Turkish Airlines_330

Can you tell if a picture is fake?

Click to see full image.

Click to see full image.

Internet is already full of digital images and more is added every day. Digital pictures have become a cheap way for journalists to tell a story and ordinary people upload tons of them to social media. It’s quicker and easier to snap a shot and upload than to describe where you are and what the place looks like.

Photographs have always been seen as some kind of proof. Like a captured piece of reality. We are however aware of the fact that photographs can be manipulated. Digital image processing has revolutionized this area and brought amazing new techniques to us. But image manipulation has actually been a known technique since photography was invented. It is amazing to see what a skilled person can do to traditional images in the darkroom. Not to mention the fact that you can lie a lot just by taking the picture in a certain way.

This article is about our relationship to the digital images on the net. There’s a lot of manipulated pictures out there, but are you able to recognize a fake? And are you even alert and aware that the picture may not be the full truth? We are all confronted with many pictures a day that aren’t completely real. Objects may be added or removed, or heavy retouching has been used to make models look better. Here’s some concrete hints about how to tell the fakes from the real ones.

  • In what context is the picture presented? Image manipulation is the norm in some contexts, like product and fashion photography, and some kinds of artistic photo. News agencies and nature photographers on the other hand have strict ethical rules against manipulation. First think about if manipulation is to be expected and if it should be accepted. Does it matter if the photo isn’t real?
  • Is the image realistic overall? Some manipulated images are so surrealistic that you can dismiss them as unreal at once, even if they are very well done technically. Ask yourself; can this be real? See the illustration to this article for an example.
  • Do you have access to several shots from the same scene? Are there discrepancies between them?
  • Are light and shadows similar between objects in the picture? Pay attention to which side is lighter, how hard the light seem to be and how the objects cast shadows. Needless to say, objects close to each other get the same light in real life. If they are illuminated differently, they may originate from different photos. Also pay attention to the environment. From what direction is the light supposed to come?
  • Is the perspective right? Getting this right is always a challenge when combining objects from different pictures. Just look at the shot and trust your gut feeling. Pictures with minor perspective errors do often feel wrong even if you can’t tell what the problem is.
  • Does the objects’ edges look right? A lot of work may go into the edges when putting something in front of a new background. They often give away the fake if they are done sloppily or with lacking skills. Pay special attention to people’s hair as that is hard to mask.
  • Image manipulation often requires filling areas to replace removed objects. Patterns that repeat in an unnatural way is a sure sign of sloppy cloning. Cloning can also be used to multiply an object, but several identical object do rarely look exactly identical in a real photo due to differences in perspective and lighting. It’s fishy if they look identical in a picture.
  • Is the color consistent? Do different parts of a human’s body have the same skin color? An object’s apparent color depends very much of the illumination’s color temperature. Do the different objects have a consistent color cast?
  • All digital capture devices leave some kind of structure in the picture. Most notable is the noise produced by digital cameras. You can check that this structure is constant over the whole picture if you have access to a fairly hi-resolution image. It’s futile to try this on small images from on-line news sites.
  • Metadata is data hidden inside the image files. One important piece of data is the software used to save the file. A camera model name would indicate no manipulation at all. Workflow programs like Adobe Lightroom and Apple Aperture are typically used to do moderate adjustments of images, but no real manipulation. The image may be heavily manipulated if it is saved by Photoshop. But this does on the other hand prove nothing as you can do minor adjustments is Photoshop too. Also remember that this data may be lacking or even forged.
  • Even if a picture is totally genuine, it may be misleading if presented in the wrong context. Like someone using a picture of somebody else for a dating site profile. Here Google Image search comes in handy. Click on the camera to the right in the search field to open “Search by image”. Upload a copy of the image or paste in a link to it on the net. Google will search for images that look the same regardless of what context they are published in. This can often reveal that the image was found on the net rather than taken by someone who has posted it as his own.

That’s a quick list of things that help you spot the fakes. Using these hints require some training, but you will soon start seeing the manipulations if you keep them in mind when looking at images. But is it possible to make a perfect fake that is undetectable? Yes, especially if a skilled artist can work on a high resolution image and the result is scaled down to be published on the web. That down-sampling can hide the signs of manipulation effectively and make the fake practically undetectable for laymen. Scientific analysis methods are more capable, but they are not available to us mortals. And they may also fail to detect good fakes.

So the moral of the story is really that a photo shouldn’t be trusted too much unless its background is known and we know what ethical principles the photographer and publisher adhere to. News agencies typically pay attention to this and promise us authentic news pictures. These pictures are typically trustworthy, even if scandals do occur.

