Not Even Past: Information Aging and Temporal Privacy in Online Social Networks

Online social networks (OSNs) make information accessible for unlimited periods and provide easy access to past information by arranging information in time lines or by providing sophisticated search mechanisms. Despite increased concerns over the privacy threat that is posed by digital memory, there is little knowledge about retrospective privacy: the extent to which the age of the exposed information affects sharing preferences. In this article, we investigate how information aging impacts users’ sharing preferences on Facebook. Our findings are based on a between-subjects experiment (n = 272), in which we measured the impact of time since first publishing an OSN post on its sharing preferences. Our results quantify how willingness to share is lower for older Facebook posts and show that older posts have lower relevancy to the user’s social network and are less representative of the user’s identity. We show that changes in the user’s social circles, the occurrence of significant life changes and a user’s young age are correlated with a further decrease in the willingness to keep sharing past information. We discuss our findings by juxtaposing digital memory theories and privacy theories and suggest a vision for mechanisms that can help users manage longitudinal privacy.     

A comparative study of location-sharing privacy preferences in the United States and China

While prior studies have provided us with an initial understanding of people’s location-sharing privacy preferences, they have been limited to Western countries and have not investigated the impact of the granularity of location disclosures on people’s privacy preferences. We report findings of a 3-week comparative study collecting location traces and location-sharing preferences from two comparable groups in the United States and China. Results of the study shed further light on the complexity of people’s location-sharing privacy preferences and key attributes influencing willingness to disclose locations to others and to advertisers. While our findings reveal many similarities between US and Chinese participants, they also show interesting differences, such as differences in willingness to share location at “home” and at “work” and differences in the granularity of disclosures people feel comfortable with. We conclude with a discussion of implications for the design of location-sharing applications and location-based advertising.     

Dynamic path privacy protection framework for continuous query service over road networks

Many applications of location based services (LBSs), it is useful or even necessary to ensure that LBSs services determine their location. For continuous queries where users report their locations periodically, attackers can infer more about users’ privacy by analyzing the correlations of their query samples. The causes of path privacy problems, which emerge because the communication by different users in road network using location based services so, attacker can track continuous query information. LBSs, albeit useful and convenient, pose a serious threat to users’ path privacy as they are enticed to reveal their locations to LBS providers via their queries for location-based information. Traditional path privacy solutions designed in Euclidean space can be hardly applied to road network environment because of their ignorance of network topological properties. In this paper, we proposed a novel dynamic path privacy protection scheme for continuous query service in road networks. Our scheme also conceals DPP (Dynamic Path Privacy) users’ identities from adversaries; this is provided in initiator untraceability property of the scheme. We choose the different attack as our defending target because it is a particularly challenging attack that can be successfully launched without compromising any user or having access to any cryptographic keys. The security analysis shows that the model can effectively protect the user identity anonymous, location information and service content in LBSs. All simulation results confirm that our Dynamic Path Privacy scheme is not only more accurate than the related schemes, but also provide better locatable ratio where the highest it can be around 95 % of unknown nodes those can estimate their position. Furthermore, the scheme has good computation cost as well as communication and storage costs.Simulation results show that Dynamic Path Privacy has better performances compared to some related region based algorithms such as IAPIT scheme, half symmetric lens based localization algorithm (HSL) and sequential approximate maximum a posteriori (AMAP) estimator scheme.     

Enhancing WLAN location privacy using mobile behavior

Recently wireless network is massively used in the daily life, but user’s location privacy can be threatened. In a wireless local area network (WLAN), an adversary can track a user through his/her unchanged MAC address. Many correlation researches have been proposed to combat this issue, but they have not included mobile behavior of neighboring nodes as a key factor; therefore, their solutions may miss the opportune moment to update MAC address to improve the user’s location privacy. In other words, the existing schemes in the opportune moment to update MAC address may not be the best one. Furthermore, they will have many unnecessary MAC addresses to be updated; it then causes the network throughput being reduced. In this paper, we are going to enhance user’s location privacy with the relative positioning scheme. We analyze the mobile behavior of neighboring nodes to decide which mobile nodes are going to update their MAC addresses. The experiment results show that our scheme can decrease the time of changing MAC address, and also to enhance the user’s location privacy, although the network throughput is a little decrease.     

