This repository contains the codebase for the paper:
From Privacy Chains to ChainShield: Structured Privacy Risks and Defense in Vision-Language Models Accepted at the 24th Workshop on Privacy in the Electronic Society (WPES 2025) @ ACM CCS 2025 October 13–17, 2025, Taipei, Taiwan.
-
Celebrity Dataset
Images are collected from LAION-400M.
Use the scripts insrc/to extract and filter the images from the parquet files, applying similar filtering strategies as described in the paper. -
Car Dataset
Based on the Stanford Cars Dataset.
We randomly sampled 1,500 images (with visible license plates) for our experiments.
Use the scripts insrc/to select images following the described filtering process. -
Tattoo Dataset
We use the DeMSI Tattoo Dataset.
Please refer to the dataset page for details on downloading and usage.
In each subfolder under models/, we provide:
- VQA scripts for evaluation
- Adversarial attack scripts for privacy risk experiments
To run these experiments:
- Follow the installation instructions provided in each model’s official repository to set up the appropriate conda environments.
- Adjust dataset paths in the scripts to point to your local dataset copies.
If you use this codebase in your work, please cite:
@inproceedings{liu2025chainshield,
author = {Minxing Liu and Minh{-}Ha Le and Niklas Carlsson},
title = {From Privacy Chains to ChainShield: Structured Privacy Risks and Defense in Vision-Language Models},
booktitle = {Proceedings of the 24th Workshop on Privacy in the Electronic Society (WPES~'25)},
year = {2025},
pages = {116--133},
doi = {10.1145/3733802.3764048}
}