Go to TMLR homepageRevisiting "Edit Away and My Face Will not Stay: Personal Biometric Defense against Malicious Generative Editing"
Abstract: Recent advances in diffusion-based image editing have enabled highly realistic and accessible manipulation of facial images, raising serious concerns about biometric privacy and malicious misuse. FaceLock, introduced in Edit Away and My Face Will Not Stay: Personal Biometric Defense against Malicious Generative Editing, proposes an optimization-based defense that embeds subtle perturbations into images at publication time to induce identity distortion in downstream generative edits. The method claims prompt-agnostic effectiveness and strong performance across multiple editing scenarios, supported by open-source code. In this paper, we present a systematic reproducibility study of FaceLock that evaluates its technical, quantitative, and qualitative reproducibility. We assess whether the reported results can be obtained using the released codebase, analyze the correspondence between the paper’s algorithmic description and its implementation, and document ambiguities that impact reproducibility. We further examine quantitative reproducibility by attempting to recover the reported performance trends and relative ranking against baselines. We, however, were not able to reproduce the originally reported performance trends, and our outputs were generally worse than those presented in the original paper. Beyond that, we expand the qualitative analysis to a broader set of image–prompt pairs and an additional, harder facial dataset to better test generalization behavior. While we obtained some successful outputs, only a small fraction of our qualitative results matched the consistently high quality reported by the authors. Finally, we introduce an extension to the FaceLock method that helps with robustness, and we critically examine the evaluation criteria used to measure defense effectiveness, highlighting limitations of prompt fidelity as a primary metric and arguing for a more explicit consideration of the trade-off between identity protection and preservation of the original image. We provide a link to our GitHub repository $\footnote{https://github.com/Luizerko/revisiting_facelock}$.
Certifications: Reproducibility Certification
Submission Type: Regular submission (no more than 12 pages of main content)
Changes Since Last Submission: We, once again, summarize the primary modifications below, although now they all refer only to the Action Editor requests:
1. We checked the consistency of the terminology and changed all the reference names that were still EoT to EoDR.
2. We have restructured the last paragraph of the introduction one more time to provide a more clear and explicitly listed summary of our contributions and findings.
3. We made some small modifications to image and table captions, as well as to the text in Quantitative Results to make it more clear that Simple FaceLock was not an actual baseline, but rather just a ill-posed method introduced to demonstrate some deficiencies of the current evaluation pipeline.
Code: https://github.com/Luizerko/revisiting_facelock
Assigned Action Editor: ~Mauricio_Delbracio1
Submission Number: 7321
Loading