Jingzhi Li,Lutong Han,Ruoyu Chen,Hua Zhang,Bing Han,Lili Wang,Xiaochun Cao

DOI: https://doi.org/10.1145/3474085.3475367

2021-01-01

Abstract:With the popularity of using computer vision technology in monitoring system, there is an increasing societal concern on intruding people's privacy as the captured images/videos may contain identity-related information e.g. people's face. Existing methods on protecting such privacy focus on removing the identity-related information from faces. However, this would weaken the utility of current monitoring system. In this paper, we develop a face anonymization framework that could obfuscate visual appearance while preserving the identity discriminability. The framework is composed of two parts: an identity-aware region discovery module and an identity-aware face confusion module. The former adaptively locates the identity-independent attributes on human faces, and the latter generates the privacy-preserving faces using original faces and discovered facial attributes. To optimize the face generator, we employ a multi-task based loss function, which consists of discriminator loss, identify preserving loss, and reconstruction loss functions. Our model can achieve a balance between recognition utility and appearance anonymizing by modifying different numbers of facial attributes according to pratical demands, and provide a variety of results. Extensive experiments conducted on two public benchmarks Celeb-A and VGG-Face2 demonstrate the effectiveness of our model under distinct face recognition scenarios.

Chunlei Peng,Shuang Wan,Zimin Miao,Decheng Liu,Yu Zheng,Nannan Wang

DOI: https://doi.org/10.1145/3552458.3556442

2022-01-01

Abstract:With the widespread application of big data technology, we are exposed to more and more video monitoring. To prevent serious social problems caused by face data leakage, face anonymization has become an important kind of method to protect face privacy. The face anonymization mentioned in this paper refers to the anonymization generation of the visual appearance in face images. Existing face anonymization methods mainly focus on removing identity information. However, in the scenario of face recognition technology that needs to protect privacy, existing face anonymization technology makes anonymized faces that can no longer be used for face recognition, limiting the application scope of face anonymization. Therefore, when using face anonymization, it is equally important to ensure that the anonymized face images can still be used for downstream tasks such as face recognition. To this end, we propose Anonym-Recognizer, a relationship-preserving face anonymization and recognition method. Our method uses relationship cyphertext which can be any binary identity number representing the identity of the image owner and designs a generative adversarial network to perform face anonymization and relationship cyphertexts embedding. In our framework, we first use Visual Anonymizer to manipulate the visual appearance of the input image, then use Cyphertext Embedder to get the anonymized image with the identity information embedded. With the help of Anonym Recognizer, the face recognition system can extract the relationship cyphertexts from the anonymized image as the credentials to match the identity information. The proposed Anonym-Recognizer provides a new perspective for the recognition and application of anonymized face images. Experiments on the Megaface dataset show that our method can encourage a 100% recognition accuracy on anonymized faces while finishing the task of face anonymization with high qualitative and quantitative quality.

Chunlei Peng,Shuang Wan,Zimin Miao,Decheng Liu,Yu Zheng,Nannan Wang

DOI: https://doi.org/10.1145/3552458.3556442

2022-01-01

Abstract:With the widespread application of big data technology, we are exposed to more and more video monitoring. To prevent serious social problems caused by face data leakage, face anonymization has become an important kind of method to protect face privacy. The face anonymization mentioned in this paper refers to the anonymization generation of the visual appearance in face images. Existing face anonymization methods mainly focus on removing identity information. However, in the scenario of face recognition technology that needs to protect privacy, existing face anonymization technology makes anonymized faces that can no longer be used for face recognition, limiting the application scope of face anonymization. Therefore, when using face anonymization, it is equally important to ensure that the anonymized face images can still be used for downstream tasks such as face recognition. To this end, we propose Anonym-Recognizer, a relationship-preserving face anonymization and recognition method. Our method uses relationship cyphertext which can be any binary identity number representing the identity of the image owner and designs a generative adversarial network to perform face anonymization and relationship cyphertexts embedding. In our framework, we first use Visual Anonymizer to manipulate the visual appearance of the input image, then use Cyphertext Embedder to get the anonymized image with the identity information embedded. With the help of Anonym Recognizer, the face recognition system can extract the relationship cyphertexts from the anonymized image as the credentials to match the identity information. The proposed Anonym-Recognizer provides a new perspective for the recognition and application of anonymized face images. Experiments on the Megaface dataset show that our method can encourage a 100% recognition accuracy on anonymized faces while finishing the task of face anonymization with high qualitative and quantitative quality.

