Towards compression-resistant privacy-preserving photo sharing on social networks

Abstract

The massive photos shared through the social networks nowadays, e.g., Facebook and Instagram, have aided malicious entities to snoop private information, especially by utilizing deep neural networks (DNNs) to learn from those personal photos. To protect photo privacy against DNNs, recent advances adopting adversarial examples could successfully fool DNNs. However, they are sensitive to those image compression methods that are commonly used on social networks to reduce transmission bandwidth or storage space. A recent work proposed to resist JPEG compression, while the compression methods adopted in social networks are black boxes, and variation of compression methods would significantly degrade the resistance. To the best of our knowledge, this paper gives the first attempt to investigate a generic compression-resistant scheme to protect photo privacy against DNNs in the social network scenario. We propose the Compression-Resistant Adversarial framework (ComReAdv) that can achieve adversarial examples robust to an unknown compression method. To this end, we design an encoding-decoding based compression approximation model (ComModel) to approximate the unknown compression method by learning the transformation from the original-compressed pairs of images queried through the social network. In addition, we involve the pre-trained differentiable ComModel into the optimization process of adversarial example generation and adapt existing attack algorithms to generate compression-resistant adversarial examples. Extensive experimental results on different social networks demonstrate the effectiveness and superior resistance of the proposed ComReAdv to unknown compression as compared to the state-of-the-art methods.