2022 Google Workshop on Federated Learning and Analytics (poster presentation)

A notable real-world deployment of FL is within Google’s Gboard, where FL is used to train the Next Word Prediction (NWP) model that provides the suggested next words that appear above the keyboard while typing. We present two attacks that reconstruct the original training data, i.e. the text typed by a user, from the FL parameter updates with a high degree of fidelity. We also show that adding Gaussian noise to the transmitted updates, which has been proposed to ensure local Differential Privacy (DP), provides little defence unless the noise levels used are so large that the utility of the model becomes substantially degraded.