> There's not much you can do about it, as sibling comment mentions it's a known gap. There is some work [0] in this space on the investigative side to trace the leak's source, but again the only way it would work is if you can obtain a leaked copy post hoc (leaked to press, discovered through some other means, etc.).
Those kinds of watermarks seem like they'd fail to a sophisticated actor. For instance, if that echomark-type of watermark becomes widespread. I supposed groups like the New York Times would update their procedures to not publish leaked documents verbatim or develop technology to scramble the watermark (e.g. reposition things subtly (again) and fix kerning issues).
With generative AI, the value of a photograph or document as proof is probably going to go down, so it probably won't be that big of an issue.
> I supposed groups like the New York Times would update their procedures to not publish leaked documents verbatim or develop technology to scramble the watermark
Like knuckleheads, The Intercept provided the Pentagon a copy of a scanned document they received from a whistleblower, which directly led to Reality Winner's identity being discovered.
When a competent journalist gets a leaked document, they'll learn to only summarize it, but won't quote it verbatim or duplicate it. That'll circumvent and kind of passive leak-detection system that could reveal their source.
Then the only thing that would reveal the source is if the authority starts telling suspected leakers entirely different things, to see what gets out.
> Then the only thing that would reveal the source is if the authority starts telling suspected leakers entirely different things, to see what gets out.
This is called a canary trap [0], a well-trodden technique in the real world and fiction alike.
It's likely tougher than it seems; the big important bits that the news will care about have to match up when checked, and anyone with high-level access to this stuff likely has a significantly sized staff who also has access to it. Paraphrasing reduces the chance of some minute detail tweak being included in the reporting at all.
You also have to actively expect and plan to do it in advance, which takes a lot of labor, time, and chances of people comparing notes and saying "what the fuck, we're being tested". You can't canary trap after the leak.
Those kinds of watermarks seem like they'd fail to a sophisticated actor. For instance, if that echomark-type of watermark becomes widespread. I supposed groups like the New York Times would update their procedures to not publish leaked documents verbatim or develop technology to scramble the watermark (e.g. reposition things subtly (again) and fix kerning issues).
With generative AI, the value of a photograph or document as proof is probably going to go down, so it probably won't be that big of an issue.