A.J. Bernheim Brush
John Krumm
James Scott
ABSTRACT
Long-term personal GPS data is useful for many UbiComp services such as traffic monitoring and environmental impact assessment. However, inference attacks on such traces can reveal private information including home addresses and schedules. We asked 32 participants from 12 households to collect 2 months of GPS data, and showed it to them in visualizations. We explored if they understood how their individual privacy concerns mapped onto 5 location obfuscation schemes (which they largely did), which obfuscation schemes they were most comfortable with (Mixing, Deleting data near home, and Randomizing), how they monetarily valued their location data, and if they consented to share their data publicly. 21/32 gave consent to publish their data, though most households' members shared at different levels, which indicates a lack of awareness of privacy interrelationships. Grounded in real decisions about real data, our findings highlight the potential for end-user involvement in obfuscation of their own location data.
- }}Anthony, D., Henderson, .T and Kotz D., Privacy in Location-Aware Computing Environments, IEEE Pervasive Computing, vol. 6, 2007, pp. 64--72. Google Scholar
Digital Library
- }}Agapie, E. et al. Seeing Our Signals: Combining location traces and web-based models for personal discovery. Proc. Hotmobile 2008. Google ScholarDigital Library
- }}Barkhuus, L. and Dey, A. K. Location-Based Services for Mobile Telephony: a study of users' privacy concerns. Proc. Interact 2003, 207--212.Google Scholar
- }}Beresford, A. and Stajano, F. Location Privacy in Pervasive Computing. IEEE Pervasive Computing, 2(1):46--55, 2003. Google ScholarDigital Library
- }}Chen, M., et al. Practical Metropolitan-scale Positioning for GSM Phones. Proc. UbiComp 2006, Springer-Verlag. Google ScholarDigital Library
- }}Colbert, M. A Diary Study of Rendezvousing: Implications for Position-aware Communications for Mobile Groups. Proc. GROUP 2001. ACM Press 15--23, 2001. Google ScholarDigital Library
- }}Consolvo, S., Smith, I. E., Matthews, T., LaMarca, A., Tabert, J. & Powledge, P. Location Disclosure to Social Relations: Why, When, & What People Want to Share. Proc CHI 2005, ACM Press, 81--90. Google ScholarDigital Library
- }}Cvrcek, D. et al., A Study on the Value of Location Privacy. Proc. Workshop on Privacy in the Electronic Society. 2006, ACM 109--118. Google ScholarDigital Library
- }}Danezis, G., Lewis, S. and Anderson, R. How Much is Location Privacy Worth? Proc. 4th Workshop on the Economics of Information Security. Harvard University, 2005.Google Scholar
- }}Dourish, P. and Anderson, K. Collective Information Practice: Exploring Privacy and Security as Social and Cultural Phenomena. Human-Computer Interaction 21(3), 2009, 319--342. Google ScholarDigital Library
- }}1Duckham, M. and Kulik, L. Location privacy and location-aware computing, In Dynamic & Mobile GIS: Investigating Change in Space and Time, CRC Press, 2006, 34--51.Google Scholar
- }}Eagle, N., Pentland, A. and Lazer, D. Inferring Social Network Structure using Mobile Phone Data. Proc. National Academy of Sciences 106(36), 2009, 15274--15278.Google ScholarCross Ref
- }}Golle, P. and Partridge, K. On the Anonymity of Home/Work Location Pairs. Proc. Pervasive 2009, 390--397. Google ScholarDigital Library
- }}Gruteser, M. and Grunwald, D., Anonymous Usage of Location-Based Services Through Spatial and Temporal Cloaking. Proc. MobiSys 2003, ACM Press, 31--42. Google ScholarDigital Library
- }}Gruteser, M. and Hoh, B. On the Anonymity of Periodic Location Samples. Proc. 2nd International Conference on Security in Pervasive Computing. 2005, 179--192. Google ScholarDigital Library
- }}Hoh, B., et al., Preserving Privacy in GPS Traces via Uncertainty-Aware Path Cloaking. Proc. ACM CCS 2007. Google ScholarDigital Library
