White Christmas

White Christmas encrypts and scrambles photos and images before uploading them to social media, to prevent bad activities like deepfake or bad actors from using your photos for harmful actions.

Comment

Inspiration

Deepfakes are no longer a distant threat; they are causing real, devastating human pain. I’ve seen this firsthand, watching friends’ families and elders fall into the trap of AI-generated scams, losing their savings and feeling completely violated. That hit me hard, and it pushed me to build a practical solution to protect them.

The technical spark came from stumbling upon the Silvered Applied Images research (Australian Federal Police x Monash University) on using data poisoning to disrupt deepfakes. This collided perfectly with a concept from the Black Mirror episode "White Christmas," where people can literally "block" others in reality, reducing them to visual static.

I realised this dystopian nightmare could be flipped into our greatest defence. If malicious AI models are strip-mining our clear, unprotected photos to craft hoaxes, why not "block" the machines first?

That is how this system was born. I wanted to turn that static into a shield, creating a system where your uploaded images look like scrambled noise to AI and strangers, but silently decode into the original, clean images in real-time for the people you authorise.

What it does

White Christmas acts as a secure, invisible shield for your digital identity. It allows you to protect your personal photos from AI scrapers and malicious actors while still sharing them seamlessly with friends and family on social media.

  • The Scrambling Process: When you upload a photo to our platform, the system completely scrambles the visual data, reducing it to an unrecognisable pattern of noise.

  • Safe Sharing: You can then download and post this "protected" noisy image to public platforms like Facebook. To AI scrapers, data miners, and strangers, the image is entirely useless.

  • Real-Time Decoding: For the people you actually authorise, the experience is completely frictionless. They install our custom browser extension. When they view your scrambled post on social media, the extension silently detects the protected image and reconstructs the clean, original photo directly on their screen in real-time.

How we built it

We engineered White Christmas as a full-stack application to handle both complex image processing and seamless user distribution.

  • The Back end (The Engine): We built a high-performance API using Python and FastAPI. This handles the heavy lifting of our image protection pipeline. We utilised OpenCV, Pillow, and numpy to develop a custom block scrambling algorithm and embed an invisible, compression-robust DCT (Discrete Cosine Transform) watermark.

  • Storage & Security: To securely manage the clean original images and user authentication, we integrated Supabase (PostgreSQL). The original photos are safely locked in Supabase Storage Buckets, utilising its Row Level Security (RLS) and cryptography libraries to ensure only authorised users can access the decoding data.

  • The Frontend (The Dashboard): The user-facing web application was built with Next.js (React, TypeScript) and styled with CSS Modules. This provides a type-safe, responsive, and modern interface for users to upload and manage their protected galleries.

  • The Browser Extension (The Magic): To create a seamless viewing experience on third-party sites like Facebook, we developed a Chrome Extension (Manifest V3). It uses JavaScript and Canvas pixel manipulation to detect our specific watermarks, retrieve the necessary data from our FastAPI backend, and decode the image on the fly.

Challenges we ran into

Building a system that defeats both malicious AI models and aggressive social media compression algorithms was an intense, iterative process. We hit several major roadblocks before finding the right path:

  • The Resilience of Modern AI: Our first attempt relied on Adversarial Noise. We added tiny, calculated perturbations to the images, hoping to blind the AI scrapers. However, modern AI systems proved too robust; they completely ignored the noise and recognised the faces instantly.

  • The "Irreversible" Distortion: Next, we experimented with Face Warping (geometric distortion). While this successfully broke AI facial recognition, it introduced a fatal flaw. Social media platforms like Facebook apply aggressive resizing, image re-compression, and metadata stripping. Once Facebook compressed our warped image, it became mathematically impossible to reverse the distortion cleanly back to the original photo.

  • Surviving the Compression Gauntlet: The ultimate challenge was engineering a protection mechanism that could survive platform processing. We had to build a custom block scrambling algorithm paired with an invisible, DCT-based ID embedding. Tuning the deterministic PRNG and the DCT frequencies so that the hidden ID remained readable after Facebook's aggressive compression took dozens of frustrating "almost works."

