What Does The Crowd Say About You? Evaluating Aggregation-based Location Privacy

Abstract Information about people’s movements and the locations they visit enables an increasing number of mobility analytics applications, e.g., in the context of urban and transportation planning, In this setting, rather than collecting or sharing raw data, entities often use aggregation as a privacy protection mechanism, aiming to hide individual users’ location traces. Furthermore, to bound information leakage from the aggregates, they can perturb the input of the aggregation or its output to ensure that these are differentially private. In this paper, we set to evaluate the impact of releasing aggregate location time-series on the privacy of individuals contributing to the aggregation. We introduce a framework allowing us to reason about privacy against an adversary attempting to predict users’ locations or recover their mobility patterns. We formalize these attacks as inference problems, and discuss a few strategies to model the adversary’s prior knowledge based on the information she may have access to. We then use the framework to quantify the privacy loss stemming from aggregate location data, with and without the protection of differential privacy, using two real-world mobility datasets. We find that aggregates do leak information about individuals’ punctual locations and mobility profiles. The density of the observations, as well as timing, play important roles, e.g., regular patterns during peak hours are better protected than sporadic movements. Finally, our evaluation shows that both output and input perturbation offer little additional protection, unless they introduce large amounts of noise ultimately destroying the utility of the data.

Download Full-text

SoK: Privacy-Preserving Collaborative Tree-based Model Learning

Proceedings on Privacy Enhancing Technologies ◽

10.2478/popets-2021-0043 ◽

2021 ◽

Vol 2021 (3) ◽

pp. 182-203

Author(s):

Sylvain Chatel ◽

Apostolos Pyrgelis ◽

Juan Ramón Troncoso-Pastoriza ◽

Jean-Pierre Hubaux

Keyword(s):

Learning Algorithm ◽

Information Leakage ◽

Privacy Preserving ◽

Machine Learning Techniques ◽

Model Learning ◽

Protection Mechanism ◽

Knowledge Based ◽

Learning Techniques ◽

Efficient Machine ◽

First Time

Abstract Tree-based models are among the most efficient machine learning techniques for data mining nowadays due to their accuracy, interpretability, and simplicity. The recent orthogonal needs for more data and privacy protection call for collaborative privacy-preserving solutions. In this work, we survey the literature on distributed and privacy-preserving training of tree-based models and we systematize its knowledge based on four axes: the learning algorithm, the collaborative model, the protection mechanism, and the threat model. We use this to identify the strengths and limitations of these works and provide for the first time a framework analyzing the information leakage occurring in distributed tree-based model learning.

Download Full-text

An Analysis of Differential Privacy Research in Location and Trajectory Data

10.21203/rs.3.rs-94765/v1 ◽

2020 ◽

Author(s):

Fatima Zahra Errounda ◽

Yan Liu

Keyword(s):

Location Privacy ◽

Differential Privacy ◽

State Of The Art ◽

Original Data ◽

Privacy Preserving ◽

The State ◽

Trajectory Data ◽

Powerful Technique ◽

Location Data ◽

Single User

Abstract Location and trajectory data are routinely collected to generate valuable knowledge about users' pattern behavior. However, releasing location data may jeopardize the privacy of the involved individuals. Differential privacy is a powerful technique that prevents an adversary from inferring the presence or absence of an individual in the original data solely based on the observed data. The first challenge in applying differential privacy in location is that a it usually involves a single user. This shifts the adversary's target to the user's locations instead of presence or absence in the original data. The second challenge is that the inherent correlation between location data, due to people's movement regularity and predictability, gives the adversary an advantage in inferring information about individuals. In this paper, we review the differentially private approaches to tackle these challenges. Our goal is to help newcomers to the field to better understand the state-of-the art by providing a research map that highlights the different challenges in designing differentially private frameworks that tackle the characteristics of location data. We find that in protecting an individual's location privacy, the attention of differential privacy mechanisms shifts to preventing the adversary from inferring the original location based on the observed one. Moreover, we find that the privacy-preserving mechanisms make use of the predictability and regularity of users' movements to design and protect the users' privacy in trajectory data. Finally, we explore how well the presented frameworks succeed in protecting users' locations and trajectories against well-known privacy attacks.

