Discussion summary
A discussion about Meta's signature detection methods reveals vulnerabilities and debates on research accuracy. Participants mention bypass techniques, statistical analysis, and privacy concerns.
What the discussion says
- Some believe the signature can be easily bypassed using known methods.
- Questions raised about the reliability of peer-reviewed research findings.
- Concerns about privacy and platform restrictions, especially on Android and iOS.
“The signature is easily bypassed now: https://twotensors.ai/”
“The claims in the research seem poorly supported, according to some reviewers.”
Comments
Hacker News
by flaxxer
by tarpitt
“According to Google's peer-reviewed and published paper, they claim to have a true positive rate (TPR) above 99.97% -- meaning that they will miss their own watermarks less than 1 in 10,000 times. However, my own empirical testing found that is it much closer to 1 in 20.”
by kamranjon
by a34729t
by f33d5173
by richardfey
Or are you referring to the claims from Meta, Google, and Adobe -- which failed to hold up under independent evaluation.
You are also correct that one of the meta authors wrote in a comment. However, he demonstrated a clear lack of understanding regarding what makes the bits "independent" or how to resolve the independence problem.
by hackerfactor1
I am working on Saigon Watermarks: https://apps.apple.com/us/app/saigon-watermark/id6777061197 for detecting and removing provenence markers in AI.
The tool also removes c2pa markers, which google is now linking the device that took the photo with the photo.
scary stuff.
https://security.googleblog.com/2025/09/pixel-android-truste...
by itake
by hparadiz
by RobotToaster
by UltraSane
https://digital-strategy.ec.europa.eu/en/policies/eu-icons-l...
If Facebook already embeds user IDs in images (AI or no AI) I can only drool to think what kind tracking, advertising and mass surveillance opportunities are coming.
by miohtama
by N19PEDL2
by InsideOutSanta
Join the discussion
Write your take first — we'll ask for email only when you're ready to publish.
- Hacker News
- also, easily bypassed now: https://twotensors.ai/by flaxxer
- There is actually an older method for countering steganography and adversarial image generation attacks: https://en.wikipedia.org/wiki/Gaussian_blurby tarpitt
- How common is it for peer reviewed papers like this to be so far off their claimed findings?
“According to Google's peer-reviewed and published paper, they claim to have a true positive rate (TPR) above 99.97% -- meaning that they will miss their own watermarks less than 1 in 10,000 times. However, my own empirical testing found that is it much closer to 1 in 20.”
by kamranjon - If there were bounties for invalidating peer reviewed research, I suspect this would be a lot leas common.by a34729t
- The point is to embed a particular signature, which was generated randomly, in the image. The distance function discussed is the same as the popcount of the xor. It's well know that the xor of random data with correlated data is statistically random. Hence, however well correlated the signatures of unwatermarked images may be with each other, they would show no correlation with the signature of a watermarked image. That is, unless the watermark by extremely bad luck happened to be near one of these clusters the author discovered. This does represent a genuine flaw, but an extremely minor one, and one that can be easily mitigated with no changes to the underlying algorithm,by f33d5173
- This is a great statistical analysis and it was a pleasure to read, but I wasn't expecting the claims to be so poorly supported. There's also a reply from one of the Meta authors there, worth checking out.by richardfey
- Which claims do you think are poorly supported? I'm the author; I tried to include everything other people need to repeat the same experiments. I've even had two people write in directly to me, stating that they have been able to replicate my findings.
Or are you referring to the claims from Meta, Google, and Adobe -- which failed to hold up under independent evaluation.
You are also correct that one of the meta authors wrote in a comment. However, he demonstrated a clear lack of understanding regarding what makes the bits "independent" or how to resolve the independence problem.
by hackerfactor1 - A watermark is not just “transparency.” It can reveal what tool someone used, how they work, or that an image came from a stigmatized platform. In sensitive contexts—politics, sexuality, medical issues, protest material, or private expression—that can become surveillance.
I am working on Saigon Watermarks: https://apps.apple.com/us/app/saigon-watermark/id6777061197 for detecting and removing provenence markers in AI.
The tool also removes c2pa markers, which google is now linking the device that took the photo with the photo.
scary stuff.
https://security.googleblog.com/2025/09/pixel-android-truste...
by itake - Another reason to drop both iOS and Android.by hparadiz
- No android version?by RobotToaster
- When generative AI can create such good fake images a valid c2pa linked to the source camera will become mandatory for an image to be considered authentic.by UltraSane
- Related to this, the EU AI Act requires mandatory watermarking that is cannot be removed or is illegal to remove.
https://digital-strategy.ec.europa.eu/en/policies/eu-icons-l...
If Facebook already embeds user IDs in images (AI or no AI) I can only drool to think what kind tracking, advertising and mass surveillance opportunities are coming.
by miohtama - How can a watermark be unremovable?by N19PEDL2
- I don't see anything about watermarking in the linked article, it's about labelling requirements. It describes situations where you are required to disclose if an image was AI-generated.by InsideOutSanta
Related stories
Meta says it's facing $1.4T in penalties in teen mental health case
nypost.com · 49 points · 10 comments
Meta's glasses will turn off the camera if you tamper with the privacy light
theverge.com · 4 points · 2 comments
Decoding the obfuscated bash script on a Uniqlo t-shirt
tris.sherliker.net · 1072 points · 181 comments
StreetComplete: Fixing OpenStreetMap, one tiny quest at a time
streetcomplete.app · 761 points · 182 comments
Every new car sold in the European Union must include a driver monitoring camera
allaboutcookies.org · 737 points · 969 comments
Chat Control 1.0 and 2.0 Explained
fightchatcontrol.eu · 645 points · 238 comments