Deepfakes have been around now for a while but it seems that people are still failing to understand how easy and fast it is to fake any kind of information. This is just a quick summary and a reminder that e.g. screenshots of people’s tweets should not qualify for a newspaper neither screenshots about SMSes or emails for evidence in court.
Photomanipulations are the past….
In the past, many edits were meme-like and easy to spot, since most people who created them weren’t aware of any other tool than MS Paint or Photoshop. The colors, fonts, logos, profile pictures, and pixels left about the edits usually revealed instantly that the image someone is viewing is fake. Look at the example:
As you can instantly notice, the font size is oversized and tweet is missing information it usually containts, such as timestamps.
…generators and developer tool -type edits are the future we live in now
For more normal and not so tech-savvy users who don’t have enough skill, or time there are already generator -type solutions that allow them to generate a wide range of fake information, for example these are (at the time of writing) quite reliable looking solutions:
- Fake Tweet generator: https://www.tucktools.com/spoof-tweet
- Fake WhatsApp message generator https://www.fakewhats.com/generator
- Fake Facebook message generator https://fakedetail.com/fake-facebook-chat-generator
Fake SMS generators seem to be quite out-of-date due to ever decreasing amount of conversations being made on them, and as usual, nothing will prevent people from discussing e.g. with themselves with two or more phones (or with their friends, with their names changed and profile pictures) and taking screenshots of the conversations still.
For more tech-savvy users there are the developer tools. E.g. in Firefox browser simply hitting the CTRL + SHIFT + C combination on the keyboard, the inspector mode is opened which allows really easy way to alter text, image sources, CSS and other rendered content on the website by typing in anything they desire:
It took me actually actually less than a minute to point and select the text to be changed in the tools and more time to find a perfect crop for the tools and the picture.
Obviously this means that if something has a website, it can be altered in less than a minute to look like something else for screenshots. It can be anything from web apps to news sites for example.
For those who don’t know, the changes in the examples are only local and will not be visible on the website, website editing doesn’t work like that.
Since most of the “more advanced” fakes are targeted against webapps of the popular online services, it is recommended to be more suspicious about screenshots that are clearly taken from the desktop version of the website/webapp.
Few words about email forging as well
There is no perfectly working system in the email servers that will eliminate forged email completely from the email servers, this happens because email servers do not have a perfect way to verify sender of the email at all. This makes it possible to:
- Send forged messages with forged subject, from, to and text content to yourself…
- … and to anyone else, it is possible to alter the sender email address and the reply-to -header as well. How receiver handles this depends on the email server settings and DNS records.
To make forged emails for screenshots any sending is not required either because emails are techically files that are stored in the email server and locally too if you’ve an email client. Basically someone could just save a draft message and move it to their inbox folder so that the message looks like someone sent it to you: