Will JPEG's Next 'Privacy and Security' Features Include DRM?

David Gerard has concerns about the Joint Photographic Experts Group (the ISO working group handling the JPEG standard for image compression). "They seem to think they can advance the cause of DRM for JPEG images...with a bit of applied blockchain." He bases that charge on the fact that the JPEG committee organized a special session on blockchain, and then created an ad hoc group to define use cases. After six months' collaboration, the group has produced a white paper -- "Towards a Standardized Framework for Media Blockchain" -- as announced in the press release following the 80th meeting in July. The Executive Summary declares, "Fake news, copyright violation, media forensics, privacy and security are emerging challenges for digital media. JPEG has determined that blockchain technology has great potential as a technology component to address these challenges in transparent and trustable media transactions... [T]he standardization committee continues to work on improving various components of the standard. This includes incorporation of new technologies addressing current challenges related to transparent and trustable media transactions such as JPEG Privacy and Security."

"JPEG Privacy and Security" is described later in the paper. "JPEG Privacy & Security aims at developing a standard for realizing secure image information sharing, capable of ensuring privacy, maintaining data integrity, and protecting intellectual property rights."

That is, "Privacy and Security" is a euphemism for Digital Rights Management (DRM) in JPEG.... Chair of the group Dr, Frederik Temmermans stressed to me that "JPEG is not working on DRM in particular but on a more generic framework that supports privacy and security features." But DRM is very much a significant part of this.

Re:DRM is all about money and not about privacy.

You don't have to give up more privacy with GDPR, you're starting to see how much privacy you were already giving up because services have to be more specific about what they are doing.

Re:You don't call a JPEG a "Jay-/f/eg"

Just like you don't call a GIF a "âYgâY©if" because "the "G" stands for "graphics."

I don't call a GIF a "âYgâY©if" because that's unpronounceable smartphone-produced garbage. I'm taking you off my Christmas list until you get a phone with a functional keyboard. No jifts for you this year.

Re:You don't call a JPEG a "Jay-/f/eg"

[UnknownSoldier]

/sarcasm Because graphics is pronounced Jraphics, oh wait!

/sarcasm It's pronounced Gif like gift, you git. =P

JPEG2000 didn't teach them

[CaptQuark]

I guess they didn't learn from their ill-received JPEG2000 format that not everyone appreciates messing with a near-universal standard. Maybe they will call the Blockchain version JPEG2020 so we can ignore it too.

---

Re:JPEG2000 didn't teach them

[Kjella]

I guess they didn't learn from their ill-received JPEG2000 format that not everyone appreciates messing with a near-universal standard. Maybe they will call the Blockchain version JPEG2020 so we can ignore it too.

Which is why I'm not very concerned. The JPEG group was there at the right time, in the right place 25 years ago when we needed a "good enough" picture standard for the web and I don't know they've achieved anything of significance since. There's been tons of attempts to replace it which hasn't moved the needle an inch, it'd take an industry-wide alliance with a completely royalty free and open standard to even stand a chance. I'll believe it when I see cameras do "RAW+[new image format]" instead of "RAW+JPG" and you can put it on the web and it'll work in all major browsers on desktop and mobile.

Re:JPEG2000 didn't teach them

[Kjella]

So I don't know if JPEG was cutting edge in 1992 or lossy encoding was widespread in the scientific and research spaces and JPEG just happened to be one such implementation? Can anyone who was there at the time comment?

I think the most correct thing to say is that around that time doing Discrete Cosine Transformations in real time became feasible. Just a random blurb I found:

Currently, the Atari JPEG decoder can decompress a 24 bits 320x200 picture in less than one second, which allows use of JPEG in games for example. This decoder is faster on the Falcon030 than the one we have tested on PC 486 DX2 66Mhz.

Wohoo we can decompress a 320x200 JPG in less than a second. If you wanted to show something like a 1024x768 (XGA, 1990) photo that'd only take like 12 seconds. It's also at the core of MP3 encoding, which also became feasible around the 486/Pentium days. Before that it was usually GIFs with lossless LZW compression or simply BMP with none whatsoever. Lossy decoding was actually a costly task once upon a time. And back then it was mostly stored on a floppy or something, "download time" didn't become a thing until BBS via modem and later the Internet.

Re:DRM is all about money and not about privacy.

