Personal and Ubiquitous Computing

, Volume 13, Issue 6, pp 391–399 | Cite as

A survey of computational location privacy

  • John KrummEmail author
Original Article


This is a literature survey of computational location privacy, meaning computation-based privacy mechanisms that treat location data as geometric information. This definition includes privacy-preserving algorithms like anonymity and obfuscation as well as privacy-breaking algorithms that exploit the geometric nature of the data. The survey omits non-computational techniques like manually inspecting geotagged photos, and it omits techniques like encryption or access control that treat location data as general symbols. The paper reviews studies of peoples’ attitudes about location privacy, computational threats on leaked location data, and computational countermeasures for mitigating these threats.


Location Privacy Context 


  1. 1.
    Google street views, cool or creepy? (2007) In: New York Post, 2007, New York, NY, USAGoogle Scholar
  2. 2.
    Arnott R, Small K (1994) The economics of traffic congestion. In: American Scientist, pp 446–455Google Scholar
  3. 3.
    Ashbrook D, Starner T (2003) Using GPS to learn significant locations and predict movement across multiple users. Pers Ubiquit Comput 7(5):275–286CrossRefGoogle Scholar
  4. 4.
    Barkhuus L (2004) Privacy in location-based services, concern vs. coolness. In: Workshop on location system privacy and control, Mobile HCI, Glasgow, UKGoogle Scholar
  5. 5.
    Barkuus L, Dey A (2003) Location-based services for mobile telephony: a study of users’ privacy concerns. In: 9th IFIP TC13 international conference on human-computer interaction, Interact 2003, Zurich, Switzerland, pp 709–712Google Scholar
  6. 6.
    Beresford AR, Stajano F (2003) Location privacy in pervasive computing. In: IEEE Pervasive Computing Magazine. IEEE, pp 46–55Google Scholar
  7. 7.
    Bettini C, Wang XS, Jajodia S (2005) Protecting privacy against location-based personal identification. In: 2nd VLDB workshop on secure data management, pp 185–199Google Scholar
  8. 8.
    Blackman SS (1986) Multiple-target tracking with radar applications. Artech HouseGoogle Scholar
  9. 9.
    Canny J (2002) Some techniques for privacy in Ubicomp and context-aware applications. In: Workshop on socially-informed design of privacy-enhancing solutions in ubiquitous computing, Goteborg, SwedenGoogle Scholar
  10. 10.
    Colbert M (2001) A diary study of rendezvousing: implications for position-aware communications for mobile groups. In: ACM 2001 international conference on supporting group work. ACM Press, Boulder, CO, USA, pp 15–23Google Scholar
  11. 11.
    Cornwell J et al (2007) User-controllable security and privacy for pervasive computing. In: Eighth IEEE workshop on mobile computing systems and applications (HotMobile 2007), Tucson, AZ, USAGoogle Scholar
  12. 12.
    Cvrček D et al (2006) A study on the value of location privacy. In: Fifth ACM workshop on privacy in the electronic society. ACM, Alexandria, VA, USA, pp 109–118Google Scholar
  13. 13.
    Danezis G, Lewis S, Anderson R (2005) How much is location privacy worth? In: Fourth workshop on the economics of information security. Harvard University, CambridgeGoogle Scholar
  14. 14.
    Duckham M, Kulik L (2005) A formal model of obfuscation and negotiation for location privacy. In: 3rd international conference on pervasive computing (Pervasive 2005). Springer, Munich, Germany, pp 152–170Google Scholar
  15. 15.
    Duckham M, Kulik L (2005) Simulation of obfuscation and negotiation for location privacy. In: Spatial information theory, international conference, COSIT 2005. Springer, Ellicottville, NY, USA, pp 31–48Google Scholar
  16. 16.
    Duckham M, Kulik L (2006) Location privacy and location-aware computing. In: Drummond J (ed) Dynamic & mobile GIS: investigating change in space and time. Boca Raton, CRC Press, pp 34–51Google Scholar
  17. 17.
    Duckham M, Kulik L, Birtley A (2006) A spatiotemporal model of strategies and counter strategies for location privacy protection. In: 4th international conference on geographic information science (GIScience 2006). Springer, Münster, Germany, pp 47–64Google Scholar
  18. 18.
  19. 19.
