Table of Contents
Fetching ...

Content Leakage in LibriSpeech and Its Impact on the Privacy Evaluation of Speaker Anonymization

Carlos Franzreb, Arnab Das, Tim Polzehl, Sebastian Möller

TL;DR

The paper reveals a critical flaw in privacy evaluation using Librispeech: speakers can be identified by the content of what they read, not just by vocal traits, which biases anonymization assessments. It proposes EdAcc as a spontaneous, diverse dataset that reduces content leakage and supports richer population-segment privacy analyses. Using a SpAnE-based attacker and an STT-TTS anonymizer as an upper bound, the study quantifies leakage via phone counts, durations, and phonetic content, showing that content-based cues persist in Librispeech but are weaker in EdAcc. The work advocates supplementing Librispeech with EdAcc for robust privacy evaluation and demonstrates that demographic attributes like accent can influence privacy outcomes, enabling targeted improvements in anonymization approaches.

Abstract

Speaker anonymization aims to conceal a speaker's identity, without considering the linguistic content. In this study, we reveal a weakness of Librispeech, the dataset that is commonly used to evaluate anonymizers: the books read by the Librispeech speakers are so distinct, that speakers can be identified by their vocabularies. Even perfect anonymizers cannot prevent this identity leakage. The EdAcc dataset is better in this regard: only a few speakers can be identified through their vocabularies, encouraging the attacker to look elsewhere for the identities of the anonymized speakers. EdAcc also comprises spontaneous speech and more diverse speakers, complementing Librispeech and giving more insights into how anonymizers work.

Content Leakage in LibriSpeech and Its Impact on the Privacy Evaluation of Speaker Anonymization

TL;DR

The paper reveals a critical flaw in privacy evaluation using Librispeech: speakers can be identified by the content of what they read, not just by vocal traits, which biases anonymization assessments. It proposes EdAcc as a spontaneous, diverse dataset that reduces content leakage and supports richer population-segment privacy analyses. Using a SpAnE-based attacker and an STT-TTS anonymizer as an upper bound, the study quantifies leakage via phone counts, durations, and phonetic content, showing that content-based cues persist in Librispeech but are weaker in EdAcc. The work advocates supplementing Librispeech with EdAcc for robust privacy evaluation and demonstrates that demographic attributes like accent can influence privacy outcomes, enabling targeted improvements in anonymization approaches.

Abstract

Speaker anonymization aims to conceal a speaker's identity, without considering the linguistic content. In this study, we reveal a weakness of Librispeech, the dataset that is commonly used to evaluate anonymizers: the books read by the Librispeech speakers are so distinct, that speakers can be identified by their vocabularies. Even perfect anonymizers cannot prevent this identity leakage. The EdAcc dataset is better in this regard: only a few speakers can be identified through their vocabularies, encouraging the attacker to look elsewhere for the identities of the anonymized speakers. EdAcc also comprises spontaneous speech and more diverse speakers, complementing Librispeech and giving more insights into how anonymizers work.
Paper Structure (11 sections, 1 equation, 3 figures, 1 table)

This paper contains 11 sections, 1 equation, 3 figures, 1 table.

Figures (3)

  • Figure 1: Speaker EERs for Librispeech anonymized with STT-TTS.
  • Figure 2: Relative phone frequencies for two Librispeech speakers.
  • Figure 3: Intra- and inter-EERs for EdAcc accents, anonymized with STT-TTS.