> The point of SynthID is to make generated images identifiable, in an attempt to prevent 1984-esque situations where you can't believe your eyes and ears.

You can still use traditional methods to manipulate images, too, so I don't think a "does not contain SynthID watermark" means you can trust that image more. In the other hand, encoding a lot of personal and other information in the watermark (136 bit is a lot) that can not be easily removed and most of the people are unaware of it seems really an 1984-like dystopia.

You have missed the point by such a wide margin that I have to wonder if it wasn't intentional.

The same techniques used here can be applied in other domains for other purposes. That would not "defeat its only purpose". The danger is the normalization of watermarking for [ insert good reason here ] with regulation eventually making it mandatory once everyone is accustomed to it. Rinse and repeat to gradually boil the frog.

We live in a world where nearly all printers already watermark everything they print with their serial number. It wouldn't be at all surprising if the next modernized variant of that technology encoded personal and contextual data tied to the user.

Is it? Given local models this delays the current cutting edge at any given time by what, 6 to 12 months at best?

The paper references some threat models they considered. They suggest someone might "possess paired information (both original and watermarked content)" and therefore be able to undo watermarking. Presumably it's fairly easy to get identity operations out of image APIs that would result in this situation. I'm not sure that addresses echelon's main concerns though.

The metadata is kept separately from the original data, and is, by design, modifiable and removable.

Watermark, by design, irreversibly modifies the original data, and is, by design, hard to remove without producing detectable artifacts (or rendering the data useless altogether).

In short, the answer is no.