Uniqueness Assessment of Human Mobility on Multi-Sensor Datasets

The widespread adoption of handheld devices (e.g., smartphones, tablets) makes mobility traces of users broadly available to third party services. These traces are collected by means of various sensors embedded in the users’ devices, including GPS, WiFi and GSM. We study in this paper the mobility of 300 users over a period up to 31 months from the perspective of the above three types of data and with a focus on two cities, i.e., Lausanne (Switzerland) and Lyon (France). We found that users’ mobility traces, no matter if they are collected using GPS, WiFi or GSM antennas, are highly unique. We show that on average only four spatio-temporal points from the WiFi, GSM and GPS traces are enough to uniquely identify 94% of the individuals, on both datasets. In addition, we show that using the temporal dimension (i.e., whether users move or are in a meaningful location such as their home or their working place) drastically improves the capacity to uniquely identify them compared to when only exploiting the spatial dimension (by 14% on average). In some cases, using the temporal dimension alone can represent a better mobility footprint than the spatial dimension to discriminate users. We further conduct a de-anonymisation attack to assess how mobility traces can be re-identified, and show that almost all users can be de-anonymised with a high success rate. Finally, we apply different Location Privacy Protection Mechanisms (LPPMs), including spatial filtering, temporal cloaking, adding spatial noise to mobility data, or using generalisation, and analyse the impact of these mechanisms on both the uniqueness of users’ mobility traces and the outcome of the de-anonymisation attack. We show that spatially obfuscating mobility data is not enough to protect users, and that classical LPPMs are not able to protect users against a de-anonymisation attack. We finally conclude this paper by drawing some insights towards future spatio-temporal LPPMs.

[1]  Sushil Jajodia,et al.  Protecting Privacy Against Location-Based Personal Identification , 2005, Secure Data Management.

[2]  Kang G. Shin,et al.  Location Privacy Protection for Smartphone Users , 2014, CCS.

[3]  Hervé Rivano,et al.  PRIVA'MOV: Analysing Human Mobility Through Multi-Sensor Datasets , 2017 .

[4]  Sara Bouchenak,et al.  AP-Attack: A Novel User Re-identification Attack On Mobility Datasets , 2017, MobiQuitous.

[5]  Depeng Jin,et al.  Anonymization and De-anonymization of Mobility Trajectories: Dissecting the Gaps between Theory and Practice , 2020 .

[6]  Francesco Bonchi,et al.  Never Walk Alone: Uncertainty for Anonymity in Moving Objects Databases , 2008, 2008 IEEE 24th International Conference on Data Engineering.

[7]  Philip S. Yu,et al.  A Condensation Approach to Privacy Preserving Data Mining , 2004, EDBT.

[8]  Felix C. Freiling,et al.  Fingerprinting Mobile Devices Using Personalized Configurations , 2016, Proc. Priv. Enhancing Technol..

[9]  Rachel Greenstadt,et al.  Blogs, Twitter Feeds, and Reddit Comments: Cross-domain Authorship Attribution , 2016, Proc. Priv. Enhancing Technol..

[10]  Philip S. Yu,et al.  A Condensation Approach to Privacy Preserving Data Mining , 2004, EDBT.

[11]  Catuscia Palamidessi,et al.  Constructing elastic distinguishability metrics for location privacy , 2015, Proc. Priv. Enhancing Technol..

[12]  Catuscia Palamidessi,et al.  Geo-indistinguishability: differential privacy for location-based systems , 2012, CCS.

[13]  John C. Mitchell,et al.  Evaluating the privacy properties of telephone metadata , 2016, Proceedings of the National Academy of Sciences.

[14]  Cédric Lauradoux,et al.  Time Distortion Anonymization for the Publication of Mobility Data with High Utility , 2015, TrustCom 2015.

[15]  Imad Aad,et al.  From big smartphone data to worldwide research: The Mobile Data Challenge , 2013, Pervasive Mob. Comput..

[16]  Sune Lehmann,et al.  Privacy and uniqueness of neighborhoods in social networks , 2020, Scientific Reports.

[17]  Peter Eckersley,et al.  How Unique Is Your Web Browser? , 2010, Privacy Enhancing Technologies.

[18]  Walid G. Aref,et al.  Casper*: Query processing for location services without compromising privacy , 2006, TODS.

[19]  D. Gática-Pérez,et al.  Towards rich mobile phone datasets: Lausanne data collection campaign , 2010 .

[20]  Y. de Montjoye,et al.  Unique in the shopping mall: On the reidentifiability of credit card metadata , 2015, Science.

[21]  Tadayoshi Kohno,et al.  Automobile Driver Fingerprinting , 2016, Proc. Priv. Enhancing Technol..

[22]  Panos Kalnis,et al.  PRIVE: anonymous location-based queries in distributed mobile systems , 2007, WWW '07.

[23]  Xing Xie,et al.  Learning transportation mode from raw gps data for geographic applications on the web , 2008, WWW.

[24]  César A. Hidalgo,et al.  Unique in the Crowd: The privacy bounds of human mobility , 2013, Scientific Reports.

[25]  Hui Zang,et al.  Anonymization of location data does not work: a large-scale measurement study , 2011, MobiCom.

[26]  Vitaly Shmatikov,et al.  Robust De-anonymization of Large Sparse Datasets , 2008, 2008 IEEE Symposium on Security and Privacy (sp 2008).

[27]  Reza Shokri,et al.  Evaluating the Privacy Risk of Location-Based Services , 2011, Financial Cryptography.

[28]  Lionel Brunie,et al.  Adaptive Location Privacy with ALP , 2016, 2016 IEEE 35th Symposium on Reliable Distributed Systems (SRDS).

[29]  Marco Fiore,et al.  On the anonymizability of mobile traffic datasets , 2014, ArXiv.

[30]  Francesco Bonchi,et al.  Anonymization of moving objects databases by clustering and perturbation , 2010, Inf. Syst..

[31]  Masatoshi Yoshikawa,et al.  PriSTE: Protecting Spatiotemporal Event Privacy in Continuous Location-Based Services , 2019, Proc. VLDB Endow..

[32]  Latanya Sweeney,et al.  k-Anonymity: A Model for Protecting Privacy , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[33]  Marco Mamei,et al.  Re-identification of anonymized CDR datasets using social network data , 2014, 2014 IEEE International Conference on Pervasive Computing and Communication Workshops (PERCOM WORKSHOPS).

[34]  Latanya Sweeney,et al.  Achieving k-Anonymity Privacy Protection Using Generalization and Suppression , 2002, Int. J. Uncertain. Fuzziness Knowl. Based Syst..

[35]  Cynthia Dwork,et al.  Differential Privacy: A Survey of Results , 2008, TAMC.

[36]  Marco Fiore,et al.  Hiding mobile traffic fingerprints with GLOVE , 2015, CoNEXT.

[37]  Claude Castelluccia,et al.  Study : Privacy Preserving Release of Spatio-temporal Density in Paris , 2014 .