Slashdot Mirror
Will JPEG's Next 'Privacy and Security' Features Include DRM? (davidgerard.co.uk)
David Gerard has concerns about the Joint Photographic Experts Group (the ISO working group handling the JPEG standard for image compression). "They seem to think they can advance the cause of DRM for JPEG images...with a bit of applied blockchain." He bases that charge on the fact that the JPEG committee organized a special session on blockchain, and then created an ad hoc group to define use cases.
After six months' collaboration, the group has produced a white paper -- "Towards a Standardized Framework for Media Blockchain" -- as announced in the press release following the 80th meeting in July. The Executive Summary declares, "Fake news, copyright violation, media forensics, privacy and security are emerging challenges for digital media. JPEG has determined that blockchain technology has great potential as a technology component to address these challenges in transparent and trustable media transactions... [T]he standardization committee continues to work on improving various components of the standard. This includes incorporation of new technologies addressing current challenges related to transparent and trustable media transactions such as JPEG Privacy and Security."
"JPEG Privacy and Security" is described later in the paper. "JPEG Privacy & Security aims at developing a standard for realizing secure image information sharing, capable of ensuring privacy, maintaining data integrity, and protecting intellectual property rights."
That is, "Privacy and Security" is a euphemism for Digital Rights Management (DRM) in JPEG.... Chair of the group Dr, Frederik Temmermans stressed to me that "JPEG is not working on DRM in particular but on a more generic framework that supports privacy and security features." But DRM is very much a significant part of this.
"JPEG Privacy and Security" is described later in the paper. "JPEG Privacy & Security aims at developing a standard for realizing secure image information sharing, capable of ensuring privacy, maintaining data integrity, and protecting intellectual property rights."
That is, "Privacy and Security" is a euphemism for Digital Rights Management (DRM) in JPEG.... Chair of the group Dr, Frederik Temmermans stressed to me that "JPEG is not working on DRM in particular but on a more generic framework that supports privacy and security features." But DRM is very much a significant part of this.
What in the fuck? How are you conflating DRM and GDPR? Do you have any idea what you are talking about (no)?
You don't have to give up more privacy with GDPR, you're starting to see how much privacy you were already giving up because services have to be more specific about what they are doing.
Just like you don't call a GIF a "âYgâY©if" because "the "G" stands for "graphics."
I don't call a GIF a "âYgâY©if" because that's unpronounceable smartphone-produced garbage. I'm taking you off my Christmas list until you get a phone with a functional keyboard. No jifts for you this year.
Over here, "jif" is a brand of household cleaning products.
If you really want to lose your customer base, add in unwanted DRM
Fuck DRM. Tired of the constant battles, tired of watching the shrinking public domain. Tired of rightsholders benefiting from technology and giving little back. Tired of the constant battle for an open Internet. Fuck 'em all.
mandatory cameras that will check if you're not taking pictures of the screen and call a SWAT team to your location if you do.
Isn’t that why we have all been switched over to laptops with the little camera right at the top of the screen? Easily defeated with a piece of tape isn’t it?
/sarcasm Because graphics is pronounced Jraphics, oh wait!
Anyone noticed how we over time have been forced to give up more and more of our privacy?
No. People choose to cede privacy but are not forced to.
There's no patent on jpeg. So who says people have to use DRM'd jpeg encoders?
-- I ignore anonymous replies to my comments and postings.
I guess they didn't learn from their ill-received JPEG2000 format that not everyone appreciates messing with a near-universal standard. Maybe they will call the Blockchain version JPEG2020 so we can ignore it too.
---
ahhhh perhaps you might want to go read what GDPR is, it is the OPPOSITE of what you are claiming. GDPR is all about giving users back ownership and control of their data and imposing sanctions against those that abuse your data. I doubt it will have much effect but it certainly isn't about giving up more privacy.
Dammit, I wish I had mod points. But what's the down-mod for "too funny and made me spray my beer" ?
What the GDPR did was force companies to actually show you just what kind of privacy they rip off you in exchange for their "service". Before that, they could simply silently take away your privacy.
