Location Privacy

Question 1

Techniques for protecting location privacy

Answer 1

• Perturbation
• Hiding
• Generalization
• Adding dummies

Question 2

Spatial Obfuscation

Answer 2

• Perturbation of locations using noise (e.g. differential privacy)
• Problem: Trade-off between utility and privacy

Question 3

Hiding

Answer 3

• Not reporting some of the locations
• Reveal points only when needed

Question 4

Generalization

Answer 4

• Reduce the precision of the reported locations
• E.g. map to grid points
• Cloaking: Reveal a region
  -> Fixed cloaks: Always map to the same cloak
  -> Location-dependent cloaks (centered on location)
  -> k-anonymity based
• Not secure if server has background information about statistics
• Rather helps with anonymity than location privacy

Question 5

Dummy Locations

Answer 5

• Add decoy locations
  -> Difficult to create plausible dummies

Question 6

Measurement for privacy

Answer 6

1) Strategic adversary (knows defense): Estimates location that could have originated the observation
2) Privacy Error: Accuracy, correctness, certainty
-> Privacy is achieved if low precision & low recall (adversary does not find many real locations)

Question 7

How can the location be revealed?

Answer 7

• Application level:
  -> Part of the application functionality
  -> Application accesses location, e.g., for personalization (or for tracking)
  -> From metadata of files accessible by the application (e.g. of images)
• Network level:
  -> IP-based geolocation
  -> WiFi access points
  -> Bluetooth beacons

Question 8

Aggregations

Answer 8

• Reflect statistics of the population
  -> Outlier create “specific” statistics
• ML can used to be learn to distinguish those specific patterns (with/without outliers)
• Once membership in the aggregates is known, the aggregates enable further inferences
• Traditional defenses do not work: trace-oriented => high utility loss