Safe surfing,Micke

PS. This funny video is one of my favorites on YouTube.

More posts from this topic

snowden_crowd

Snowden Says Drop Dropbox; Here’s What You Said

In his recent video interview with The New Yorker, Edward Snowden advised viewers to get rid of Dropbox, Facebook and Google, saying such services are dangerous and should be avoided. But what do consumers think? Are you and I ready to follow his advice and switch to more secure services? To find out what people really think, we consulted our recent global consumer survey* where we had asked people just those types of questions. Here's what we found: 53% of survey respondents said they’d be willing to switch from services like Google to other more private services to avoid search-based profiling. 56% of people said they have become more wary of US-based Internet services in the past year. 46% of people said they would be willing to pay to be sure that none of their personal data transits via the US. 70% said they are concerned about the potential of mass surveillance by intelligence agencies in countries through which their data may be passing. 68% of respondents said they try to protect their privacy at least some of the time through the use of private browsing or incognito mode or by encrypting their communications. 57% of people said they are not okay with companies using their profile data in exchange for getting a free service. Germany, Brazil and the Philippines showed some of the highest levels of concern about data privacy. For example, when asked whether they’ve changed some of their Internet habits in recent months due to increased concerns about data privacy, an average of 56% of people said they had: 45% in the UK, 47% in the US, and 49% in France, and going even higher to 60% in Germany and 67% in both Brazil and the Philippines. Are you ready to start using more private, secure services too? If so, F-Secure has some great options. Our online storage and sync service, younited, is fully encrypted for security and privacy from the ground up. F-Secure Freedome encrypts your connection wherever you are, even on public WiFi, and protects you from hackers and Internet trackers. And free F-Secure App Permissions lets you know which mobile apps you've installed are a threat to your privacy.   *The F-Secure Consumer Values Study 2014 consisted of online interviews of 4,800 age, gender and income-representative respondents from six countries, 800 respondents per country: US, UK, France, Germany, Brazil and the Philippines. The study was designed together with Informed Intuitions. Data was collected by Toluna Analytics in July 2014.   Image courtesy of greensefa, flickr.com    

