With the bounty of raw video and photo files available from the January 6th Capitol terror attack, participants can potentially be identified using the video taken by someone else. Or, more specifically, by identifying who is recording the video.

A thread!

Every cellphone uses a sensor to convert a visible image (or video) into digital data that is processed to create the final media file. These sensors—and the digital signal they create—are imperfect (because physics). But every sensor is *uniquely imperfect*.

These imperfections result in digital “noise” in the data. Videos taken by one cellphone can be analyzed to extract a sort of “fingerprint” of the digital noise inherent in that cellphone’s imperfect image sensor. That fingerprint persists, even in videos taken weeks apart.

If an analyst has physical access to the cellphone thought to have recorded a video, a new video can be taken, and its noise fingerprint compared to the video under investigation. If the fingerprints match, you’ve identified the source camera.

It gets more interesting…

There are even analysis techniques that can extract a “partial” noise fingerprint from a still image, and identify a match between a still photograph and a video—even if the original media was uploaded to a social media and compressed. Why is this so relevant?

Let’s say “John Q. MAGA” live streamed his exploits to DLive. He’s wearing a mask, so you can’t identify him.

Let’s also say that “John Smith” is on YouTube, where he used the same cell to record an (unmasked) video of himself.

Reviewing testosterone supplements, probably.

Now, you don’t know if “John Q. MAGA” is actually “John Smith” by sight—he’s wearing a balaclava, after all. But multimedia forensics can extract the sensor noise fingerprint of the two videos, and if it was the same phone, those fingerprints will match. Boom: unmasked MAGA.

There are many papers detailing various approaches that multimedia forensics experts use to link source videos across social media platforms using the sensor noise fingerprint. Here’s one:


The money quote from that paper: “its effectiveness has been proved to link Facebook images to YouTube videos…”

I just wanted folks to be aware that, just because a cellphone camera operator hides their face in their criminal selfie videos, there are ways to identify them.

PS: to tie it back to the first tweet in that thread…

If you can use sensor noise to identify a person recording *someone else committing a crime*, you’ve just opened up a new avenue of investigation; one that can place the videographer alongside the subject of the video.
P.P.S.: remember that Parler gave verified status to anyone who sent a photo of their drivers license?

How do you think they took that photo?

Using their cellphone camera.

Which adds that unique sensor noise fingerprint.

So, yeah…there’s a lot of data available to the FBI.

• • •

Missing some Tweet in this thread? You can try to force a refresh

Keep Current with ➖Dustin Miller➖

➖Dustin Miller➖ Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!


Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @spdustin

10 Jan
Parler getting kicked off AWS is really wild. Don’t get me wrong, AWS has the absolute right to do it, but the fact that they ARE doing it is mostly unheard of.

For sure, the act *itself* makes Parler toxic to every other cloud computing provider with infrastructure in the U.S.
Google Cloud Platform and Microsoft’s Azure certainly won’t touch them with a ten foot pole. And as much as Parler admins claim they developed the site to avoid vendor lock-in, that’s probably the most expensive way to host on AWS, and is almost certainly not true in real life.
And they have, what, a day to move the site? There’s probably enough data alone to make that impossible, even with Mercer Money. Unless they’ve been backing up offsite to external media (highly doubtful), they likely won’t be able to get all their data out in time.
Read 7 tweets
9 Jan
Twitter told @verge: “If a government account, like @POTUS, was used to evade @realDonaldTrump’s ban, Twitter said that it would remove the content associated with this behavior and try to remove Trump’s access to this account.”

theverge.com/2021/1/8/22218… ImageImageImageImage
Looks like he already deleted them.

But @TwitterSafety / @Twitter knows he did it.
Aside from his ban-evasion tweets from minutes ago (now deleted), the last time Trump tweeted as @POTUS was June 1, 2018—two and a half years ago. Image
Read 6 tweets
6 Jan
Protesters are now **inside** the Capitol Building. Senate hearings are suspended.

These MAGA terrorists are now brawling with police inside the U.S. Capitol Building, and trying to get through to the interior chambers.

Doors to the Senate have been locked, Pence and Grassley were whisked away to a secure location, remaining senators instructed to stay away from the doors and remain silent.

Your kids know what that feels like.
Read 49 tweets
6 Jan
We’re gonna win this thing.
I’m serious, we’re gonna win this thing.
New York Times reporter @jennymedina liveblogs, “Georgia election officials have suggested we may not know final numbers until midday tomorrow,” which is true.

But it looks like we’ll know tonight if we won the Senate.

(It sure does look that way.)
Read 5 tweets
18 Oct 20
You’d think that Trump’s own DOJ would be shouting from the rooftops about “Hunter’s hard drive” if it was found to be legitimate after a digital forensics analysis. But they’re not.

One thing we do know: the FBI was investigating if it’s a Russian disinformation campaign.
The repair shop owner said the computer (an an external hard drive that appears to have been purchased by the shop after the laptop was allegedly dropped off) was given to the FBI for a grand jury investigation in December 2019.
Also in December 2019: NSA Chief O’Brien told Trump that he believed Giuliani was being targeted by a Russian disinformation campaign in an effort to influence the 2020 election by discrediting Joe Biden.
Read 9 tweets
17 Oct 20
“The colossal emptiness and lack of meaning of these never-ending events was by no means unintentional. The population should become used to cheering and jubilation, even when there was no visible reason for it…”

German journalist Sebastian Haffner, writing in 1939 about Nazis.
If you wonder why Trump’s rallies all have the same lies, the same lines, and the same call-and-response with the crowd, it’s because it’s effective as a propaganda tool. The impressionable people watching those crowds can be made to feel a sense of belonging when they watch.
Goebbels, head of the “Ministry of Public Enlightenment and Propaganda,” believed these frequent, flashy events—no matter how devoid of substance—would be a powerful tool to win enthusiastic adherents to the Nazis’ nationalist dogma, even as their own agency was being eroded.
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!