I assume a selfish benefit is that OpenAI and Google don't want the models to train on their own data. There is just /so much/ AI generated content online that they definitely need to filter it out somehow when assembling the training data. This is a pretty effective way to do that, with the nice bonus of being mostly good from a PR standpoint.
Aren't these kinds of watermarks easy to remove or distort? Seems like they're only helpful as long as people are relying on them sparingly so it's not worth the effort to circumvent.
If social media platforms started banning images with these watermarks seems like they'd be stripped out overnight.
I still don't think there's a single GitHub repo that actually removes real SynthID watermarks from Nano Banana 2/NBPro outputs. Most of them are just some research projects that haven't achieved this. The only methods so far I've seen are weird tricks with transparency/overlaying the original image if you're using edits, and also using a diffusion model to regenerate the NB-generated image at low noise levels, but this also modifies the original.
Right I think that’s why you probably need to start with very low levels of denoising and experiment with different approaches.
Set up as a ComfyUI workflow that does a few things: it tries SDXL, Flux, and a couple of different denoising methods at the lowest possible strength (progressively incrementing) to avoid changing the image too much, while also running a SynthID check each time, and repeating this in a loop until the watermark is essentially gone.
At the same time, you’d probably want to add some kind of threshold based on a perceptual hash aka the maximum perceptual quality difference you’re willing to accept.
I’m surprised! I guess I’m being naive but I would imagine you could pass an image to an image model without synthid and have it reconstruct the image in a net new way without the markers. I guess I’m wrong? That’s cool if the watermarks are so deeply ingrained that they persist
As I understand it, they modify the image by applying a special Gaussian noise filter which affects each pixel in the image in subtle (possibly not reversible) ways. The detecting service will look for this noise pattern to flag it, so even a part of the image is enough to know it was generated by AI.
This one was released a few years ago and still seems unbroken. I'm sure it will be broken at some point, but if you have to wait a year or two from when you make a deepfake until you can post it on Facebook, maybe that's enough. Maybe even a month is enough.
FWIW there are a number of people in the issues saying that the tool is giving false negatives and the output image gets flagged by the actual Gemini API as having SynthID.
That'd not work with today's technology. No open model's prompt adherence is anywhere remotely close to ChatGPT/NanoBanana. 'remotely' here is a funny understatement, as I don't have a strong enough word in my vocabulary to describe how far the open models are behind the closed ones.
Writing a more detailed description does not make the models stick to it more.
Definitely. I run an entire site built around a series of benchmarks that focus on prompts of increasingly difficult complexity with a focus on adherence, and even the state-of-the-art local models are probably only about thirty percent as good as proprietary models like Gemini 3.1 Flash Image and GPT Image 2.
Comparing Qwen-Image, Flux.2, ZiT, NB2, and gpt-image-2
Stable Diffusion with 10%~15% denoising strength. Done.
I tested the day 1 when Nano Banana Pro was released and it worked. It still works today for Nano Banana 2.
I didn't post this anywhere because I (arrogantly) thought saying it publicly would make the internet worse. But it was pure arrogancy: if I came up with this the first day then of course other millions of programmers did too.
That being said, it'll introduce the typical artifacts from SD models and that might be detected by other methods (or just by zooming in a lot and looking carefully).
Yup, OOC a while back I put together a ComfyUI node that took in a NB image and start with the smallest amount of denoise strength using Flux.1 (but works with any model), then run img2img with a synthid check incrementing denoise in a loop until it was defeated.
Never released it, but it was obvious to most people in the SD community that denoising using a diffusion model was a relatively trivial means to beat most steganographic watermarks.
I'd built an on-device app for detecting C2PA and IPTC metadata in images, amongst other things. I might be able to add support for SynthID detection once it's been reverse engineered.
I'm annoyed that Google is keeping it closed-sourced and limited to partners. Is there a negative externality about open-sourcing image watermark technology so anyone can use it and audit the watermarks independently? If not, then I may have a repository for an open-source invisible and tamper-resistant image watermarking approach that's feature complete...
It helps significantly in the current moment. A lot of people are lazy and are getting caught quickly by SynthID.
Eventually it won’t matter when image generation is cheap. But few self-host today and few are willing to pay unsubsidized prices, so the vast majority are using the Gemini, OpenAI, and Midjourney. If all 3 adopted SynthID, only a small fraction would use something else.
