Privacy-protected statistics publication over social media user trajectory streams

Abstract

An increasing amount of user location information is being generated due to the widespread use of social network applications and the ubiquitous adoption of mobile and wearable technologies. This data can be analysed to identify precise trajectories of individuals — where they went and when they were there. This is an obvious privacy issue, yet publication of real-time aggregate over such location streams can provide valuable resources for researchers and government agencies, e.g., in case of pandemics it would be very useful to identify who might have come into contact with an infected individual at a given time. Differential privacy techniques have become popular and widely adopted to address privacy concerns. However, there are three key issues that limit the application of existing differential privacy approaches to user trajectory data: (a) the heterogeneous nature of the trajectories, (b) uniform sliding window mechanisms do not meet individual privacy requirements and (c) limited privacy budgets and impact on data utility when applied to infinite data streams. To tackle these problems, this paper proposes a private real-time trajectory stream statistics publication mechanism utilizingdifferential privacy (DP-PSP). To relieve the heterogeneity issues, anchor point discovery (e.g., fixed locations like museums, parks, etc.) and road segmenting mechanisms are proposed. We provide an adaptive w-step sliding window approach that allows users to specify their own dynamic privacy budget distribution to optimize their own privacy budget. To preserve the data utility, we present multi-timestamp prediction models and private k-nearest neighbour selection and perturbation algorithms to reduce the amount of perturbation distortion induced through the differential privacy mechanism. Comprehensive experiments over real-life location-based social network user trajectories show that DP-PSP provides private data aggregate over infinite trajectory streams and boosts the utility and quality of the perturbed aggregation without compromising individual privacy.