Hacker News new | ask | show | jobs
by niclane7 1187 days ago
It is reasonable to think of it that way. Certainly high-level information from the data is extracted and embedded within a model, but only the information necessary for the model being trained. Whereas if the data itself was being sent, then all of the information is available. Additionally, through added protections (differential privacy being one) it is possible to engineer the federated system such that the data itself can not be reconstructed from model itself.
1 comments
dang 1187 days ago
Can you say more about what differential privacy is and how it works, for those of us who don't know or don't remember?
link
aix1 1187 days ago
I too would be interested in understanding this better.

Let's say we're building a medical segmentation model, which takes a patient image and outlines a tumour (or some other feature that's unique to them). I am not sure this matters here, but let's say the model is a basic 2D U-net. Image pixels in, binary pixel labels out (cancer/non-cancer).

At a high level, how would a differentially-private setup work for training such a model across multiple institutions without pooling their patient data?

link
1wheel 1187 days ago
https://pair.withgoogle.com/explorables/private-and-fair/
link