    Froehlich J, Krumm J (2008) Route prediction from trip observations. In: Society of automotive engineers (SAE) 2008 world congress, Detroit, MI, USAGoogle Scholar
  20. 20.
  21. 21.
    Gruteser M, Grunwald D (2003) Anonymous usage of location-based services through spatial and temporal cloaking. In: First ACM/USENIX international conference on mobile systems, applications, and services (MobiSys 2003). ACM Press, San Francisco, CA, USA, pp 31–42Google Scholar
  22. 22.
    Gruteser M, Hoh B (2005) On the anonymity of periodic location samples. In: Second international conference on security in pervasive computing, Boppard, Germany, pp 179–192Google Scholar
  23. 23.
    Hariharan R, Toyama K (2004) Project Lachesis: parsing and modeling location histories. In: Third international conference on GIScience, Adelphi, MDGoogle Scholar
  24. 24.
    Hashem T, Kulik L (2007) Safeguarding location privacy in wireless ad-hoc networks. In: 9th international conference on ubiquitous computing (UbiComp 2007), Innsbruck, Austria, pp 372–390Google Scholar
  25. 25.
    Hightower J et al (2005) Learning and recognizing the places we go. In: UbiComp ubiquitous computingGoogle Scholar
  26. 26.
    Hoh B, Gruteser M (2005) Protecting location privacy through path confusion. In: First international conference on security and privacy for emerging areas in communications networks (SECURECOMM 2005). IEEE Computer Society, Athens, Greece, pp 194–205Google Scholar
  27. 27.
    Hoh B et al (2006) Enhancing security and privacy in traffic-monitoring systems. In: IEEE pervasive computing magazine. IEEE, pp 38–46Google Scholar
  28. 28.
    Hoh B et al (2007) Preserving privacy in GPS traces via uncertainty-aware path cloaking. In: 14th ACM conference on computer and communication security (ACM CCS 2007), Alexandria, VA, USAGoogle Scholar
  29. 29.
    Horey J et al (2007) Anonymous data collection in sensor networks. In 4th annual international conference on mobile and ubiquitous systems: computing, networking and services (Mobiquitous 2007), Philadelphia, PA, USAGoogle Scholar
  30. 30.
    Iachello G et al (2005) Control, deception, and communication: evaluating the deployment of a location-enhanced messaging service. In: UbiComp 2005: ubiquitous computing. Springer, Tokyo, Japan, pp 213–231Google Scholar
  31. 31.
    Jang Y, Choi C, Kim S (2005) Privacy management mechanism for location based application with high performance. In: Communication systems and applications (CSA 2005), pp 96–101Google Scholar
  32. 32.
    Kaasinen E (2003) User needs for location-aware mobile services. Pers Ubiquit Comput 7(1):70–79CrossRefGoogle Scholar
  33. 33.
    Kang JH et al (2004) Extracting places from traces of locations. In: 2nd ACM international workshop on wireless mobile applications and services on WLAN hotspots (WMASH’04)Google Scholar
  34. 34.
    Kido H, Yanagisawa Y, Satoh T (2005) An anonymous communication technique using dummies for location-based services. In: IEEE international conference on pervasive services 2005 (ICPS2005), Santorini, Greece, pp 88–97Google Scholar
  35. 35.
    Krumm J (2007) Inference attacks on location tracks. In: Fifth international conference on pervasive computing (Pervasive 2007), Toronto, ON, Canada, pp 127–143Google Scholar
  36. 36.
    Krumm J (2008) A Markov model for driver turn prediction. In: Society of automotive engineers (SAE) 2008 world congress, Detroit, MI, USAGoogle Scholar
  37. 37.
    Krumm J, Horvitz E (2006) Predestination: inferring destinations from partial trajectories. In: UbiComp 2006: ubiquitous computing, Orange County, CA, USA, pp 243–260Google Scholar
  38. 38.
    Krumm J, Letchner J, Horvitz E (2007) Map matching with travel time constraints (Paper 2007-01-1102). In: Society of automotive engineers (SAE) 2007 world congress, Detroit, MI, USAGoogle Scholar
  39. 39.
    Kumaraguru P, Cranor LF (2005) Privacy indexes: a survey of Westin’s studies. School of Computer Science, Carnegie Mellon University, Pittsburgh, p 22Google Scholar
  40. 40.
    LaMarca A et al (2005) Place lab: device positioning using radio beacons in the wild. In: Third international conference on pervasive computing (Pervasive 2005). Springer, Munich, GermanyGoogle Scholar
  41. 41.