Oct 29, 2014
BY 
Whistle

How to blow the whistle and survive

Whistleblowers have changed the world and there’s still a lot of hidden secrets that the public really should know about. High-profile leakers like Snowden, Manning and Assange are known globally, and are paying a high price for their courage. But only a few are dedicated enough to blow the whistle in public - most leakers want to carry on with their normal lives and remain anonymous. Snowden did no doubt show the way for others, and there are already several who have tried to leak and remain anonymous. That’s not easy and the stakes are high! Which is underlined by the recent news about the feds discovering one leaker. But is it even possible to leak anonymously in this word that in many ways is worse than Orwell’s fictive surveillance nightmare? Let’s list some advice for the case you would like to leak by phone to a journalist. I guess not many of you readers will ever be in a situation where you need this. But read on, this is highly interesting anyway and tells a lot about how our digital word works. Ok, let’s assume the worst case. The secrets you want to leak affects US national security, which means that your enemy is powerful and can use top surveillance against you. Let’s also assume it’s info you have authorized access to. And that you want to talk on the phone to a journalist. Here’s some basic rules and hints that may prevent you from ending up behind bars. First you need to assess how many persons have access to the data. They will all be on a list of suspects, together with you. The shorter the list, the bigger the risk for you. Your mobile phone is a tracking device. The cell phone network knows what base station you are connected to at any time. Other services can record and store even GPS-accurate position data. All this is accessible to the agents and you must make sure it doesn’t reveal you. Needless to say, your own phone does not participate in this project. You need to find out who you should leak to. Never do this research from your own computer because your search history can reveal you. It leaves traces both in your computer and in your user profile at Google (unless you know what you are doing and use privacy tools properly). Do this research from a public computer. Make sure you have never logged in to any personal account from this computer. You need a “burner phone” to do the leaking. This is a phone that can’t be connected to your identity in any way. Here’s some rules for how to use it: It is always switched off with the battery removed when not in use. Just using the power button does not cut power from all parts of the device. It is never switched on in or close to your home. The agents can easily find out what base station it was connected to and turning it on near home can make you more suspected than others. It is never switched on in or close to your vehicle. Base station records for the phone may correlate with traffic cameras storing your registration plate. This is especially important if you have a modern car with a built-in data connection for service monitoring etc. Never user the burner for any other contacts. Even a single call to your spouse creates a record that ties you to the phone. Needless to say, never store any other info in the phone than what you need for this project. You always leave your own phone at home when going out to use the burner phone. Otherwise the agents can see that your own phone “happen” to be in the same base station when the burner is used. Leave your own phone turned ON at home when you go out with the burner. Otherwise you create a recognizable pattern where your own phone turns off and the burner turns on, and vice versa, in a synchronized manner. Leave any other wireless devices at home. Tablets, wireless mobile payment devices, anything else with a radio transmitter. Using a voice changer is necessary especially if the list of suspects is short. Assume that your calls can be recorded and your own voice checked against the recording. Get the burner phone. Scout for a dealer with old-looking or insufficient security cameras located not too close to your home. Remember that the agents may locate the shop where the burner phone was sold, get the security camera recording and compare against the list of suspects. Even better, ask someone else to buy the phone for you. Choose a cheap non-smart prepaid phone with removable battery. Pay cash and make sure you don’t reveal your identity to the seller in any way. Safely destroy any receipts and other paperwork related to the purchase. Think about where to store physical items that can tie you to the leak. Such items are the burner phone and related documents or data media. This is especially important if the list of suspects is short. Storing such items at home, at your workplace or in your vehicle will reveal you if the agents perform a search. Try to find some other place that is safe and can’t be tied to you. Now you are ready to contact the journalist. Be very rigid with the rules for how to use the burner phone. There are also some additional rules for this situation: Dress discreetly to avoid sticking out in surveillance camera footage. Be far enough from home when making the call. Turn the burner on, make the call and turn it off again right away. Avoid public places with surveillance cameras when the burner is on. Do not use your credit card during this trip. Pay cash for everything. Any other personal payment instruments, like public transportation payment cards, is a big no-no as well. You have to assume that journalists dealing with leaks are being watched constantly. Assume that the hunt is on as soon as you have made the first contact. Try to wrap up the project as quickly as possible and minimize the number of times you turn on the burner phone. When you are done, dispose all items related to the leak in a secure way. The trash can of your own house is NOT secure. Dump the phone in the river or put it in a public trash sack far enough from home. The truly paranoid leaker will break the phone with gloves on. The outer shell can contain fingerprints or traces of your DNA and the electronics the traceable phone ID. It’s good to make sure they end up in different places. Huh! That’s a lot to remember. Imagine, all this just for maintaining privacy when making a phone call! But you really need to do it like this if the big boys are after you and you still want to continue as a free citizen. I hope you never need to go through all this, and also that you do it right if you have to. Disclaimer. This text is mainly intended as a demonstration of how intrusive the surveillance society is today. We provide no guarantee that this will be enough to keep you out of jail. If you really plan to become a whistle blower, research the topic thoroughly and get familiar with other sources as well (but remember what I wrote about researching from your own computer).   Safe whistle blowing, Micke  

Oct 28, 2014
BY 
Privacy principles 2

Your privacy is our pride, part 2 of 3 – security is a fundament

Welcome back to this tree post series about F-Secure’s privacy principles. The first post is here. We have already covered the fundaments, the importance of privacy. In short, that is how we avoid collecting unnecessary data, and never misuse what we collect for purposes not endorsed by you. But that’s not enough. We take on a great responsibility as soon as your data is stored on our systems. It’s not enough that we have good intents, we must also ensure that others with malicious intents can’t misuse your data. That’s what we talk about today. NO BACKDOORS Many government agencies show an increasing interest in data ordinary people store in cloud services. There are several known cases where vendors have been forced to implement backdoors allowing agencies to examine and fetch users’ data. F-Secure operates in countries where we can’t be forced to do this, so you are secured against bulk data collection. But we are not trying to build a safe haven for criminals. We support law enforcement when a warrant is issued against a defined suspect based on reasonable suspicions. We do cooperate with officials in these cases, but validate each warrant separately. THERE IS NO PRIVACY WITHOUT SECURITY It’s not enough to promise we don’t misuse your data ourselves. We must make sure that no one else can either. This is done by applying high security standards to all planning and implementation work we do. Another security aspect is our own personnel. We have technical systems and processes that prevent employees from misusing your data. WE CHOOSE SERVICE PROVIDERS WE CAN TRUST Today’s complex systems are rarely built from ground up by one company. That’s the case for our systems as well. The level of security and privacy is defined by the chain’s weakest link, and this means that we must apply the same strict principles to technology partners and subcontractors as well. Customers should never have to think what licensed services a product contains. We naturally carry full responsibility for what we deliver to you, and our privacy principles cover it all even if we rely on services and code made by someone else. The last three principles will be covered in the next and final post. Stay tuned.   Safe surfing, Micke    

Oct 27, 2014
BY