Capturing location-privacy preferences: quantifying accuracy and user-burden tradeoffs

We present a 3-week user study in which we tracked the locations of 27 subjects and asked them to rate when, where, and with whom they would have been comfortable sharing their locations. The results of analysis conducted on over 7,500?h of data suggest that the user population represented by our subjects has rich location-privacy preferences, with a number of critical dimensions, including time of day, day of week, and location. We describe a methodology for quantifying the effects, in terms of accuracy and amount of information shared, of privacy-setting types with differing levels of complexity (e.g., setting types that allow users to specify location- and/or time-based rules). Using the detailed preferences we collected, we identify the best possible policy (or collection of rules granting access to one??s location) for each subject and privacy-setting type. We measure the accuracy with which the resulting policies are able to capture our subjects?? preferences under a variety of assumptions about the sensitivity of the information and user-burden tolerance. One practical implication of our results is that today??s location-sharing applications may have failed to gain much traction due to their limited privacy settings, as they appear to be ineffective at capturing the preferences revealed by our study.     

Trip planning queries with location privacy in spatial databases

Privacy has become a major concern for the users of location-based services (LBSs) and researchers have focused on protecting user privacy for different location-based queries. In this paper, we propose techniques to protect location privacy of users for trip planning (TP) queries, a novel type of query in spatial databases. A TP query enables a user to plan a trip with the minimum travel distance, where the trip starts from a source location, goes through a sequence of points of interest (POIs) (e.g., restaurant, shopping center), and ends at a destination location. Due to privacy concerns, users may not wish to disclose their exact locations to the location-based service provider (LSP). In this paper, we present the first comprehensive solution for processing TP queries without disclosing a user’s actual source and destination locations to the LSP. Our system protects the user’s privacy by sending either a false location or a cloaked location of the user to the LSP but provides exact results of the TP queries. We develop a novel technique to refine the search space as an elliptical region using geometric properties, which is the key idea behind the efficiency of our algorithms. To further reduce the processing overhead while computing a trip from a large POI database, we present an approximation algorithm for privacy preserving TP queries. Extensive experiments show that the proposed algorithms evaluate TP queries in real time with the desired level of location privacy.     

面向轨迹数据发布的个性化差分隐私保护机制

移动互联网和智能手机的普及大大方便了人们的生活,并由此产生了大量的轨迹数据.通过对发布的轨迹数据进行分析,能够有效提高基于位置服务的质量,进而推动智慧城市相关应用的发展,例如智能交通管理、基础设计规划以及道路拥塞预警与检测.然而,由于轨迹数据中包含用户的敏感信息,直接发布原始的轨迹数据会对个人隐私造成严重威胁.差分隐私作为一种具备严格形式化定义、强隐私性保证的安全机制,已经被广泛应用于轨迹数据的发布中.但是,现有的方法假定用户具有相同的隐私偏好,并且为所有用户提供相同级别的隐私保护,这会导致对某些用户提供的隐私保护级别不足,而某些用户则获得过多的隐私保护.为满足不同用户的隐私保护需求,提高数据可用性,本文假设用户具备不同的隐私需求,提出了一种面向轨迹数据的个性化差分隐私发布机制.该机制利用Hilbert曲线提取轨迹数据在各个时刻的分布特征,生成位置聚簇,使用抽样机制和指数机制选择各个位置聚簇的代表元,进而利用位置代表元对原始轨迹数据进行泛化,从而生成待发布轨迹数据.在真实轨迹数据集上的实验表明,与基于标准差分隐私的方法相比,本文提出的机制在隐私保护和数据可用性之间提供了更好的平衡.     

Complete Bipartite Anonymity for Location Privacy

Users are vulnerable to privacy risks when providing their location information to location-based services (LBS). Existing work sacrifices the quality of LBS by degrading spatial and temporal accuracy ...     

