I was looking for a way to protect my custom trained model from users as I want to allow the user to load my tfjs model on their end (to reduce latency) without exposing the model weights to them, I came accross this thread: https://stackoverflow.com/questions/56919400/how-to-protect-obfuscate-drm-trained-model-weights-in-tensorflow-js and found some really good suggestions.
However, I was wondering if I could get some suggestions that completely protect my models or official confirmation that it is not possible, before i look into the above suggestions of
obfuscating my code that is not 100% protection
breaking my model into blocks as that still introduces undesired latency.
TLDR anything on the client side can be inspected - same goes for mobile apps too if you are low level enough. The only options I have come up with so far would be:
Split part of the model on server (eg the last few layers) and the rest on client side. So then if you steal the client side model its still relatively useless to the end user without the classification head or such but you still get the benefits to the user of privacy as the raw sensor data is not sent to server.
Try and implement some sort of encrypted WASM bundle or such - but this is more security through obscurity. As they say in the hacker world if you have direct access to device its as good as owned. Same applies to native apps and web apps for any assets that are stored on that local device that is owned by someone else.
If someone has brighter ideas that above or some new private memory API comes out in browsers then please do update this thread!