Olivia
Online
Bogdan Kulynych
@hiddenmarkov
privacy, security, and reliability of ML · Ex @EPFL, @hseas, @Google
Joined September 2012
1.4K Following
2K Followers
1.7K Posts
The NeurIPS position paper track was flooded with submissions that substantially used AI. More than other tracks, and despite a requirement otherwise.
I appreciate the chairs' strong action. People are not entitled to reviewers' time, AI makes it exceptionally easy to waste it.
A Gaussian mechanism with ε = 6 can be less private than one with ε = 8. This points to a problem with how we report privacy guarantees in machine learning. A thread 🧵
Here's a paper with all the details:
https://t.co/hTmx8hoABs
@physics_Felipe presenting it at #SatML on Tuesday March 24.
w/ @physics_Felipe, Borja Balle, Jamie Hayes, @FlavioCalmon, @ahonkela
Here's an example for a specific instantiation of DP-SGD in terms of f-DP trade-off curves (an equivalent operational version of privacy profiles). As we see, a non-asymptotic GDP trade-off curve fits the DP-SGD trade-off curve almost exactly.
Who to follow
Meredith Whittaker 
@mer__edith
President of @signalapp, Chief Advisor to @ainowinstitute (Also on Mastodon @[email protected], also on bsky @meredithmeredith.bsky.social)
SaTML Conference
@satml_conf
IEEE Conference on Secure and Trustworthy Machine Learning
March/April 2027 (TBD) • #SaTML2027
Roozbeh Mottaghi
@RoozbehMottaghi
AI Researcher; @SkildAI; Ex FAIR Robotics Leadership, @AIatMeta; Affiliate Prof @uwcse; Ex Research Manager @allen_ai; post-doc @Stanford and CS PhD @UCLA
We've built a new Python package gdpnum to compute non-asymptotic GDP guarantees and estimate their precision for many practical algorithms:
https://t.co/fYyG6gU8Yn
Many ML algorithms, especially those involving many compositions like DP-SGD, can be very precisely characterized with GDP. This is a *non-asymptotic* result, not just a central limit approximation!
GDP characterizes the entire privacy profile ε(δ) of a Gaussian mechanism exactly using a single number μ. Interpretation: if a mechanism satisfies μ-GDP, then running membership inference against it is as hard as distinguishing N(0,1) from N(μ,1) based on a single observation.
A Gaussian mechanism with ε = 6 can be less private than one with ε = 8. This points to a problem with how we report privacy guarantees in machine learning. A thread 🧵
Can we do better without reporting an entire privacy profile? Yes! With Gaussian differential privacy (GDP).
As the convention sets δ in a data-dependent way, this matters whenever you compare models across datasets or papers.
Issue 2: You can't properly compare two mechanisms by ε if their δ values differ. A Gaussian mechanism with ε = 6 at δ = 10⁻⁵ is less private than one with ε = 8 at δ = 10⁻⁹. This is because you cannot properly compare ε if δ is different.
No attacker in the universe can achieve that 98% rate: It's purely an artifact of compressing the entire privacy profile into one pair (ε, δ). My colleagues and I detailed on this problem in detail in this NeurIPS'24 paper:
https://t.co/LKeW48wMx1
Issue 1: A single (ε, δ) pair can massively overstate privacy risk. Example: DP-SGD with ε = 8 at δ = 10⁻⁵ suggests a worst-case membership inference accuracy of ~98% using standard conversions. But using the full privacy profile, the actual maximum is only ~68%.
The standard way is to report is to use a single (ε, δ) pair for a small δ. The community has developed informal conventions, e.g., ε < 10 is generally considered OK in privacy-preserving machine learning. But this convention has two big issues.
Presenting this on Thursday Dec 4 at #EurIPS in Copenhagen. Come by at the poster session if this sounds interesting!
#NeurIPS2025
New paper at #NeurIPS2025!
"Unifying Re-Identification, Attribute Inference, and Data Reconstruction Risks in Differential Privacy" in which we derive unified, tighter bounds on operational attack risks for any DP mechanisms, using f-DP.
Link: https://t.co/aWzFBHzhzC
Thread👇
Continued here:
https://t.co/INZYuA3QO6
Continuing the thread on "Unifying Re-Identification, Attribute Inference, and Data Reconstruction Risks in Differential Privacy", for some reason it got borked.
https://t.co/C2GVF57k6M
New paper at #NeurIPS2025!
"Unifying Re-Identification, Attribute Inference, and Data Reconstruction Risks in Differential Privacy" in which we derive unified, tighter bounds on operational attack risks for any DP mechanisms, using f-DP.
Link: https://t.co/aWzFBHzhzC
Thread👇
This is a unifying framework which can model various types of risk.
Very excited, and I think this will be quite useful for practical deployments of DP.
This is a joint work with great Felipe Gomez ( https://t.co/Gf5PzlyllA ), George Kaissis, Jamie Hayes, Borja Balle, @FlavioCalmon, JL Raisaro.
Continuing the thread on "Unifying Re-Identification, Attribute Inference, and Data Reconstruction Risks in Differential Privacy", for some reason it got borked.
https://t.co/C2GVF57k6M
New paper at #NeurIPS2025!
"Unifying Re-Identification, Attribute Inference, and Data Reconstruction Risks in Differential Privacy" in which we derive unified, tighter bounds on operational attack risks for any DP mechanisms, using f-DP.
Link: https://t.co/aWzFBHzhzC
Thread👇
Another (final) finding. The unified f-DP bound extends to a form of a generalization bound. Given that we can compute f-DP curves precisely, this is likely the tightest generalization bound applicable to deep learning, but it is only for on-average generalization unfortunately.
Last Seen Users on Sotwe
19
Seen from Egypt
Thông Đợp Trai
Seen from Vietnam
SuperiorFox🔞
Seen from Argentina
❤️ديوث البدوية ♠️
Seen from Switzerland
Mimin Terabel
Seen from Indonesia
Dick
Seen from Indonesia
ชอบนัดเย็ดกับสาวใหญ่
Seen from Thailand
Levi⭐️
Seen from Mexico
Zencijigolo Istanbul
Seen from Turkey
Gay Paki
Seen from Singapore
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers