Trajectory Recovery from Ash: User Privacy Is NOT Preserved in Aggregated Mobility Data | Xu, Tu, Li, Zhang, Fu, Jin

Fengli Xu, Zhen Tu, Yong Li, Pengyu Zhang, Xiaoming Fu, Depeng Jin; Trajectory Recovery From Ash: User Privacy Is NOT Preserved in Aggregated Mobility Data; In Proceedings of the Conference on the World Wide Web (WWW); 2017-02-21 (2017-02-25); 10 pages; arXiv:1702.06270

tl;dr → probabilistic individuation from timestamped aggregated population location records.


Human mobility data has been ubiquitously collected through cellular networks and mobile applications, and publicly released for academic research and commercial purposes for the last decade. Since releasing individual’s mobility records usually gives rise to privacy issues, datasets owners tend to only publish aggregated mobility data, such as the number of users covered by a cellular tower at a specific timestamp, which is believed to be sufficient for preserving users’ privacy. However, in this paper, we argue and prove that even publishing aggregated mobility data could lead to privacy breach in individuals’ trajectories. We develop an attack system that is able to exploit the uniqueness and regularity of human mobility to recover individual’s trajectories from the aggregated mobility data without any prior knowledge. By conducting experiments on two real-world datasets collected from both mobile application and cellular network, we reveal that the attack system is able to recover users’ trajectories with accuracy about 73%~91% at the scale of tens of thousands to hundreds of thousands users, which indicates severe privacy leakage in such datasets. Through the investigation on aggregated mobility data, our work recognizes a novel privacy problem in publishing statistic data, which appeals for immediate attentions from both academy and industry.



