HMC

Abstract

With the wide propagation of handheld devices, more and more mobile sensors are being used by end users on a daily basis. Those sensors could be leveraged to gather useful mobility data for city planners, business analysts and researches. However, gathering and exploiting mobility data raises many privacy threats. Sensitive information such as one's home or work place, hobbies, religious beliefs, political or sexual preferences can be inferred from the gathered data. In the last decade, Location Privacy Protection Mechanisms (LPPMs) have been proposed to protect user data privacy. However existing LPPMs fail at effectively protecting the users as most of them reason on local mobility features: micro-mobility (e.g., individual geographical coordinates) while ignoring higher level mobility features, which may allow attackers to discriminate between users. In this paper we propose HMC the first LPPM that reasons on the overall user mobility abstracted using heat maps. We evaluate HMC using four real mobility traces and multiple privacy and utility metrics. The results show that with HMC, across all the datasets 87% of mobile users are successfully protected against re-identification attacks, while others LPPMs only achieve a protection ranging from 43% to 79%. By considering only users protected with a high utility, the proportion of users stays high for HMC with 75%, while for others LPPMs it goes down to proportions between 4% and 43%.