Inference Attacks for X-Vector Speaker Anonymization
Luke Bauer, Wenxuan Bao, Malvika Jadhav, Vincent Bindschaedler
TL;DR
This paper studies the privacy-utility tradeoff in x-vector speaker anonymization and introduces a simple, ML-free inference attack that exploits how pseudo x-vectors are constructed from a public pool. The attack, which simulates the anonymization process for candidate speakers and compares resulting x-vectors, outperforms ML-based attacks and runs with lower computational cost. Experimental results on the VoicePrivacy framework reveal near-perfect de-anonymization under several settings and reveal leakage from prosodic features, challenging the perceived privacy of current anonymization schemes. The work highlights the need to tailor privacy evaluations to the specific anonymization mechanism and suggests future directions exploring invertibility and user-centered utility analyses.
Abstract
We revisit the privacy-utility tradeoff of x-vector speaker anonymization. Existing approaches quantify privacy through training complex speaker verification or identification models that are later used as attacks. Instead, we propose a novel inference attack for de-anonymization. Our attack is simple and ML-free yet we show experimentally that it outperforms existing approaches.
