Brave Proposes a Framework to Ensure Machine Learning Models are Trained Privately

The makers of the Brave web browser today revealed a plan for ensuring that AI machine learning models are trained privately, meaning they will not leak sensitive information about companies whose data was used for training.

“Machine learning models trained on clients’ data without any guarantees of privacy can leak sensitive information about clients,” Brave privacy researcher Ali Shahin Shamsabadi explains. “For example, in the application of machine learning to advertising, we ideally want to learn the general patterns (‘showing scientific advertisements to clients visiting scientifically related contents’), however parameters of a trained machine learning model might encode specific facts about the interest of an individual client (‘Ali visited brave.com/research on 26 Feb 2024.’). Unfortunately, some institutions may not adhere to their claim of training machine learning models with client privacy.”

That last bit is probably an understatement, and is a key reason why so many corporations are still skeptical or even fearful of AI.

Brave’s proposal, made in partnership with universities like Northwestern and the University of Cambridge, involves a new framework for training machine learning models that decreases the potential privacy threat that can occur both intentionally—by the malicious actors we know are out there—and unintentionally by the many bugs that early AI use is now uncovering. Put simply, this approach involves verifiable private training that enhances training with a privacy certificate while not revealing any information about the data and model.

Brave will present this framework proposal, called Confidential-DPproof, at the the 12th International Conference on Learning Representations in Vienna in May. But it’s available now in an open source implementation, and Brave is seeking feedback and potential improvements.