FaceLinkGen: Rethinking Identity Leakage in Privacy-Preserving Face Recognition with Identity Extraction

• URL: http://arxiv.org/abs/2602.02914v1
• Date: Mon, 02 Feb 2026 23:41:14 GMT
• Title: FaceLinkGen: Rethinking Identity Leakage in Privacy-Preserving Face Recognition with Identity Extraction
• Authors: Wenqi Guo, Shan Du,
• Abstract summary: We present FaceLinkGen, an identity extraction attack that performs linkage/matching and face regeneration directly from protected templates without recovering original pixels.<n>Results expose a structural gap between pixel distortion metrics, which are widely used in PPFR evaluation, and real privacy.
• Score: 10.685858393562205
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Transformation-based privacy-preserving face recognition (PPFR) aims to verify identities while hiding facial data from attackers and malicious service providers. Existing evaluations mostly treat privacy as resistance to pixel-level reconstruction, measured by PSNR and SSIM. We show that this reconstruction-centric view fails. We present FaceLinkGen, an identity extraction attack that performs linkage/matching and face regeneration directly from protected templates without recovering original pixels. On three recent PPFR systems, FaceLinkGen reaches over 98.5\% matching accuracy and above 96\% regeneration success, and still exceeds 92\% matching and 94\% regeneration in a near zero knowledge setting. These results expose a structural gap between pixel distortion metrics, which are widely used in PPFR evaluation, and real privacy. We show that visual obfuscation leaves identity information broadly exposed to both external intruders and untrusted service providers.

Related papers

• SIDeR: Semantic Identity Decoupling for Unrestricted Face Privacy [53.75084833636302]
  We propose SIDeR, a Semantic decoupling-driven framework for unrestricted face privacy protection.<n> SIDeR decomposes a facial image into a machine-recognizable identity feature vector and a visually perceptible semantic appearance component.<n>For authorized access, SIDeR can be restored to its original form when the correct password is provided.
  arXiv  Detail & Related papers  (2026-02-04T19:30:48Z)
• FaceSwapGuard: Safeguarding Facial Privacy from DeepFake Threats through Identity Obfuscation [42.52406793874506]
  FaceSwapGuard (FSG) is a black-box defense mechanism against deepfake face-swapping threats.<n>FSG introduces imperceptible perturbations to a user's facial image, disrupting the features extracted by identity encoders.<n>Extensive experiments demonstrate the effectiveness of FSG against multiple face-swapping techniques.
  arXiv  Detail & Related papers  (2025-02-15T13:45:19Z)
• iFADIT: Invertible Face Anonymization via Disentangled Identity Transform [51.123936665445356]
  Face anonymization aims to conceal the visual identity of a face to safeguard the individual's privacy.<n>This paper proposes a novel framework named iFADIT, an acronym for Invertible Face Anonymization via Disentangled Identity Transform.
  arXiv  Detail & Related papers  (2025-01-08T10:08:09Z)
• Local Features Meet Stochastic Anonymization: Revolutionizing Privacy-Preserving Face Recognition for Black-Box Models [54.88064975480573]
  The task of privacy-preserving face recognition (PPFR) currently faces two major unsolved challenges.<n>By disrupting global features while enhancing local features, we achieve effective recognition even in black-box environments.<n>Our method achieves an average recognition accuracy of 94.21% on black-box models, outperforming existing methods in both privacy protection and anti-reconstruction capabilities.
  arXiv  Detail & Related papers  (2024-12-11T10:49:15Z)
• Privacy-Preserving Face Recognition Using Trainable Feature Subtraction [40.47645421424354]
  Face recognition has led to increasing privacy concerns. This paper explores face image protection against viewing and recovery attacks. We distill our methodologies into a novel privacy-preserving face recognition method, MinusFace.
  arXiv  Detail & Related papers  (2024-03-19T05:27:52Z)
• Diff-Privacy: Diffusion-based Face Privacy Protection [58.1021066224765]
  In this paper, we propose a novel face privacy protection method based on diffusion models, dubbed Diff-Privacy. Specifically, we train our proposed multi-scale image inversion module (MSI) to obtain a set of SDM format conditional embeddings of the original image. Based on the conditional embeddings, we design corresponding embedding scheduling strategies and construct different energy functions during the denoising process to achieve anonymization and visual identity information hiding.
  arXiv  Detail & Related papers  (2023-09-11T09:26:07Z)
• Privacy-preserving Adversarial Facial Features [31.885215405010687]
  We propose an adversarial features-based face privacy protection approach to generate privacy-preserving adversarial features. We show that AdvFace outperforms the state-of-the-art face privacy-preserving methods in defending against reconstruction attacks.
  arXiv  Detail & Related papers  (2023-05-08T08:52:08Z)
• FaceMAE: Privacy-Preserving Face Recognition via Masked Autoencoders [81.21440457805932]
  We propose a novel framework FaceMAE, where the face privacy and recognition performance are considered simultaneously. randomly masked face images are used to train the reconstruction module in FaceMAE. We also perform sufficient privacy-preserving face recognition on several public face datasets.
  arXiv  Detail & Related papers  (2022-05-23T07:19:42Z)
• Assessing Privacy Risks from Feature Vector Reconstruction Attacks [24.262351521060676]
  We develop metrics that meaningfully capture the threat of reconstructed face images. We show that reconstructed face images enable re-identification by both commercial facial recognition systems and humans. Our results confirm that feature vectors should be recognized as Personal Identifiable Information.
  arXiv  Detail & Related papers  (2022-02-11T16:52:02Z)
• Face Anonymization by Manipulating Decoupled Identity Representation [5.26916168336451]
  We propose a novel approach which protects identity information of facial images from leakage with slightest modification. Specifically, we disentangle identity representation from other facial attributes leveraging the power of generative adversarial networks. We evaulate the disentangle ability of our model, and propose an effective method for identity anonymization, namely Anonymous Identity Generation (AIG)
  arXiv  Detail & Related papers  (2021-05-24T07:39:54Z)
• Towards Face Encryption by Generating Adversarial Identity Masks [53.82211571716117]
  We propose a targeted identity-protection iterative method (TIP-IM) to generate adversarial identity masks. TIP-IM provides 95%+ protection success rate against various state-of-the-art face recognition models.
  arXiv  Detail & Related papers  (2020-03-15T12:45:10Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.