Privacy Blur: Quantifying Privacy and Utility for Image Data Release

TL;DR

This paper evaluates and compares privacy-preserving image obfuscation methods, revealing that Gaussian blurring is less private than pixelization and noise addition, which can better balance privacy and utility in image data sharing.

Contribution

The study provides a comprehensive analysis of privacy-utility tradeoffs for various image obfuscation techniques, introducing effective parameter choices and a software package for practical use.

Findings

Gaussian blur is vulnerable to reversal attacks.

Pixelization and noise addition can provide better privacy-utility balance.

Practical implementations of Gaussian blur are less private than theoretical assumptions.

Abstract

Image data collected in the wild often contains private information such as faces and license plates, and responsible data release must ensure that this information stays hidden. At the same time, released data should retain its usefulness for model-training. The standard method for private information obfuscation in images is Gaussian blurring. In this work, we show that practical implementations of Gaussian blurring are reversible enough to break privacy. We then take a closer look at the privacy-utility tradeoffs offered by three other obfuscation algorithms -- pixelization, pixelization and noise addition (DP-Pix), and cropping. Privacy is evaluated by reversal and discrimination attacks, while utility by the quality of the learnt representations when the model is trained on data with obfuscated faces. We show that the most popular industry-standard method, Gaussian blur is the least private of the four -- being susceptible to reversal attacks in its practical low-precision implementations. In contrast, pixelization and pixelization plus noise addition, when used at the right level of granularity, offer both privacy and utility for a number of computer vision tasks. We make our proposed methods together with suggested parameters available in a software package called Privacy Blur.