Saying that the GDPR makes you give up your privacy is like saying having to label food puts artificial crap and MSG into it. It was in there before, you just didn't know.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
as in 'is this picture the authentic original'. digital signature and checksum could simply be embedded into the file.
resize, resample, crop, or otherwise alter the image and the checksum fails.
anything else is over-reaching that stated goal.
if jpg evolves into a drm-laden piece of shit, the format will die
So then you know that this piece of malware was written by Ali Ben Gali in Ticspoli, Generistan. Now what? Try calling the police in Generistan to arrest him? They'll laugh at you, tell you that they have real problems to deal with and can't waste resources on your first world problems, and hang up.
I'm not kidding. We did at quite a few times identify control servers for malware, handed the case to interpol and basically got the answer that it's useless because 'til you get anything going in that particular country, you can as well simply not waste your time and resources since the server's gone before you get anywhere close to raiding the place.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
How the fuck does GDPR take away privacy. All GDPR does is force companies to reveal how much of your data they are taking and ensure they have your permission. Previously they did this without any permission. GDPR increases your privacy not decreases it. It also puts a responsibility on those companies where they can face serious financial punishments if they don't protect your data from compromise.
Mockery is the best weapon.
I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
You have obviously missed all the updated agreements that now have appeared with writing circumventing GDPR.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
If they are agreements circumventing GDPR then it isn't GDPR that is violating your privacy, it is the arsehole politicians looking to work around it and the reasons they have to do that is GDPR actually makes what they were previously doing silently illegal.
companies don't get to choose how I pronounce things. I'm dutch, and pronounce it with a dutch 'g'.
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
It's pronounced "Jiff," like the peanut butter more moms prefer.
If you pronounce GIF as "jiff", then how do you pronounce "JIF" (JPEG Interchange Format)?
What the GDPR did was force companies to actually show you just what kind of privacy they rip off you in exchange for their "service". Before that, they could simply silently take away your privacy. Saying that the GDPR makes you give up your privacy is like saying having to label food puts artificial crap and MSG into it. It was in there before, you just didn't know.
The only thing the GDPR has done is to drive consumers into EULA exhaustion on every damn website they visit and make sure they have a tracking cookie to remember your GDPR consent, try turning cookies off and you'll now go crazy. And once you do click OK there's no standard placement/icon/requirement to let you go back and review/change what you've agreed to. Basically what the solution completely fails to have is some sort of auto-negotiation where the web page could say I'd like to track you in these ways, the client could answer back "nope, these are my privacy preferences" and the site could either let it pass or say that this tracking is mandatory, either you agree or you can't access the content. Take for example /. it probably needs to track that I'm logged in as a user. But one or a hundred tracking methods is roughly equally annoying once they have to beg for permission.
Live today, because you never know what tomorrow brings
A big one is a digital signature to verify lack of tampering (photoshop). Ideally, you'd like to be able to crop or redact some portions but still have a valid signature on the rest. (Some sort of tree hash seems the obvious way to do that.)
And blockchain is a good way to build a notary service, attesting to the fact that I took a picture prior to some time. Either for copyright registration ordocumentary ("this picture of Bad Shit was taken during the incident and not staged later") purposes.
Is that really DRM?
I think the better word for what you are stating is steganography. Yes, it is a good way to locate the source of leaked data, but I would not call it DRM since it can't be used to control who can see the image, and when.
A better example of DRM in imagery would be the dot patterns (CDS shown on some bank notes that mainstream software like Photoshop, some scanners, and some printers, are forced to detect and reject loading/editing the image. But you can only enforce such a thing at the state level.
Stupid people aren't going to make sure the pictures they look at have a proper paper trail, just like they don't fact-check things now. And groups seeking to spread fake-news either aren't going to use a traceable image format, or they will merely screenshot and resave the image before using it themselves to break the chain.
It's weird, but I have never heard anybody, least of all someone from CompuServe, pronounce GIF with a soft G. It was as in gift with no deviations until only recently, at which point I don't care how the creators wanted it to be pronounced because it's too late now. If everybody was saying it wrong, why weren't they being corrected 25 years ago?
"Wait. Something's happening. It's opening up! My God, it's full of apricots!"
Obviously, that was exactly the point I was making.
If you want to have conversations like "Please send me that in jiff format. You know, the JPEG one, not the CompuServe one.", be my guest.
