Practical Location Privacy Attacks and Defense on Point-of-interest Aggregates

Location-based services have significantly affected mobile users' everyday life, and location privacy is also an essential issue in these services. In some applications (e.g., location-based recommendation, mobility analytic), the raw data is not required, and the service providers adopt aggregation to protect users' location traces. However, some works show that even these aggregation data may disclose users' location privacy when other prior knowledge is available to an adversary. We consider the location privacy problem in the presence of Location Uniqueness, which is a property that some geographical locations can be re-identified based on the aggregated point-of-interest (POI) information. We first study whether previous protection mechanisms are effective for defending against this novel type of attack. Then we present two practical attacks for inferring users' actual locations based on the POI aggregates. Furthermore, we propose a secure POI aggregate release mechanism that can defend against this type of re-identification attack and achieve differential privacy at the same time. We conduct extensive experiments on real-world datasets. The results show that the existing protection mechanisms cannot provide sufficient protection. The proposed enhanced attacks can significantly improve the inference performance, and the proposed protection mechanism achieves satisfactory performance.