This work addresses the lack of systematic evaluation of privacy leakage at the speaker attribute level in existing voice anonymization methods. It proposes the first privacy assessment framework grounded in speaker attributes, which systematically quantifies privacy risks by comparing ground-truth attributes, attributes inferred from original speech, and those inferred from anonymized speech. The framework integrates speaker uniqueness metrics with single-utterance attack error rate analysis to evaluate residual identifiability. The study reveals that even in the presence of attribute inference errors, inferred attributes can still pose significant privacy threats, exposing a critical gap in current anonymization techniques’ ability to protect attribute-level information. These findings underscore the necessity for future research to incorporate attribute-aware threat modeling and develop corresponding defense mechanisms.

Voice privacy approaches that preserve the anonymity of speakers modify speech in an attempt to break the link with the true identity of the speaker. Current benchmarks measure speaker protection based on signal-to-signal comparisons. In this paper, we introduce an attribute-based perspective, where we measure privacy protection in terms of comparisons between sets of speaker attributes. First, we analyze privacy impact by calculating speaker uniqueness for ground truth attributes, attributes inferred on the original speech, and attributes inferred on speech protected with standard anonymization. Next, we examine a threat scenario involving only a single utterance per speaker and calculate attack error rates. Overall, we observe that inferred attributes still present a risk despite attribute inference errors. Our research points to the importance of considering both attribute-related threats and protection mechanisms in future voice privacy research.