Yuanwei Liu,Chengyu Jia,Ruqi Xiao,Xuemai Jia,Hui Wei,Kui Jiang,Zheng Wang

2024-12-11

Abstract:The task of privacy-preserving face recognition (PPFR) currently faces two major unsolved challenges: (1) existing methods are typically effective only on specific face recognition models and struggle to generalize to black-box face recognition models; (2) current methods employ data-driven reversible representation encoding for privacy protection, making them susceptible to adversarial learning and reconstruction of the original image. We observe that face recognition models primarily rely on local features ({e.g., face contour, skin texture, and so on) for identification. Thus, by disrupting global features while enhancing local features, we achieve effective recognition even in black-box environments. Additionally, to prevent adversarial models from learning and reversing the anonymization process, we adopt an adversarial learning-based approach with irreversible stochastic injection to ensure the stochastic nature of the anonymization. Experimental results demonstrate that our method achieves an average recognition accuracy of 94.21\% on black-box models, outperforming existing methods in both privacy protection and anti-reconstruction capabilities.

Computer Vision and Pattern Recognition

Zhongzheng Ren,Yong Jae Lee,Michael S. Ryoo

DOI: https://doi.org/10.48550/arXiv.1803.11556

2018-03-30

Computer Vision and Pattern Recognition

Abstract:There is an increasing concern in computer vision devices invading users' privacy by recording unwanted videos. On the one hand, we want the camera systems to recognize important events and assist human daily lives by understanding its videos, but on the other hand we want to ensure that they do not intrude people's privacy. In this paper, we propose a new principled approach for learning a video \emph{face anonymizer}. We use an adversarial training setting in which two competing systems fight: (1) a video anonymizer that modifies the original video to remove privacy-sensitive information while still trying to maximize spatial action detection performance, and (2) a discriminator that tries to extract privacy-sensitive information from the anonymized videos. The end result is a video anonymizer that performs pixel-level modifications to anonymize each person's face, with minimal effect on action detection performance. We experimentally confirm the benefits of our approach compared to conventional hand-crafted anonymization methods including masking, blurring, and noise adding. Code, demo, and more results can be found on our project page https://jason718.github.io/project/privacy/main.html.

Han-Wei Kung,Tuomas Varanka,Sanjay Saha,Terence Sim,Nicu Sebe

2024-11-02

Abstract:Current face anonymization techniques often depend on identity loss calculated by face recognition models, which can be inaccurate and unreliable. Additionally, many methods require supplementary data such as facial landmarks and masks to guide the synthesis process. In contrast, our approach uses diffusion models with only a reconstruction loss, eliminating the need for facial landmarks or masks while still producing images with intricate, fine-grained details. We validated our results on two public benchmarks through both quantitative and qualitative evaluations. Our model achieves state-of-the-art performance in three key areas: identity anonymization, facial attribute preservation, and image quality. Beyond its primary function of anonymization, our model can also perform face swapping tasks by incorporating an additional facial image as input, demonstrating its versatility and potential for diverse applications. Our code and models are available at <a class="link-external link-https" href="https://github.com/hanweikung/face_anon_simple" rel="external noopener nofollow">this https URL</a> .

Computer Vision and Pattern Recognition,Cryptography and Security

Jingjing Yang,Shufei Qiao,Zhenyu Wang,Zhanpeng Zuo

DOI: https://doi.org/10.1109/jsyst.2023.3284861

IF: 4.802

2023-01-01

IEEE Systems Journal

Abstract:With the rapid development of the Internet of Vehicles, the systematical cameras in vehicles can easily collect mass personal face data, which is very private on the Internet. This article focuses on solving the face protection problem caused by the Internet of Vehicles. Previous studies have proposed various face protection models based on obfuscation, neural networks, or adversarial techniques to prevent the disclosure of identity information. Even with existing face anonymization algorithms, there are several issues, including weak information protection ability, not maintaining the naturalness of a protected face, and not being suitable for various emerging face recognition systems. We propose an adversarial secret-identity generation model to protect personal identities from these problems. Concretely, our model&#x27;s identity encryption generative adversarial module can generate brand new faces, which ensures naturalness while making other face identification models unable to recognize the identity. In addition, our PFS module extracts the identity set that is least relevant to the inputs and most conducive to model convergence from target data and promotes the generation of excellent faces from the perspective of data. Finally, the protected identities generated by our black-box face deidentification model can resist recognizing various advanced face identification approaches. Extensive experiments prove our model can achieve a 96.5% protection success rate, achieving competitive performance with 98.1% R1-T, 99.2% R5-T, 98.5% R1-U, and 97.1% R5-U against ArcFace and beating out various superior face anonymization algorithms. Meanwhile, we introduce a model compression algorithm to reduce the network scale of this model, demonstrating the scalability of various intelligent vehicles.

