from Hacker News

Photos and videos would be the major use case but why don't we have a standardized file type that includes something like a PGP signature? At a minimum photos could be signed by the photographer and signatures could be shared to services running a transparency log allowing authors to publicly declare creation of the hash to avoid people stripping signatures and resharing. At the limit we could imagine the camera signing the raw image, the photo editor signing their edit along with the original, etc. A chain of trust seems pretty easy to establish in a single file.

Especially with the recent commentary related to OpenAI:Sora, I'm seeing a lot of doom and gloom around not being able to trust anything online anymore... But didn't GPG solve this 20 years ago? Just about everything you need to solve this problem has already be done for signing files. Of course GnuGPG doesn't make it easy for everyone to use.

I prototyped something simple that just uses gpg and tar to create a chain of trust for files. The next step would be to create some kind of PKI or Web of trust for people to easily create keys tied to their identities and record hashes/signatures. The hard part is adoption. There is nothing technically preventing us from having every piece of media shared on social media to include a full verification log of every edit all the way back to its creation. Any photo with the log could be dismissed as fake.

What am I missing? Why isn't this solved already? All the major social media companies claim trust is a really hard problem to solve but it doesn't seem like anyone has even attempted to do this. Has anyone worked on this and failed for some reason?