Quantifying Location Privacy Leakage from Transaction Prices

  • Arthur GervaisEmail author
  • Hubert Ritzdorf
  • Mario Lucic
  • Vincent Lenders
  • Srdjan Capkun
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9879)


Large-scale datasets of consumer behavior might revolutionize the way we gain competitive advantages and increase our knowledge in the respective domains. At the same time, valuable datasets pose potential privacy risks that are difficult to foresee. In this paper we study the impact that the prices from consumers’ purchase histories have on the consumers’ location privacy. We show that using a small set of low-priced product prices from the consumers’ purchase histories, an adversary can determine the country, city, and local retail store where the transaction occurred with high confidence. Our paper demonstrates that even when the product category, precise time of purchase, and currency are removed from the consumers’ purchase history (e.g., for privacy reasons), information about the consumers’ location is leaked. The results are based on three independent datasets containing thousands of low-priced and frequently-bought consumer products. The results show the existence of location privacy risks when releasing consumer purchase histories. As such, the results highlight the need for systems that hide transaction details in consumer purchase histories.


Mutual Information Product Category Location Privacy Privacy Risk Store Chain 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    A Face Is Exposed for AOL Searcher No. 4417749 (2006).
  2. 2.
    Ikea Billy Bookshelf Index, Bloomberg (2009).
  3. 3.
    NIST/SEMATECH e-Handbook of Statistical Methods (2013).
  4. 4.
    Anonymized for review (2015)Google Scholar
  5. 5.
    Big Mac Index, The Economist (2015).
  6. 6.
    Consumer panel data and retail scanner data across the United States (2015).
  7. 7.
    Kaggle, Acquire Valued Shoppers Challenge (2015).
  8. 8.
    More (or Less) Brew for your Buck, Starbucks coffee price (2015).
  9. 9.
    Numbeo, database of user contributed data about cities and countries worldwide (2015).
  10. 10.
    Ripple, cryptocurrency (2015).
  11. 11.
    Store-level scanner data collected at Dominick’s Finer Foods (2015).
  12. 12.
  13. 13.
    Androulaki, E., Karame, G.O., Roeschlin, M., Scherer, T., Capkun, S.: Evaluating user privacy in bitcoin. In: Sadeghi, A.-R. (ed.) FC 2013. LNCS, vol. 7859, pp. 34–51. Springer, Heidelberg (2013). CrossRefGoogle Scholar
  14. 14.
    Androulaki, E., Karame, G.O.: Hiding transaction amounts and balances in bitcoin. In: Holz, T., Ioannidis, S. (eds.) Trust 2014. LNCS, vol. 8564, pp. 161–178. Springer, Heidelberg (2014)Google Scholar
  15. 15.
    Ben-Sasson, E., Chiesa, A., Garman, C., Green, M., Miers, I., Tromer, E., Virza, M.: Zerocash: decentralized anonymous payments from bitcoin. In: 2014 IEEE Symposium on Security and Privacy (SP). IEEE (2014)Google Scholar
  16. 16.
    Blumberg, A.J., Eckersley, P.: On locational privacy, and how to avoid losing it forever. EEF (2009)Google Scholar
  17. 17.
    Bonneau, J., Miller, A., Clark, J., Naryanan, A., Kroll, J.A., Felten, E.W.: SoK: bitcoin and second-generation cryptocurrencies. In: IEEE Security and Privacy, May 2015Google Scholar
  18. 18.
    Cover, T.M., Thomas, J.A.: Elements of Information Theory. John Wiley and Sons, Hoboken (2012)zbMATHGoogle Scholar
  19. 19.
    de Montjoye, Y.-A., Hidalgo, C.A., Verleysen, M., Blondel, V.D.: Unique in the crowd: the privacy bounds of human mobility. Sci. Rep. 3 (2013)Google Scholar
  20. 20.
    Dutta, S., Bergen, M., Levy, D.: Price flexibility in channels of distribution: evidence from scanner data. J. Econ. Dyn. control 26(11), 1845–1900 (2002)CrossRefzbMATHGoogle Scholar