computer science, information systems,telecommunications,engineering, electrical & electronic,operations research & management science

Xintong Xu,Run Cui,Chanying Huang,Kedong Yan

DOI: https://doi.org/10.1093/comjnl/bxad111

2023-01-01

Abstract:Photos or videos taken by individuals often carry sensitive details such as facial identities, which has led to an escalating societal interest in privacy protection measures. We suggest an improved face identity transformer that offers password-protected anonymization and de-anonymization of photo-realistic facial images in visual data. Our face identity transformer is designed to (1) erase facial identity information after anonymization, (2) restore the original face when a correct password is provided and (3) generate an incorrect but realistic face when given an incorrect password. The processes of image anonymization and de-anonymization are facilitated through a password scheme, a multi-task learning objective and generative adversarial networks comprising InfoGAN and contrastive learning. In-depth experiments indicate that our methodology can execute anonymization and de-anonymization based on password conditions whilst reducing training time and enhancing image quality compared to existing anonymization procedures. Additionally, it maintains a recognition rate as low as 4.8% for anonymized images without sacrificing the face detection rate of the original method.

Jiayi Xu,Xuan Tan,Yixuan Ju,Xiaoyang Mao,Shanqing Zhang

DOI: https://doi.org/10.1007/s00371-024-03526-9

IF: 2.835

2024-06-20

The Visual Computer

Abstract:In the meta-universe scenario, with the development of personalized social networks, interactive behaviors such as uploading and sharing personal and family photographs are becoming increasingly widespread. Consequently, the risk of being searched or leaking personal financial information increases. A possible solution is to use anonymized face images instead of real images in the public situations. Most of the existing face anonymization methods attempt to replace a large portion of the face image to modify identity information. However, the resulted faces are often not similar enough to the original faces as seen with the naked eyes. To maintain visual coherence as much as possible while avoiding recognition by face recognition systems, we propose to detect part of the face that is most relevant to the identity based on saliency analysis. Furthermore, we preserve the identification of irrelevant face features by re-injecting them into the regenerated face. The proposed model consists of three stages. Firstly, we employ a dynamic identity perception network to detect the identity-relevant facial region and generate a masked face with removed identity. Secondly, we apply feature selection and preservation network that extracts basic semantic attributes from the original face and also extracts multilevel identity-irrelevant face features from the masked face, and then fuses them into conditional feature vectors for face regeneration. Finally, a pre-trained StyleGAN2 generator is applied to obtain a high-quality identity-obscured face image. The experimental results show that the proposed method can obtain more realistic anonymized face images that retain most of the original facial attributes, while it can deceive face recognition system to protect privacy in the modern digital economy and entertainment scenarios.

computer science, software engineering

Zhenzhong Kuang,Huigui Liu,Jun Yu,Aikui Tian,Lei Wang,Jianping Fan,Noboru Babaguchi

DOI: https://doi.org/10.1145/3474085.3475464

2021-01-01

Abstract:The growing application of face images and modern AI technology has raised another important concern in privacy protection. In many real scenarios like scientific research, social sharing and commercial application, lots of images are released without privacy processing to protect people's identity. In this paper, we develop a novel effective de-identification generative adversarial network (DeIdGAN) for face anonymization by seamlessly replacing a given face image with a different synthesized yet realistic one. Our approach consists of two steps. First, we anonymize the input face to obfuscate its original identity. Then, we use our designed deidentification generator to synthesize an anonymized face. During the training process, we leverage a pair of identity-adversarial discriminators to explicitly constrain identity protection by pushing the synthesized face away from the predefined sensitive faces to resist re-identification and identity invasion. Finally, we validate the effectiveness of our approach on public datasets. Compared with existing methods, our approach can not only achieve better identity protection rates but also preserve superior image quality and data reusability, which suggests the state-of-the-art performance.

