惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

U
Unit 42
C
Cybersecurity and Infrastructure Security Agency CISA
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Know Your Adversary
Know Your Adversary
S
Securelist
I
Intezer
AWS News Blog
AWS News Blog
L
LINUX DO - 热门话题
P
Privacy International News Feed
Recent Announcements
Recent Announcements
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
博客园 - 聂微东
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Attack and Defense Labs
Attack and Defense Labs
N
News and Events Feed by Topic
The GitHub Blog
The GitHub Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
Schneier on Security
Schneier on Security
N
Netflix TechBlog - Medium
爱范儿
爱范儿
B
Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
C
CERT Recently Published Vulnerability Notes
Hacker News: Ask HN
Hacker News: Ask HN
Google DeepMind News
Google DeepMind News
Engineering at Meta
Engineering at Meta
Blog — PlanetScale
Blog — PlanetScale
WordPress大学
WordPress大学
S
Secure Thoughts
K
Kaspersky official blog
N
News | PayPal Newsroom
O
OpenAI News
Last Week in AI
Last Week in AI
C
Check Point Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Cyberwarzone
Cyberwarzone
Application and Cybersecurity Blog
Application and Cybersecurity Blog
T
Tor Project blog
大猫的无限游戏
大猫的无限游戏
Vercel News
Vercel News
D
Docker
Hugging Face - Blog
Hugging Face - Blog
T
Threat Research - Cisco Blogs
Cisco Talos Blog
Cisco Talos Blog
The Register - Security
The Register - Security
博客园 - 司徒正美
Martin Fowler
Martin Fowler
人人都是产品经理
人人都是产品经理
P
Palo Alto Networks Blog

