the input stream from the camera, and signing that, but how do you know it's coming from the camera? Because the library calling the 'sign this please' function told you it was. A software vulnerability could let someone call the method with arbitrary content, and you'd have no way to know. Even if you move the cryptography into hardware, there is still going to be a place between the camera and writing the signed data to the network or storage device which could be attacked. (How are you securing/validating the key material? How are you authenticating the date/time info? Was it the front camera, the back camera, or a USB camera which was used? (I have a USB display adapter which appears as a USB camera on another computer... whatever program I want to display on that will show up on theUSB camera. ))

6:25 "return a nice picture of me [...] nice is relative" aaaand zoom on the face. well done!

The solution is something that already exists in PDF signing: the timestamping server. You have to get all your frames timestamped within x seconds of recording

All the videos with Michael are my favorite Computerphile videos!

If arm waving makes the process more difficult I rekon Italians are safe from deepfakes for an extra couple of years

just watched your 5 year old stegnanography video,it was amazing. I am happy that you are still active and spreading knowledge.thank you sir

I think Mike is selling himself short about whether Tom Cruise's face on his body would look realistic.

I really enjoy listening to Mike on these flixes!

"Sort that out in post for me". I was really hoping it would change over to animation and just scribble the legs out. 😀

Maybe you could have CCTV cameras when they store the footage after compression and the like, for each frame they use a private public key combo to make a signature using SHA 256 (if it's fast enough). Then use the public key to check if the file is genuine. Basically this would make each frame of the video verifiable. If thats too slow, you could probably do the same thing but in segments of video 1 min long or the like.

For the discussion at the end: it would be really great to have a video on data provenance.

I really appreciate the bits of jargon tossed in. Its difficult to learn more about something without a jumping off point.

Dear Computerphile( and by extension, U of N), thanks for another great upload. I agree cryptography might have a role to play here, though we would need something more secure than RSA PKC due to Shor's Algorithm (particularly in regard to quantum computing). so far, we haven't had to worry about that because we don't have quantum computers fast enough to make use of it, but it's theoretically possible, and that's an issue. I think we really need to start migrating to elliptic curve! Still, all concerns like that aside, the idea of using digital certificates that are built into security systems seems like it would work as well as TLS does, right? every camera needs to be able to encrypt with a certificate belonging to the manufacturer, and if you wanted to use machine learning to tamper with the image, I expect you'd also need to tamper with it in a way that causes a collision. At some point, it becomes no longer worth the effort to deceive. Sincerely yours, a very much intrigued IT student from the US :-)

An auto encoder is such a magical tool. You can use massive compression factors and get back an almost perfect image. But you have to train a decoder for every specific subject. So you can't easily make a general purpose auto encoder for general video for example. But me might one day. I am really looking forward to get back to university in person next semester (October) and do one deep learning course and perhaps an additional one.

Im glad that people are worried about this. I wouldnt put money on it not becoming a major problem in a few years time. ... but, AI has a tendency to plateau. It keeps following the same pattern over and over again pretty much since its inception. From the Turing Test, to voice recognition, to driving cars, the tools of AI are brought to bear, there is a burst of activity as they rapidly ramp up to accomplish things that were previously considered impossible, but almost as rapidly it runs in to walls all over the place, and it all grinds down, leaving problems frustratingly far away from the finish line for literally decades. (and counting.) - In the case of deep learning AIs* these 'walls' seem inherent to the black box nature of the thing. You can tweak the dials, set it going, and get some impressive results, but the closer you want to get it to perfection, the more you have to fine tune the whole thing. That becomes increasingly intractable, because ultimately you dont know what the AI is doing under the hood. (You have people train AIs with AIs and other such tricks to try to get around these issues.) - You could argue that you just need to increase the volume of data its learning from, but that also appears to get harder and harder. Compilations of hundreds of images have become compilations of thousands, tens of thousands, hundreds of thousands, and yes the AI improves, but by smaller and smaller increments. You ultimately end up falling in to exactly the same trap: How do I get the AI to work better with these image sets, you have to fine tune it, how do you fine tune something that is fundamentally quite opaque? With great difficulty... - Ill reiterate, I wouldnt put money on this, Ive studied AI but it certainly wasnt the central aspect of my degree, and I could be proven dramatically and horrifically wrong tomorrow. Hope for the best, prepare for the worst and all that. but I also wont lose sleep over the coming fake video frenzy. Especially as other means of manipulating the populace have proven themselves incredibly effective, considerably simpler (Assuming you have the money and influence to steer it.), are already doing inestimable amounts of damage to us, and consequently are presently far more terrifying to me than the possibility of truly convincing Deep Fakes at some point in the future. - *I say in the case of deep learning, but its a heuristic problem that extends to all the forms of AI Im aware of, there is just nuance in exactly how.