Tao Li,Lei Lin

DOI: https://doi.org/10.1109/cvprw.2019.00013

2019-06-01

Abstract:With billions of personal images being generated from social media and cameras of all sorts on a daily basis, security and privacy are unprecedentedly challenged. Although extensive attempts have been made, existing face image de-identification techniques are either insufficient in photo-reality or incapable of balancing privacy and usability qualitatively and quantitatively, i.e., they fail to answer counterfactual questions such as “is it private now?”, “how private is it?”, and “can it be more private?” In this paper, we propose a novel framework called AnonymousNet, with an effort to address these issues systematically, balance usability, and enhance privacy in a natural and measurable manner. The framework encompasses four stages: facial attribute estimation, privacy-metric-oriented face obfuscation, directed natural image synthesis, and adversarial perturbation. Not only do we achieve the state-of-the-arts in terms of image quality and attribute prediction accuracy, we are also the first to show that facial privacy is measurable, can be factorized, and accordingly be manipulated in a photo-realistic fashion to fulfill different requirements and application scenarios. Experiments further demonstrate the effectiveness of the proposed framework.

Yi-Lun Pan,Jun-Cheng Chen,Ja-Ling Wu

DOI: https://doi.org/10.3390/e25020272

IF: 2.738

2023-02-02

Entropy

Abstract:Privacy protection data processing has been critical in recent years when pervasively equipped mobile devices could easily capture high-resolution personal images and videos that may disclose personal information. We propose a new controllable and reversible privacy protection system to address the concern in this work. The proposed scheme can automatically and stably anonymize and de-anonymize face images with one neural network and provide strong security protection with multi-factor identification solutions. Furthermore, users can include other attributes as identification factors, such as passwords and specific facial attributes. Our solution lies in a modified conditional-GAN-based training framework, the Multi-factor Modifier (MfM), to simultaneously accomplish the function of multi-factor facial anonymization and de-anonymization. It can successfully anonymize face images while generating realistic faces satisfying the conditions specified by the multi-factor features, such as gender, hair colors, and facial appearance. Furthermore, MfM can also de-anonymize de-identified faces to their corresponding original ones. One crucial part of our work is design of physically meaningful information-theory-based loss functions, which include mutual information between authentic and de-identification images and mutual information between original and re-identification images. Moreover, extensive experiments and analyses show that, with the correct multi-factor feature information, the MfM can effectively achieve nearly perfect reconstruction and generate high-fidelity and diverse anonymized faces to defend attacks from hackers better than other methods with compatible functionalities. Finally, we justify the advantages of this work through perceptual quality comparison experiments. Our experiments show that the resulting LPIPS (with a value of 0.35), FID (with a value of 28), and SSIM (with a value of 0.95) of MfM demonstrate significantly better de-identification effects than state-of-the-art works. Additionally, the MfM we designed can achieve re-identification, which improves real-world practicability.

physics, multidisciplinary

Hyeongbok Kim,Lingling Zhao,Zhiqi Pang,Xiaohong Su,Jin Suk Lee

DOI: https://doi.org/10.1007/s11042-023-17107-w

IF: 2.577

2023-01-01

Multimedia Tools and Applications

Abstract:The growing use of deep learning methods in various applications has raised concerns about privacy, as these methods heavily rely on large-scale datasets. To address this issue, anonymization methods have been proposed that usually use face detection models to remove the original face and regenerate a new one. Although these methods have achieved promising performance, alternative face detection models significantly increase the training cost and inference time. To solve these problems, we propose an end-to-end mobile anonymization method with a joint reconstruction and deidentification (JRD) framework. We introduce deidentification loss into a generative adversarial network to anonymize the original image and add reconstruction loss to reconstruct the background of the original image. By balancing these two losses, we can anonymize the identity without changing the background and no longer rely on additional face detection models. In addition, to ensure the essential difference between the generated and original images, we generated a random code for each original image. Further, we verified the effectiveness and superiority of JRD on the CelebA dataset. The experimental results show that JRD not only outperforms existing one-to-one methods but is also superior to many-to-one methods.

