Differentially private publication of location entropy

Location entropy (LE) is a popular metric for measuring the popularity of various locations (e.g., points-of-interest). Unlike other metrics computed from only the number of (unique) visits to a location, namely frequency, LE also captures the diversity of the users' visits, and is thus more accurate than other metrics. Current solutions for computing LE require full access to the past visits of users to locations, which poses privacy threats. This paper discusses, for the first time, the problem of perturbing location entropy for a set of locations according to differential privacy. The problem is challenging because removing a single user from the dataset will impact multiple records of the database; i.e., all the visits made by that user to various locations. Towards this end, we first derive non-trivial, tight bounds for both local and global sensitivity of LE, and show that to satisfy ε-differential privacy, a large amount of noise must be introduced, rendering the published results useless. Hence, we propose a thresholding technique to limit the number of users' visits, which significantly reduces the perturbation error but introduces an approximation error. To achieve better utility, we extend the technique by adopting two weaker notions of privacy: smooth sensitivity (slightly weaker) and crowd-blending (strictly weaker). Extensive experiments on synthetic and real-world datasets show that our proposed techniques preserve original data distribution without compromising location privacy.

[1]  Marco Gruteser,et al.  USENIX Association , 1992 .

[2]  Ian Goodfellow,et al.  Deep Learning with Differential Privacy , 2016, CCS.

[3]  Li Xiong,et al.  Protecting Locations with Differential Privacy under Temporal Correlations , 2014, CCS.

[4]  Cyrus Shahabi,et al.  A Server-Assigned Spatial Crowdsourcing Framework , 2015, ACM Trans. Spatial Algorithms Syst..

[5]  Jure Leskovec,et al.  Friendship and mobility: user movement in location-based social networks , 2011, KDD.

[6]  H. Van Dyke Parunak,et al.  Entropy and self-organization in multi-agent systems , 2001, AGENTS '01.

[7]  Nina Mishra,et al.  Releasing search queries and clicks privately , 2009, WWW '09.

[8]  Cyrus Shahabi,et al.  A Framework for Protecting Worker Location Privacy in Spatial Crowdsourcing , 2014, Proc. VLDB Endow..

[9]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[10]  Keiji Yanai,et al.  A visual analysis of the relationship between word concepts and geographical locations , 2009, CIVR '09.

[11]  Úlfar Erlingsson,et al.  RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response , 2014, CCS.

[12]  Yan Liu,et al.  Inferring Social Strength from Spatiotemporal Data , 2016, TODS.

[13]  Panos Kalnis,et al.  Private queries in location based services: anonymizers are not necessary , 2008, SIGMOD Conference.

[14]  G. Pottie,et al.  Entropy-based sensor selection heuristic for target localization , 2004, Third International Symposium on Information Processing in Sensor Networks, 2004. IPSN 2004.

[15]  Lorrie Faith Cranor,et al.  Empirical models of privacy in location sharing , 2010, UbiComp.

[16]  Walid G. Aref,et al.  Casper*: Query processing for location services without compromising privacy , 2006, TODS.

[17]  Cyrus Shahabi,et al.  Real-time task assignment in hyperlocal spatial crowdsourcing under budget constraints , 2016, 2016 IEEE International Conference on Pervasive Computing and Communications (PerCom).

[18]  Cynthia Dwork,et al.  Calibrating Noise to Sensitivity in Private Data Analysis , 2006, TCC.

[19]  Kenneth Wai-Ting Leung,et al.  Personalized Web search with location preferences , 2010, 2010 IEEE 26th International Conference on Data Engineering (ICDE 2010).

[20]  Ying Cai,et al.  Feeling-based location privacy protection for location-based services , 2009, CCS.

[21]  Cyrus Shahabi,et al.  GeoCrowd: enabling query answering with spatial crowdsourcing , 2012, SIGSPATIAL/GIS.

[22]  Cynthia Dwork,et al.  Differential Privacy , 2006, ICALP.

[23]  Cyrus Shahabi,et al.  Differentially Private Publication of Location Entropy ( Technical Report ) , 2016 .

[24]  Sang Joon Kim,et al.  A Mathematical Theory of Communication , 2006 .

[25]  Cynthia Dwork,et al.  Practical privacy: the SuLQ framework , 2005, PODS.

[26]  Aniket Kittur,et al.  Bridging the gap between physical location and online social networks , 2010, UbiComp.

[27]  Johannes Gehrke,et al.  Crowd-Blending Privacy , 2012, IACR Cryptol. ePrint Arch..

[28]  Claude E. Shannon,et al.  A mathematical theory of communication , 1948, MOCO.

[29]  César A. Hidalgo,et al.  Unique in the Crowd: The privacy bounds of human mobility , 2013, Scientific Reports.

[30]  Sofya Raskhodnikova,et al.  Smooth sensitivity and sampling in private data analysis , 2007, STOC '07.