Not as subtle, but Star Citizen's NDA test servers have hidden watermarks to track where screenshots come from. Someone pulled up the edges to show one here: https://i.imgur.com/FXzwlYd.png
You still get leaks because people take screenshots for their bug reports, upload them somewhere (even with an unlisted URL) for discussion on the bug reports forum, and then other users under the same NDA can download your screenshots and share them (rather than getting busted for leaking their own). So having a screenshot from a bug report leak isn't necessarily actionable for banning people.
But it's still useful to prevent, say, users under NDA streaming the super buggy builds on Twitch. Once they're relatively stable, CIG drops the NDA requirement, opens testing to a wider audience, then eventually push out to the main servers.
Doing this with a disguised UI component is a pretty cute implementation.
Because SC is not actually a game. It has evolved into a dream business. They are selling dreams. So secrecy is most important, else the glamour collapse. They lost me when they hired Gillian Anderson, but DRM ridiculousness is on the same level. Such things should not be the focus of a studio working to provide an actual game.
I have thought about this and realized I don't have the knowledge of how Gillian Anderson and the other big name actors have been compensated for their involvement to be critical. Maybe the actors receive the rights to their hirez digital scans, for example. Maybe the actors are getting a cut of the eventual 'box office take.'
The digital scans on their own probably aren't worth much, doing anything with them is a lot of modeling and shader work tied to the game engine. My bet's on good old fashioned money, possibly a cut of Squadron 42 sales, but probably not a cut of the giant pile of crowdfunding.
Mark Hamil and John Rhys-Davies might have been an easier sell, having been in Wing Commander. For the rest, maybe they were excited to work on something that hasn't been done before. The quality of the characters shown in the trailer is crazy.
Such actors do not work for cuts of crowd-funded games. They may get residuals or a share of sales, but they were paid cash for their time. You can hire C and D-list with promises of future pay, but A/B demand money.
A cut of future money means no money. Anyone who is even a bit savvy and carries the kind of clout that comes with a big bank account doesn't need to work for empty promises. If they were promised both, it would be really surprising to me if the immediate money wasn't already enough to pay them for their time. Given that that is the case, "both" suddenly doesn't make sense anymore.
I fire it up for a couple hours every patch, but you're right it's not much of a game yet. There's a certain sense of awe from the scale that other space games don't give me though, so I'm still excited about what it might become. And from a tech perspective, watching all their engine work has been really interesting to me.
The grid of noise in the highlighted edges is from the jpeg compression on the screenshot, if we had the full quality original to work from it'd look cleaner.
How did they create the watermarked image without the watermark being visible to users? What kind of a filter or blending mode are they applying so that it can only be detected with edge detection? Anyone know?
I was being deliberately vague because I don't know exactly how the person who made the example processed it, but it's probably this. Find Edges and then maybe something else to clean it up or make the text stand out.
They already have a text rendering system for the UI, and it only needs to render to a texture once, then just keep it around and overlay it on every frame. Stuffed into a square format because that's how GPUs like textures.
At that point, the GPU doesn't care if it's overlaying text or something like a barcode. The main priorities would be resilience to image/video compression, and being large enough that you can't just crop it out of screenshots, while not impeding gameplay. Since it's only for the unstable testing builds, why spend more time than necessary implementing it?
Is there something I'm missing about what's wrong with this approach?
Instead of hiding an image of a text in a layer, they could've encoded the text itself (i.e. the ascii values) into the texture. That's trivial to do and doesn't produce visually-discernible artifacts as per above.
It probably could be if you represented the data with fairly large blocks, but I don't see the point either way. Sure they could have more directly encoded ASCII into texture data, but why bother when they already have a system in place for rendering ASCII to a texture as text?
It'd be overkill if they were building this feature from the ground up starting with nothing but a string, but they weren't.
They render ID into rasterized text (blocks of pixels) and blend in these blocks. But they could've just as easily rendered raw 0s and 1s of the ID into blocks the exact same way. It just would've not looked like text, but as a random pattern.
But a rasterized text has a lot more information about each character than the raw ASCII values. If you halve the resolution or add compression artifacts an OCR will still pick it up.
If they rendered raw binary data they would have to add lots of redundant information as well as spreading it out over a large enough area. Maybe that's what you meant but didn't fit the 'trivially to do' part for me. Seems a lot easier to just render the text.