Tianxiang Ma,Dongze Li,Wei Wang,Jing Dong

DOI: https://doi.org/10.48550/arXiv.2105.11137

2021-05-24

Computer Vision and Pattern Recognition

Abstract:De-identification of face data has drawn increasing attention in recent years. It is important to protect people's identities meanwhile keeping the utility of the data in many computer vision tasks. We propose a Controllable Face Anonymization Network (CFA-Net), a novel approach that can anonymize the identity of given faces in images and videos, based on a generator that can disentangle face identity from other image contents. We reach the goal of controllable face anonymization through manipulating identity vectors in the generator's identity representation space. Various anonymized faces deriving from an original face can be generated through our method and maintain high similarity to the original image contents. Quantitative and qualitative results demonstrate our method's superiority over literature models on visual quality and anonymization validity.

Simon Hanisch,Julian Todt,Jose Patino,Nicholas Evans,Thorsten Strufe

DOI: https://doi.org/10.56553/popets-2024-0008

2024-07-09

Abstract:Biometric data contains distinctive human traits such as facial features or gait patterns. The use of biometric data permits an individuation so exact that the data is utilized effectively in identification and authentication systems. But for this same reason, privacy protections become indispensably necessary. Privacy protection is extensively afforded by the technique of anonymization. Anonymization techniques protect sensitive personal data from biometrics by obfuscating or removing information that allows linking records to the generating individuals, to achieve high levels of anonymity. However, our understanding and possibility to develop effective anonymization relies, in equal parts, on the effectiveness of the methods employed to evaluate anonymization performance. In this paper, we assess the state-of-the-art methods used to evaluate the performance of anonymization techniques for facial images and for gait patterns. We demonstrate that the state-of-the-art evaluation methods have serious and frequent shortcomings. In particular, we find that the underlying assumptions of the state-of-the-art are quite unwarranted. State-of-the-art methods generally assume a difficult recognition scenario and thus a weak adversary. However, that assumption causes state-of-the-art evaluations to grossly overestimate the performance of the anonymization. Therefore, we propose a strong adversary which is aware of the anonymization in place. We improve the selection process for the evaluation dataset, and we reduce the numbers of identities contained in the dataset while ensuring that these identities remain easily distinguishable from one another. Our novel evaluation methodology surpasses the state-of-the-art because we measure worst-case performance and so deliver a highly reliable evaluation of biometric anonymization techniques.

Cryptography and Security

Zhibo Wang,He Wang,Shuaifan Jin,Wenwen Zhang,Jiahui Hu,Yan Wang,Peng Sun,Wei Yuan,Kaixin Liu,Kui Ren

DOI: https://doi.org/10.48550/arXiv.2305.05391

2023-05-08

Abstract:Face recognition service providers protect face privacy by extracting compact and discriminative facial features (representations) from images, and storing the facial features for real-time recognition. However, such features can still be exploited to recover the appearance of the original face by building a reconstruction network. Although several privacy-preserving methods have been proposed, the enhancement of face privacy protection is at the expense of accuracy degradation. In this paper, we propose an adversarial features-based face privacy protection (AdvFace) approach to generate privacy-preserving adversarial features, which can disrupt the mapping from adversarial features to facial images to defend against reconstruction attacks. To this end, we design a shadow model which simulates the attackers' behavior to capture the mapping function from facial features to images and generate adversarial latent noise to disrupt the mapping. The adversarial features rather than the original features are stored in the server's database to prevent leaked features from exposing facial information. Moreover, the AdvFace requires no changes to the face recognition network and can be implemented as a privacy-enhancing plugin in deployed face recognition systems. Extensive experimental results demonstrate that AdvFace outperforms the state-of-the-art face privacy-preserving methods in defending against reconstruction attacks while maintaining face recognition accuracy.

Computer Vision and Pattern Recognition

Yuanzhe Yang,Zhiyi Niu,Yuying Qiu,Biao Song,Xinchang Zhang,Yuan Tian,Ran Guo

DOI: https://doi.org/10.1007/978-981-99-3300-6_45

2022-01-01

Abstract:Existing methods for face de-identification often cause inevitable damage to the utility of facial information. The anonymized facial images can hardly be applied in practical applications. In this work, we propose a cluster-based generative model that conceals the identity of images while preserving the utility of facial images. We extract facial features in the first stage, then classify images into several clusters. Four naive protection methods, blindfold, mosaic, cartoon and mosaic, are adopted to form facial image inputs without private information. Along with the four de-identified images, a random facial image in the same cluster is also chosen as another input for better preservation of facial features. We train a novel model with multiple inputs, called Multi-stage Utility Maintenance-Variational AutoEncoder (MsUM-VAE), generating a facial image using the mentioned multi-inputs. The output of the model retains a large portion of the facial characteristics, but cannot be distinguished from the original image dataset, avoiding the disclosure of privacy. We perform numerous evaluations on the CelebA dataset to showcase the effectiveness of our model, and the findings indicate that the model surpasses conventional techniques for obscuring identity and maintaining the utility of images.

