🤖 AI Summary
Existing non-differentially private synthetic data paradigms—core-set selection, dataset distillation, data-free knowledge distillation, and diffusion-based generation—lack rigorous, cross-paradigm evaluation of their actual privacy protection against real-world inference attacks.
Method: We conduct a unified empirical assessment using standardized membership inference and data reconstruction attacks, enabling the first horizontal comparison of privacy leakage across these four paradigms.
Contribution/Results: Our experiments reveal pervasive and significant privacy leakage across all methods, with diffusion models exhibiting particularly poor resilience under strong adversarial settings. Empirical privacy claims frequently engender false confidence. To address this gap, we propose the first multi-paradigm privacy evaluation framework for synthetic data, advocating formal privacy guarantees over heuristic assurances. This work provides both theoretical grounding and practical warnings for the trustworthy deployment of synthetic data in sensitive applications.
📝 Abstract
As synthetic data becomes increasingly popular in machine learning tasks, numerous methods--without formal differential privacy guarantees--use synthetic data for training. These methods often claim, either explicitly or implicitly, to protect the privacy of the original training data. In this work, we explore four different training paradigms: coreset selection, dataset distillation, data-free knowledge distillation, and synthetic data generated from diffusion models. While all these methods utilize synthetic data for training, they lead to vastly different conclusions regarding privacy preservation. We caution that empirical approaches to preserving data privacy require careful and rigorous evaluation; otherwise, they risk providing a false sense of privacy.