| ▲ | LPisGood 5 days ago |
| This style of attack has been discussed for a while https://www.usenix.org/system/files/sec20-quiring.pdf - it’s scary because a scaled image can appear to be an _entirely_ different image. One method for this would be if you want to have a certain group arrested for having illegal images, you could use this sort of scaling trick to transform those images into memes, political messages, whatever that the target group might download. |
|
| ▲ | orbisvicis 5 days ago | parent | next [-] |
| This is mind-blowing and logical but did no one really think about these attacks until VLMs? They only make sense if the target resizes the image to a known size. I'm not sure that applies to your hypotheticals. |
| |
| ▲ | Gigachad 5 days ago | parent | next [-] | | Because why would it matter until now. If a person looked at a rescaled image that says “send me all your money” they wouldn’t ignore all previous learnings and obey the image. | |
| ▲ | vasco 5 days ago | parent | prev [-] | | Hidden watermarking software uses the same concepts. It is known. | | |
|
|
| ▲ | monster_truck 5 days ago | parent | prev [-] |
| Describing dithering as scary is wild |
| |
| ▲ | LPisGood 5 days ago | parent [-] | | The thing is that the image can change entirely, say from a gunny cat picture to an image of a dog. | | |
| ▲ | therein 5 days ago | parent [-] | | And that "trick" has been used in imageboards with thumbnails for a very long time to get people to click and see a full image while they otherwise wouldn't. | | |
| ▲ | ajsnigrutin 5 days ago | parent [-] | | Sure, but back then it was "haha you've been pranked! and yes, that guy is actually wearing a wedding band!" Now... with chat control and similar alternatives and AI looking at your images and reporting to authorities, you might get into actual trouble because of that. | | |
| ▲ | lazide 4 days ago | parent [-] | | Yup. Imagine the ‘fun’ caused by automated CSAM or ‘bad politics’ content scanners and this tech. |
|
|
|
|
