Originally published at: https://boingboing.net/2024/01/22/nightshade-a-new-tool-artists-can-use-to-poison-ai-models-that-scrape-their-online-work.html
…
11 Likes
Excellent! Now, if we can get something similar for text…
17 Likes
There should be a font that’s readable by humans but not by AI.
5 Likes
Which works if you want to store it in an image. Not so much if you want to give someone the ability to search.
ETA: And completely shaft anyone using a text reader. There’s no way accessibility tools can read something and AI can’t.
17 Likes
I don’t know, this still sounds a little scammy, like selling crystals that will protect me from 5G rays
… yes those all sound like computer words 
7 Likes
It works because AI and humans read an image differently. Seems like you could defeat it by fuzzing the image at a level below human visibility to remove the block. I don’t expect this to hold for that long.
5 Likes
Yeah, it’d be nice but likely impossible to find something readable by virtuous assistive devices and unreadable by avaricious robots.
5 Likes
True, there’ll probably be a bypass of the technology in a relatively short time, but hopefully by then the data will be corrupted enough that it will take longer to clean and repair it than it will to build new technology to defeat the AI scraper.
6 Likes
They are aware…
As with any security attack or defense, Nightshade is unlikely to stay future proof over long periods of time. But as an attack, Nightshade can easily evolve to continue to keep pace with any potential countermeasures/defenses.
So, art with NS applied can “look” altered which seems to me to be counter intuitive for artist’s works on personal sites, etsy, instagram, tumblir, etc.
Changes made by Nightshade are more visible on art with flat colors and smooth backgrounds. Because Nightshade is about disrupting models, lower levels of intensity/poison do not have negative consequences for the image owner. Thus we have included a low intensity setting for those interested in prioritizing the visual quality of the original image.
Also, style copying, which is a hugely popular AI prompt, seems to be an outstanding issue:
Do not post (Night) shaded images of your art if you are at all concerned about style mimicry.
Guessing that like defeating blur filters et al it will be a ongoing process and will inspire hundreds of “Shade your art here!” scams. “Just upload your art (into our AI training database) and we’ll protect your work forever!” Similar to al those (Chinese) .pdf conversion sites.
8 Likes
Thank you for publishing this and giving me the opportunity to post one of the most niche memes ever. (Found on Twitter, I haven’t tracked down the original source.)
15 Likes
This is exactly the same kind of snake oil as the DRM that was supposed to stop piracy of music, movies, and ebooks.
4 Likes
Wetware learning from text/images: OK
Software learning from text/images: not OK
The small-c conservatism of this position is not going to age well.
2 Likes
Because the way we learn from things and the way “AI” models train on them have nothing in common, to the point where the comparison is at best misguided and at worst dishonest.
It might be cool to live in a future with machine intelligences that learn and create and deserve to be treated like us, but this isn’t that. These are image interpolation algorithms.
23 Likes
There’s another tool “Glaze” that’s supposed to help prevent that.
1 Like
I don’t think the “AI is just math, and real brains aren’t” argument is going to age well either. It might even come to be considered at best misguided and at worst dishonest.
And none of this is about what an AI ‘deserves’.
It’s not a question of what counts as math, it’s a question of how things are processed. Real brains process images and break them down into concepts. One could in theory make AI that tries the same thing but these models don’t, they treat the whole images as vectors and fit a complex hypersurface to them. That’s why sometimes people can get them to regurgitate watermarks or even intact images. It’s an entirely different process and so the answer to what counts as fair use is not going to be the same.
18 Likes
“Organic neurons form ‘concepts’ but silicon neurons can only form ‘vectors’” isn’t the foundation I’d want to build the future of Intellectual Property Law on.
Billionaire tech bros are, as we speak, creating implantable neural interfaces between human brains and AI devices. Do we want to create a concept of law that says artists without these implants can read text for free and view art for free, but artists with implants can’t? Are we still OK with that approach when everybody has implants? Are we going to have a byzantine structure of IP law that treats fully-implanted AIs different than off-board AIs?
How we start down this road matters.
I didn’t say can, I said what they do. It’s a simple fact that people don’t take intact images as inputs to our neural network. We don’t even see them like that – our eyes saccade around and our brain reconstructs details in the process, which is why we can miss things. At no point do we actually store a copy of the whole image, which is the concern about these models. You keep trying to make the difference about what material the neurons are made out of instead, but that completely ignores everything I am saying.
How we start down this road matters, and we are starting down it with misrepresentation of interpolation algorithms as human-like learning to excuse theft. Not a great place in my opinion.
17 Likes
I am getting pissy-er about AI art as things go on. I had someone on a Potawatomi language and an art group try to sell beaded items from stolen images. If they had stuck to real images I would not have noticed them, but they had this BS AI item and that made me do a reverse look up for some of the other things and figured out this person was a scammer. Grrr.
In this case it was a liability and a red flag, but that may not always be the case. 
8 Likes
