React to the Worst: Lightweight and Proactive Protection of Location Privacy

Abstract

This work presents a novel optimal control method for privacy protection of mobility data. Protection is based on data obfuscation, consisting in sending to the geolocated service a finely tuned fake location. The objective is twofold, keeping privacy values at an acceptable level and guaranteeing a reasonable utility loss, with a lightweight algorithm able to run on mobile devices. The proposed method consists of an offline modeling stage, based on privacy worst-case anticipation, and a fast algorithm executed online. In the offline stage, the algorithm computes the average amount of allowed utility loss necessary to maintain the privacy value of the following h steps above a given lower bound. For this purpose, the worst possible scenario over the future steps is computed and compared with the privacy function of the solution obtained by an MPC method. The online stage uses the information computed offline to solve an optimization problem whose decision variable is the location to transmit and whose objective is to maintain the privacy value above a minimal level, by avoiding large utility losses. The method is validated on an instance of a database of real records and compared with a state-of-the-art competitor.