A survey of computational location privacy

Abstract

This is a literature survey of computational location privacy, meaning computation-based privacy mechanisms that treat location data as geometric information. This definition includes privacy-preserving algorithms like anonymity and obfuscation as well as privacy-breaking algorithms that exploit the geometric nature of the data. The survey omits non-computational techniques like manually inspecting geotagged photos, and it omits techniques like encryption or access control that treat location data as general symbols. The paper reviews studies of peoples’ attitudes about location privacy, computational threats on leaked location data, and computational countermeasures for mitigating these threats.

This is a preview of subscription content, log in to check access.

Fig. 1
Fig. 2

References

  1. 1.

    Google street views, cool or creepy? (2007) In: New York Post, 2007, New York, NY, USA

  2. 2.

    Arnott R, Small K (1994) The economics of traffic congestion. In: American Scientist, pp 446–455

  3. 3.

    Ashbrook D, Starner T (2003) Using GPS to learn significant locations and predict movement across multiple users. Pers Ubiquit Comput 7(5):275–286

    Article  Google Scholar 

  4. 4.

    Barkhuus L (2004) Privacy in location-based services, concern vs. coolness. In: Workshop on location system privacy and control, Mobile HCI, Glasgow, UK

  5. 5.

    Barkuus L, Dey A (2003) Location-based services for mobile telephony: a study of users’ privacy concerns. In: 9th IFIP TC13 international conference on human-computer interaction, Interact 2003, Zurich, Switzerland, pp 709–712

  6. 6.

    Beresford AR, Stajano F (2003) Location privacy in pervasive computing. In: IEEE Pervasive Computing Magazine. IEEE, pp 46–55

  7. 7.

    Bettini C, Wang XS, Jajodia S (2005) Protecting privacy against location-based personal identification. In: 2nd VLDB workshop on secure data management, pp 185–199

  8. 8.

    Blackman SS (1986) Multiple-target tracking with radar applications. Artech House

  9. 9.

    Canny J (2002) Some techniques for privacy in Ubicomp and context-aware applications. In: Workshop on socially-informed design of privacy-enhancing solutions in ubiquitous computing, Goteborg, Sweden

  10. 10.

    Colbert M (2001) A diary study of rendezvousing: implications for position-aware communications for mobile groups. In: ACM 2001 international conference on supporting group work. ACM Press, Boulder, CO, USA, pp 15–23

  11. 11.

    Cornwell J et al (2007) User-controllable security and privacy for pervasive computing. In: Eighth IEEE workshop on mobile computing systems and applications (HotMobile 2007), Tucson, AZ, USA

  12. 12.

    Cvrček D et al (2006) A study on the value of location privacy. In: Fifth ACM workshop on privacy in the electronic society. ACM, Alexandria, VA, USA, pp 109–118

  13. 13.

    Danezis G, Lewis S, Anderson R (2005) How much is location privacy worth? In: Fourth workshop on the economics of information security. Harvard University, Cambridge

  14. 14.

    Duckham M, Kulik L (2005) A formal model of obfuscation and negotiation for location privacy. In: 3rd international conference on pervasive computing (Pervasive 2005). Springer, Munich, Germany, pp 152–170

  15. 15.

    Duckham M, Kulik L (2005) Simulation of obfuscation and negotiation for location privacy. In: Spatial information theory, international conference, COSIT 2005. Springer, Ellicottville, NY, USA, pp 31–48

  16. 16.

    Duckham M, Kulik L (2006) Location privacy and location-aware computing. In: Drummond J (ed) Dynamic & mobile GIS: investigating change in space and time. Boca Raton, CRC Press, pp 34–51

    Google Scholar 

  17. 17.

    Duckham M, Kulik L, Birtley A (2006) A spatiotemporal model of strategies and counter strategies for location privacy protection. In: 4th international conference on geographic information science (GIScience 2006). Springer, Münster, Germany, pp 47–64

  18. 18.

    flickrvision. http://flickrvision.com/

  19. 19.

    Froehlich J, Krumm J (2008) Route prediction from trip observations. In: Society of automotive engineers (SAE) 2008 world congress, Detroit, MI, USA

  20. 20.

    Google.com. http://google.com/gmm/mylocation.html

  21. 21.