一种融合地理位置信息的协同过滤推荐算法

目前,基于用户消费数据构建的推荐系统在电子商务领域发挥着越来越大的作用,而在这些数据中,商家本身具有的地理位置信息忠实地记录了用户的消费痕迹,能够有效反映出用户在地理位置维度上的个人偏好信息,从而对推荐系统具有非常重要的意义。现有工作一般只利用了用户对地点的评价以及地点之间的距离,无法反映出不同地点之间的关联关系,以及用户在不同地点中的偏好权重问题。该文从地理区域划分的角度出发,研究了用户在区域范围内的消费兴趣偏好,以及不同粒度级别的区域划分方法对推荐模型的影响,探索了在推荐过程中有效融合地域信息的方法,考虑了包括地区的全局性影响、用户对地区的偏好等,结合这些因素提出了融合地理位置信息的推荐模型LGE、LGN及LRSVD。通过在Yelp数据集上的实验表明,这些模型相比于传统的推荐算法能够有效提高预测效果。     

一种基于匿名区域变换的位置隐私保护方法

针对基于位置服务的应用中存在的用户位置隐私泄露问题,提出一种基于匿名区域变换的位置隐私保护方法。在离用户一定距离处选择一个锚点生成匿名区域后,利用邻近节点处理法计算用户邻近节点查询结果与用户真实位置之间的距离,从而实现在保护用户位置隐私的同时得到精确的查询结果。理论分析和实验结果表明,与Cloaking Region和SpaceTwist算法相比,该方法在保证较低通信开销的前提下,具有较好的位置隐私保护性能。     

面向不可信服务器的空间众包隐私保护研究

随着互联网技术的迅速发展以及智能移动设备的普遍使用,空间众包的使用愈加广泛.用户发布空间任务,空间众包平台将会雇佣工作者为其分配任务并执行.该类方法需要通过智能设备获取用户位置数据和工作者位置数据,容易泄露位置隐私,严重威胁了用户和工作者的隐私安全.针对个人位置隐私泄露的问题,本文提出了一种采用地理不可区分性对不可信服...     

一种防边权和语义攻击的位置隐私保护方法

边权攻击和位置语义攻击根据移动用户活动的周边环境推断用户的位置,泄露用户的位置隐私。针对该问题,提出一种防边权攻击的位置语义安全隐私保护方法。该方法将道路的敏感度和关联度结合,构建道路隐私度,描述道路在语义位置的敏感性,及道路与匿名集中其他道路上用户数量分布的均衡性;基于中心服务器结构,根据用户的位置隐私要求,采用宽度优先搜索方式,筛选道路隐私度最小的道路加入匿名集,以生成具备语义安全和防边权推断攻击的匿名集。仿真测试结果表明,该方法筛选的匿名集的匿名成功率达到87%,抗边权攻击和语义攻击的能力要高于对比算法。     

Discovering socially important locations of social media users

Socially important locations are places that are frequently visited by social media users in their social media life. Discovering socially interesting, popular or important locations from a location based social network has recently become important for recommender systems, targeted advertisement applications, and urban planning, etc. However, discovering socially important locations from a social network is challenging due to the data size and variety, spatial and temporal dimensions of the datasets, the need for developing computationally efficient approaches, and the difficulty of modeling human behavior. In the literature, several studies are conducted for discovering socially important locations. However, majority of these studies focused on discovering locations without considering historical data of social media users. They focused on analysis of data of social groups without considering each user’s preferences in these groups. In this study, we proposed a method and interest measures to discover socially important locations that consider historical user data and each user’s (individual’s) preferences. The proposed algorithm was compared with a naïve alternative using real-life Twitter dataset. The results showed that the proposed algorithm outperforms the naïve alternative.     

面向移动社交网络的位置隐私保护方法

移动社交网络为人们的生活带来了极大的便利,但用户在享受这些服务带来便利的同时,个人位置隐私受到了严重威胁。首先对用户位置隐私保护需求进行了形式化描述,继而针对用户的敏感兴趣点泄露问题,提出了一种情景感知的隐私保护方法。该方法将位置信息、社交关系、个人信息引入到知识构建算法中以计算兴趣点间的相关性,并利用该相关性及时空情景实时判断发布当前位置是否会泄露用户隐私,进而实现了隐私保护与服务可用性间的平衡。最后通过仿真实验验证了该方法的有效性。     

位置服务中一种基于假轨迹的轨迹隐私保护方法

在位置隐私保护中,现有的方法很多都是针对用户单个位置的隐私保护,而现实情况是,用户始终处在一个连续运动的状态中,在每一个地点都有可能发出位置查询服务,由此可以产生一个用户运动的轨迹。因此如何保证这条轨迹不被攻击者识别出来就是连续查询条件下要解决的问题。针对轨迹隐私保护问题,文章提出一种基于假轨迹的轨迹隐私保护方法,在用户连续查询形成运行轨迹的同时,算法根据用户自身设定的隐私度参数要求,生成符合要求的假位置和假轨迹,通过降低攻击者的识别概率来提高轨迹隐私保护度。模拟仿真实验结果证明,与随机生成假轨迹的方法相比,在隐私保护度较高的情形下,文章方法在时间消耗和假轨迹的生成数目上都有一定的优势。     

