Knock Knock, Who's There? Membership Inference on Aggregate Location Data

TL;DR

This paper investigates the vulnerability of aggregate location data to membership inference attacks, demonstrating significant privacy risks and the limitations of differential privacy in protecting user information.

Contribution

It introduces a novel methodology for evaluating membership inference attacks on aggregate location data, highlighting privacy risks and the impact of privacy mechanisms.

Findings

Membership inference attacks can effectively identify user participation.

Differential privacy reduces attack success but at a high utility cost.

Strategic adversaries can undermine privacy protections.

Abstract

Aggregate location data is often used to support smart services and applications, e.g., generating live traffic maps or predicting visits to businesses. In this paper, we present the first study on the feasibility of membership inference attacks on aggregate location time-series. We introduce a game-based definition of the adversarial task, and cast it as a classification problem where machine learning can be used to distinguish whether or not a target user is part of the aggregates. We empirically evaluate the power of these attacks on both raw and differentially private aggregates using two mobility datasets. We find that membership inference is a serious privacy threat, and show how its effectiveness depends on the adversary's prior knowledge, the characteristics of the underlying location data, as well as the number of users and the timeframe on which aggregation is performed. Although differentially private mechanisms can indeed reduce the extent of the attacks, they also yield a significant loss in utility. Moreover, a strategic adversary mimicking the behavior of the defense mechanism can greatly limit the protection they provide. Overall, our work presents a novel methodology geared to evaluate membership inference on aggregate location data in real-world settings and can be used by providers to assess the quality of privacy protection before data release or by regulators to detect violations.