I wonder if the rise of deepfakes will finally be the moment that gives us all sufficient incentive to adopt a real, cross-platform authentication infrastructure of some sort (public key auth, etc). There's real value in, say, the NYT being able to authenticate that a reporter's social media presence is legit, and for that reporter to be able to sign and take responsibility for their photographs. Or using your example, some sports star authenticating an ad featuring them. Unsigned media would be considered suspect. This could all be surfaced in a digestible way to users, like we have done with the HTTPS lock icon. Dunno. Probably not, but maybe.
You have to look at the incentives versus counter incentives.
Who is going to be in control of this authentication infrastructure? Private companies? Where do they get the information that is trusted? Other private companies? Governments? Why won't these social media companies try to make their own private infrastructure so they can remain in control rather than potentially allow people to leave to other platforms? How will revocation work? Will the browser have to implement support?
Also: How long before authoritarians demand we sign our stuff?
There's a bunch of different PKI-style schemes, most of which don't require trusting a single central authority. I thought KeyBase's approach struck a good balance between authentication strength & ease of use, maybe something like that could be a good fit.
The incentive would be for online platforms, especially social media, to remain a place people want to be and can have some measure of trust in, rather than be overrun by deepfake-style content.