I really enjoy your work. Thank you.

one way you could detect face swaps is finding the video on the internet where you don't count the face, since other things will still be the same in the video

Thank you for amazing video again. Can I ask which library did you use to create your own model? It would be very nice to see the demonstration of this with the code.

The only way to encrypt is to pre-raster the key steganography style in each frame, in a discreet portion of the image that would be a moving watermark revealed by the video decompression algorithm. Tampering would wreck the watermark. We will at some point be locked in a constant pre-authentication steganography watermark morphing algorithm vs. auto image manipulation algorithm. The manipulation would have to constantly be updated to stay aware of active watermarking.

Also, deepvoice is so, so much easier, and already 100% believable. So you can fake a recording, and quite a few people can do it.

Mike covering all the interesting topics!

I just realised that I have a year of Computerphile videos to catch up to o/

I just know there will be a perfect deepfake of Steve doing this video in a year or two, just to prove his "5-10 years" timeline wrong.

With that software, I have had the experience that you get the best results if you use two short video clips. This goes against the general guidance of having a diverse set of inputs and probably does not generalize, but if you are trying to get one face onto (only) one clip, this is the best aproach.

I really like Dr Mike's sensible approach to the topic of banning the technology. Instant like 🙂

I was also wondering about video frames being signed by the hardware/software that produce them, so even if you extract them, you could still trace the origin and evolution of the video, that would be a lot of metadata addition though (though i guess in the world of 4k becoming the norm…), and having all the devices have a verifiable ID would be a major hurdle, but at least, sources could decide to make the effort to be "trustable" by using devices and software allowing that.

03:30 onwards looks like the hand is DeepFaked or overlayed on top of the scene(ignore the dirt spots on the lens/sensor for a bit)

For CCTV video most of the software includes a proprietary output for format and video players with digital signatures to ensure the video displayed has not been tampered with. Simple mpeg or Avi files are not generally admissible in court because of potential tampering.

I was thinking about something quite similar with what you describe at the end. As an artist I often struggle with seeing great work reuploaded somewhere like Pinterest, but because the image file doesn't carry any meta information it is impossible to trace it back to the creator without the use of tools. I wish digital signature of files and meta data was more established and integrated into the standards. I feel that the rapid data exchange online ran away from the standards that used to be satisfactory back in the 90s when all those consortiums gathered to determine how a PNG looks like.

I'm not ready for the phishing companies to start making deepfakes of my parents in distress so I'll send them Visa gift cards.

I think it's worth considering that a lot of the manual work that goes into this kind of image reconstruction could be automated. A lot of people have loads of pictures tagged on social media, sorted and catalogged in a bot friendly register. I think it's not unreasonable to imagine that within 10 years someone could make a user friendly tool that autonomously gathers its source material and trains a decoder. If something like that got widespread this could turn weird.

Could you reduce the deepfake back down to the feature information that you got from the original information? Or would it be altered so much you couldn’t get the original compressed information?

