I have found great success of getting rid of it by masking every 2nd pixel, regenerating missing pixels and then once again masking every 2nd pixel offset by 1.
Used an off the shelf model to fill in the pixels, but I also exported a depthmap first (before any alternations) and denoised it so generated masked pixels comform to the original content. The result was obviously not 100% perfect, but with more time and a model fine tuned for this specific use-case would be able to remove any kind of ai watermarking without too many issues.
Can it be used to create something like nutritional labels for synthetic content? 10% synthetic text, 30 synthetic images.
Your reality was 15% synthetic today (75% mega corp, 25% open-weight neocloud).
Presumably the deployed version is meaningfully different.
https://github.com/swesterfeld/audiowmark
You can stuff per-item database unique IDs, user IDs, geohashes, and other nefarious things inside.
We need to protest this LOUDLY.
Our devices are being locked down, we're having attestation and trusted computing forced on us, the internet all over the world is undergoing age verification with full ID verification.
Just because this is on "ai images" today doesn't mean it won't be on all images - screenshots, your camera reel, etc. - in the fullness of time.
This is scary.
These are the tools of 1984. They've been boiling the water slowly, but in the last year things have really started to pick up pace. Please push back. Loudly.
Everyone at Google and OpenAI working on this: WHAT THE FUCK ARE YOU DOING. STOP.
We have laws and mechanisms to prevent revenge porn, CSAM, defamation, etc. They are robust and can be made even stronger. We do not need to sacrifice the security of our privacy and our speech to fight imagined harms when the real danger is turning into an authoritarian society.
As someone that creates things with tools with different media I would just hard avoid this tool that adds...
arbitrary metadata not of my choosing.
Should I seriously make a texture for a videogame with this weird DRM glorp in it?
How old is photoshop and why is it exempt?
> How old is photoshop and why is it exempt?
For one, it's not developed by Google or OpenAI. The barrier to entry to making realistic but deceptive images with Photoshop is far higher than with AI, and there are already techniques that can, imperfectly, be used to detect the use of traditional image editing.
I'm sure you can think of a couple things that differentiate gen AI from photoshop, I believe in you.
Its a tool with different modalties and affordances.
SynthID would only be DRM if Google/OpenAI were claiming IP rights over their images. I don’t even know if that’s legal though.
So that you don't have to address any of the issues?
How does today’s maximum theoretical disinformation output per minute compare to 2021 Photoshop?
Well, they'll finally find out that no one wants to look at AI generated pictures or text. Once they do that, the tool will fail for the public and only work for the government.
I tested the day 1 when Nano Banana Pro was released and it worked. It still works today for Nano Banana 2.
I didn't post this anywhere because I (arrogantly) thought saying it publicly would make the internet worse. But it was pure arrogancy: if I came up with this the first day then of course other millions of programmers did too.
That being said, it'll introduce the typical artifacts from SD models and that might be detected by other methods (or just by zooming in a lot and looking carefully).
Never released it, but it was obvious to most people in the SD community that denoising using a diffusion model was a relatively trivial means to beat most steganographic watermarks.
Don't sell yourself short. I'm sure it was only hundreds of thousands.
In my tests the image looks clearly distinct. In other words, if you can tell the difference then it isn’t a good test.
If social media platforms started banning images with these watermarks seems like they'd be stripped out overnight.
Set up as a ComfyUI workflow that does a few things: it tries SDXL, Flux, and a couple of different denoising methods at the lowest possible strength (progressively incrementing) to avoid changing the image too much, while also running a SynthID check each time, and repeating this in a loop until the watermark is essentially gone.
At the same time, you’d probably want to add some kind of threshold based on a perceptual hash aka the maximum perceptual quality difference you’re willing to accept.
Writing a more detailed description does not make the models stick to it more.
Comparing Qwen-Image, Flux.2, ZiT, NB2, and gpt-image-2
Eventually it won’t matter when image generation is cheap. But few self-host today and few are willing to pay unsubsidized prices, so the vast majority are using the Gemini, OpenAI, and Midjourney. If all 3 adopted SynthID, only a small fraction would use something else.
This is antithetical to freedom and privacy.
There should be no way for anyone to track down who posted a political meme, anti-religious message, or any other legally protected speech. This will come back to bite us in the ass if we keep building it.
Soon every image or communication we make will be watermarked if we continue to let this shit seep into the commons. Everything from your phone photos, to your screenshots, to your social media posts.
One day soon Republicans or Democrats or whoever doesn't like your freedoms will use this tech to identify you and control you.
There are laws for harms - CSAM, revenge porn, etc. Social media platforms can identify, ban, and report abusers. The framework of the law can take care of the rest.
Our digital footprint should not be tracked and barcoded.
Google or anyone else could start adding those unique tracking watermarks you're concerned about any time they want, regardless of whether they use this AI detection watermark, that to be clear can not track you in any way.
Have you been watching the headlines over the last year? It's like there's a global push towards locked down and verified computing (age verification, TPMs everywhere, Captchas that only work on non-rooted phones, ...).
You can look out the window and see movement in this direction happening right now. Governments and corporations around the world can't get enough of this shit. Privacy matters, advocating for it is not a "slippery slope."
> this AI detection watermark [...] that to be clear can not track you in any way.
Is that clear? We have no idea what metadata they are or aren't embedding in SynthID.
> Google or anyone else could start adding those unique tracking watermarks you're concerned about any time they want,
The point is that this is bad and should be denounced!
> to be clear can not track you in any way
All they have to do is encode enough entropy for a database unique identifier. Systems like this have been used to do it for audio:
https://github.com/swesterfeld/audiowmark
SynthID payloads work the same way, and the paper discusses encoding a "user identifier":
https://arxiv.org/html/2510.09263v1#S5
All you need to do is encode a database identifier, GeoIP, or other identifying information, and you've violated a person's privacy without their knowledge or consent.
Once these systems become popular, the intelligence agencies will "suggest" that Google adds it to their phone cameras. It will start seeping into everything.
The "slippery slope" is not a fallacy. We're on the verge of having device attestation and identity verification to use the internet. This is so beyond fucked.
Stop defending this.
Saying this is okay is EVIL.