The issue is making that green check mark hard to fake for bad actors. Https works because it is verified by the browser itself, outside the display area of the page. Unless all sites begin relying on a media player packed into the browser itself, if the verification even appears to be part of the webpage, it could be faked.
The best way this could be handled is a green check mark near the video that you could click on it and it would give you all the meta data of the video (location, time, source, etc) with a digital signature (what would look like a random string of text) that you could click on and your browser would show you the chain of trust, where the signature came from, that it’s valid, probably the manufacturer of the equipment it was recorded on, etc.
wizardbeard@lemmy.dbzer0.com 11 months ago
brbposting@sh.itjust.works 11 months ago
Hope verification gets built in to operating systems as compromised applications present a risk too.
But I’m sure a crook would build a MAGA Verifier since you can’t trust liberal Apple/Microsoft technology.
dejected_warp_core@lemmy.world 11 months ago
The only thing that comes to mind is something that forces interactivity outside the browser display area; out of the reach of Javascript and CSS. Something that would work for both mobile and desktop would be a toolbar icon that is a target for drag-and-drop. Drag the movie or image to the “verify this” target, and you get a dialogue or notification outside the display area. As a bonus, it can double for verifying TLS on hyperlinks while we’re at it.
Natanael@slrpnk.net 11 months ago
If you set the download manager icon in the browser as permanently visible, then dragging it there could trigger the verification to also run if the metadata is detected, and to them also show whichever metadata it could verify.
dejected_warp_core@lemmy.world 11 months ago
That’s a tad obscure, but makes it much easier to code up a prototype. I like it.
Natanael@slrpnk.net 11 months ago
Do not show a checkmark by default! This is why cryptographers kept telling browsers to de-emphasize the lock icon on TLS (HTTPS) websites. You want to display the claimed author and if you’re able to verify keypair authenticity too or not.
AtHeartEngineer@lemmy.world 11 months ago
Fair point, I agree with this. There should probably be another icon in the browser that shows if all, some, or none of the media on a page has signatures that can be validated. Though that gets messy as well, because what is “media”? Things can be displayed in a web canvas or SVG that appears to be a regular image, when in reality it’s rendered on the fly.
Security and cryptography UX is hard. Good point, thanks for bringing that up! Btw, this is kind of my field.
Natanael@slrpnk.net 11 months ago
I run /r/crypto at reddit (not so active these days due to needing to keep it locked because of spam bots, but it’s not dead yet), usability issues like this are way too common
AtHeartEngineer@lemmy.world 11 months ago
I ran /r/cryptotechnology for years, and am good friends with the /r/cc mods. Reddit is a mess though, especially in the crypto areas.
ulterno@lemmy.kde.social 11 months ago
Just make sure the check mark is outside the video.
Natanael@slrpnk.net 11 months ago
Browser controlled modal.