    Gruteser M, Grunwald D (2003) Anonymous usage of location-based services through spatial and temporal cloaking. In: First ACM/USENIX international conference on mobile systems, applications, and services (MobiSys 2003). ACM Press, San Francisco, CA, USA, pp 31–42

  22. 22.

    Gruteser M, Hoh B (2005) On the anonymity of periodic location samples. In: Second international conference on security in pervasive computing, Boppard, Germany, pp 179–192

  23. 23.

    Hariharan R, Toyama K (2004) Project Lachesis: parsing and modeling location histories. In: Third international conference on GIScience, Adelphi, MD

  24. 24.

    Hashem T, Kulik L (2007) Safeguarding location privacy in wireless ad-hoc networks. In: 9th international conference on ubiquitous computing (UbiComp 2007), Innsbruck, Austria, pp 372–390

  25. 25.

    Hightower J et al (2005) Learning and recognizing the places we go. In: UbiComp ubiquitous computing

  26. 26.

    Hoh B, Gruteser M (2005) Protecting location privacy through path confusion. In: First international conference on security and privacy for emerging areas in communications networks (SECURECOMM 2005). IEEE Computer Society, Athens, Greece, pp 194–205

  27. 27.

    Hoh B et al (2006) Enhancing security and privacy in traffic-monitoring systems. In: IEEE pervasive computing magazine. IEEE, pp 38–46

  28. 28.

    Hoh B et al (2007) Preserving privacy in GPS traces via uncertainty-aware path cloaking. In: 14th ACM conference on computer and communication security (ACM CCS 2007), Alexandria, VA, USA

  29. 29.

    Horey J et al (2007) Anonymous data collection in sensor networks. In 4th annual international conference on mobile and ubiquitous systems: computing, networking and services (Mobiquitous 2007), Philadelphia, PA, USA

  30. 30.

    Iachello G et al (2005) Control, deception, and communication: evaluating the deployment of a location-enhanced messaging service. In: UbiComp 2005: ubiquitous computing. Springer, Tokyo, Japan, pp 213–231

  31. 31.

    Jang Y, Choi C, Kim S (2005) Privacy management mechanism for location based application with high performance. In: Communication systems and applications (CSA 2005), pp 96–101

  32. 32.

    Kaasinen E (2003) User needs for location-aware mobile services. Pers Ubiquit Comput 7(1):70–79

    Article  Google Scholar 

  33. 33.

    Kang JH et al (2004) Extracting places from traces of locations. In: 2nd ACM international workshop on wireless mobile applications and services on WLAN hotspots (WMASH’04)

  34. 34.

    Kido H, Yanagisawa Y, Satoh T (2005) An anonymous communication technique using dummies for location-based services. In: IEEE international conference on pervasive services 2005 (ICPS2005), Santorini, Greece, pp 88–97

  35. 35.

    Krumm J (2007) Inference attacks on location tracks. In: Fifth international conference on pervasive computing (Pervasive 2007), Toronto, ON, Canada, pp 127–143

  36. 36.

    Krumm J (2008) A Markov model for driver turn prediction. In: Society of automotive engineers (SAE) 2008 world congress, Detroit, MI, USA

  37. 37.

    Krumm J, Horvitz E (2006) Predestination: inferring destinations from partial trajectories. In: UbiComp 2006: ubiquitous computing, Orange County, CA, USA, pp 243–260

  38. 38.

    Krumm J, Letchner J, Horvitz E (2007) Map matching with travel time constraints (Paper 2007-01-1102). In: Society of automotive engineers (SAE) 2007 world congress, Detroit, MI, USA

  39. 39.

    Kumaraguru P, Cranor LF (2005) Privacy indexes: a survey of Westin’s studies. School of Computer Science, Carnegie Mellon University, Pittsburgh, p 22

  40. 40.

    LaMarca A et al (2005) Place lab: device positioning using radio beacons in the wild. In: Third international conference on pervasive computing (Pervasive 2005). Springer, Munich, Germany

  41. 41.

    Leonhardt U, Magee J (1998) Security considerations for a distributed location service. J Netw Syst Manage 6(1):51–70

    Article  Google Scholar 

  42. 42.

    Loki. http://www.loki.com/

  43. 43.

    Marmasse N (2004) Providing lightweight telepresence in mobile communication to enhance collaborative living. In: Program in media arts and sciences, School of architecture and planning. MIT, Cambridge, MA, USA, pp 124

  44. 44.

