With the advancing of location-detection technologies and the increasing popularity of mobile phones and other location-aware devices,trajectory data is continuously growing.While large-scale trajectories provide oppo...With the advancing of location-detection technologies and the increasing popularity of mobile phones and other location-aware devices,trajectory data is continuously growing.While large-scale trajectories provide opportunities for various applications,the locations in trajectories pose a threat to individual privacy.Recently,there has been an interesting debate on the reidentifiability of individuals in the Science magazine.The main finding of Sánchez et al.is exactly opposite to that of De Montjoye et al.,which raises the first question:"what is the true situation of the privacy preservation for trajectories in terms of reidentification?''Furthermore,it is known that anonymization typically causes a decline of data utility,and anonymization mechanisms need to consider the trade-off between privacy and utility.This raises the second question:"what is the true situation of the utility of anonymized trajectories?''To answer these two questions,we conduct a systematic experimental study,using three real-life trajectory datasets,five existing anonymization mechanisms(i.e.,identifier anonymization,grid-based anonymization,dummy trajectories,k-anonymity andε-differential privacy),and two practical applications(i.e.,travel time estimation and window range queries).Our findings reveal the true situation of the privacy preservation for trajectories in terms of reidentification and the true situation of the utility of anonymized trajectories,and essentially close the debate between De Montjoye et al.and Sánchez et al.To the best of our knowledge,this study is among the first systematic evaluation and analysis of anonymized trajectories on the individual privacy in terms of unicity and on the utility in terms of practical applications.展开更多
基金This work was partially supported by the National Natural Science Foundation of China under Grant Nos.61925203 and 62172024Beijing Advanced Innovation Center for Future Blockchain and Privacy Computing。
文摘With the advancing of location-detection technologies and the increasing popularity of mobile phones and other location-aware devices,trajectory data is continuously growing.While large-scale trajectories provide opportunities for various applications,the locations in trajectories pose a threat to individual privacy.Recently,there has been an interesting debate on the reidentifiability of individuals in the Science magazine.The main finding of Sánchez et al.is exactly opposite to that of De Montjoye et al.,which raises the first question:"what is the true situation of the privacy preservation for trajectories in terms of reidentification?''Furthermore,it is known that anonymization typically causes a decline of data utility,and anonymization mechanisms need to consider the trade-off between privacy and utility.This raises the second question:"what is the true situation of the utility of anonymized trajectories?''To answer these two questions,we conduct a systematic experimental study,using three real-life trajectory datasets,five existing anonymization mechanisms(i.e.,identifier anonymization,grid-based anonymization,dummy trajectories,k-anonymity andε-differential privacy),and two practical applications(i.e.,travel time estimation and window range queries).Our findings reveal the true situation of the privacy preservation for trajectories in terms of reidentification and the true situation of the utility of anonymized trajectories,and essentially close the debate between De Montjoye et al.and Sánchez et al.To the best of our knowledge,this study is among the first systematic evaluation and analysis of anonymized trajectories on the individual privacy in terms of unicity and on the utility in terms of practical applications.
