[-] tal@lemmy.today 7 points 3 hours ago* (last edited 2 hours ago)

Most AI image generators that generate images add EXIF metadata indicating that the image is AI-generated. This helps people who want to identify AI-generated images readily.

In the case of ComfyUI, it even includes the entire workflow


like, another ComfyUI user can just grab the image, drop it onto their ComfyUI Web UI and they'll be right where the generating user was.

Unfortunately, EXIF metadata can contain location information


some cameras and such add it


and this metadata led to people posting images at places like Reddit being doxxed after they didn't realize that they were posting their GPS location and maybe real name, stuff that some cameras attach. As a result, a number of image-hosting places simply strip all metadata, to prevent users from from accidentally leaking this information.

Pict-rs, the software package that Lemmy hosts run to permit image uploads, does this. Unfortunately, it means that those "this is an AI-generated image" tags get stripped off.

So, for example, on my system, with ComfyUI, using ImageMagick:

$ identify -verbose output/ComfyUI_00312_.png 

"Properties:prompt" has a JSON encoding of the workflow.

Sample images generated by various AI image generators are readily-available on civitai.com.

For this generator that generated this image on civitai, it looks like the parameter is "Properties:parameters".

I believe that there are a small number of such tags today.

It would be technically possible to just not have pict-rs strip that particular tag (or tags, if there are multiple that a given generator adds?) off, have a list of "AI-generated tags", then have Lemmy add some visual indicator that an image is AI-generated. I'd suggest that this is probably a better longer-term route to indicate that an image is AI-generated than manually-tagging post titles, for a couple of reasons:

  • Spiders that index images on the Web will know that the image is AI-generated and can flag that for users and let them use that as a filtering criteria (e.g. Kagi Images permits for this). They aren't going to understand tags in post titles, but the metadata tags are somewhat universal.

  • Doesn't require manual effort if an image can have some indicator or flair or whatever put on it automatically. And I guarantee that some users are going to get this wrong just by accident, because different instances have different rules. Easier to change how a computer works than to change human behavior across-the-board.

  • Works on all instances.

  • The information remains attached to the image even if downloaded.

  • Works for images that aren't just the subject of single-image posts and don't have an associated title.

  • Speaking purely for myself, I kind of like the open-source, collaborative aspect of sharing the workflows or prompts, since it helps other users see how an image was created and learn from it; it's something that I'm glad to see the generators include, and I'm kind of sad that we strip it off on the Threadiverse.

[-] tal@lemmy.today 1 points 4 hours ago

Yeah, I remember reading about AI Horde a while back and thought about it, but wasn't comfortable with having an system that fields requests from the outside world, as my GPU is on a desktop and I'm not totally sold on how well these guys have hardened the thing. If I had a dedicated compute node for doing renders, I'd probably be fine with it, as it just eats some electricity then.

[-] tal@lemmy.today 0 points 6 hours ago

Hahaha, that's fantastic. Thanks, @db@lemmy.dbzer0.com. I can't believe that I had been unaware of this for years.

I've got local hardware myself, but this makes generation way more accessible to random users on the Threadiverse without tying them to commercial services, including users who are using a phone and can't really run the stuff locally.

skims bot FAQ more

It does look like the bot tries to block NSFW stuff, but outside of that, it looks pretty permissive of whatever, and while the style list doesn't clearly distinguish between styles consisting of prompts for one model and different models, there are a lot of models in there that I recognize. Just append style: flux to the end of the prompt. It's got Flux (style: flux), Pony (style: pony), Pony Realism (style: pony realism), the Nova family (style: nova anime xl, style: nova, style: nova furry pony), Stable Diffusion 3 (style: sd3), SDXL (style: sdxl), Mistoon (style: mistoon anime), just from a very quick skim. I guess AI Horde must have a list of models and the ability to just download models or something if it doesn't already have them present on a node?

[-] tal@lemmy.today 3 points 6 hours ago

skims bot FAQ

Oh, dang, it even runs multiple models, and it looks like it can run Flux, which can handle fairly English-language-looking prompts.

I gotta see this.

@aihorde@lemmy.dbzer0.com draw for me An engraving of a skunk. style: flux

[-] tal@lemmy.today 2 points 7 hours ago

Hahaha, awesome, db0, didn't know that you'd set this up until now.

[-] tal@lemmy.today 4 points 17 hours ago

A couple of my favorites from that thread:

@FlyingSquid@lemmy.world

@ThunderWhiskers@lemmy.world

@YodaDaCoda@sh.itjust.works

@DredUnicorn@lemmy.world

@Thelsim@sh.itjust.works

@anonymoose@lemmy.ca

@itslilith@lemmy.blahaj.zone

@starcat@lemmy.world

@Tlaloc_Temporal@lemmy.ca

@Usernameblankface@lemmy.world (also OP here, also the person who brought the idea up in another thread)

@WandFliesenWodka@lemmy.world

[-] tal@lemmy.today 3 points 18 hours ago

Link to the original version of this thread to which OP is referring, which was quite a hit some time back:

https://lemmy.world/post/7371120

[-] tal@lemmy.today 3 points 18 hours ago

Up to par with your usual work, merde!

