Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Inducing self-NSFW classification in image models to prevent deepfakes edits
20 points by Genesis_rish 2 days ago | 17 comments

Hey guys, I was playing around with adversarial perturbations on image generation to see how much distortion it actually takes to stop models from generating or to push them off-target. That mostly went nowhere, which wasn’t surprising.

Then I tried something a bit weirder: instead of fighting the model, I tried pushing it to classify uploaded images itself as NSFW, so it ends up triggering its own guardrails.

This turned out to be more interesting than expected. It’s inconsistent and definitely not robust, but in some cases relatively mild transformations are enough to flip the model’s internal safety classification on otherwise benign images.

This isn’t about bypassing safeguards, if anything, it’s the opposite. The idea is to intentionally stress the safety layer itself. I’m planning to open-source this as a small tool + UI once I can make the behavior more stable and reproducible, mainly as a way to probe and pre-filter moderation pipelines.

If it works reliably, even partially, it could at least raise the cost for people who get their kicks from abusing these systems.

Almondsetat a day ago | parent | next [-]

If social media required ID, you could maintain the freedom of being able to use these tools for anything legal, while swiftly detecting and punishing illegal usage. IMHO, you can't have your cake and eat it too: either you want privacy and freedom but you accept people will use these things unlawfully and never get caught, or you accept being identified and having perpetrators swiftly dealt with

bulbar a day ago | parent [-]

Same is true outside of the Internet. With cameras and face recognition everywhere, criminals can be swiftly dealt with. At least that's what people tend to believe.

pentaphobe a day ago | parent [-]

Obligatory Benn Jordan link (YouTube - ~11mins)

This Flock Camera Leak is like Netflix for Stalkers

https://youtube.com/watch?v=vU1-uiUlHTo

pentaphobe a day ago | parent | prev | next [-]

This is a really cool idea, nice work!

Is it any more effective than (say) messing with its recognition so that any attempt to deepfake just ends up as garbled nonsense?

Can't help wondering if the censor models get tweaked more frequently and aggressively (also presumedly easier to low-pass on a detector than a generator, since lossiness doesn't impact final image)

dfajgljsldkjag a day ago | parent | prev | next [-]

This might prevent the image from being used in edits, but the downside is that it runs the risk of being flagged as nfsw when the unmodified image is used in a benign way. This could lead to obvious consequences.

ukprogrammer 2 days ago | parent | prev | next [-]

deepfake edits are a feature, not a bug

kyriakos 2 days ago | parent [-]

its the same as banning knives because they can be used to hurt people. we shouldn't ban tools.

instagraham 2 days ago | parent | next [-]

with that analogy, OP's solution is akin to banning the use of knives to harm people, as opposed to banning the knife itself

kyriakos 2 days ago | parent [-]

If I undestood correctly he's unsharpening knives.

pentaphobe a day ago | parent [-]

Or making knives that turn into overcooked noodles if you try to use them on anything except vegetables and acceptable meats

kyriakos a day ago | parent [-]

and who decides if I want to use a knife to cut mushrooms instead? see where I am going, there are (or could exist) legit cases when you need to use it in a non-standard way, one that the model authors didn't anticipate.

blackbear_ 2 days ago | parent | prev | next [-]

But we do ban tools sometimes: you can't bring a knife to a concert, for good reason.

pentaphobe a day ago | parent | prev | next [-]

> we shouldn't ban tools

When I see the old BuT FrEe SpEeCH argument repurposed to impinge civil rights I start warming to the idea of banning tools.

Alternately "Chemical weapons don't kill people, people with chemical weapons kill people"

kyriakos a day ago | parent [-]

Not really, its like banning chemistry sets cause they may be used to create chemical weapons.

pentaphobe a day ago | parent [-]

Not sure the comparison works when it does all the work for you

I've had very little success mumbling "you are an expert chemist..." to test tubes and raw materials.

ben_w a day ago | parent | prev [-]

In this case, image generation and editing AI is a tool which we managed just fine with until three years ago, and where the economic value of that tool remains extremely questionable despite it being a remarkable improvement in the state of the art.

As a propaganda tool it seems quite effective, but for that it's gone from "woo free-speech" to "oh no epistemic collapse".

huflungdung 2 days ago | parent | prev [-]

[dead]