Hacker News: Front Page

SPICE simulation → oscilloscope → verification with Claude Code — Lucas Gerads GitHub - GainSec/AutoProber: Hardware hacker’s flying probe automation stack for agent-driven target discovery, microscope mapping, safety-monitored CNC motion, probe review, and controlled pin probing. Introducing Claude Opus 4.7 Qwen Studio The Future of Everything is Lies, I Guess: Where Do We Go From Here? GitHub - SeanFDZ/macmind: Single-layer transformer in HyperTalk for the classic Macintosh Virginia Bans Sale of Geolocation Data Show HN: Agent-cache – Multi-tier LLM/tool/session caching for Valkey and Redis Ancient DNA reveals pervasive directional selection across West Eurasia [pdf] AI cybersecurity is not proof of work Moving a large-scale metrics pipeline from StatsD to OpenTelemetry / Prometheus GitHub - Nightmare-Eclipse/RedSun: The Red Sun vulnerability repository GitHub - SethPyle376/hiraeth: Local AWS emulator focused on fast integration testing, with SQS support, SQLite-backed state, and a debug-friendly web UI. A Better Ludum Dare; Or, How to Ruin a Legacy GitHub - macOS26/Agent: Any AI, replaces Claude Code, Cursor, OpenClaw. Over 18 LLM providers (Claude, OpenAI, Gemini, Ollama, Zai, HF, Qwen) wired into a native Mac app that writes code, builds Xcode projects, bumps versions, manages git, automates Safari, use AppleScript, JS or Accessibility, extend Agent! w/ MCP Servers, run tasks from your iPhone via Messages. YouTube now lets you turn off Shorts I Made a Terminal Pager Burgers | マクドナルド公式 Commands — HackerNews CLI documentation ChatGPT for Excel PiCore - Raspberry Pi Port of Tiny Core Linux Live Nation illegally monopolized ticketing market, jury finds Google Broke Its Promise to Me. Now ICE Has My Data. Founding Engineer at Adaptional | Y Combinator CRISPR takes important step toward silencing Down syndrome’s extra chromosome GitHub - saffron-health/libretto: The AI toolkit for building reliable browser automations US v. Heppner (S.D.N.Y. 2026) no attorney-client privilege for AI chats [pdf] Unexpected €54k billing spike in 13 hours: Firebase browser key without API restrictions used for Gemini requests Fragments: April 14 Cal.com Goes Closed Source: Why AI Security Is Forcing Our Decision | Cal.com - Scheduling Software for Online Bookings Laravel raised money and now injects ads directly into your agent Codex Hacked a Samsung TV Tech Valuations Back to Pre-AI Boom Levels A perfectable programming language — Soter GitHub - halfwhey/claudraband: Claude Code for the Power User Partnership through Play: Investigating How Long-Distance Couples Use Digital Games to Facilitate Intimacy Textbooks and Methods of Note-Taking in Early Modern Europe (2008) Eternity in six hours: Intergalactic spreading of intelligent life (2013) Seven countries now generate 100% of their electricity from renewable energy Tell HN: OpenAI silently removed Study Mode from ChatGPT Pro Max 5x Quota Exhausted in 1.5 Hours Despite Moderate Usage Show HN: Oberon System 3 runs natively on Raspberry Pi 3 (with ready SD card) Tell HN: docker pull fails in spain due to football cloudflare block Bring Back Idiomatic Design No one owes you supply-chain security GitHub - xsawyerx/curl-doom: DOOM, played over cURL Apple update turns Czech mate for locked-out iPhone user The Grand Line Cache TTL silently regressed from 1h to 5m around early March 2026, causing quota and cost inflation Building a Z-Machine in the worst possible language The peril of laziness lost Iran war: We spoke to the man making Lego-style AI videos that experts say are powerful propaganda AI Will Be Met With Violence, and Nothing Good Will Come of It GitHub - duguyue100/midnight-captain: Inspired by Midnight Commander, tailored to my taste. How to build a `git diff` driver · Jamie Tanna | Software Engineer Center for Responsible, Decentralized Intelligence at Berkeley The Local Universe’s Expansion Rate Is Clearer Than Ever, but Still Doesn’t Add Up - A new synthesis of astronomical measurements confirms a persistent mismatch that could point to physics beyond current models The disturbing white paper Red Hat is trying to erase from the internet – OSnews NetBlocks (@netblocks@mastodon.social) The Future of Everything is Lies, I Guess: Annoyances ‘Abhorrent’: the inside story of the Polymarket gamblers betting millions on war Productive procrastination — Max van IJsselmuiden maps, territory and LMs 447 Terabytes per Square Centimetre at Zero Retention Energy: Non-Volatile Memory at the Atomic Scale on Fluorographane Show HN: Pardonned.com – A searchable database of US Pardons 20 Years on AWS and Never Not My Job The Seasons are Wrong The FAA wants gamers to apply for air traffic control jobs Artemis II crew splashes down near San Diego after historic moon mission Why weekends are under threat We gave an AI a 3 year retail lease in SF and asked it to make a profit | Andon Labs How a dancer with ALS used brainwaves to perform live On filing the corners off my MacBooks Installing every* Firefox extension OpenClaw’s memory is unreliable, and you don’t know when it will break Steve Blank Nowhere Is Safe Chimpanzees in Uganda locked in vicious 'civil war', say researchers watgo - a WebAssembly Toolkit for Go linux/Documentation/process/coding-assistants.rst at master · torvalds/linux GitHub - callumlocke/json-formatter: Makes JSON easy to read. Founding Product Engineer at Bild AI | Y Combinator A compelling title that is cryptic enough to get you to take action on it GitHub - Keychron/Keychron-Keyboards-Hardware-Design: Industrial design files for Keychron keyboards and mice. 100+ models with CAD assets in STEP, DXF, DWG, and PDF. Source-available, with commercial use allowed for original compatible accessories within the license terms. [ANNOUNCE] WireGuardNT v0.11 and WireGuard for Windows v0.6 Released 1D-Chess Helium Is Hard to Replace Keeping a Postgres queue healthy — PlanetScale Serenity Forge (@serenityforge.com) Our response to the Axios developer tool compromise Do Americans read print books, e-books or audiobooks more? Uncharted island soon to appear on nautical charts The Problem That Built an Industry Fragments: April 2 Python Release Python install manager 26.1 Bitcoin miners are losing $19,000 on every BTC produced as difficulty drops 7.8% God sleeps in the minerals Harness engineering: leveraging Codex in an agent-first world Apple Silicon and Virtual Machines: Beating the 2 VM Limit What have been the greatest intellectual achievements? The APL Programming Language Source Code
GitHub - wiltodelta/remove-ai-watermarks: CLI and library for removing visible (Gemini) and invisible (SynthID, C2PA, EXIF) AI watermarks from images
janalsncm · 2026-05-20 · via Hacker News: Front Page

Remove visible and invisible AI watermarks from images generated by Google Gemini (Nano Banana), ChatGPT / DALL-E, Stable Diffusion, Adobe Firefly, Midjourney, and other AI models.

