[Ssc-dev] IC release 44 - pixelhashing!

Wed May 21 14:24:50 EDT 2014

On 05/21/2014 11:20 AM, Wendy Betts wrote:
> I have a few questions about the new pixel hashing feature as it seems to undermine the ability to verify the source and provenance of the image.  It could just be that I'm misunderstanding something.  

I might have been too excited in explaining this feature. It is not
meant to undermine or change the main InformaCam capture workflow. It is
meant as a ancillary function to easily be able to do find the
cryptographic hash value of the pixels of any photo or video.

Once you have that value, you can use it to search the InformaCam web
dashboard (such as we have running on the testbed at https://j3m.info)
to see if media matching that hash was posted or "notarized" there.

In other words, this is meant to be used on the receive/viewer end of
the workflow, and not the witness/capture portion.

> I had thought that, by design, InformaCam was secured such that it could not interact with other apps, so that no other app could contaminate the images in the InformaCam gallery.  How is it possible to send an image to InformaCam?  Where is it stored?  Can InformaCam images be manipulated by other apps?

If you share/export an image or video from InformaCam to the web, or
send via email, or post to Twitter, then the content has been let free
outside of the InformaCam container. The pixelhash feature is meant to
be used by the person receiving the share/export, so they can check if
the media they have matches with what you original captured.

> For images not taken with InformaCam, the pixel count hash will be calculated at time of sharing as opposed to time of capture, correct?  How will InformaCam verify whether or not the image was altered before the pixel hash?

We aren't concerned with photos or video captured with other apps. What
we want to enable is for people to verify that the InformaCam-enhanced
media they received has not been modified in transit, or while it was
posted to the internet. They can quickly get the pixelhash value,
compare it to what the original was (via J3M metadata etc), or search
for it on the public (or private) web dashboard.

> I thought only images captured with and transmitted from InformaCam could be stored in the repository.  If someone else is submitting the image, does the j3m.info site allow it, but simply show that the signature is not verified?  In that case, we can no longer verify the source of the original image, correct?

The repository will only import media files that contain J3M metadata.
If someone that metadata was compromised, or the image was modified
between the time of capture, and when it was submitted to the repo, it
will show up as NOT verified.

> Sorry, I know these issues were probably discussed in the scrum.

No worries. Email lists are important for digging down into the details
and ensuring there is a public archive of good questions like these.

Thanks!