Download Full-text

Location recommendation privacy protection method based on location sensitivity division

EURASIP Journal on Wireless Communications and Networking ◽

10.1186/s13638-019-1606-y ◽

2019 ◽

Vol 2019 (1) ◽

Cited By ~ 4

Author(s):

Chunyong Yin ◽

Xiaokang Ju ◽

Zhichao Yin ◽

Jin Wang

Keyword(s):

Service Quality ◽

Privacy Protection ◽

Location Privacy ◽

Differential Privacy ◽

Experimental Results ◽

Location Information ◽

Location Recommendation ◽

Protection Method ◽

Privacy Budget ◽

The Impact

AbstractLocation-based recommendation services can provide users with convenient services, but this requires monitoring and collecting a large amount of location information. In order to prevent location information from being leaked after monitoring and collection, location privacy must be effectively protected. Therefore, this paper proposes a privacy protection method based on location sensitivity for location recommendation. This method uses location trajectories and check-in frequencies to set a threshold so as to classify location sensitivity levels. The corresponding privacy budget is then assigned based on the sensitivity to add Laplace noise that satisfies the differential privacy. Experimental results show that this method can effectively protect the user’s location privacy and reduce the impact of differential privacy noise on service quality.

Download Full-text

Impact of Frequency of Location Reports on the Privacy Level of Geo-indistinguishability

Proceedings on Privacy Enhancing Technologies ◽

10.2478/popets-2020-0032 ◽

2020 ◽

Vol 2020 (2) ◽

pp. 379-396 ◽

Cited By ~ 2

Author(s):

Ricardo Mendes ◽

Mariana Cunha ◽

João P. Vilela

Keyword(s):

Location Privacy ◽

Differential Privacy ◽

Location Based Services ◽

Potential Threat ◽

Mobility Data ◽

Research Gap ◽

Privacy Budget ◽

The Impact ◽

User Location ◽

Privacy Level

AbstractLocation privacy has became an emerging topic due to the pervasiveness of Location-Based Services (LBSs). When sharing location, a certain degree of privacy can be achieved through the use of Location Privacy-Preserving Mechanisms (LPPMs), in where an obfuscated version of the exact user location is reported instead. However, even obfuscated location reports disclose information which poses a risk to privacy. Based on the formal notion of differential privacy, Geo-indistinguishability has been proposed to design LPPMs that limit the amount of information that is disclosed to a potential adversary observing the reports. While promising, this notion considers reports to be independent from each other, thus discarding the potential threat that arises from exploring the correlation between reports. This assumption might hold for the sporadic release of data, however, there is still no formal nor quantitative boundary between sporadic and continuous reports and thus we argue that the consideration of independence is valid depending on the frequency of reports made by the user. This work intends to fill this research gap through a quantitative evaluation of the impact on the privacy level of Geo-indistinguishability under different frequency of reports. Towards this end, state-of-the-art localization attacks and a tracking attack are implemented against a Geo-indistinguishable LPPM under several values of privacy budget and the privacy level is measured along different frequencies of updates using real mobility data.

Download Full-text

CGPP-POI: A Recommendation Model Based on Privacy Protection

Wireless Communications and Mobile Computing ◽

10.1155/2021/4873574 ◽

2021 ◽

Vol 2021 ◽

pp. 1-20

Author(s):

Gesu Li ◽

Guisheng Yin ◽

Zuobin Xiong ◽

Fukun Chen

Keyword(s):

