AcidDemon

  • 3 hours ago
  • Joined 17 Aug
  • splattergames They are not the only ones doing so that way. I have seen that "approach" numerous times recently... At the very least, it is possible to ascertain whether the individual who created the clearsigned message has access to the PGP key (which can be found on Github or somewhere else).

  • [deleted] MiXplorer is an excellent file manager with a wide range of features. It is compatible with numerous Cloud providers and offers a variety of Addons.

  • Are there any additional European service providers, other than those previously mentioned, that offer a mobile phone number?

    I'm asking in regard of using the number to actually make calls.

    • goskm75f Maybe due to the usage of a restricted IP pool. Just a guess. Havent registered a Fb account for a while.

      • u7912
        It might come down to the techniques used by the attacker.
        I think some will do a backup before trying to brute force the pw/pin for example.

        • b1k3rdude Cleared data and cache already? I remeber having the problem a while ago.

          • missing-root Can you explain your last paragraph? I don't get the sense.

            I can imagine some scenarios in which an individual's privacy might be at stake.

            For example, if a whistleblower shares insights and provides photos to the media, then some entity tries to establish a link between the cat pictures he posted and the leaked documents.

            • missing-root It took me some time to think about your suggested approach and I identified some things which need to be considered.

              It's important to think about what could establish a link between the final image and possible anomalies due to the hardware and software used to create it.

              For example looking at dead pixel:
              When overwriting the detected pattern with random values at least the pattern itself will stay. The goal should be to avoid a possible link between pixel anomalies and the image in the end. Therefore I think overwriting the information with data through interpolation would make it nearly impossible to create a link afterwards. The likelihood that a pixel has nearly identical parameters to its neighboring pixels is high. I hope this makes sense when picturing objects.

              When noise is detected:
              Your approach to use random noise would be a good solution as long as there is no connection between noise for a specific pixel and it's neighbors (I don't know if there is any physically).
              There will always be noise due to shot- and digital-noise.

              My point with this is: There are some things that are connected to a single pixel, and there are things that concern an area of pixels.
              There are pixels that show nearly static behavior, and there are pixels that show random behavior.
              In the end, every possible link to those things needs to be removed from the final image.

              Perhaps someone who is more knowledgeable about digital photography, compression, etc., can share their knowledge?

              What if:
              A picture is taken when no light can enter the objective and then take this picture as reference to subtract it frome the images taken after?

              I have found a paper which describes a similar idea.
              It seems to be possible to remove the fingerprint without affecting the Signal to noise ratio in a significant negative way.

              https://www.researchgate.net/publication/305181626_Removing_camera_fingerprint_to_disguise_photograph_source

            • defcon42 I recently sorted my bookmarks to store them on a third party app outside the browser. Raindrop was my choice because it's on the market for a long time and offers many functions in their free plan. The only thing I'm missing is E2EE.

            • missing-root

              I really appreciate your input and letting me know that someone has read my post.

              I made a mistake in the last source. Here is the correct link:

              https://www.sciencedirect.com/science/article/pii/S2095809917307890

              The processes involved in digital image capture is explained there. It's a good source to gather more information.

              In regards of possible mitigations I can think of some steps needed to remove the artifacts mostly caused due to hardware imperfections (noise, dead pixel etc.) via identification and interpolation.
              Correcting lens distortion and other optical paramters will probably be harder to correct.

              Removing the software-specific elements is likely more challenging to achieve. Different post-production techniques would be necessary. These aspects are specific to each make and model.
              Each app has it's own production chain to handle the sensor data. However, for GOS, the hardware is fixed, which I believe is good in this situation or am I missing a significant point here?

              At the very least, no direct link to a particular source camera can be established from the final result (which includes the removal of hardware and software based artifacts). The worst case I can imagine is the possibility to say: This picture has been taken on a Google Pixel 6a but no clear connection to a specific source can be made.

              It would be nice to have such a feature within the camera app or an app just for this purpose, and maybe EXIF stripping if needed to have a "complete" package.

              The whole process would probably result in some loss of quality, but I think it could be worth it in some cases where you need to protect your privacy.
              A side effect would result in the ability to detect that the image had been tampered with in the post process but I can't imagine a problem here.

            • hannah81 I wrote to them asking for advice, and they responded that they will not support "Custom ROMs" in general.

              • It seems that either this is the wrong place or it is simply not interesting.
                Nevertheless, I will try to add a few things and let it go.

                I have found some answers to my previous questions which I'm going to share:

                The possibility to identify the source, including make and model, is based on two categories responsible for the image creation and it's fingerprint.

                Hardware based: Identification based on camera specifics, such as sensor size, pixel defects, sensor noise, and sensor and optical imperfections (e.g., lens distortion), in general.

                Software based: Different software things like auto white balance, compression, etc., are used to process the image taken by the sensor.
                Different software implementations result in different images. It should be possible to differentiate between devices (make and probably model and app that was used).

                Source: https://www.mdpi.com/2313-433X/10/2/31

                Note: Nowadays, it's becoming increasingly difficult to differentiate between real and generated images just by looking at them. However, due to the absence of certain imperfections, it's possible to determine whether an image has been generated.

                The higher the resolution, the more data can be compared in each image. My question regarding the number of images needed to create a fingerprint and then creating a match remains.