There should be no way for anyone to track down who posted a political meme, anti-religious message, or any other legally protected speech. This will come back to bite us in the ass if we keep building it.
Soon every image or communication we make will be watermarked if we continue to let this shit seep into the commons. Everything from your phone photos, to your screenshots, to your social media posts.
One day soon Republicans or Democrats or whoever doesn't like your freedoms will use this tech to identify you and control you.
There are laws for harms - CSAM, revenge porn, etc. Social media platforms can identify, ban, and report abusers. The framework of the law can take care of the rest.
Our digital footprint should not be tracked and barcoded.
PunchyHamster | an hour ago
pta2002 | an hour ago
CSMastermind | an hour ago
If social media platforms started banning images with these watermarks seems like they'd be stripped out overnight.
Tiberium | an hour ago
vunderba | an hour ago
Set up as a ComfyUI workflow that does a few things: it tries SDXL, Flux, and a couple of different denoising methods at the lowest possible strength (progressively incrementing) to avoid changing the image too much, while also running a SynthID check each time, and repeating this in a loop until the watermark is essentially gone.
At the same time, you’d probably want to add some kind of threshold based on a perceptual hash aka the maximum perceptual quality difference you’re willing to accept.
amazingamazing | an hour ago
snissn | an hour ago
cephei | an hour ago
Arnt | an hour ago
programd | an hour ago
https://github.com/aloshdenny/reverse-SynthID
toraway | 8 minutes ago
ZeWaka | 27 minutes ago
raincole | 16 minutes ago
Writing a more detailed description does not make the models stick to it more.
vunderba | 11 minutes ago
Comparing Qwen-Image, Flux.2, ZiT, NB2, and gpt-image-2
https://genai-showdown.specr.net/?models=qi,nbp3,f2d,g2,zt
amazingamazing | an hour ago
raincole | an hour ago
I tested the day 1 when Nano Banana Pro was released and it worked. It still works today for Nano Banana 2.
I didn't post this anywhere because I (arrogantly) thought saying it publicly would make the internet worse. But it was pure arrogancy: if I came up with this the first day then of course other millions of programmers did too.
That being said, it'll introduce the typical artifacts from SD models and that might be detected by other methods (or just by zooming in a lot and looking carefully).
vunderba | an hour ago
Never released it, but it was obvious to most people in the SD community that denoising using a diffusion model was a relatively trivial means to beat most steganographic watermarks.
londons_explore | 29 minutes ago
amazingamazing | an hour ago
In my tests the image looks clearly distinct. In other words, if you can tell the difference then it isn’t a good test.
zulban | 10 minutes ago
Don't sell yourself short. I'm sure it was only hundreds of thousands.
kube-system | an hour ago
duskwuff | an hour ago
woadwarrior01 | 44 minutes ago
minimaxir | an hour ago
parhamn | an hour ago
thisisthenewme | 46 minutes ago
big_toast | an hour ago
Can it be used to create something like nutritional labels for synthetic content? 10% synthetic text, 30 synthetic images.
Your reality was 15% synthetic today (75% mega corp, 25% open-weight neocloud).
julianozen | an hour ago
nerdsniper | 57 minutes ago
Eventually it won’t matter when image generation is cheap. But few self-host today and few are willing to pay unsubsidized prices, so the vast majority are using the Gemini, OpenAI, and Midjourney. If all 3 adopted SynthID, only a small fraction would use something else.
echelon | 13 minutes ago
This is antithetical to freedom and privacy.
There should be no way for anyone to track down who posted a political meme, anti-religious message, or any other legally protected speech. This will come back to bite us in the ass if we keep building it.
Soon every image or communication we make will be watermarked if we continue to let this shit seep into the commons. Everything from your phone photos, to your screenshots, to your social media posts.
One day soon Republicans or Democrats or whoever doesn't like your freedoms will use this tech to identify you and control you.
There are laws for harms - CSAM, revenge porn, etc. Social media platforms can identify, ban, and report abusers. The framework of the law can take care of the rest.
Our digital footprint should not be tracked and barcoded.
WhatIsDukkha | 7 minutes ago
As someone that creates things with tools with different media I would just hard avoid this tool that adds...
arbitrary metadata not of my choosing.
Should I seriously make a texture for a videogame with this weird DRM glorp in it?
How old is photoshop and why is it exempt?