No More than What I Post: Preventing Linkage Attacks on Check-in Services

Abstract

With the flourishing of location based social networks, posting check-ins has become a common practice to document one's daily life. Users usually do not consider check-in records as violations of their privacy. However, through analyzing two real-world check-in datasets, our study shows that check-in records are vulnerable to linkage attacks. Specifically, adversary is able to uniquely re-identify over 52~66 percent users in other anonymous mobility datasets and 60~80 percent users have more than 60 percent probability leaking unreported mobility records. In addition, we further demonstrate that the privacy sensitivity of check-in records can be more accurately measured by including the information of additional mobility data compared with only looking at check-ins. Based on this observation, we design a partition-and-group framework to integrate the information of check-ins and additional mobility data to attain a novel privacy criterion-k <sup xmlns:mml="http://www.w3.org/1998/Math/MathML" xmlns:xlink="http://www.w3.org/1999/xlink">τ,l</sup> -anonymity. It ensures adversaries with arbitrary background knowledge cannot use check-ins to re-identify users in other anonymous datasets or learning unreported mobility records. The proposed framework achieves favorable performance against state-of-art baseline in terms of improving check-in utility by 24~57 percent while providing stronger privacy guarantee at the same time. We believe this study will open a new angle in attaining both privacy-preserving and useful check-in services.services.