Always amused me: Sky used to use a pint glass on subscription sports package for pubs/bars. But some sneaky publicans were sticking pint glass stickers to the corner of their screens to fool inspectors... So now the glass has a different filling depending on the day.
The Spanish football league app turns on the microphone to listen if a game is playing and reports back to La liga with the exact location to find bars and restaurants with pirate broadcasts.
Wow, surprised this hasn’t generated more coverage. They’ve turned a giant chunk of their userbase, likely completely unknown to a majority of users who understandably won’t read the small print, into snitches/whistleblowers.
This presumably also inadvertently returns the home address of anyone opening the app while watching a game in their own living room? Not a huge stretch to move from pursuing public places without the correct licensing to pursuing individuals for pirate streams.
> "It also specifies that the feature is only deployed in its Android app."
Probably because this nonsense would cause a hellstorm in App Review on iOS.
"App Review - We review all apps and app updates submitted to the App Store in an effort to determine whether they are reliable, perform as expected, and are free of offensive material."
And this sort of crap is exactly why I won't install your Android app unless I specifically need it and (usually) it's open source. Android permissions are terrible and practically designed for abuse.
Indeed - parent is not incorrect in saying that a more mature permissions model has been available for years. However, only for the last couple of months has it been mandatory to actually use that model in your Android app. It is now enforced (by requiring target of at least api26) when submitting updates or publishing new apps: https://developer.android.com/distribute/best-practices/deve....
I specifically said Android app because I don't have an iPhone and don't feel qualified to comment on iOS. I think you read more into my comment than I wrote.
Right, but an inspector visiting would just see that the pub doesn't pay for a subscription and yet they are showing the game. You don't need to check anything else.
Right, but rather than going in to the pub and looking at the watermark, why not just check if that pub pays for the proper service by looking up their address in the customer files?
Plenty of older pubs had/have landlords living on the premises; a residential license is perfectly justifiable provided it's only for their personal use.
I met a dev who worked at Paypal that was pushing to steganographically add the IP address of the request client to the Paypal logo on every page load.
The reasoning being that you could then look at any phishing/scam site that included the logo and find the IP of the perpetrator (presuming a bunch of other things).
While this might catch some folks, many phishing/scam sites can route their requests through residential proxy networks. There are plenty of legitimate networks (e.g. ones that use free VPN offerings as a way to route traffic through your IP) with minimal KYC, and even more illegitimate ones based on botnets. This seems like a lot of engineering for a mitigation that’s easily worked around.
I'm surprised that so many people are surprised that this was a thing. Ever since I learned that tracking information is present but hidden in an Eve Online alliance's forum[0] for tracking down leakers, I've assumed that anything serious inside or especially outside a video game would have the same resources allocated.
Since people were able to figure that out, then people could use that knowledge to create fake watermarks that decode to other people. If someone in the alliance wanted to frame another person in the alliance as a leaker, then they could do it easily with this knowledge.
People that make systems like this should make sure the hidden value is signed or encrypted in a way using a hidden key so that people can't make fake watermarks for other users.
Former EVE player (Nulli Secunda) and long-time software engineer.
I saw this way back when and now assume any kind of NDA'd or questionable text has uniquely-identifiable unicode replacement character sequences and invisible watermarks. It's just too easy to do.
Old lexicons had misspelled words put in to catch the copycats. Since they don't have to prove who did the copying it's easy, they just have to prove that the copy is from them.
We do something similar to our stuff. No need to prove who did the copying as they publish the stuff on their app/homepage and have exactly the same spelling mistakes as our homepage displays to the ip-numbers we know they are using for harvesting. Document all and send to the lawyers.
Edit: Look a the yellow area above the door obscured by the Land Rover. They embedded their logo along the shape & size of an appropriately sized feature on the building, as opposed to somewhere randomly where it would be more visible as it crosses e.g. the boundary between a building and a tree.
When I first spotted this I thought Google's logo was actually on that building, but it disappears as you zoom in/out.
What makes you think it's not just pure luck? I spotted at least 5 Google logos in this picture, they seem to be more or less randomly placed and the one you pointed out may have just accidentally landed in a good place. Occam's razor.