  • Seamless Browser Decoding: Reconstructing the image for authorised users shouldn't feel clunky. We had to heavily optimise our Chrome Extension's JavaScript and Canvas pixel manipulation to ensure real-time decoding happened silently and instantly, without lagging the user's browser.

Accomplishments that we're proud of

  • The "Magic" Moment: After weeks of trial and error, we finally uploaded a protected, heavily scrambled image, refreshed the page, and watched our browser extension instantly and flawlessly decode it back into the crystal-clear original. Seeing that concept come to life in real-time felt like magic.

  • A Robust Full-Stack Architecture: We successfully bridged complex Python image processing with a modern web ecosystem. Integrating a Next.js front end, a high-performance FastAPI back end, Supabase for secure storage, and a Manifest V3 Chrome Extension into one seamless pipeline is a massive technical win.

  • Making Academic Research Practical: We took highly complex concepts like the data poisoning techniques from the Silvered Applied Images research and translated them from theory into a functional, user-friendly tool.

  • Building for Social Impact: Above all, we are proud to have built a practical digital solution targeted at real human pain. By creating a tool that shields digital identities from malicious AI threats, we are taking a tangible step toward protecting vulnerable communities, especially our elders, from devastating scams.

What we learned

Building White Christmas was a masterclass not just in the invisible war against AI, but in the power of human collaboration.

  • The power of resilient teamwork: Facing repeated roadblocks like our early failures with adversarial noise and irreversible face warping tested our morale. We learned that true engineering isn't just about writing code; it's about communicating through frustration, quickly pivoting our strategy as a unit, and supporting each other through dozens of "almost works" until we finally hit that magic moment.

  • Bridging the full-stack divide: Integrating a complex Python/FastAPI image-processing pipeline with a Next.js front end and a Manifest V3 Chrome extension required us to master cross-functional communication. We learned how to define strict API contracts, synchronise our development workflows, and speak the same language across entirely different tech stacks.

  • Translating theory into action: We learned how to take highly complex academic concepts like the data poisoning techniques from the Silvered Applied Images research and communicate them into a shared, actionable product vision that every team member could understand and build toward.

  • The mathematics of survival: Technically, we gained a deep, hands-on understanding of how social platforms aggressively compress images. To survive this "compression gauntlet," we had to dive deep into the maths of Discrete Cosine Transforms (DCT) and deterministic PRNGs, learning how to hide critical IDs within the very frequencies of an image.

  • Security must be frictionless: Perhaps our biggest product takeaway is that if a security tool is hard to use, people won't use it. We learned that UX is just as important as cryptography; the "magic" of our Chrome Extension silently doing the heavy lifting in the background is what makes this a practical solution for the everyday user.

What's next for White Christmas

This project began as a passionate experiment, but our architectural road map proves it has the potential to scale into a robust security platform. Based on our current system flow, here is the next phase of our evolution:

  • Actionable Security Dashboards: Protection shouldn't just happen in the background; it should empower the user. We are building a comprehensive analytics dashboard that quantifies exactly how well the system is working. Users will be greeted with tangible metrics like "Your profile has been saved from 50 potential threatens" making the impact of their digital safety visible and measurable.

  • Real-Time Audience Transparency: True security requires visibility. We are implementing a notification system that alerts users exactly when, and by whom, their images are viewed. You won't just hope your data is secure; you will have a clear ledger of every authorised person who decodes your moments.

  • Tackling the Mobile Frontier: The most valid critique of our current architecture is mobile integration. Since a massive portion of social media consumption happens on native mobile apps rather than desktop browsers, expanding our decryption capabilities beyond the Chrome extension into the mobile ecosystem is our most critical next step.

  • The Ultimate Vision: We are driven to build a universal platform where anyone can upload their images, get them automatically protected, and share them with ease. By turning White Christmas into a standard layer of defence, we are pushing for true social sustainability, ensuring vulnerable communities can connect online without the fear of AI identity theft.

Built With

Share this project:

Updates