The last few minutes from the Computing Limit video (Nov. 2017) talks about how far we have to go still....

I'm curious why when encoding why not take all the previous and next frames into consideration? Could get a more reliable Feature set of the frame to see which direction the head is facing when obstructed

When filming left-handed people while they write and draw, maybe you should put the camera on their right?

I'll have to come back in 5y or 10y to see how well this video ages. XD

For audio, is it a similar process, or is it much more complicated ? A voice also has its own characteristics, but is it possible to reproduce something like a regional accent ?

In general there is a chain of custody established, starting at the latest when a triage of the data is collected with the intent of being used in court. However, the idea of a camera cryptographically signing the video is interesting. A possible algo could be a hash of the video signed with the cameras private key, which is stored on dedicated hardware.

Dr. Mike is my favourite presenter

Are we able to train neural networks to learn how to compress and decompress data, in order to reduce the file size of the amount of data needed? I feel like natural language processing is dependent on neural networks being able to compress and decompress information through the structure of the network itself; a close approximation of human "inference..."

Have a bit of jewellery, that displays a matrix of information from the scene signed with the person's private key. Audio->convert into a low bitrate but sufficiently quality compressed file->sign with private key->convert to QR type codes->display on pendent. Anyone can take the displayed QR codes check that they are correctly signed and compare to the audio of the video. You could also include other information, like accelerations of the pendent, or information from a time source or GPS data.

Love the idea of home CCTV cams that sign their footage securely in a verifiable way..

how does the network match the encoder of one person to the decoder of another person? the autoencoders are guaranteed to create identical compressed feature spaces just by default, right? if feature in the position A encodes, I don't know, some nose related shape in one autoencoder, the feature in the same position in the output of another person's encoder may encode head orientation. how is this solved?

Does this work for 3D? Are there Deep Fakes for Lidar images and video? Or is it limited to 2d video?

Seeing the research advances in this area that Two Minute Papers is regularly posting the example approach in this video seems outdated by a couple of years already. Stuff shown on TMP can generate pretty convincing video and voice of a person talking just from text, and doing face transfers with even a single photo.

Same sweater!

2nd comment because i couldn't resist. You wanted us to tell you why you were wrong. I haven't thought this through either, but i don't think you are wrong. Towards the end of the video i thought the same thing, and right as you mentioned it, i was in the middle of thinking "how could you integrate a private key into a person". Probably a moot point given that quantum computing will eventually beat the current public/private paradigm, but whatever we end up using in computers in the future for reliable auth, i reckon the solution will be to somehow use the same principle in real life. Only problem is, it would only work for things you want to pre-authenticate. If someone is caught robbing a bank on CCTV, they aren't going to willingly authenticate themselves to the camera. 😀

How about calculating hash for specific section of "face" in any video? like for example from any of my videos, take a frame and find nose in my face and calculate its hash then crop nose from deep fake video in each frame and calculate hash Its going to be expensive but wouldn't it work?

having certificates applied to images and moving images - really neat idea.

I'm a simple man, I see Dr Mike Pound I click.

The point where well-made fake photographs became indistinguishable from real ones was a while ago now. I don't know exactly when. Anyway we've dealt with it pretty well, which has me hopeful that we'll adapt to the presence of fake video (and fake audio which is also getting better) in the same way.

Could you do verification of a stream blockchain style? Looking up at the data lines strung across my street, I'm thinking we're gonna need bigger lines.

This video has the funniest cover image hahaha. I hope that portrait is hanging up somewhere...

See Mike, POUND LIKE!

Could a system be created that essentially 3D scans the two faces using photogrammetry, mapping them onto an animated model using facial expression features and renders it like a CGI video and layers it on top of the original video?

What is Mike's graphics card

Could videos be authenticated by comparing to a sample video, made on the same camera after the fact?

3:06 Why is the lens dirty?

