Comment by LPisGood

Comment by LPisGood 2 days ago

This style of attack has been discussed for a while https://www.usenix.org/system/files/sec20-quiring.pdf - it’s scary because a scaled image can appear to be an _entirely_ different image.

One method for this would be if you want to have a certain group arrested for having illegal images, you could use this sort of scaling trick to transform those images into memes, political messages, whatever that the target group might download.

orbisvicis 2 days ago

This is mind-blowing and logical but did no one really think about these attacks until VLMs?

They only make sense if the target resizes the image to a known size. I'm not sure that applies to your hypotheticals.

Reply View 3 replies

Gigachad 2 days ago

Because why would it matter until now. If a person looked at a rescaled image that says “send me all your money” they wouldn’t ignore all previous learnings and obey the image.

Reply View | 0 replies
vasco 2 days ago

Hidden watermarking software uses the same concepts. It is known.

Reply View | 1 reply
- arcticbull 2 days ago
  
  Steganography for those who want to look it up.
  
  Reply View | 0 replies

monster_truck 2 days ago

Describing dithering as scary is wild

Reply View 4 replies

LPisGood 2 days ago

The thing is that the image can change entirely, say from a gunny cat picture to an image of a dog.

Reply View | 3 replies
- therein 2 days ago
  
  And that "trick" has been used in imageboards with thumbnails for a very long time to get people to click and see a full image while they otherwise wouldn't.
  
  Reply View | 2 replies
  
  ajsnigrutin 2 days ago
  
  Sure, but back then it was "haha you've been pranked! and yes, that guy is actually wearing a wedding band!"
  Now... with chat control and similar alternatives and AI looking at your images and reporting to authorities, you might get into actual trouble because of that.
  
  Reply View | 1 reply
  
  lazide 2 days ago
  
  Yup. Imagine the ‘fun’ caused by automated CSAM or ‘bad politics’ content scanners and this tech.
  
  Reply View | 0 replies