|
|
|
|
|
|
by irhshafkat
2703 days ago
|
|
|
A good practice is, unless necessary (or intentional), your API shouldn't send back raw outputs from your model. i.e. if you're running a classifier, return back only top 5 predictions, if you're running face recognition, directly send back names. All deep learning model outputs are by design differentiable, and anyone with access to the full output of your model can potentially reverse engineer it using model distillation. If you're running a cloud service, it's pretty easy, just make sure your API sends back processed inputs. If it's on device, things become a bit more involved, but ideally, the embeddings should be stored as encrypted files (and not directly loadable matrices), and only readable by a small part of your overall program, which sends back the name of the person after performing similarity match, to other parts of the program. Your entire program should not have access to the embedding. |
|
|