Strips SynthID, C2PA Content Credentials, EXIF/XMP "Made with AI" labels, and visible sparkle overlays — all in one command.

Features

  • Visible watermark removal — Gemini / Nano Banana sparkle logo via reverse alpha blending (fast, offline, deterministic)
  • Invisible watermark removal — SynthID, StableSignature, TreeRing via diffusion-based regeneration
  • AI metadata stripping — EXIF, PNG text chunks, C2PA provenance manifests (PNG / JPEG / AVIF / HEIF / JPEG-XL), XMP DigitalSourceType
  • "Made with AI" label removal — removes the metadata that triggers AI labels on Instagram, Facebook, X (Twitter)
  • Analog Humanizer — film grain and chromatic aberration to bypass AI image classifiers
  • Smart Face Protection — automatic extraction and blending of human faces to prevent AI distortion
  • Batch processing — process entire directories
  • Detection — three-stage NCC watermark detection with confidence scoring

Try it online — don't want to install anything? Use raiw.cc, a free web service powered by this library.

Examples

Before (Watermarked) After (Cleaned)
Before After

Supported models

AI model Visible watermark Invisible watermark Metadata Our approach
Google Gemini / Nano Banana / Gemini 3 Pro ✅ Sparkle logo ✅ SynthID v1 + v2 (default SDXL pipeline at native ~1024 px) ✅ C2PA + EXIF Alpha reversal + diffusion + metadata strip
OpenAI DALL-E 3 / ChatGPT ✅ C2PA manifest Metadata strip
OpenAI ChatGPT Images 2.0 (gpt-image-2) ⚠️ imperceptible pixel watermark (no public detector yet) ✅ C2PA manifest (verified) Diffusion regeneration + metadata strip
Stable Diffusion (AUTOMATIC1111, ComfyUI) ✅ DWT / steganographic ✅ PNG text chunks Diffusion regeneration + metadata strip
Adobe Firefly ✅ Content Credentials (C2PA) Metadata strip
Midjourney ✅ EXIF + XMP (prompt, model, seed) Metadata strip
StableSignature (Meta) ✅ In-model watermark Diffusion regeneration
TreeRing ✅ Latent space watermark Diffusion regeneration

Visible watermarks (logo overlays) are currently used only by Google Gemini / Nano Banana. Other services rely on invisible watermarks and/or metadata. Our diffusion-based regeneration works against any invisible watermark in pixel or frequency domain.

How it works

Removing the Gemini / Nano Banana sparkle watermark

Google Gemini (internally codenamed Nano Banana) adds a visible sparkle logo to generated images using alpha blending:

watermarked = α × logo + (1 − α) × original

We reverse this with a known alpha map (extracted from Gemini / Nano Banana output on a pure-black background):

original = (watermarked − α × logo) / (1 − α)

A three-stage NCC (Normalized Cross-Correlation) detector finds the watermark position and scale dynamically, so it works even if the image was resized or cropped. After removal, residual sparkle-edge artifacts are cleaned via gradient-masked inpainting.

Speed: ~0.05s per image. No GPU needed.

Removing SynthID and other invisible watermarks

Google embeds SynthID into every image generated by Gemini / Nano Banana. Other AI services use StableSignature, TreeRing, and similar schemes. These imperceptible frequency-domain patterns survive cropping, resizing, and JPEG compression.

The removal pipeline (default profile, SDXL):

image → resize to ~1024px (SDXL native) → encode to latent space (VAE)
      → add controlled noise (forward diffusion)
      → denoise (reverse diffusion, ~50 steps at strength 0.05)
      → decode back to pixels (VAE) → upscale to original resolution

SDXL is the default since May 2026: empirically defeats SynthID v2 on Gemini 3 Pro outputs, where the older SD-1.5 pipeline at 768 px did not. The SD-1.5 path was removed once it was verified not to handle v2.

Face Protection: before diffusion, YOLO detects people in the image and extracts them. After diffusion, the original faces are blended back with a soft elliptical mask to prevent AI distortion of facial features.

