rishav84ia.bsky.social
PhD student at NUS; Differential Privacy and Machine (Un)Learning
Trying to stop machines from learning too much about us
comp.nus.edu.sg/~rishav1
84 posts
151 followers
470 following
Regular Contributor
Active Commenter
comment in response to
post
I’m travelling right now, on my way to AAAI! Will share when I get a chance to open my laptop :)
comment in response to
post
I like this template. Got a few compliments here and there on it
comment in response to
post
What other materials are you reading on the topic? I’m looking to get into it as well
comment in response to
post
Seems like a perfect use case of Cramér-Rao bound for unbiased estimation
comment in response to
post
Trump = "sudo rm" and Musk = "-rf /*"
comment in response to
post
If you really really want to write something right, especially when there is no right way to write it, it becomes hard again.
comment in response to
post
Check out Halley’s method that has a cubic convergence rate. Newton’s method has quadratic convergence and bisect method has linear convergence in comparison
comment in response to
post
Here’s a thread describing our contributions!
comment in response to
post
Safe travels Kiran!
comment in response to
post
Shouldn’t the expectation of any symmetric distribution be 0?
comment in response to
post
Hmm... I think CLT might not work then as it requires σ < ∞. My guess would be that the distribution is still going to be a zero-mean Gaussian, but perhaps the normalization needs to be stronger than √n
comment in response to
post
For partial sum Sₙ = X₁+...+Xₙ of symmetric, iid random variables, the central limit theorem says the distribution of random variable Sₙ/√n should converge to 𝒩(0, σ²) where σ is the standard deviation of Xᵢs
comment in response to
post
Welcome to NUS! A great time to be in Singapore, you can catch the new year's fireworks from Marina Bay 😁
comment in response to
post
Yer a wizard Harry
comment in response to
post
Why does “U(D, S, A(D)) ≈ A(D◦S)” fail in reality? Because if D has copyrighted data, the model A(D) can produce first-gen synthetic copies that influence the add/remove request S. In Sam’s case, the second-gen dataset D◦S was created using first-gen images from A(D), so S isn’t independent of A(D).
comment in response to
post
No matter how perfectly a machine unlearning algorithm U(D, S, A(D)) simulates retraining on A(D◦S), the “essence” from the original copyrighted data lingers.
Check out my (slightly technical) paper on why machine unlearning, as it is right now, does not really work!
comment in response to
post
Why does “U(D, S, A(D)) ≈ A(D◦S)” fail in reality? Because if D has copyrighted data, the model A(D) can produce first-gen synthetic copies that influence the add/remove request S. In Sam’s case, the second-gen dataset D◦S was created using first-gen images from A(D), so S isn’t independent of A(D).
comment in response to
post
‼️ To dodge infringement claims, “AI bros” are creating second-gen datasets of synthetic art, derived from models trained on copyrighted originals. They omit the literal works but preserve their essence—and spark the same legal concerns.
comment in response to
post
🎉 Artists are seeing small wins against big AI firms (Stability AI, Midjourney, DeviantArt) in federal court. If they triumph, can Machine Unlearning truly stand on its promise to scrub these multi-million-dollar (or even billion-dollar) models of all copyrighted data?!
The answer is NO!
comment in response to
post
In 2023, frustrated artists filed a joint-action lawsuit against corporations illegally profiting off of their copyrighted works. There's a strong sentiment in the community that creators are not being protected against an entire industry for laundering copyrighted sources
comment in response to
post
🚨Here's a real-world example that unlearning fails🚨
@samdoesarts.bsky.social was among the first big-name illustrators whose style was illegally copied by AI models trained solely on his copyrighted art. These illegal models are still publicly available!
huggingface.co/models?searc...
comment in response to
post
The unlearning goal says: U(D, S, A(D)) ≈ A(D◦S)
Meaning: for a request S to delete/add data in set D, your “unlearning algorithm” U should produce a model U(D, S, A(D)) that looks like a model A(D◦S) re-trained from scratch on dataset D◦S. But does it actually "delete" information requested in S? 👀
comment in response to
post
Interesting work! I think you may find our paper on this matter quite relevant. We talk about fundamental flaws of unlearning definitions and a surprisingly effective way to fix them.
arxiv.org/abs/2210.08911
comment in response to
post
“baked potato dipped in sand” 😂😂😂
comment in response to
post
Yep, it all sounds so much like HAL 9000.
comment in response to
post
What I like most about this problem is that it's still unsolved. Clearly there's a cost to auditing in one run, but it's unclear how to quantify it.
comment in response to
post
It's on my reading list now!