Edit: especially considering that there's probably legal requirements concerning these logos, like there must be one logo every x pixels or something, I'd be very surprised if their placement was left to a fancy machine learning algorithm.
Using machine learning to identify and remove the logos would be an interesting exercise, not too unlike how they already blur license plates and such.
(You could do this for any logo, effectively creating a "real-world adblock"...)
Anonymous speech. It has innumerable uses that are beneficial to society, e.g.:
-Promoting unions without getting blacklisted by employers (possibly with the help of state security agencies, see https://www.bbc.com/news/uk-43507728 )
-Shedding light on animal abuse in light of Ag-gag laws
-Giving instructions on how to break DRM (DeCSS)
-Revealing local corruption (e.g. in the police department or public office) without exposing yourself to retribution or crippling libel lawsuits
Right, I wasn't really confused by the concept of political posters. I'm confused by what regimes you are alluding to using technical watermarking techniques to control this type of speech. I've never heard of such a thing.
Xbox have a reputation for watermarking things to a large extent to deter leakers. The first ever footage of Halo 4 Multiplayer came courtesy of someone recording it from a terrible camera, played on a CRT television, from a VHS recording, while in a barn. I would link it but it also has obnoxiously loud music playing over the top of it but if you search 'halo 4 barn leak' you will be able to find it. Admittedly I'm sure whoever leaked that went a bit too far for comedic effect
Zebra skins are also used on prototype cars / unreleased cars - not for traceability, but to obscure their form - very similar to the technique used in WW2 battleships.
That's splinter camo. Camouflage is used in general to disrupt outlines, but dazzle camouflage specifically used black and white to accomplish that goal.
On a related topic, it would be fun to embed the EURion constellation[0] into random things just so it results in difficult to trace side-effects. For example wear a t-shirt with it printed on, if someone tried to edit CCTV footage or a photo of you, it might error out.
EURion only works on flat services (photocopiers and scanners). Photoshop detects currency based on a Digimarc watermark, which you can't generate without paying a licensing fee.
> Photoshop detects currency based on a Digimarc watermark, which you can't generate without paying a licensing fee.
You can't generate your own without paying a licensing fee. Nothing[§] prevents you from extracting existing watermarks and applying them to other things.
This is called a copy attack. There are mitigations[1] but I believe they are not practical for banknotes. I've been told by a Digimarc representative in private conversation about the mentioned paper, that "The Digimarc for Images solution does not utilize the exact functionality described in the paper [..]". This was in 2011, I don't know if things have changed.
[§] Ok, nothing technical at least; legally it's a different matter...
The current research in to the Digimarc currency watermark has determined an absolute minimal test case [1], however no one has discovered the exact watermarking mechanism. I was speaking in absolutes because we can't do a copy attack without knowing what features to extract.
Someone has enumerated all the detected regions on the 20 pound note [2] if you'd like to take a stab at it!
I don't know anything about Digimarc, but it looks like this tool may allow you to create watermarks as other people using the official digimarc software https://github.com/flarn2006/DigimarcPIN/
I'm sure at least one person in the world has reverse-engineered the algorithm, and it might be quite simple, but the legal implications prevent its publication. If anything, it would be more likely to be on the dark web.
As someone who's been on a few NDA'd betas before... I just don't understand why people leak. Is it the feeling they can break the rules without likely facing truly serious repercussions? (Has anyone ever gone to jail or even been seriously fined for violating a video game NDA?) Is it the notoriety of it?
I mean, I won't deny there was a fun factor to having a New York Times reporter beg me to violate a Google NDA once. But even then, I had more fun knowing something the New York Times didn't than breaking my agreement, ruining my personal reputation/credibility as a trustworthy individual, etc.
And generally if I have access to these sorts of things, I'm enthusiastic about what the company is doing, and the last thing I'd want to do is sabotage them.
NDAs generally fall under civil law, and, with few exceptions (e.g. contempt of court), you can't be incarcerated for civil (rather than criminal) infractions.
You can still be fined to high heaven, though, and subject to forfeiture if you can't pay...
Have you ever actually heard of someone being fined over a video game NDA though? Players being banned for violating NDAs in closed testing isn't super uncommon, but I've never seen someone actually taken to court over it.
It would be up to the plaintiff (e.g. video game company) to claim monetary damages occurred, and to what extent. I haven't heard of it, but that doesn't mean it hasn't happened... the outcomes of many NDA cases are themselves not disclosed.
Could be a great way to get someone you hate fired or sued. Just leak something with an image using your enemies' watermark on it. Or something else that can be tracked back to them.
were you offered compensation for breaking your NDA? because i always assumed that's the reason people leak -- to get one last payday before being blackballed.
No, I was not. But I doubt that would've impacted my decision... At the time, I viewed any sort of involvement with a Google project as a valuable career/networking opportunity.
Just as a thought experiment - what if they actually never implemented this. But now through this announcement, everyone will think twice before leaking BETA etc. program screenshots and second guess which UI elements might be the ones that are used to identify them. ;-)
That said, excellent example of steganography as pointed out by others too! Thumbs up!
Lots of broadcasters do something similar (display a number on the screen) when they are broadcasting sports events etc to detect streaming. I'd love to know how that works. Presumably they broadcast the same thing to everybody, so is it actually the box/receiver which adds the number to the screen? Does everybody get a unique number, or do groups of people get the same one?
Apparently state level actors can defeat the watermarking...
> “There’s nothing else like it in the world,” Esteban Israel, beIN’s executive director of technology, said of beoutQ’s level of sophistication. “We work with all the top technology vendors, technology developers. We have our experts, we deploy state of the art technologies and we have not seen this anywhere else.”
The image of some crack antipiracy team hanging out in a war room is just so ridiculous to me. They say it's an individual subscriber's stream being rebroadcast, who has somehow managed to remove the watermark? Alright, just blank the stream for a few frames for half of your customers while watching the illicit stream. Binary search until you find the culprit subscriber. Even if you had 100 million subscribers it would only take 27 iterations to find. No one is going to mind or probably even notice that their screen flickers a few times.
Instead they've put together a team of highly-paid professionals bumbling about that they can't possibly figure out who is behind all this.
While it may be slightly more complicated in the real world, I suspect it's simply a case of justifying their own overpaid positions.
For Sky TV in the UK, the Sky TV satellite boxes occasionally display the subscriber number in a faint font just above the channel logo in the top-right.
If you've simply hooked up the satellite decoder to a video capture device with a view to streaming sports content, then your subscriber number just gets occasionally shown on the stream too. So no doubt there's a specific "when" for the subscriber number being shown, and it's a case of finding & watching as many streams as possible to see how many of them feature the subscriber number. Gotcha!
Here's some marketing materials from a company selling this: https://dtv.nagra.com/watermarking - seems like yes, one option is software in the receiver.
Movie companies have done this for a long time. I was friends with a movie critic back in VHS days, and the films sent to him to review before their release had a warning and an ID number that popped up every five minutes or so.
Strangely, not every film company did it. And it wasn't limited to just the big movie companies. It seemed pretty random. Maybe because a shotgun approach was cheaper.
There's also a forensic watermarking technique used that is invisible to the viewer. It is supposed to survive any kind of transcoding and scaling that might occur. I can't remember the name of it, but we would use it to encode videotape masters as well as for DVD/Blu-ray encodes. Very popular for use in Academy screeners.
Every new watermarking technique they come up with is discovered and obscured within days each year by the screener leak community. I think it's kind of a sport for them at this point.
If you have 2 leakers they can just run a tool to compare the difference between the file and spot any watermarks. Of course the next level is making the watermark so there is a bit that is unique to 2 users only so you will then know the exact 2 who leaked it.
[Edit: Removed all commentary. I'm getting penalized for discourse around an unvalidated claim. I don't want to further affect my standing in the Hacker News community.]
Hello Raf. Someone in the comments below confirmed it, as well as on twitter :-)
As a side note, I don’t see why after not having any substantial interaction in nearly a decade you continue to see the need to follow me around and harass me.
You still get leaks because people take screenshots for their bug reports, upload them somewhere (even with an unlisted URL) for discussion on the bug reports forum, and then other users under the same NDA can download your screenshots and share them (rather than getting busted for leaking their own). So having a screenshot from a bug report leak isn't necessarily actionable for banning people.
But it's still useful to prevent, say, users under NDA streaming the super buggy builds on Twitch. Once they're relatively stable, CIG drops the NDA requirement, opens testing to a wider audience, then eventually push out to the main servers.
Doing this with a disguised UI component is a pretty cute implementation.