Hiding the start of Brownian motion: towards a Bayesian analysis of privacy for GPS trajectories
The diffusion of GPS sensors and the success of applications for sharing GPS trajectories raise serious privacy concerns. In this paper, we show that a Bayesian approach is natural for a rigorous analysis of both home identification attacks and their countermeasures. Our Bayesian framework allows to naturally incorporate the adversary's background knowledge and quantify the bias and level of uncertainty after the attack. We propose measures for both utility and privacy: while the first is by definition application-specific, the second extends beyond the present application and can be regarded as a Bayesian measure of privacy. Based on our utility measure, we restrict to "privacy region cut strategies", a family of countermeasures consisting in publishing the trajectories from the first exit to the last entrance from/into a privacy region. We run experiments on Brownian motion trajectories for two of these strategies, showing that our generalization of the previously proposed "two balls strategy" performs better than "random radius strategy", which in turn generalizes a strategy currently employed in industry. Beyond the location privacy application, the problem of hiding the start of Brownian motion is of interest in itself, with possibly many other applications.
READ FULL TEXT