Shengshan Hu,Xiaogeng Liu,Yechao Zhang,Minghui Li,Leo Yu Zhang,Hai Jin,Libing Wu

DOI: https://doi.org/10.1109/CVPR52688.2022.01459

2022-01-01

Abstract:While deep face recognition (FR) systems have shown amazing performance in identification and verification, they also arouse privacy concerns for their excessive surveillance on users, especially for public face images widely spread on social networks. Recently, some studies adopt adversarial examples to protect photos from being identified by unauthorized face recognition systems. However, existing methods of generating adversarial face images suffer from many limitations, such as awkward visual, white-box setting, weak transferability, making them difficult to be applied to protect face privacy in reality. In this paper, we propose adversarial makeup transfer GAN (AMT-GAN) 1 1 https://github.com/CGCL-codes/AMT-GAN, a novel face protection method aiming at constructing adversarial face images that preserve stronger black-box transferability and better visual quality simultaneously. AMT-GAN leverages generative adversarial networks (GAN) to synthesize adversarial face images with makeup transferred from reference images. In particular, we introduce a new regularization module along with a joint training strategy to reconcile the conflicts between the adversarial noises and the cycle consistence loss in makeup transfer, achieving a desirable balance between the attack strength and visual changes. Extensive experiments verify that compared with state of the arts, AMT-GAN can not only preserve a comfortable visual quality, but also achieve a higher attack success rate over commercial FR APIs, including Face++, Aliyun, and Microsoft.

Yi-Lun Pan,Jun-Cheng Chen,Ja-Ling Wu

DOI: https://doi.org/10.3390/electronics13224398

IF: 2.9

2024-11-10

Electronics

Abstract:We develop a method to automatically and stably anonymize and de-anonymize face images with encoder-decoder networks and provide a robust and secure solution for identity protection. Our fundamental framework is an NN-based encoder-decoder pair with a dual inferencing mechanism. We denote it as the Secure Dual Network (SDN), which can simultaneously achieve multi-attribute face de-identification and re-identification without any pre-trained/auxiliary model. In more detail, the SDN can take responsibility for successfully anonymizing the face images while generating surrogate faces, satisfying the user-defined specific conditions. Meanwhile, SDN can also execute the de-anonymization procedure and visually indistinguishably reconstruct the original ones if re-identification is required. Designing and implementing the loss functions based on information theory (IT) is one of the essential parts of our work. With the aid of the well-known IT-related quantity, Mutual Information, we successfully explained the physical meaning of our trained models. Extensive experiments justify that with pre-defined multi-attribute identity features, SDN generates user-preferred and diverse appearance anonymized faces for successfully defending against attacks from hackers and, therefore, achieves the goal of privacy protection. Moreover, it can reconstruct the original image nearly perfectly if re-identification is necessary.

engineering, electrical & electronic,computer science, information systems,physics, applied

Xiuye Gu,Weixin Luo,Michael S. Ryoo,Yong Jae Lee

DOI: https://doi.org/10.1007/978-3-030-58592-1_43

2020-01-01

Abstract:Cameras are prevalent in our daily lives, and enable many useful systems built upon computer vision technologies such as smart cameras and home robots for service applications. However, there is also an increasing societal concern as the captured images/videos may contain privacy-sensitive information (e.g., face identity). We propose a novel face identity transformer which enables automated photo-realistic password-based anonymization and deanonymization of human faces appearing in visual data. Our face identity transformer is trained to (1) remove face identity information after anonymization, (2) recover the original face when given the correct password, and (3) return a wrong—but photo-realistic—face given a wrong password. With our carefully designed password scheme and multi-task learning objective, we achieve both anonymization and deanonymization using the same single network. Extensive experiments show that our method enables multimodal password conditioned anonymizations and deanonymizations, without sacrificing privacy compared to existing anonymization methods.