    Marmasse N, Schmandt C (2000) Location-aware information delivery with commotion. In: HUC 2K 2nd international symposium on handheld and ubiquitous computing. Springer, Bristol, UK

  45. 45.

    Mascetti S, Bettini C (2007) A comparison of spatial generalization algorithms for LBS privacy preservation. In: International workshop on privacy-aware location-based mobile services (PALMS 2007), Mannheim, Germany

  46. 46.

    Matsuo Y et al (2007) Inferring long-term user property based on users’ location history. In: 20th international joint conference on artificial intelligence (IJCAI 2007), Hyderabad, India

  47. 47.

    Mokbel MF, Chow C-Y, Aref WG (2006) The new casper: query processing for location services without compromising privacy. In: International conference on very large data bases (VLDB 2006), Seoul, South Korea, pp 763–774

  48. 48.

    MotionBased. http://www.motionbased.com/

  49. 49.

    Newman WM, Eldridge MA, Lamming MG (1991) PEPYS: generating autobiographies by automatic tracking. In: Second European conference on computer supported cooperative work (ECSCW 1991). Springer, Amsterdam, The Netherlands, pp 175–188

  50. 50.

    Olson JS, Grudin J, Horvitz E (2005) A study of preferences for sharing and privacy. In: CHI '05 extended abstracts on human factors in computing systems, Portland, OR, USA, pp 1985–1988

  51. 51.

    Orland K (2003) Stalker victims should check for GPS. In: Associated press. CBS News, Milwaukee, WI, USA

  52. 52.

    Patterson DJ et al (2003) Inferring high-level behavior from low-level sensors. In: UbiComp 2003: ubiquitous computing, Seattle, WA, USA, pp 73–89

  53. 53.

    Pfitzmann A, Köhntopp M (2000) Anonymity, unobservability, and pseudonymity—a proposal for terminology. In: Designing privacy enhancing technologies: international workshop on design issues in anonymity and unobservability. Springer, Berkeley, CA, USA

  54. 54.

    POLS. http://pols.sourceforge.net/

  55. 55.

    Priyantha NB, Chakraborty A, Balakrishnan H (2000) The cricket location-support system. In: Sixth international conference on mobile computing and networking (MobiCom 2000), Boston, MA, USA

  56. 56.

    Quova. http://www.quova.com/

  57. 57.

    Ravi N, Gruteser M, Iftode L (2006) Non-inference: an information flow control model for location-based services. In: Mobile and ubiquitous systems: networking & services (Mobiquitous 2006), San Jose, CA, USA, pp 1–10

  58. 58.

    Simerman J (2007) FasTrak to courthouse. In: Contra costa times, Walnut Creek, CA

  59. 59.

    Sweeney L (2002) Achieving k-anonymity privacy protection using generalization and suppression. Int J Uncertain Fuzziness Knowledge-based Syst 10(5):571–588

    MATH  Article  MathSciNet  Google Scholar 

  60. 60.

    Toyama K et al (2003) Geographic location tags on digital images. In: 11th ACM international conference on multimedia, Berkeley, CA, USA

  61. 61.

    twittervision. http://twittervision.com/

  62. 62.

    Ubisense. http://www.ubisense.net/

  63. 63.

    Westin A (1967) Privacy and freedom. Atheneum, New York, p 487

    Google Scholar 

  64. 64.

    Wilson D, Atkeson C (2005) Simultaneous tracking & activity recognition (STAR) using many anonymous, binary sensors. In: Third international conference on pervasive computing (Pervasive 2005). Springer, Munich, Germany, pp 62–79

  65. 65.

    You T-H, Peng W-C, Lee W-C (2007) Protecting moving trajectories with dummies. In: International workshop on privacy-aware location-based mobile services (PALMS 2007), Mannheim, Germany

  66. 66.

    Zhong G, Goldberg I, Hengartner U (2007) Louis, Lester and Pierre: three protocols for location privacy. In: 7th workshop on privacy enhancing technologies, Ottawa, Canada

Download references

Author information

Affiliations

Authors

Corresponding author

Correspondence to John Krumm.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Krumm, J. A survey of computational location privacy. Pers Ubiquit Comput 13, 391–399 (2009). https://doi.org/10.1007/s00779-008-0212-5

Download citation

Keywords

  • Location
  • Privacy
  • Context