Are Friends of My Friends Too Social?: Limitations of Location Privacy in a Socially-Connected World

With the ubiquitous adoption of smartphones and mobile devices, it is now common practice for one's location to be sensed, collected and likely shared through social platforms. While such data can be helpful for many applications, users start to be aware of the privacy issue in handling location and trajectory data. While some users may voluntarily share their location information (e.g., for receiving location-based services, or for crowdsourcing systems), their location information may lead to information leaks about the whereabouts of other users, through the co-location of events when two users are at the same location at the same time and other side information, such as upper bounds of movement speed. It is therefore crucial to understand how much information one can derive about other's positions through the co-location of events and occasional GPS location leaks of some of the users. In this paper we formulate the problem of inferring locations of mobile agents, present theoretically-proven bounds on the amount of information that could be leaked in this manner, study their geometric nature, and present algorithms matching these bounds. We will show that even if a very weak set of assumptions is made on trajectories' patterns, and users are not obliged to follow any 'reasonable' patterns, one could infer very accurate estimation of users' locations even if they opt not to share them. Furthermore, this information could be obtained using almost linear-time algorithms, suggesting the practicality of the method even for huge volumes of data.

[1]  Elisa Bertino,et al.  Protecting Against Velocity-Based, Proximity-Based, and External Event Attacks in Location-Centric Social Networks , 2016, TSAS.

[2]  John Krumm,et al.  Inference Attacks on Location Tracks , 2007, Pervasive.

[3]  Pierangela Samarati,et al.  Protecting privacy when disclosing information: k-anonymity and its enforcement through generalization and suppression , 1998 .

[4]  Reza Shokri,et al.  Synthesizing Plausible Privacy-Preserving Location Traces , 2016, 2016 IEEE Symposium on Security and Privacy (SP).

[5]  George Danezis,et al.  Quantifying Location Privacy: The Case of Sporadic Location Exposure , 2011, PETS.

[6]  Emiliano De Cristofaro,et al.  What Does The Crowd Say About You? Evaluating Aggregation-based Location Privacy , 2017, Proc. Priv. Enhancing Technol..

[7]  Ian Goldberg,et al.  Louis, Lester and Pierre: Three Protocols for Location Privacy , 2007, Privacy Enhancing Technologies.

[8]  Jean-Yves Le Boudec,et al.  Quantifying Location Privacy , 2011, 2011 IEEE Symposium on Security and Privacy.

[9]  Carl A. Gunter,et al.  Plausible Deniability for Privacy-Preserving Data Synthesis , 2017, Proc. VLDB Endow..

[10]  Catuscia Palamidessi,et al.  Geo-indistinguishability: differential privacy for location-based systems , 2012, CCS.

[11]  Aaron Roth,et al.  The Algorithmic Foundations of Differential Privacy , 2014, Found. Trends Theor. Comput. Sci..

[12]  Marco Gruteser,et al.  USENIX Association , 1992 .

[13]  Marcus Schaefer,et al.  Realizability of Graphs and Linkages , 2013 .

[14]  Ming Li,et al.  Circular range search on encrypted spatial data , 2015, CNS.

[15]  Angelos D. Keromytis,et al.  Where's Wally?: Precise User Discovery Attacks in Location Proximity Services , 2015, CCS.

[16]  Hui Xiong,et al.  Understanding and modelling information dissemination patterns in vehicle-to-vehicle networks , 2015, SIGSPATIAL/GIS.

[17]  Hua Lu,et al.  SpaceTwist: Managing the Trade-Offs Among Location Privacy, Query Performance, and Query Accuracy in Mobile Services , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[18]  Haitao Wang,et al.  Geometric Range Search on Encrypted Spatial Data , 2016, IEEE Transactions on Information Forensics and Security.

[19]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[20]  Mark de Berg,et al.  Realistic input models for geometric algorithms , 1997, SCG '97.

[21]  Li Xiong,et al.  Protecting Locations with Differential Privacy under Temporal Correlations , 2014, CCS.

[22]  Panos Kalnis,et al.  Private queries in location based services: anonymizers are not necessary , 2008, SIGMOD Conference.

[23]  Yih-Chun Hu,et al.  Location Privacy with Randomness Consistency , 2016, Proc. Priv. Enhancing Technol..

[24]  César A. Hidalgo,et al.  Unique in the Crowd: The privacy bounds of human mobility , 2013, Scientific Reports.

[25]  Panayiotis Kotzanikolaou,et al.  Lightweight private proximity testing for geospatial social networks , 2016, Comput. Commun..

[26]  Takao Murakami,et al.  Expectation-Maximization Tensor Factorization for Practical Location Privacy Attacks , 2017, Proc. Priv. Enhancing Technol..

[27]  Dan Boneh,et al.  Location Privacy via Private Proximity Testing , 2011, NDSS.

[28]  Erik D. Demaine,et al.  Geometric folding algorithms - linkages, origami, polyhedra , 2007 .

[29]  Matthew J. Katz,et al.  Walking around fat obstacles , 2002, Inf. Process. Lett..

[30]  John C. Mitchell,et al.  Privacy-Preserving Shortest Path Computation , 2016, NDSS.

[31]  Qinghua Li,et al.  Achieving k-anonymity in privacy-aware location-based services , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[32]  Angelos D. Keromytis,et al.  Evaluating the Privacy Guarantees of Location Proximity Services , 2017, ACM Trans. Priv. Secur..

[33]  Haojin Zhu,et al.  All your location are belong to us: breaking mobile social networks for automated user location tracking , 2013, MobiHoc '14.

[34]  Erik D. Demaine,et al.  Geometry and Topology of Polygonal Linkages , 2004, Handbook of Discrete and Computational Geometry, 2nd Ed..

[35]  Ming Li,et al.  Location Based Handshake and Private Proximity Test with Location Tags , 2017, IEEE Transactions on Dependable and Secure Computing.