Summary of “Blind Spots in AI Just Might Help Protect Your Privacy”

Just a few small tweaks to an image or a few additions of decoy data to a database can fool a system into coming to entirely wrong conclusions.
Gong points to Facebook’s Cambridge Analytica incident as exactly the sort of privacy invasion he hopes to prevent: The data science firm paid thousands of Facebook users a few dollars each for answers to political and personal questions and then linked those answers with their public Facebook data to create a set of “Training data.” When the firm then trained a machine-learning engine with that dataset, the resulting model could purportedly predict private political persuasions based only on public Facebook data.
After tweaking the data a few different ways, they found that by adding just three fake app ratings, chosen to statistically point to an incorrect city-or taking revealing ratings away-that small amount of noise could reduce the accuracy of their engine’s prediction back to no better than a random guess.
The cat-and-mouse game of predicting and protecting private user data, Gong admits, doesn’t end there.
If the machine-learning “Attacker” is aware that adversarial examples may be protecting a data set from analysis, he or she can use what’s known as “Adversarial training”-generating their own adversarial examples to include in a training data set so that the resulting machine-learning engine is far harder to fool.
Another research group has experimented with a form of adversarial example data protection that’s intended to cut short that cat-and-mouse game.
Researchers at the Rochester Institute of Technology and the University of Texas at Arlington looked at how adversarial examples could prevent a potential privacy leak in tools like VPNs and the anonymity software Tor, designed to hide the source and destination of online traffic.
Attackers who can gain access to encrypted web browsing data in transit can in some cases use machine learning to spot patterns in the scrambled traffic that allows a snoop to predict which website-or even which specific page-a person is visiting.

The orginal article.