Countering overlapping rectangle privacy attack for moving kNN queries

An important class of LBSs is supported by the moving k nearest neighbor (MkNN) query, which continuously returns the k nearest data objects for a moving user. For example, a tourist may want to observe the five nearest restaurants continuously while exploring a city so that she can drop in to one of them anytime. Using this kind of services requires the user to disclose her location continuously and therefore may cause privacy leaks derived from the user's locations. A common approach to protecting a user's location privacy is the use of imprecise locations (e.g., regions) instead of exact positions when requesting LBSs. However, simply updating a user's imprecise location to a location-based service provider (LSP) cannot ensure a user's privacy for an MkNN query: continuous disclosure of regions enable LSPs to refine more precise location of the user. We formulate this type of attack to a user's location privacy that arises from overlapping consecutive regions, and provide the first solution to counter this attack. Specifically, we develop algorithms which can process an MkNN query while protecting the user's privacy from the above attack. Extensive experiments validate the effectiveness of our privacy protection technique and the efficiency of our algorithm.     

An intelligent driver location system for smart parking

It is often frustrating for drivers to find parking spaces, and parking itself is costly in almost every major city in the world. Here we propose a crowdsourcing solution by exploiting sensors in smart-phones to collect real-time parking availability information. We design a phone-based system to track a driver’s trajectory to detect when they are about to leave their parking spot. We focus on the efficiency and accuracy of using a phone to monitor the driver’s walking trajectory, applying a waist-mounted PDR method that can measure the driver’s moving distance with a high accuracy. In addition, we design a map matching algorithm to calibrate the direction errors when the driver is in an indoor environment, using widely-available building floor plans. The results of our experiment show that we can achieve about 98% accuracy in estimating the user’s walking distance, with an overall location error of about 0.48 m.     

抗基于历史轨迹预测攻击的动态K-匿名算法

位置K-匿名技术被广泛应用于LBS隐私保护中,然而大多数基于K-匿名机制的研究缺少对攻击者背景知识的考虑,针对此,提出了一种抵御基于历史轨迹预测攻击的动态匿名算法。该方法以滑动窗口约束的方式挑选出与用户基轨迹相似的历史轨迹对用户位置进行预测,并对存在预测风险的位置动态添加历史数据以抵御预测攻击。与同类算法相比,实验结果表明该算法具有更好的预测性能,且在同等隐私需求下降低了用户的隐私披露风险。     

Customized crowds and active learning to improve classification

Traditional classification algorithms can be limited in their performance when a specific user is targeted. User preferences, e.g. in recommendation systems, constitute a challenge for learning algorithms. Additionally, in recent years user’s interaction through crowdsourcing has drawn significant interest, although its use in learning settings is still underused.In this work we focus on an active strategy that uses crowd-based non-expert information to appropriately tackle the problem of capturing the drift between user preferences in a recommendation system. The proposed method combines two main ideas: to apply active strategies for adaptation to each user; to implement crowdsourcing to avoid excessive user feedback. A similitude technique is put forward to optimize the choice of the more appropriate similitude-wise crowd, under the guidance of basic user feedback.The proposed active learning framework allows non-experts classification performed by crowds to be used to define the user profile, mitigating the labeling effort normally requested to the user.The framework is designed to be generic and suitable to be applied to different scenarios, whilst customizable for each specific user. A case study on humor classification scenario is used to demonstrate experimentally that the approach can improve baseline active results.     

支持本体推理的P3P隐私策略冲突检测研究

隐私偏好平台(platform for privacy preferences,P3P)主要被用于在用户访问网站时保护用户的隐私。同时,如何使用语义Web技术实现P3P隐私框架已经成为一个主要的关注点。分析了如何使用本体描述语言(Web ontoloty language,OWL)对P3P隐私策略及用户隐私偏好进行知识表示,并提供了若干使用OWL公理描述的约束,这些约束将为推理提供支持。分析了如何使用推理对服务隐私策略同用户隐私偏好之间的冲突进行检测。通过实验证明了该方法的正确性。