I'll avoid the homophones and call a GIF a giff...
I'm not advocating vigilante justice in the general. But, there is a time and a place for it, and at some point you just have to grow some balls and go there yourself.
I once supplied some software to a US company in good faith that they would purchase it. Once they had the library they went completely dark with their communications. For a while I suspected they were still using the software, and had spent the 5-10 minutes required to decompile and remove the simple date-expiration check I had added to the version I had sent to them. Anyway, I happened to be visiting the US some six months later, so I looked up the company, found their office, and turned up in the lobby and asked to speak to the guy I had supplied the software to. When he came down and I explained who I was he absolutely crapped himself: he knew he was in the wrong, he knew that once I was *there* in person everything had changed. Of course I didn't threaten him, or do anything rash. I just asked him if he was still using the library and whether he was going to purchase it: if he did, great, we needed to get a sales contract drawn up, if not, then he had to delete all copies of the software from his systems. In the end he didn't purchase the software, and to this day I don't know if he really way using a cracked copy, so the entire thing could have been for nothing.
..there's no standard placement/icon/requirement to let you go back and review/change what you've agreed to..
If you cannot easily see what you agreed to earlier, that would be in breach of article 12.1 of the GDPR. That is the very first article specifying the rights of the consumer. It may be stupid legislation, for protecting dumb consumers, but is is deliberate and thouroughly planned stupidity all the same.
You have obviously missed all the updated agreements that now have appeared with writing circumventing GDPR.
Yes, GDPR requires them to get an explicit permission from you to store data about you that they didn't need a permission for before.
If you get a lot of requests like that then it is because you didn't care about your privacy before.
If you agree to them it is because you don't care about your privacy now.
Luckily GDPR also requires that companies delete the data about you they have if you ask them to and EU has already told them that the fines are supposed to be a deterrent and not something that they can write off as "cost of operation"
If you value your privacy you should start digging through your mailbox regarding those GDPR updated ToS and start asking them to remove the data about you that they are collecting.
Quite a few site I land on just plain tell" go away we cannot offer you any page view due to GPDR" (paraphrased the real message is : "We recognize you are attempting to access this website from a country belonging to the European Economic Area (EEA) including the EU which enforces the General Data Protection Regulation (GDPR) and therefore access cannot be granted at this time. For any issues, contact content@richmond.com or call 804-649-6000. )", you got to ask yourself what the heck of a shaddy thing they are doing that they cannot offer you a page view. I am betting on tracker getting a lot of info off you. Because there is no real reason otherwise to forbid due to "legal" reason GPDR area.
C. Sagan : A demon haunted world:
http://www.amazon.com/gp/product/0345409469/
visit randi.org
The GDPR is great, if you are in Europe, but it is a toothless law. Because treaties supersede laws, the WIPO treaty supersedes the GDPR, so if a DRM mechanism violates privacy provisions, it can by the WIPO act.
No treaties does not supersede laws.
Companies doesn't have to care about treaties, they have to follow the law, nothing else.
The treaty might require a country to change the law, but until that has been done the companies have to follow the law.
This might mean that the country is faced with steep fines for violating the treaty but you still have to follow the law.
There are thousands of cases where you have awkward situations where treaties and laws are in conflict with each other and the country keeps paying the fines because changing the law is problematic.
You see this happening in EU all the time.
There are also cases where the treaty would require laws that aren't constitutional. Again, there are usually fines to pay until the treaty is renegotiated.
GDPR is still toothless outside of EU, not because treaties supersede laws (because they don't) but because EU doesn't care about what companies in countries outside of EU does unless it impacts EU citizens.
Their power to dictate what companies outside of EU does is also limited. The only thing they can do is put political pressure on other countries to play ball.
"WebP is better in every way."
Except for browser support.
No thanks, I'll stick with PNG. For web page graphics it is a perfect little format and has great browser support. If I am truly optimising page load times then I can put all my little graphics in one big PNG and use CSS sprites.
For those wanting a comparison of PNG vs WebP you can get one here. The main advantage is alpha transparency with lossy encoding, e.g. transparent backgrounds for JPEG images. This is actually a pretty good application, as I once had to code my own in Javascript using two images: a JPEG and a greyscale PNG of the mask.
