Modelling imperfect knowledge via location semantics for realistic privacy risks estimation in trajectory data

TL;DR

This paper introduces a new model for privacy risk estimation in trajectory data that accounts for adversaries with imperfect knowledge, using semantic equivalence areas to derive standard privacy metrics.

Contribution

It proposes a novel adversary model based on equivalence areas, enabling more accurate privacy risk measurement in trajectory data analysis.

Findings

The model allows privacy metrics to be computed regardless of anonymization techniques.

It provides a realistic assessment of privacy risks considering adversaries with limited knowledge.

The approach aids service providers in balancing privacy and utility in trajectory data use.

Abstract

Mobility patterns of vehicles and people provide powerful data sources for location-based services such as fleet optimization and traffic flow analysis. Location-based service providers must balance the value they extract from trajectory data with protecting the privacy of the individuals behind those trajectories. Reaching this goal requires measuring accurately the values of utility and privacy. Current measurement approaches assume adversaries with perfect knowledge, thus overestimate the privacy risk. To address this issue we introduce a model of an adversary with imperfect knowledge about the target. The model is based on equivalence areas, spatio-temporal regions with a semantic meaning, e.g. the target's home, whose size and accuracy determine the skill of the adversary. We then derive the standard privacy metrics of k-anonymity, l-diversity and t-closeness from the definition of equivalence areas. These metrics can be computed on any dataset, irrespective of whether and what kind of anonymization has been applied to it. This work is of high relevance to all service providers acting as processors of trajectory data who want to manage privacy risks and optimize the privacy vs. utility trade-off of their services.