Privacy Protection ◽

Differential Privacy ◽

Evaluation Criteria ◽

Recall Rate ◽

Smart Device ◽

Location Information ◽

Protection Mechanism ◽

Security Issues ◽

Location Data ◽

Poi Recommendation

At present, with the popularization of intelligent equipment. Almost every smart device has a GPS. Users can use it to obtain convenient services, and third parties can use the data to provide recommendations for users and promote relevant business development. However, due to the large number of location data, there are serious data sparsity problems in the data uploaded by users. At the same time, with great value comes great danger. Once the user’s location information is obtained by the attacker, severe security issues will be caused. In recent years, a lot of researchers have studied the recommendation of point of interests (POIs) and the privacy protection of location. Yet, few of them have explored both together, which induces some drawbacks on the combination of them. This paper combines POI recommendation with a privacy protection mechanism. Besides providing user with POI recommendation service, it also protects the privacy of user’s location. We proposed a POI recommendation model with privacy protection mechanism, termed POI recommendation model for community groups based on privacy protection (CGPP-POI). This model can ensure the recommendation accuracy and reduce the leakage of user location information via taking advantages of the characteristics of location. At the same time, it deals with the problem of poor recommendation performance caused by sparse data. In addition, through the expansion of location, random and other methods are used to protect the user’s real check-in information. First, the data processed at the terminal satisfied local differential privacy. At the same time, we use the data to build a recommendation model. Then, we use a community of user in the model to improve the availability of these disturbed data, explore the relationship between users, and expand check-ins within the community. Finally, we provide the POI recommendations to users. Based on the traditional evaluation criteria, we adopted four metrics, i.e., accuracy, recall rate, coverage rate, and popularity in evaluation part, where intensive experiments conducted on real datasets Gowalla and Brightkite demonstrate that our approach outperforms the baseline methods significantly.

Download Full-text

Differential Privacy Location Protection Method Based on the Markov Model

Wireless Communications and Mobile Computing ◽

10.1155/2021/4696455 ◽

2021 ◽

Vol 2021 ◽

pp. 1-12

Author(s):

Hongtao Li ◽

Yue Wang ◽

Feng Guo ◽

Jie Wang ◽

Bo Wang ◽

...

Keyword(s):

Markov Model ◽

Location Privacy ◽

Differential Privacy ◽

Mobile Internet ◽

Location Based Services ◽

Data Availability ◽

Internet Technology ◽

Widespread Application ◽

Location Data ◽

Protection Method

Location-based services (LBS) have become an important research area with the rapid development of mobile Internet technology, GPS positioning technology, and the widespread application of smart phones and social networks. LBS can provide convenience and flexibility for the users’ daily life, but at the same time, it also brings security risks to the users’ privacy. Untrusted or malicious LBS servers can collect users’ location data through various ways and disclose it to the third party, thus causing users’ privacy leakage. In this paper, a differential privacy location protection method based on the Markov model for user’s location privacy is proposed. Firstly, the transition probability matrix between states of the n -order Markov model is used to predict the occurrence state and development trend of events; thereby, the user’s location is predicted, and then a location prediction algorithm based on the Markov model (LPAM) is proposed. Secondly, a location protection algorithm based on differential privacy (LPADP) is proposed, in which location privacy tree (LPT) is constructed according to the location data and the difficulty of retrieval, the two nodes with the largest predicted value of LPT are allocated with a reasonable privacy budget, and Laplace noise is added to protect location privacy. Theoretical analysis and experimental results show that the proposed method not only meets the requirements of differential privacy and protects location privacy effectively but also has high data availability and low time complexity.