[-] tal@lemmy.today 3 points 19 hours ago

@mutilated_sphincter@lemmy.world:

Operating on the assumption that even merde may not want to touch this one, using realmixXL_v15:

[-] tal@lemmy.today 4 points 19 hours ago* (last edited 19 hours ago)

Sure! I use ComfyUI locally. Replacing the underscore with a space under the assumption that this is the intended wording and using flux1-dev-fp8:

With stoiqNewrealityFLUXSD35_f1DAlphaTwo:

With realmixXL_v15:

[-] tal@lemmy.today 6 points 23 hours ago

considers

Fair enough; I can do one for you. I have a local ComfyUI setup, so prompt data won't go anywhere. Heck, even if I were generating it on a service, it'd be useless for letting said service gain information about you, as I don't know who or where you are.

For "over_clox", using stoiqNewrealityFLUXSD35_f1DAlphaTwo:

132

Original post by Crul@lemm.ee:

Source: Photo by Sandstein - File:Epson HX-20 in case - MfK Bern.jpg - Wikimedia Commons

Wikipedia: Epson HX-20

The Epson HX-20 (also known as the HC-20) was the first "true" laptop computer. It was invented in July 1980 by Yukio Yokozawa, who worked for Suwa Seikosha, a branch of Japanese company Seiko (now Seiko Epson), receiving a patent for the invention.

Seen on Functional object - Object, Epson, Epson portable computer, 1980-1989

101

https://lemm.ee/post/65824884 for details.

Moderators interested in migrating to a new community on another instance might want to consider selecting an instance and doing so sooner rather than later so that users here have time to see a migration post here and subscribe to the new community.

46
submitted 1 week ago by tal@lemmy.today to c/news@lemmy.world
114
submitted 1 week ago by tal@lemmy.today to c/news@lemmy.world
131
submitted 1 week ago by tal@lemmy.today to c/world@lemmy.world
30
submitted 2 weeks ago by tal@lemmy.today to c/world@lemmy.world
21
submitted 2 weeks ago by tal@lemmy.today to c/floridaman@lemmy.world
5
submitted 2 weeks ago by tal@lemmy.today to c/news@lemmy.world
8
submitted 3 weeks ago by tal@lemmy.today to c/news@lemmy.world
523
submitted 1 month ago by tal@lemmy.today to c/theonion@midwest.social
278
8
submitted 2 months ago* (last edited 2 months ago) by tal@lemmy.today to c/privacy@lemmy.world

For those not familiar, there are numerous messages containing images being repeatedly spammed to many Threadiverse users talking about a Polish girl named "Nicole". This has been ongoing for some time now.

Lemmy permits external inline image references to be embedded in messages. This means that if a unique image URL or set of image URLs are sent to each user, it's possible to log the IP addresses that fetch these images; by analyzing the log, one can determine the IP address that a user has.

In some earlier discussion, someone had claimed that local lemmy instances cache these on their local pict-rs instance and rewrite messages to reference the local image.

It does appear that there is a closed issue on the lemmy issue tracker referencing such a deanonymization attack:

https://github.com/LemmyNet/lemmy/issues/1036

I had not looked into these earlier, but it looks like such rewriting and caching intending to avoid this attack is not occurring, at least on my home instance. I hadn't looked until the most-recent message, but the image embedded here is indeed remote:

https://lemmy.doesnotexist.club/pictrs/image/323899d9-79dd-4670-8cf9-f6d008c37e79.png

I haven't stored and looked through a list of these, but as I recall, the user sending them is bouncing around different instances. They certainly are not using the same hostname for their lemmy instance as the pict-rs instance; this message was sent from nicole92 on lemmy.latinlok.com, though the image is hosted on lemmy.doesnotexist.club. I don't know whether they are moving around where the pict-rs instance is located from message to message. If not, it might be possible to block the pict-rs instance in your browser. That will only be a temporary fix, since I see no reason that they couldn't also be moving the hostname on the pict-rs instance.

Another mitigation would be to route one's client software or browser through a VPN.

I don't know if there are admins working on addressing the issue; I'd assume so, but I wanted to at least mention that there might be privacy implications to other users.

In any event, regardless of whether the "Nicole" spammer is aiming to deanonymize users, as things stand, it does appear that someone could do so.

My own take is that the best fix here on the lemmy-and-other-Threadiverse-software-side would be to disable inline images in messages. Someone who wants to reference an image can always link to an external image in a messages, and permit a user to click through. But if remote inline image references can be used, there's no great way to prevent a user's IP address from being exposed.

If anyone has other suggestions to mitigate this (maybe a Greasemonkey snippet to require a click to load inline images as a patch for the lemmy Web UI?), I'm all ears.

view more: next ›

tal

joined 2 years ago