- }}Horvitz, E., Apacible, J., Sarin, R. and Liao, L. Prediction, Expectation, and Surprise: Methods, Designs, and Study of a Deployed Traffic Forecasting Service, Proc. UAI-2005.Google Scholar
- }}Iachello, G., et al., Control, Deception, and Communication: Evaluating the Deployment of a Location-Enhanced Messaging Service, Proc. UbiComp 2005, Springer-Verlag, 213--231. Google ScholarDigital Library
- }}Kostakos, V. Using Bluetooth to capture passenger trips on public transport buses. arXiv:0806.0874, 2008.Google Scholar
- }}Krumm, J. Inference Attacks on Location Tracks. Proc. Pervasive 2007, Springer-Verlag, 127--143. Google ScholarDigital Library
- }}Krumm, J. A survey of computational location privacy. Personal and Ubiquitous Computing (2009) 13:6, pp. 391--399. Google ScholarDigital Library
- }}Krumm, J. And Horvitz, E. Predestination: Inferring Destinations from Partial Trajectories. Proc. UbiComp 2006, Springer-Verlag. Google ScholarDigital Library
- }}Langheinrich, M. Privacy in Ubiquitous Computing. In: Ubiqutious Computing Fundamentals, Edited by John Krumm, 96--156.Google Scholar
- }}Liao, L., Patterson, D., Fox, D. and Kautz, H. Learning and Inferring Transportation Routines. Artificial Intelligence, 2007. Google ScholarDigital Library
- }}Mulder, Y., Danezis, G., Batina, L., Preneel. B., Identification via location-profiling in GSM networks. Proc. Workshop on Privacy in the Electronic Society 2008. 23--32. Google ScholarDigital Library
- }}Palen, L. and Dourish, P. Unpacking "privacy" for a networked world. Proc. CHI 2003, ACM Press, 129--136. Google ScholarDigital Library
- }}Scott, J., Krumm, J., Meyers, B., Brush, A. J., and Kapoor, A. Home Heating Using GPS-Based Arrival Prediction. Microsoft Research Technical Report MSR-TR-2010-19, Feb 2010.Google Scholar
- }}Shilton, K., Burke, J., Estrin, D., Hansen, M., Govindan, R., & Kang, J. Designing the Personal Data Stream: Enabling Participatory Privacy in Mobile Personal Sensing. Proc. TPRC. September 2009.Google Scholar
- }}Shklovski, I., Vertesi, J., Troshynski, E. & Dourish, P. (2009) The commodification of location: Dynamics of power in location-based systems. Proc. UbiComp 2009, ACM Press. 11--20. Google ScholarDigital Library
- }}Tsai, J., Kelley, P., Cranor, L., and Sadeh, N. Location-Sharing Technologies: Privacy Risks and Controls. Proc. TPRC 2009.Google Scholar
- }}Tsai, J. Y., Kelley, P., Drielsma, P., Cranor, L. F., Hong, J., and Sadeh, N. 2009. Who's viewed you?: the impact of feedback in a mobile location-sharing application. Proc. CHI '09. ACM Press, 2003--2012.. Google ScholarDigital Library
Index Terms
- Exploring end user preferences for location obfuscation, location-based services, and the value of location
Recommendations
Landscape-aware location-privacy protection in location-based services
Mobile network providers have developed a variety of location-based services (LBSs), such as friend-finder, point of interest services, emergency rescue and many other safety and security services. The protection of location-privacy has consequently ...
Location privacy protection with a semi-honest anonymizer in information centric networking
ICN '18: Proceedings of the 5th ACM Conference on Information-Centric NetworkingLocation-based services, which provide services based on locations of consumers' interests, are becoming essential for our daily lives. Since the location of a consumer's interest contains private information, several studies propose location privacy ...
Anonymizing user location and profile information for privacy-aware mobile services
LBSN '10: Proceedings of the 2nd ACM SIGSPATIAL International Workshop on Location Based Social NetworksDue to the growing use of mobile devices, location-based services have become popular. A location service often requires the user's exact location to provide appropriate services and this brings the risk of threats to privacy. In this paper, we propose ...
Comments