[Opportunist]

What the GDPR did was force companies to actually show you just what kind of privacy they rip off you in exchange for their "service". Before that, they could simply silently take away your privacy.

Saying that the GDPR makes you give up your privacy is like saying having to label food puts artificial crap and MSG into it. It was in there before, you just didn't know.

Re:DRM is all about money and not about privacy.

How the fuck does GDPR take away privacy. All GDPR does is force companies to reveal how much of your data they are taking and ensure they have your permission. Previously they did this without any permission. GDPR increases your privacy not decreases it. It also puts a responsibility on those companies where they can face serious financial punishments if they don't protect your data from compromise.

Re:DRM is all about money and not about privacy.

[gravewax]

If they are agreements circumventing GDPR then it isn't GDPR that is violating your privacy, it is the arsehole politicians looking to work around it and the reasons they have to do that is GDPR actually makes what they were previously doing silently illegal.

Re:This helps the migration to png, thanks!

[KiloByte]

And in this case, the customer base is 0. What we all use is an ancient version of JPEG -- the format has completely ossified. Any proposed additions get a big fat rejection: see the libjpeg8 debacle. With a compat break, you can as well go to a completely new format, and proposals from the JPEG group have been laughed out (see JPEG2000).

So the public would move to:
* FLIF (free, technically the best, esp. for non-photographic or hybrid images)
* AVIF (free, has big political backing)
* BPG (useless because of patents, despite being technically good)

And a lossy image format is something for which DRM is a non-starter, because of the ease of screenshotting or even taking the picture of the screen with a camera.

Re:This helps the migration to png, thanks!

[KiloByte]

Did you know that MP3 is a good as AAC?

Uhm, there are MP3 samples at 320kbps (the max allowed by the format) that even I, with my aged ears and not so good gear, can ABX from lossless. Those with better ears and more training can ABX a typical not-specially-picked piece of music (stress on "music", there's a lot of crap serfed for ~4 bits of dynamic range).

You want OPUS not AAC, by the way, it's a good deal better, with no sample+gear+person combination known to ABX it at 128kbps, and hard at 96kbps.

Re:JPEG?

"WebP is better in every way."

Except for browser support.

No thanks, I'll stick with PNG. For web page graphics it is a perfect little format and has great browser support. If I am truly optimising page load times then I can put all my little graphics in one big PNG and use CSS sprites.

For those wanting a comparison of PNG vs WebP you can get one here. The main advantage is alpha transparency with lossy encoding, e.g. transparent backgrounds for JPEG images. This is actually a pretty good application, as I once had to code my own in Javascript using two images: a JPEG and a greyscale PNG of the mask.

Re:Not only that but some US site warn us to go aw

[omnichad]

Static pages are less resource intensive than dynamic content. Also, people don't tend to browse around from blocked page to blocked page.

Re:Not only that but some US site warn us to go aw

[HiThere]

To be fair, many smaller sites just can't afford a lawyer to tell them that what they're doing already is legal. You shouldn't assume that they're actually doing something vile, when it's plausible that they just don't know what the law means.

Re:DRM is all about money and not about privacy.

[HiThere]

This depends on your definition of "forced". Have you gone to see a doctor recently? Visited an emergency room? Opened a bank account?

Re:DMCA/WIPO GDPR

[jpaine619]

No treaties does not supersede laws.

If you are in the US, as I am, you are absolutely incorrect. The US Constitution is quite clear that treaties do, in fact, supersede all laws written by any state. In fact, the text of the constitution does seem to imply that the constitution itself can be superseded by treaty. But that is a matter of some debate. I, myself, have studied this particular clause and can't make up my mind on it.

Here is the relevant text:

This Constitution, and the Laws of the United States which shall be made in Pursuance thereof; and all Treaties made, or which shall be made, under the Authority of the United States, shall be the supreme Law of the Land; and the Judges in every State shall be bound thereby, any Thing in the Constitution or Laws of any State to the Contrary notwithstanding.

I know this particular debate is in regards to the GDPR, but to some extent, a treaty will at least supersede any local (non federal) laws no matter what nation is involved. I think a reasonable person would agree that a treaty would be worthless if any local or regional governor, mayor, etc could override it.

So the blanket statement that treaties do not supersede laws is, at least, in need of clarification.