Trajectory Recovery From Ash: User Privacy Is NOT Preserved in Aggregated Mobility Data

TL;DR

This paper demonstrates that aggregated mobility data, often considered privacy-preserving, can be exploited to accurately recover individual trajectories, revealing significant privacy risks.

Contribution

The authors develop a novel attack system that reconstructs individual trajectories from aggregated mobility data without prior knowledge, exposing privacy vulnerabilities.

Findings

Trajectory recovery accuracy of 73%~91% on real datasets

Aggregated mobility data can lead to severe privacy breaches

Highlights the need for better privacy-preserving mechanisms

Abstract

Human mobility data has been ubiquitously collected through cellular networks and mobile applications, and publicly released for academic research and commercial purposes for the last decade. Since releasing individual's mobility records usually gives rise to privacy issues, datasets owners tend to only publish aggregated mobility data, such as the number of users covered by a cellular tower at a specific timestamp, which is believed to be sufficient for preserving users' privacy. However, in this paper, we argue and prove that even publishing aggregated mobility data could lead to privacy breach in individuals' trajectories. We develop an attack system that is able to exploit the uniqueness and regularity of human mobility to recover individual's trajectories from the aggregated mobility data without any prior knowledge. By conducting experiments on two real-world datasets collected from both mobile application and cellular network, we reveal that the attack system is able to recover users' trajectories with accuracy about 73%~91% at the scale of tens of thousands to hundreds of thousands users, which indicates severe privacy leakage in such datasets. Through the investigation on aggregated mobility data, our work recognizes a novel privacy problem in publishing statistic data, which appeals for immediate attentions from both academy and industry.