    Leonhardt U, Magee J (1998) Security considerations for a distributed location service. J Netw Syst Manage 6(1):51–70CrossRefGoogle Scholar
  42. 42.
  43. 43.
    Marmasse N (2004) Providing lightweight telepresence in mobile communication to enhance collaborative living. In: Program in media arts and sciences, School of architecture and planning. MIT, Cambridge, MA, USA, pp 124Google Scholar
  44. 44.
    Marmasse N, Schmandt C (2000) Location-aware information delivery with commotion. In: HUC 2K 2nd international symposium on handheld and ubiquitous computing. Springer, Bristol, UKGoogle Scholar
  45. 45.
    Mascetti S, Bettini C (2007) A comparison of spatial generalization algorithms for LBS privacy preservation. In: International workshop on privacy-aware location-based mobile services (PALMS 2007), Mannheim, GermanyGoogle Scholar
  46. 46.
    Matsuo Y et al (2007) Inferring long-term user property based on users’ location history. In: 20th international joint conference on artificial intelligence (IJCAI 2007), Hyderabad, IndiaGoogle Scholar
  47. 47.
    Mokbel MF, Chow C-Y, Aref WG (2006) The new casper: query processing for location services without compromising privacy. In: International conference on very large data bases (VLDB 2006), Seoul, South Korea, pp 763–774Google Scholar
  48. 48.
  49. 49.
    Newman WM, Eldridge MA, Lamming MG (1991) PEPYS: generating autobiographies by automatic tracking. In: Second European conference on computer supported cooperative work (ECSCW 1991). Springer, Amsterdam, The Netherlands, pp 175–188Google Scholar
  50. 50.
    Olson JS, Grudin J, Horvitz E (2005) A study of preferences for sharing and privacy. In: CHI '05 extended abstracts on human factors in computing systems, Portland, OR, USA, pp 1985–1988Google Scholar
  51. 51.
    Orland K (2003) Stalker victims should check for GPS. In: Associated press. CBS News, Milwaukee, WI, USAGoogle Scholar
  52. 52.
    Patterson DJ et al (2003) Inferring high-level behavior from low-level sensors. In: UbiComp 2003: ubiquitous computing, Seattle, WA, USA, pp 73–89Google Scholar
  53. 53.
    Pfitzmann A, Köhntopp M (2000) Anonymity, unobservability, and pseudonymity—a proposal for terminology. In: Designing privacy enhancing technologies: international workshop on design issues in anonymity and unobservability. Springer, Berkeley, CA, USAGoogle Scholar
  54. 54.
  55. 55.
    Priyantha NB, Chakraborty A, Balakrishnan H (2000) The cricket location-support system. In: Sixth international conference on mobile computing and networking (MobiCom 2000), Boston, MA, USAGoogle Scholar
  56. 56.
  57. 57.
    Ravi N, Gruteser M, Iftode L (2006) Non-inference: an information flow control model for location-based services. In: Mobile and ubiquitous systems: networking & services (Mobiquitous 2006), San Jose, CA, USA, pp 1–10Google Scholar
  58. 58.
    Simerman J (2007) FasTrak to courthouse. In: Contra costa times, Walnut Creek, CAGoogle Scholar
  59. 59.
    Sweeney L (2002) Achieving k-anonymity privacy protection using generalization and suppression. Int J Uncertain Fuzziness Knowledge-based Syst 10(5):571–588zbMATHCrossRefMathSciNetGoogle Scholar
  60. 60.
    Toyama K et al (2003) Geographic location tags on digital images. In: 11th ACM international conference on multimedia, Berkeley, CA, USAGoogle Scholar
  61. 61.
  62. 62.
  63. 63.
    Westin A (1967) Privacy and freedom. Atheneum, New York, p 487Google Scholar
  64. 64.
    Wilson D, Atkeson C (2005) Simultaneous tracking & activity recognition (STAR) using many anonymous, binary sensors. In: Third international conference on pervasive computing (Pervasive 2005). Springer, Munich, Germany, pp 62–79Google Scholar
  65. 65.
    You T-H, Peng W-C, Lee W-C (2007) Protecting moving trajectories with dummies. In: International workshop on privacy-aware location-based mobile services (PALMS 2007), Mannheim, GermanyGoogle Scholar
  66. 66.
    Zhong G, Goldberg I, Hengartner U (2007) Louis, Lester and Pierre: three protocols for location privacy. In: 7th workshop on privacy enhancing technologies, Ottawa, CanadaGoogle Scholar

Copyright information

© Springer-Verlag London Limited 2008

Authors and Affiliations

  1. 1.Microsoft ResearchRedmondUSA

Personalised recommendations