4 research outputs found
StyleGAN as a Utility-Preserving Face De-identification Method
Face de-identification methods have been proposed to preserve users' privacy
by obscuring their faces. These methods, however, can degrade the quality of
photos, and they usually do not preserve the utility of faces, i.e., their age,
gender, pose, and facial expression. Recently, GANs, such as StyleGAN, have
been proposed, which generate realistic, high-quality imaginary faces. In this
paper, we investigate the use of StyleGAN in generating de-identified faces
through style mixing. We examined this de-identification method for preserving
utility and privacy by implementing several face detection, verification, and
identification attacks and conducting a user study. The results from our
extensive experiments, human evaluation, and comparison with two
state-of-the-art methods, i.e., CIAGAN and DeepPrivacy, show that StyleGAN
performs on par or better than these methods, preserving users' privacy and
images' utility. In particular, the results of the machine learning-based
experiments show that StyleGAN0-4 preserves utility better than CIAGAN and
DeepPrivacy while preserving privacy at the same level. StyleGAN0-3 preserves
utility at the same level while providing more privacy. In this paper, for the
first time, we also performed a carefully designed user study to examine both
privacy and utility-preserving properties of StyleGAN0-3, 0-4, and 0-5, as well
as CIAGAN and DeepPrivacy from the human observers' perspectives. Our
statistical tests showed that participants tend to verify and identify
StyleGAN0-5 images more easily than DeepPrivacy images. All the methods but
StyleGAN0-5 had significantly lower identification rates than CIAGAN. Regarding
utility, as expected, StyleGAN0-5 performed significantly better in preserving
some attributes. Among all methods, on average, participants believe gender has
been preserved the most while naturalness has been preserved the least
Fant\^omas: Understanding Face Anonymization Reversibility
Face images are a rich source of information that can be used to identify
individuals and infer private information about them. To mitigate this privacy
risk, anonymizations employ transformations on clear images to obfuscate
sensitive information, all while retaining some utility. Albeit published with
impressive claims, they sometimes are not evaluated with convincing
methodology.
Reversing anonymized images to resemble their real input -- and even be
identified by face recognition approaches -- represents the strongest indicator
for flawed anonymization. Some recent results indeed indicate that this is
possible for some approaches. It is, however, not well understood, which
approaches are reversible, and why. In this paper, we provide an exhaustive
investigation in the phenomenon of face anonymization reversibility. Among
other things, we find that 11 out of 15 tested face anonymizations are at least
partially reversible and highlight how both reconstruction and inversion are
the underlying processes that make reversal possible
A False Sense of Privacy: Towards a Reliable Evaluation Methodology for the Anonymization of Biometric Data
Biometric data contains distinctive human traits such as facial features or gait patterns. The use of biometric data permits an individuation so exact that the data is utilized effectively in identification and authentication systems. But for this same reason, privacy protections become indispensably necessary. Privacy protection is extensively afforded by the technique of anonymization. Anonymization techniques protect sensitive personal data from biometrics by obfuscating or removing information that allows linking records to the generating individuals, to achieve high levels of anonymity. However, our understanding and possibility to develop effective anonymization relies, in equal parts, on the effectiveness of the methods employed to evaluate anonymization performance. In this paper, we assess the state-of-the-art methods used to evaluate the performance of anonymization techniques for facial images and for gait patterns. We demonstrate that the state-of-the-art evaluation methods have serious and frequent shortcomings. In particular, we find that the underlying assumptions of the state-of-the-art are quite unwarranted. State-of-the-art methods generally assume a difficult recognition scenario and thus a weak adversary. However, that assumption causes state-of-the-art evaluations to grossly overestimate the performance of the anonymization. Therefore, we propose a strong adversary which is aware of the anonymization in place. This adversary model implements an appropriate measure of anonymization performance. We improve the selection process for the evaluation dataset, and we reduce the numbers of identities contained in the dataset while ensuring that these identities remain easily distinguishable from one another. Our novel evaluation methodology surpasses the state-of-the-art because we measure worst-case performance and so deliver a highly reliable evaluation of biometric anonymization techniques