Analog Humanizer: optional film grain and chromatic aberration injection that makes the output indistinguishable from a photo of a screen, defeating AI-generated image classifiers.

Stripping C2PA, EXIF, and "Made with AI" metadata

AI tools embed generation metadata that social platforms use to show "Made with AI" labels:

  • EXIF tags — prompt, seed, model hash, sampler settings (Stable Diffusion, Midjourney)
  • XMP DigitalSourceTypetrainedAlgorithmicMedia tag used by Instagram, Facebook, and X (Twitter) to show "Made with AI"
  • PNG text chunks — ComfyUI workflows, AUTOMATIC1111 parameters
  • C2PA Content Credentials — cryptographic provenance manifests from Google Imagen, OpenAI DALL-E, Adobe Firefly

The cleaner parses each layer, removes AI-related fields, and preserves standard metadata (Author, Copyright, Title).

Installation

Recommended

Install as an isolated CLI tool — no need to manage virtual environments:

# Using pipx (https://pipx.pypa.io)
pipx install git+https://github.com/wiltodelta/remove-ai-watermarks.git

# Or using uv (https://docs.astral.sh/uv)
uv tool install git+https://github.com/wiltodelta/remove-ai-watermarks.git

To update to the latest version:

pipx upgrade remove-ai-watermarks

# or
uv tool upgrade remove-ai-watermarks

Install from repository

Prerequisites: Python 3.10+ and pip (or uv).

# 1. Clone the repository
git clone https://github.com/wiltodelta/remove-ai-watermarks.git
cd remove-ai-watermarks

# 2. Install the package in editable mode
pip install -e .

# Or, if you use uv:
uv pip install -e .

After installation the remove-ai-watermarks command is available system-wide.

Note: The base install covers visible watermark removal and metadata stripping. For invisible watermark removal (SynthID etc.), install GPU dependencies:

pip install -e ".[gpu]"   # or: uv pip install -e ".[gpu]"

Invisible watermark removal

Invisible removal uses diffusion models and a GPU for reasonable speed.

# On first run, the model (~2 GB) will be downloaded automatically.
# Device is auto-detected: CUDA (Linux/Windows) > MPS (macOS) > CPU.
# To force a device: --device cuda / --device mps / --device cpu

# Optional: set a HuggingFace token for gated/private models
cp .env.example .env
# Edit .env and set HF_TOKEN=hf_your_token_here

Developer setup

# Install with dev dependencies (pytest, ruff, pyright)
pip install -e ".[dev]"
# Or with uv:
uv pip install -e ".[dev]"

# Run tests
pytest

# Run linters
./maintain.sh

Usage

CLI

# Remove all watermarks from a single image (visible + invisible + metadata)
remove-ai-watermarks all image.png -o clean.png

# Process an entire directory
remove-ai-watermarks batch ./images/ --mode all

Individual commands

# Visible watermark only (Gemini / Nano Banana sparkle) — fast, offline
remove-ai-watermarks visible image.png -o clean.png

# Invisible watermark only (SynthID etc.) — requires GPU
remove-ai-watermarks invisible image.png -o clean.png --humanize 4.0

# Check / strip AI metadata (C2PA, EXIF, "Made with AI" labels)
remove-ai-watermarks metadata image.png --check
remove-ai-watermarks metadata image.png --remove

# Batch with a specific mode
remove-ai-watermarks batch ./images/ --mode visible

Python API

from remove_ai_watermarks.gemini_engine import GeminiEngine
import cv2

engine = GeminiEngine()
image = cv2.imread("watermarked.png")

# Detect
result = engine.detect_watermark(image)
print(f"Detected: {result.detected} (confidence: {result.confidence:.1%})")

# Remove
clean = engine.remove_watermark(image)
cv2.imwrite("clean.png", clean)

Metadata stripping

from remove_ai_watermarks.metadata import has_ai_metadata, remove_ai_metadata
from pathlib import Path

if has_ai_metadata(Path("image.png")):
    remove_ai_metadata(Path("image.png"), Path("clean.png"))

Requirements

  • Python ≥ 3.10
  • Visible removal / metadata: CPU only, no GPU required
  • Invisible removal: GPU recommended (CUDA or MPS), works on CPU (slow)

Troubleshooting

SSL certificate error (CERTIFICATE_VERIFY_FAILED):

# Install certifi (the tool auto-detects it)
pip install certifi

# macOS only: run the Python certificate installer
/Applications/Python\ 3.*/Install\ Certificates.command

First run is slow — this is expected. The tool downloads model weights (~2 GB) on first launch. Subsequent runs use cached models.

Credits

  • noai-watermark by mertizci — invisible watermark removal engine
  • GeminiWatermarkTool by Allen Kuo (MIT) — visible watermark removal algorithm
  • CtrlRegen by Liu et al. (ICLR 2025) — controllable regeneration pipeline
  • NeuralBleach (MIT) — analog humanizer technique

Roadmap

Tracked but not yet implemented:

  • SynthID-Image v2 automated regression test. The default SDXL profile defeats v2 per manual checks against the Gemini app's "Verify with SynthID" feature on a Gemini 3 Pro output (May 2026). An automated end-to-end test would need either programmatic access to the SynthID Detector portal (waitlist for media professionals and researchers) or an offline surrogate detector. Open.
  • AVIF / HEIF / JPEG-XL detection limits. Removal strips top-level C2PA uuid and JUMBF jumb boxes. EXIF/XMP boxes inside these containers are not yet scrubbed (PNG and JPEG are fully covered).
  • Video pipeline (noai-video): per-frame inpainting and tracking for Sora 2 dynamic logo, Veo 3.1 badge, Kling, Runway. Separate package, not folded into this repo.

Won't fix:

  • Nightshade / Glaze / PhotoGuard removal. These are defensive perturbations used by artists to protect their work from being scraped into AI training sets. Removing them attacks artists, not AI provenance. Out of scope.

Legal

Watermarking and provenance for AI-generated content is now regulated in several jurisdictions. The table below summarises the May 2026 status. None of this is legal advice.

Jurisdiction Instrument Status (May 2026) Relevance
EU AI Act, Article 50(2) Marking obligations postponed to 2 December 2026 under the December 2025 omnibus agreement. Code of Practice finalising May/June 2026. Removing mandated provenance markers with intent to deceive may be sanctioned under national implementations.
US (federal) COPIED Act Enacted 2025. Criminalises removal of provenance information with intent to deceive about content origin. The tool itself is lawful; usage may not be.
US (state) CA AB 2655, TX SB 751, similar In force. Content-specific (election deepfakes, sexual deepfakes). Not tool-specific.
China Deep Synthesis Regulation, 2025 updates In force. Mandatory visible label for AI content. Removal is an administrative offence.
UK Online Safety Act, 2025 transparency extension In force. Platform obligations, not user obligations.

Threat model

This tool defends already-distributed AI imagery against automatic detection systems (social-platform "Made with AI" labels, third-party classifiers, content-policy filters). It does not retroactively anonymise generation.

In particular, SynthID-Image v2 (Google, deployed October 2025 with Gemini 3 Pro / Nano Banana Pro / Imagen 4 / Veo) embeds a 136-bit payload (arxiv 2510.09263). The payload is believed to encode a user / session identifier. If the original watermarked file ever passed through a system controlled by the prompt originator (a saved Gemini account history, a screenshot uploaded to a Google product, a backup), Google retains the ability to link that original to the generating account. Stripping the watermark from a copy you possess does not erase Google's server-side record.

Use cases where the threat model fits:

  • You generated the image yourself, want to publish it as your own work, and accept the consequences if Google ever publishes their detector logs.
  • You are running a security / robustness evaluation.
  • You are preserving art or historical record against false-positive "AI-generated" labels.

Use cases where the threat model does not fit:

  • Generating an image, expecting that removing the watermark anonymises you to Google. It doesn't.
  • Distributing AI-generated content while claiming human authorship. The watermark is one of several traceability layers.

This tool is intended for legitimate purposes such as:

  • Privacy protection (removing metadata that leaks user account identifiers).
  • Art preservation and fair-use research.
  • Removing false-positive "Made with AI" labels from human-edited photographs.
  • Security research and watermark robustness study.

Removing AI provenance markers to misrepresent AI-generated content as human-created may violate the laws above, the DMCA, and platform terms of service. Users are solely responsible for ensuring their use complies with all applicable laws. The authors do not condone use of this tool for deception, fraud, or any activity that violates applicable laws or regulations.

License

MIT