                Regarding the question of whether Big Tech could use it: Yes it could.

                But the computing power required makes it unlikely that it will be used widely. There are different methods of identification currently known, so the text below is just one way to create a fingerprint (I'm just citing it to have a number regarding the accuracy).

                "Sensor pattern noise gives the best performance result in terms of accuracy in source camera identification at a camera level identification of 99.8%. However, this approach is computationally more expensive than others. "

                Source: https://www.mdpi.com/2313-433X/10/2/31

                Further information on the topic (some papers cover the topic in detail):

                Basic explanation of the topic
                https://www.bbc.com/future/article/20210324-the-hidden-fingerprint-inside-your-photos

                Camera identification on cropped images (commonly used on social media)
                https://sigport.org/sites/all/modules/pubdlcnt/pubdlcnt.php?fid=3747

                Passive digital image forensic
                https://citeseerx.ist.psu.edu/document?repid=rep1&type=pdf&doi=f924b62072787e2fa2c4a10df0a24ae351791211

                Digital Image Forensics via Intrinsic Fingerprints
                https://user.eng.umd.edu/minwu/research/public_paper/Jnl/0803intrinsicTamper_TIFS_final.pdf

                Recent Advances in Passive Digital Image Security Forensics
                https://user.eng.umd.edu/minwu/research/public_paper/Jnl/0803intrinsicTamper_TIFS_final.pdf

                • When it comes to Spotify App vs Browser there will be a difference in how the HW will be accessed (output quality). My guess is that the App will be superior (without knowing how it's implemented. It's just a guess).

                • I've spent more time on the topic and would like to share some things I've come across.

                  Theory

                  "The Photo Response Non-Uniformity pattern can be a method for identification for an individual camera and is often present in digital footage. Therefore, the PRNU-pattern is also called the fingerprint of the camera. This pattern can be extracted and used to identify the source camera with a high likelihood ratio. This can be useful in cases such as child abuse or child pornography."

                  "In digital footage different kinds of noise, like dark current, reset noise, circuit noise and PRNU, are present. PRNU is caused by the imperfection of the camera sensor created during the manufacturing process. Not every pixel of the sensor is identical and will therefore respond different to the same amount of light. This is called the non-uniformity of pixels."

                  Source: https://www.sciencedirect.com/science/article/pii/S1742287617302530

                  Full PDF
                  https://pure.uva.nl/ws/files/31330651/Source_camera_identification_using_Photo_Response.pdf

                  They used some older cameras to test it so there might be a difference to the systems today.

                  My first assumption that compression will reduce the possibility of matching seems to be correct.

                  "With the popularity of social media a lot of digital footage is being uploaded with these social media. To relieve the network and increase the uploading or sending speed, social media often compresses the digital footage. Due to lossy compression the quality of the footage will drop what will affect the PRNU-pattern."

                  In the paper linked above it was tested to determine a source of a video after it had been transmitted over WhatsApp. As far as I know the videos are compressed when sending.
                  The videos used in the source had a low resolution compared to the currently used resolutions.

                  "The results indicate that it is possible for the original videos of the investigated cameras to determine the source camera and to determine if different videos originate from the same source camera with a high likelihood ration."

                  Source: https://pure.uva.nl/ws/files/31330651/Source_camera_identification_using_Photo_Response.pdf

                  Questions

                  • How many images are needed to create the fingerprint and a possible match?

                  • Is it a commonly used method (today) to identify the source camera?

                  • Could big tech companies use such a method to track individuals?

                  • Does the fingerprint become more unique if the camera sensor has more pixels, a higher density?

                  • Is it possible to determine the make and modell via the fingerprint?

                • I'm currently in the process organizing my Bookmarks and stumbled across some Forensic Software.

                  https://www.mobiledit.com/camera-ballistics

                  "Camera Ballistics is not based on metadata such as EXIF, but it uses mathematics to analyze the physics of the sensor. Due to small differences in size and material composition, each pixel behaves differently, involving effects such as Photo Response Nonuniformity making each sensor unique. We can simplify the principle to say that it identifies anomalies of every pixel and uses this information to create a description of the camera sensor - the sensor fingerprint. This is true even between devices of the same make and model. It's these differences that allow you to generate a sensor fingerprint and link an image to the specific camera that created it. Camera Ballistics will compare the photos under investigation to the sensor fingerprint to determine if there is a match."

                  It's an interesting topic and I would like to gather more information about it.

                  I'm just thinking about the following scenario:

                  Determining if several uploaded photos have the same origin?
                  What's the success rate (approximately)?

                  The possibility of determining if a photo has been taken with a specific Camera can probably be lowered if the photo has been resized or new compressed I guess?

                  • yellow-leaves

                    Currently I was testing Notesnook on a non grapheneos phone and the App crashed from time to time. So you are not the only one having issues. Someone else here reported similar behavior as well.

                  • fid02

                    I looked into Standard Notes again but there is no possibility to test all features of their paid plans before purchase.

                    Selfhosting requires a license (39 USD per year).

                    I looked through some pictures and the app looks promising though.

                    I have to think about the different apps and services and make a decision. The names of possible solutions are in this thread.

                    I'm aware of the fact that app development and hosting services involve costs which need to be paid but it's difficult for me to justify high costs just for non commercial usage.