How Others Compromise Your Location Privacy: The Case of Shared Public IPs at Hotspots

  • Nevena Vratonjic
  • Kévin Huguenin
  • Vincent Bindschaedler
  • Jean-Pierre Hubaux
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7981)


Location privacy has been extensively studied over the last few years, especially in the context of location-based services where users purposely disclose their location to benefit from convenient context-aware services. To date, however, little attention has been devoted to the case of users’ location being unintentionally compromised by others.

In this paper, we study a concrete and widespread example of such situations, specifically the location-privacy threat created by access points (e.g., public hotspots) using network address translation (NAT). Indeed, because users connected to the same hotspot share a unique public IP, a single user making a location-based request is enough to enable a service provider to map the IP of the hotspot to its geographic coordinates, thus compromising the location privacy of all the other connected users. When successful, the service provider can locate users within a few hundreds of meters, thus improving over existing IP-location databases. Even in the case where IPs change periodically (e.g., by using DHCP), the service provider is still able to update a previous (IP, Location) mapping by inferring IP changes from authenticated communications (e.g., cookies).

The contribution of this paper is three-fold: (i) We identify a novel threat to users’ location privacy caused by the use of shared public IPs. (ii) We formalize and analyze theoretically the threat. The resulting framework can be applied to any access-point to quantify the privacy threat. (iii) We experimentally assess the state in practice by using real traces of users accessing Google services, collected from deployed hotspots. Also, we discuss how existing countermeasures can thwart the threat.