A very pleasant Friday afternoon surprise

Did you guys checked "One-Shot Free-View Neural Talking Head Synthesis for Video Conferencing" the samples looked amazing

Could be they'll have something similar to the difference between word/txt files and PDFs/Docusign for official/government stuff for authentication. So it would be something like uneditable video files (mp4Sec?) that is maybe hardware locked. You could imagine only being able to play the video on the device that recorded it, so the device itself would act more like "Physical Evidence" like DNA or a weapon from the crime scene.

Can't you imbed cryptographic information in the video pixel data - a hard to replicate watermark?

What kind of paper is that?

how do you make sure that both encoders encode the features in the right order ?

8:58 I wish more people understood this about all technologies.

For real cameras there could be a new format where pixels are coded like RGBAN where N is some other wave (ultraviolet or something different) or some more information based on other info in the video the way that deepfake couldn't see.

Someone created a modders tool for Bethesda games that allows realistic recreations of character voices based on things the voice actors had previously said. I can only imagine the damage this technology will do in the coming years.

I think a valid solution to this would be to establish a cryptographic identity chain from hardware to software. A camera would have its own hardware signature. Video editing software can use a company's NFT to sign the video and so forth until a chain is formed and can be verified by the end users player.

Need some sort of signing system that can't be broken even with direct access to the hardware. That's a tall order. Maybe some creative use of RSA?

I'm afraid that if a piece of hardware contains the private key to enable it to sign the videos or creates then it is only a matter of resources to extract that key. More generally if you have hardware that can do X in your possession, you can examine it to find the process that allows you to do X.

Plz can a make a video on searx...

Someone send this to Corridor Crew

Turning A to B isn't the main problem at the moment, it's replacing mouth movements and voice in video of B, creating statements that were never made.

Digitally sign the video would be the way to go I would think

Sounds like he's onto something in regards to encryption being the solution.

Maybe something like a digital signature embedded with stenography over sensitive parts of the video, such as the faces.

Wait, why does one decoder understand the output of the other encoder? Why is the feature space the same?

“It wasn’t gonna work with me as the base”. How long before someone redoes this video with Tom Cruise’s face :)

can you post the code source, please?

That dirt on the camera caused me to wipe my screen many more times than I would like to admit.

The cryptographic aspect is interesting, each frame of a CCTV video could be signed as originating from the trusted entity.

3:15 editor: sorry not sorry

Yes I had the same idea about how cryptographic signing of the original image by the camera hardware is the solution to deepfake verification. If you include date and location information in the hash it becomes harder and harder to fake.

love this guy

I reckon adding professor Brailsford's voice to that deep fake would take it to the next level of bizarre.

a few months back when the nft for meme jpgs craze was going on, I thought it was idiotic like most reasonable people did. But I did think that if it had any kind of practical application at all, it would be as a counter to deepfake technology. Hearing someone else posit a similar concept is a relief. Maybe I'm not so crazy. Or at least not the only one.

What if instead of two different decoders, you trained one decoder which had an extra input encoding "which person is this supposed to be", and I guess, uh, you could have a learned embedding from ids to this extra input? And then maybe you could have like, a network that does "image of person -> what this extra input should be to produce images of this person" thing?

What about using the block chain to authentify the source of videos. You may sign the hash of a vidreo and then publish it and store that on the blaockchain then if someone wants to temper with the file, people can verify the authenticity on the blockchain. Any little change in the content will change the hash code so it would be pretty difficult to fake a block chain protected video.

What fields of mathematics and programming languages should a person study to begin building stuff like this? I'm a computer engineer since two years ago, and I've been interested in AI... I even want to study a masters degree in computer science next year, but I feel scared of not having the necessary skills or knowledge.

Why is the table made like that ?

3:43 I kept wanting to brush the dust off my screen...

I think I might have a bit of face blindness. I could barely see a difference between the versions with the face swapped and with the face not swapped.

Shouldn't one be replacing the whole head as opposed to just the face? It might provide better results.