Classical techniques for protecting facial image privacy typically fall into two categories: data-poisoning methods, exemplified by Fawkes, which introduce subtle perturbations to images, or anonymization methods that generate images resembling the original only in several characteristics, such as gender, ethnicity, or facial expression.In this study, we introduce a novel approach, PrivacyGAN, that uses the power of image generation techniques, such as VQGAN and StyleGAN, to safeguard privacy while maintaining image usability, particularly for social media applications. Drawing inspiration from Fawkes, our method entails shifting the original image within the embedding space towards a decoy image.We evaluate our approach using privacy metrics on traditional and novel facial image datasets. Additionally, we propose new criteria for evaluating the robustness of privacy-protection methods against unknown image recognition techniques, and we demonstrate that our approach is effective even in unknown embedding transfer scenarios. We also provide a human evaluation that further proves that the modified image preserves its utility as it remains recognisable as an image of the same person by friends and family.

翻译：经典的面部图像隐私保护技术通常分为两类：数据投毒方法（以Fawkes为代表）通过向图像引入细微扰动，或匿名化方法生成仅在性别、种族或面部表情等少数特征上与原始图像相似的新图像。本研究提出了一种新方法PrivacyGAN，它利用VQGAN和StyleGAN等图像生成技术的力量，在保障图像可用性的同时维护隐私，特别适用于社交媒体应用。受Fawkes启发，我们的方法将原始图像在嵌入空间中向诱饵图像方向偏移。我们使用传统和新型面部图像数据集上的隐私指标评估该方法。此外，我们提出了评估隐私保护方法对未知图像识别技术鲁棒性的新标准，并证明该方法在未知嵌入转移场景下同样有效。我们还进行了人工评估，进一步证明修改后的图像保持了可用性，因为亲朋好友仍能识别其为同一人的图像。