Service Provider Access Point Location Privacy Network Address Translation Standard Request 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Agrawal, R., Srikant, R.: Privacy-Preserving Data Mining. In: SIGMOD (2000)Google Scholar
  2. 2.
    Ardagna, C.A., Cremonini, M., De Capitani di Vimercati, S., Samarati, P.: An Obfuscation-Based Approach for Protecting Location Privacy. IEEE Transactions on Dependable Secure Computing 8(1), 13–27 (2011)CrossRefGoogle Scholar
  3. 3.
    Beresford, A., Stajano, F.: Location Privacy in Pervasive Computing. IEEE Perv. Comp. 2, 46–55 (2003)CrossRefGoogle Scholar
  4. 4.
    Casado, M., Freedman, M.J.: Peering Through the Shroud: The Effect of Edge Opacity on IP-Based Client Identification. In: NSDI (2007)Google Scholar
  5. 5.
    Chaum, D.L.: Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms. Communications of the ACM 24(2), 84–90 (1981)CrossRefGoogle Scholar
  6. 6.
    CNN: Your Phone Company is Selling Your Personal Data (2011),
  7. 7.
    Danezis, G., Dingledine, R., Hopwood, D., Mathewson, N.: Mixminion: Design of a Type III Anonymous Remailer Protocol. In: S&P, pp. 2–15 (2003)Google Scholar
  8. 8.
    Dingledine, R., Mathewson, N., Syverson, P.: Tor: The Second-generation Onion Router. In: USENIX Security (2004)Google Scholar
  9. 9.
    Federal Trade Commission: Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers. Report (2010)Google Scholar
  10. 10.
    Freedman, M.J., Vutukuru, M., Feamster, N., Balakrishnan, H.: Geographic Locality of IP Prefixes. In: IMC (2005)Google Scholar
  11. 11.
    Ghosh, A., Jana, R., Ramaswami, V., Rowland, J., Shankaranarayanan, N.: Modeling and Characterization of Large-Scale Wi-Fi Traffic in Public Hot-Spots. In: INFOCOM (2011)Google Scholar
  12. 12.
    Golle, P., Partridge, K.: On the Anonymity of Home/Work Location Pairs. In: Tokuda, H., Beigl, M., Friday, A., Brush, A.J.B., Tobe, Y. (eds.) Pervasive 2009. LNCS, vol. 5538, pp. 390–397. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  13. 13.
    Goodell, G., Syverson, P.: The right place at the right time. Communications of the ACM 50(5), 113–117 (2007)CrossRefGoogle Scholar
  14. 14.
    Google Engineering Center Zurich: Technology and Innovation for Web Search. Private communication (October 2012)Google Scholar
  15. 15.
  16. 16.
    Gruteser, M., Grunwald, D.: Anonymous Usage of Location-Based Services Through Spatial and Temporal Cloaking. In: MobiSys (2003)Google Scholar
  17. 17.
    Guo, C., Liu, Y., Shen, W., Wang, H., Yu, Q., Zhang, Y.: Mining the Web and the Internet for Accurate IP Address Geolocations. In: INFOCOM (2009)Google Scholar
  18. 18.
    Hoh, B., Gruteser, M., Xiong, H., Alrabady, A.: Enhancing Security and Privacy in Traffic-Monitoring Systems. IEEE Perv. Comp. 5, 38–46 (2006)CrossRefGoogle Scholar
  19. 19.
    HostIP: My IP Address Lookup and Geotargeting Community Geotarget IP Project,
  20. 20.
    Targeting Local Markets: An IAB Interactive Advertising Guide. Interactive Advertising Bureau (2010)Google Scholar
  21. 21.
    Katz-Bassett, E., John, J.P., Krishnamurthy, A., Wetherall, D., Anderson, T., Chawathe, Y.: Towards IP Geolocation Using Delay and Topology Measurements. In: IMC (2006)Google Scholar
  22. 22.
    Kido, H., Yanagisawa, Y., Satoh, T.: An Anonymous Communication Technique using Dummies for Location-Based Services. In: ICPS, pp. 88–97 (2005)Google Scholar
  23. 23.
    Krumm, J.: Inference Attacks on Location Tracks. In: LaMarca, A., Langheinrich, M., Truong, K.N. (eds.) Pervasive 2007. LNCS, vol. 4480, pp. 127–143. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  24. 24.
    Geolocation and online fraud prevention by MaxMind,
  25. 25.
    Muir, J.A., Oorschot, P.C.V.: Internet Geolocation: Evasion and Counterevasion. ACM Computing Survey 42, 4:1–4:23 (2009)Google Scholar
  26. 26.
    Patil, S., Norcie, G., Kapadia, A., Lee, A.: “Check Out Where I Am!”: Location-Sharing Motivations, Preferences, and Practices. In: CHI (2012)Google Scholar
  27. 27.
    Poese, I., Uhlig, S., Kaafar, M.A., Donnet, B., Gueye, B.: IP Geolocation Databases: Unreliable? ACM SIGCOMM CCR 41, 53–56 (2011)CrossRefGoogle Scholar
  28. 28.
    PricewaterhouseCoopers: Internet Advertising Revenue Report (2011)Google Scholar
  29. 29.
    Raghavan, B., Kohno, T., Snoeren, A.C., Wetherall, D.: Enlisting ISPs to Improve Online Privacy: IP Address Mixing by Default. In: Goldberg, I., Atallah, M.J. (eds.) PETS 2009. LNCS, vol. 5672, pp. 143–163. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  30. 30.
    Ross, S.M.: Stochastic Processes. Wiley (1995)Google Scholar
  31. 31.
    Shokri, R., Theodorakopoulos, G., Le Boudec, J.Y., Hubaux, J.P.: Quantifying Location Privacy. In: S&P (2011)Google Scholar
  32. 32.
  33. 33.
  34. 34.
    Tor Metrics Portal,
  35. 35.
    USA Department of Defenses: Global Positioning System: Standard Positioning Service Performance Standard (2008)Google Scholar
  36. 36.
    Vratonjic, N., Huguenin, K., Bindschaedler, V., Dubovitskaya, A., Hubaux, J.P.: Location Privacy Threats at Public Hotspots. Tech. rep., EPFL (2013)Google Scholar
  37. 37.
    Wang, Y., Burgener, D., Flores, M., Kuzmanovic, A., Huang, C.: Towards Street-Level Client-Independent IP Geolocation. In: NSDI (2011)Google Scholar
  38. 38.
    Xie, Y., Yu, F., Achan, K., Gillum, E., Goldszmidt, M., Wobber, T.: How Dynamic are IP Addresses? In: SIGCOMM (2007)Google Scholar
  39. 39.
    Yen, T.F., Xie, Y., Yu, F., Yu, R.P., Abadi, M.: Host Fingerprinting and Tracking on the Web: Privacy and Security Implications. In: NDSS (2012)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Nevena Vratonjic
    • 1
  • Kévin Huguenin
    • 1
  • Vincent Bindschaedler
    • 2
  • Jean-Pierre Hubaux
    • 1
  1. 1.School of Computer and Communication SciencesEPFLSwitzerland
  2. 2.Department of Computer ScienceUIUCUSA

Personalised recommendations