I hope you give people advance warning so they can deploy their umbrellas.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
yes it is and that is great as now I can make a choice to give them access to my data or decide their content is not worth trading my data for. Previously they would just take my data.
"Jury is still out on the "GIF" pronounciation."
No, it's not and there is no jury. The author of the format stated the correct pronunciation so it's not up for debate. Since the day GIF was used it has been pronounced "jif", it's only recently that children feel entitled to ignore history because they can't be bothered to learn it.
"So to me, GIF has always been the same "G" I say "graphics" with, just with "iff" on the end: "giff""
When you create a format that the entire world uses, feel free to name it how you like. Meanwhile, your opinion on the work of others doesn't matter.
What was the guidance from the creators of the format, and why does that matter?
Imagine two words with the same pronunciation! How can we ever cope!
If a website is wholly supported by advertising, they probably aren't making enough money on ads that aren't based on heavy tracking data. So they refuse their operational expenses by blocking access from unprofitable areas. This doesn't mean it's good or right. Just more transparent than it was before
I've been saying it with a soft g for around 20 years now. There were no debates because nerds were not talking to each other out loud, only by electronic communication. When they had to add the word to their vernacular spoken English they finally had to think about pronunciation. Before that, everyone assumed we all pronounced it the same, if at all.
If it costs a website more to serve up a page with non-tracking ads to a European than to serve up a "blocked" page, then their web design must've reached new levels of absurdity with hundreds of gigabytes of javascript libraries.
This space intentionally left blank
Static pages are less resource intensive than dynamic content. Also, people don't tend to browse around from blocked page to blocked page.
It featured a lossless compression mode. Back around 2000, I used JPEG2000 to make archival copies of my scanned photos. They came out roughly half the size of an equivalent TIFF.
JPEG2000's drawback (and probably its undoing) was that it was simply too processor-intensive for the hardware at the time. It took my 300 MHz Celeron about 5 minutes to compress a photo into JPEG2000 format, nearly a minute to decompress (read) it. That meant that you still had to rely on TIFF to save your intermediate photo editing steps. So lossless JPEG2000 only ended up saving you about 5%-10% of the storage space if you kept those intermediate editing savefiles, rather than 50%. At which point you figured why bother? Just save the final result as TIFF like you always did.
JPEG was the same when it first came out. I remember downloading a copy of it way back in the late 1980s when it was still being beta tested. It took over a minute to decompress a 1024x768 photo on my 33 MHz PC. But the file size was only about 200 kB, vs over a megabyte for a compressed bitmap (GIF crushes images down to 256 colors). The difference was JPEG didn't have any competing formats which could get sizes down as small, and disk prices and slow network speeds (300 bps dialup) meant shrinking image file size was incredibly important. But by 2000, storage prices had come way down and a good chunk of the country had broadband Internet speeds, meaning the extra file size reduction of JPEG2000 simply wasn't worth the huge amount of time it took on contemporaneous processors.
In the case it's not the politicians, but the web sites that are violating your privacy.
That said, most of the sites I visit posted notices saying they weren't doing anything in violation. Like Slashdot did.
I think we've pushed this "anyone can grow up to be president" thing too far.
To be fair, many smaller sites just can't afford a lawyer to tell them that what they're doing already is legal. You shouldn't assume that they're actually doing something vile, when it's plausible that they just don't know what the law means.
I think we've pushed this "anyone can grow up to be president" thing too far.
This depends on your definition of "forced". Have you gone to see a doctor recently? Visited an emergency room? Opened a bank account?
I think we've pushed this "anyone can grow up to be president" thing too far.
No treaties does not supersede laws.
If you are in the US, as I am, you are absolutely incorrect. The US Constitution is quite clear that treaties do, in fact, supersede all laws written by any state. In fact, the text of the constitution does seem to imply that the constitution itself can be superseded by treaty. But that is a matter of some debate. I, myself, have studied this particular clause and can't make up my mind on it.
Here is the relevant text:
This Constitution, and the Laws of the United States which shall be made in Pursuance thereof; and all Treaties made, or which shall be made, under the Authority of the United States, shall be the supreme Law of the Land; and the Judges in every State shall be bound thereby, any Thing in the Constitution or Laws of any State to the Contrary notwithstanding.
