Read on Twitter
This is a very nice and complete break of InstaHide by some of my Google colleagues and others: https://arxiv.org/abs/2011.05315
TL;DR: This scheme does not work, as the "encrypted" images can be largely recovered.
1/5
TL;DR: This scheme does not work, as the "encrypted" images can be largely recovered.
1/5
I don't want to pick on InstaHide, but the original paper invited comparison with differential privacy, so I think it's necessary to respond to that. The following comment is also not specific to this paper.
2/5
2/5
Differential Privacy provides a clear privacy guarantee.
Maybe you don't like that guarantee - maybe it's too strong, too weak, or not applicable to your setting. That's fine.
The point is that there *is* a guarantee to consider, object to, or build upon.
3/5
Maybe you don't like that guarantee - maybe it's too strong, too weak, or not applicable to your setting. That's fine.
The point is that there *is* a guarantee to consider, object to, or build upon.
3/5
If you are going to propose some alternative to differential privacy, then you should be clear about the privacy guarantee.
Only that way you can make a meaningful comparison.
And I think that's necessary to advance the field.
4/5
Only that way you can make a meaningful comparison.
And I think that's necessary to advance the field.
4/5
To be clear, I don't think it's necessary to make everything 100% theoretically rigorous with lemmas and proofs. But the assumptions should be made clear and falsifiable.
Generally, the more rigorous you make something, the more likely it is to stand up to scrutiny.
5/5
Generally, the more rigorous you make something, the more likely it is to stand up to scrutiny.
5/5