  21. 21.
    Meiklejohn, S., et al.: A fistful of bitcoins: characterizing payments among men with no names. In: Proceedings of the 2013 Conference on Internet Measurement Conference, IMC 2013, pp. 127–140. ACM, New York (2013)Google Scholar
  22. 22.
    Gervais, A., Karame, G., Capkun, S., Capkun, V.: Is bitcoin a decentralized currency? IEEE Secur. Priv. Mag. 12, 54–60 (2014)CrossRefGoogle Scholar
  23. 23.
    Gruteser, M., Grunwald, D.: Anonymous usage of location-based services through spatial and temporal cloaking. In: Proceedings of the 1st International Conference on Mobile Systems, Applications and Services, pp. 31–42. ACM (2003)Google Scholar
  24. 24.
    Herrmann, R., Möser, A.: Price variability or rigidity in the food-retailing sector? theoretical analysis and evidence from german scanner data. Technical report (2003)Google Scholar
  25. 25.
    Hosken, D., Reiffen, D.: Patterns of retail price variation. RAND J. Econ., 128–146 (2004)Google Scholar
  26. 26.
    Manning, C.D., Raghavan, P., Schütze, H.: Introduction to Information Retrieval, vol. 1. Cambridge University Press, Cambridge (2008)CrossRefzbMATHGoogle Scholar
  27. 27.
    Miers, I., Garman, C., Green, M., Rubin, A.D.: Zerocoin: anonymous distributed e-cash from bitcoin. In: 2013 IEEE Symposium on Security and Privacy (SP), pp. 397–411. IEEE (2013)Google Scholar
  28. 28.
    Narayanan, A., Shmatikov, V.: Robust de-anonymization of large sparse datasets. In: IEEE Symposium on Security and Privacy, SP 2008. IEEE (2008)Google Scholar
  29. 29.
    Narayanan, A., Thiagarajan, N., Lakhani, M., Hamburg, M., Boneh, D.: Location privacy via private proximity testingGoogle Scholar
  30. 30.
    Pass, G., Chowdhury, A., Torgeson, C.: A picture of search. In: Proceedings of the 1st International Conference on Scalable Information Systems, InfoScale 2006. ACM, New York (2006)Google Scholar
  31. 31.
    Reid, F., Harrigan, M.: An analysis of anonymity in the bitcoin systemGoogle Scholar
  32. 32.
    Ron, D., Shamir, A.: Quantitative analysis of the full bitcoin transaction graph (2013).
  33. 33.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2009)Google Scholar
  34. 34.
    Shokri, R., Theodorakopoulos, G., Danezis, G., Hubaux, J.-P., Le Boudec, J.-Y.: Quantifying location privacy: the case of sporadic location exposure. In: Fischer-Hübner, S., Hopper, N. (eds.) PETS 2011. LNCS, vol. 6794, pp. 57–76. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  35. 35.
    Sokolova, M., Lapalme, G.: A systematic analysis of performance measures for classification tasks. Inf. Process. Manag. 45(4), 427–437 (2009)CrossRefGoogle Scholar
  36. 36.
    Sweeney, L.: Simple demographics often identify people uniquely. Health (San Francisco) 671, 1–34 (2000)Google Scholar
  37. 37.
    U.S. Census Bureau, Population Division. Annual Estimates of the Resident Population for Incorporated Places of 50,000 or More, Ranked by July 1, 2013 (2014)Google Scholar
  38. 38.
    Voulodimos, A.S., Patrikakis, C.Z.: Quantifying privacy in terms of entropy for context aware services. Identity Inf. Soc. 2(2), 155–169 (2009)CrossRefGoogle Scholar
  39. 39.
    Singh, V.K., Pentland, A.S., de Montjoye, Y.-A., Radaelli, L.: Unique in the shopping mall: on the reidentifiability of credit card metadata. Science 347, 536–539 (2015)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Arthur Gervais
    • 1
    Email author
  • Hubert Ritzdorf
    • 1
  • Mario Lucic
    • 1
  • Vincent Lenders
    • 2
  • Srdjan Capkun
    • 1
  1. 1.ETH ZurichZurichSwitzerland
  2. 2.ArmasuisseThunSwitzerland

Personalised recommendations