I know this particular debate is in regards to the GDPR, but to some extent, a treaty will at least supersede any local (non federal) laws no matter what nation is involved. I think a reasonable person would agree that a treaty would be worthless if any local or regional governor, mayor, etc could override it.
So the blanket statement that treaties do not supersede laws is, at least, in need of clarification.
Technology is, and has been, eroding our privacy without us being involved at all. Leaving the internet out of the debate for a moment, technology has stripped us of many privacies that we have enjoyed since we crawled out of the mud.
One used to have a certain level of privacy inside their house. This is no longer the case as we have technology that can see through walls (xrays, infrared, radio tracking). This technology is available to the public and is no longer solely in the hands of nation states. So, while laws are in place to punish your neighbor for watching you bang you wife through the walls, nothing we have now prevents it in the first place.. Well, nothing as cost effective as the technology itself.
Again, I realize this is outside the scope of the GDPR, but our internet privacy is just one small slice of our overall privacy "health".
Your privacy on the internet isn't going to amount to a hill of beans once the technology to spy on you from a distance becomes cheap enough. If I can aim a doodad at your house, from across the street, and record everything on your computer screen, and determine everything you are doing inside the house as well, who the fuck cares if Slashdot is storing cookies or not?
I'm not sure if our privacy can ever be regained. At the best, I think, will be small band-aids like GDPR. A dedicated and determined individual can strip you of all of your false notions of privacy pretty quickly.
> have never heard anybody, least of all someone from CompuServe, pronounce GIF with a soft G.
Same. Guess it depends on location: east/west, US vs UK, etc.
> why weren't they being corrected 25 years ago?
Because no one really gives a fuck except the pedantic. A similar argument arose over how "gib" was pronounced in the Quake 1 days:
* Hard G, like "gift" (with near-close front unrounded vowel) (/g_ft/), similar to gibbous; rhymes with "rib",
* Soft G, like "jive" pronounced "jib", (with tailed z, /d_rb/) a boom used in Crane (machine), Jib (crane), or Cinematography, or Sailing -- a triangular sail that sets ahead of the foremast on sail boat. Ironically, in 1847 "jib" was spelled "gib".
Notice how even "b" is getting hijacked: gibibyte is pronounced like gigabyte acording to the Cambridge dictionary.
Maybe they learned that enough people on corporate repeater sites like these will dance the DRM (digital restrictions management because I side with the user class) two-step: when something isn't yet implemented, push for its need absent any evidence that such need exists. Ignore that we need not think above business above all else, and ignore that even within that all-too-limited business-first framing businesses existed and worked at least as well without DRM. Later, if the DRM is implemented but not yet popular, talk about the DRM as if it were a well-established standard only fools speak up against (the "deplorables" of the tech world). People who seek to control the computers they own, perhaps, but people who have a long history of seeing how badly DRM recipients are treated. Thus DRM ends up being given the red carpet from mere idea to early implementation as if it were always in our interest (DRM is never in our interest) and we'd be wise to accept yet another loss of software freedom (as DRM implementations require proprietary, nonfree, user-subjugating software).
Digital Citizen
It's not my fault the author of the format has a poor grasp on the English language and chooses to pronounce it as a "J".
He learned how to say giraffe in his ESL class and it just stuck from there.
Giraffics Interchange Format.
Comment removed based on user account deletion
What about GIMP, then?
The claim from the OP was that laws and agreements have been passed that permit the bypassing of GDPR, websites can't do that (at least not without agreements from lawmakers.)
You don't circumvent the GDPR by such an agreement. All you do is get told what it was which was being hoovered up in the first place. Congradulations, you just discovered how "on the market" you already were while using your free services.
The only thing the GDPR has done is to drive consumers into EULA exhaustion
And yet here we are talking about privacy, so clearly the GDPR has done more than that.
Oh and many websites load faster for EU visitors, so no, the GDPR has done much more precisely becaue in many cases an EULA is not sufficient for GDPR compliance.
Except they didn't, of course. Much like they didn't invent the telephone...
Otis might have invented the safety elevator, but he built on an invention that has been around for over 2000 years.
"Wait. Something's happening. It's opening up! My God, it's full of apricots!"