Download Full-text

The impact of internal and external shock factors on the quality of credit card services: Focus on personal information leakage in 2014 and MERS in 2015

Journal of Korea Service Management Society ◽

10.15706/jksms.2020.21.2.007 ◽

2020 ◽

Vol 21 (2) ◽

pp. 157-176

Author(s):

Chae-Hoon Lee

Keyword(s):

Credit Card ◽

Personal Information ◽

Information Leakage ◽

The Impact

Download Full-text

Use of Nutrition Information and Understanding of “Percent Daily Value” on Nutrition Facts Tables: Evaluating the Impact of a National Public Education Campaign among Youth and Young Adults in Canada

Canadian Journal of Dietetic Practice and Research ◽

10.3148/cjdpr-2019-010 ◽

2019 ◽

Vol 80 (4) ◽

pp. 200-204 ◽

Cited By ~ 1

Author(s):

Brittany Cormier ◽

Lana Vanderlee ◽

David Hammond

Keyword(s):

Population Level ◽

Correct Recall ◽

Nutrition Information ◽

Education Campaign ◽

Knowledge Based ◽

Public Education Campaign ◽

Youth And Young Adults ◽

Campaign Message ◽

Health Canada ◽

The Impact

Purpose: In 2010, Health Canada implemented a national campaign to improve understanding of “percent daily value” (%DV) in Nutrition Facts Tables (NFTs). This study examined sources of nutrition information and knowledge of %DV information communicated in the campaign. Methods: Respondents aged 16–30 years completed the Canada Food Study in 2016 (n = 2665). Measures included sources of nutrition information, NFT use, and %DV knowledge based on the campaign message (“5% DV or less is a little; 15% DV or more is a lot”). A logistic regression examined correlates of providing “correct” responses to %DV questions related to the campaign messaging. Results: Overall, 7.2% (n = 191) respondents correctly indicated that 5% is “a little”, and 4.3% (n = 115) correctly indicated 15% DV was “a lot”. Only 4.0% (n = 107) correctly answered both. Correct recall of %DV amounts was not associated with number of information sources reported, but was greater among those who were female, were younger, and reported greater NFT understanding and serving size information use (P < 0.05 for all). Conclusions: Results show low awareness of messaging from the Nutrition Facts Education Campaign among young Canadians. Such a mass media campaign may be insufficient on its own to enhance population-level understanding of %DV.

Download Full-text

The Impact of Electronic Knowledge-Based Nursing Content and Decision-Support on Nursing-Sensitive Patient Outcomes

10.21236/ada614256 ◽

2014 ◽

Author(s):

Mary L. Hook

Keyword(s):

Decision Support ◽

Patient Outcomes ◽

Knowledge Based ◽

The Impact

Download Full-text

Development of a Rapid Risk and Impact Assessment Tool to Enhance Response to Environmental Emergencies in the Early Stages of a Disaster: A Tool Developed by the European Multiple Environmental Threats Emergency NETwork (EMETNET) Project

International Journal of Disaster Risk Science ◽

10.1007/s13753-021-00352-8 ◽

2021 ◽

Author(s):

Emma-Jane Goode ◽

Eirian Thomas ◽

Owen Landeg ◽

Raquel Duarte-Davidson ◽

Lisbeth Hall ◽

...

Keyword(s):

Public Health ◽

Impact Assessment ◽

Assessment Tool ◽

The European Union ◽

Protection Mechanism ◽

Environmental Threats ◽

Environmental Disasters ◽

Early Stages ◽

Potential Risks ◽

The Impact

AbstractEvery year, numerous environmental disasters and emergencies occur across the globe with far-reaching impacts on human health and the environment. The ability to rapidly assess an environmental emergency to mitigate potential risks and impacts is paramount. However, collating the necessary evidence in the early stages of an emergency to conduct a robust risk assessment is a major challenge. This article presents a methodology developed to help assess the risks and impacts during the early stages of such incidents, primarily to support the European Union Civil Protection Mechanism but also the wider global community in the response to environmental emergencies. An online rapid risk and impact assessment tool has also been developed to promote enhanced collaboration between experts who are working remotely, considering the impact of a disaster on the environment and public health in the short, medium, and long terms. The methodology developed can support the appropriate selection of experts and assets to be deployed to affected regions to ensure that potential public health and environmental risks and impacts are mitigated whenever possible. This methodology will aid defensible decision making, communication, planning, and risk management, and presents a harmonized understanding of the associated impacts of an environmental emergency.

Download Full-text