2/2 Your first exploit is pure social engineering, has nothing to do with C2PA. Just like https://xkcd.com/538/
In the 2nd, Malory can take an existing signed photo of Nadia and produce a dupe with a different date. So what? Given an existing trust relationship they’d investigate and discover the dupe/date story and be puzzled, that’s all.
C2PA works fine for provenance support. That matters.
Tim Bray /
npub19u…253cv
2024-08-08 01:57:37
in reply to nevent1q…k2n5
Author Public Key
npub19ua0a9gu7ggm693nqm6knq3zutckcfde9p6ra7a8fu73xhvy3sgqz253cvPublished at
2024-08-08 01:57:37Event JSON
{
"id": "079b9f999efdeff73fe695a1d9c4354aeff945c451f95fecda13f0e9a34aa80f",
"pubkey": "2f3afe951cf211bd163306f5698222e2f16c25b928743efba74f3d135d848c10",
"created_at": 1723082257,
"kind": 1,
"tags": [
[
"p",
"2f3afe951cf211bd163306f5698222e2f16c25b928743efba74f3d135d848c10"
],
[
"p",
"9704675a95fd694e9748bab92591ea72e3c1caf75d40ae38403e17262d5ac9ce"
],
[
"e",
"f7dc1df3c941d1665e4ef6be577ed170700ea18398441c4bb978151172266ae3",
"",
"root",
"2f3afe951cf211bd163306f5698222e2f16c25b928743efba74f3d135d848c10"
],
[
"p",
"8c3cd29c32329fabbe47614cc7be0051e2ae8fbb2779704462c9fa14d01840b8"
],
[
"e",
"65ad9bb7e9ac3561a92c35a63a46e4e200e9bb053aa720be14c8a52e37ee1db9",
"",
"reply",
"2f3afe951cf211bd163306f5698222e2f16c25b928743efba74f3d135d848c10"
],
[
"proxy",
"https://cosocial.ca/@timbray/112923918836238497",
"web"
],
[
"proxy",
"https://cosocial.ca/users/timbray/statuses/112923918836238497",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://cosocial.ca/users/timbray/statuses/112923918836238497",
"pink.momostr"
],
[
"-"
]
],
"content": "2/2 Your first exploit is pure social engineering, has nothing to do with C2PA. Just like https://xkcd.com/538/\n\nIn the 2nd, Malory can take an existing signed photo of Nadia and produce a dupe with a different date. So what? Given an existing trust relationship they’d investigate and discover the dupe/date story and be puzzled, that’s all.\n\nC2PA works fine for provenance support. That matters.",
"sig": "a39043f5b464ece27328eb14e04101fd74275e5c694cd58a7631b0b72dfb44f9bdf3c3a01885185f413fd11d6d50ad701c257978eea24a9645bd762d396fc481"
}