  1. R. Wang, M. Xue, K. Liu, et al. Data-driven privacy analytics: A wechat case study in location-based social networks. In Wireless Algorithms, Systems, and Applications. Springer, 2015.
  2. Apple’s commitment to your privacy.
  3. V. D. Blondel, M. Esch, C. Chan, et al. Data for development: the D4D challenge on mobile phone data. arXiv:1210.0137, 2012.
  4. G. Acs and C. Castelluccia. A case study: privacy preserving release of spatio-temporal density in Paris. In Proceedings of the ACM Conference of the Special Interest Group on Knowledge D-something and D-Something (SIGKDD). ACM, 2014.
  5. China telcom’s big data products.
  6. C. Song, Z. Qu, N. Blumm. Limits of predictability in human mobility. In Science, 2010.
  7. S. Isaacman, R. Becker, R. Cáceres, et al. Ranges of human mobility in Los Angeles and New York. In Proceedings of the IEEE Workshops on Pervasive Computing and Communications (PERCOM). IEEE, 2011.
  8. S. Isaacman, R. Becker, R. Cáceres, et al. Human mobility modeling at metropolitan scales. In In Proceedings of the ACM Conference on Mobile Systems (MOBISYS). ACM, 2012.
  9. M. Seshadri, S. Machiraju, A. Sridharan, et al. Mobile call graphs: beyond power-law and lognormal distributions. In Proceedings of the ACM Conference on Knowledge Discovery? and Discernment? (KDD). ACM, 2008.
  10. Y. Wang, H. Zang, M. Faloutsos. Inferring cellular user demographic information using homophily on call graphs. In Proceedings of the IEEE Workshop on Computer Communications (INFOCOM) IEEE, 2013.
  11. A. Wesolowski, N. Eagle, A. J. Tatem, et al. Quantifying the impact of human mobility on malaria. In Science, 2012.
  12. M. Saravanan, P. Karthikeyan, A. Aarthi. Exploring community structure to understand disease spread and control using mobile call detail records. NetMob D4D Challenge, 2013. Probably there’s a promotional micro-site for this.
  13. R. W. Douglass, D. A. Meyer, M. Ram, et al. High resolution population estimates from telecommunications data. In EPJ Data Science, 2015.
  14. H. Wang, F. Xu, Y. Li, et al. Understanding mobile traffic patterns of large scale cellular towers in urban environment. In Proceedings of the ACM Internet Measurement Conference (IMC). ACM, 2015.
  15. L. Sweeney. k-anonymity: A model for protecting privacy. In International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems, 2002.
  16. Y. de Montjoye, L. Radaelli, V. K. Singh, et al. Unique in the shopping mall: On the reidentifiability of credit card metadata. In Science, 2015.
  17. H. Zang and J. Bolot. Anonymization of location data does not work: A large-scale measurement study. In Proceedings of the ACM Conference on Mobile Communications (Mobicom). ACM, 2011.
  18. M. Gramaglia and M. Fiore. Hiding mobile traffic fingerprints with glove. In Proceedings of the ACM Conference CoNEXT, 2015.
  19. A.-L. Barabasi. The origin of bursts and heavy tails in human dynamics. In Nature, 2005.
  20. A. Machanavajjhala, D. Kifer, J. Gehrke, et al. l-Diversity: Privacy beyond k-Anonymity. In Transactions on Knowledge Doodling? and Deliverance? (TKDD), 2007.
  21. Y. de Montjoye, C. A. Hidalgo, M. Verleysen, et al. Unique in the crowd: The privacy bounds of human mobility. In Scientific Reports, 2013.
  22. G. B. Dantzig. Linear Programming and Extensions. Princeton University Press, 1998.
  23. H. W. Kuhn. The Hungarian Method for the Assignment Problem. In Naval Research Logistics Quarterly, 1955.
  24. O. Abul, F. Bonchi, M. Nanni. Anonymization of moving objects databases by clustering and perturbation. In Information Systems, 2010.
  25. Pascal Welke, Ionut Andone, Konrad Blaszkiewicz, Alexander Markowetz. Differentiating smartphone users by app usage. In Proceedings of the 2016 ACM International Joint Conference on Pervasive and Ubiquitous Computing, pages 519–523. ACM, 2016.
  26. Lukasz Olejnik, Claude Castelluccia, Artur Janc. Why Johnny Can’t Browse in Peace: On the uniqueness of web browsing history patterns. In Proceedings of the 5th Workshop on Hot Topics in Privacy Enhancing Technologies (HotPETs), 2012.
  27. M. C. Gonzalez, C. A. Hidalgo, A.-L. Barabasi. Understanding individual human mobility patterns. In Nature, 2008.
  28. C. Song, T. Koren, P. Wang, et al. Modelling the scaling properties of human mobility. In Nature Physics, 2010.
  29. Y. Liu, K. P. Gummadi, B. Krishnamurthy, et al. Analyzing Facebook Privacy Settings: User Expectations vs. Reality. In Proceedings of the ACM Internet Measurement Conference (IMC). ACM, 2011.
  30. B. Krishnamurthy and C. E. Wills. Generating a privacy footprint on the Internet. In Proceedings of the ACM Internet Measurement Conference
  31. S. Le B., C. Zhang, A. Legout, et al. I know where you are and what you are sharing: exploiting P2P communications to invade users’ privacy. In Proceedings of the ACM Internet Measurement Conference (IMC). ACM, 2011.
  32. S. Liu, I. Foster, S. Savage, et al. Who is. com? learning to parse WHOIS records. In Proceedings of the ACM Internet Measurement Conference (IMC). ACM, 2015.
  33. H. Kido, Y. Yanagisawa, T. Satoh. Protection of location privacy using dummies for location-based services. In Proceedings of the IEEE International Conference on (Mountain?) DEW (ICDEW). IEEE, 2005.
  34. A. Monreale, G. L. Andrienko, N. V. Andrienko, et al. Movement data anonymity through generalization. In Transactions on Data Privacy, 2010.
  35. K. Sui, Y. Zhao, D. Liu, et al. Your trajectory privacy can be breached even if you walk in groups. In Proceedings of the IEEE/ACM International Workshop on Quality of Service (IWQoS), 2016.
  36. Y. Song, D. Dahlmeier, S. Bressan. Not so unique in the crowd: a simple and effective algorithm for anonymizing location data. In PIR@ SIGIR, 2014.
  37. S. Garfinkel. Privacy protection and RFID. In Ubiquitous and Pervasive Commerce. Springer, 2006.
  38. J. Domingo-Ferrer and R. Trujillo-Rasua. Microaggregation-and permutation-based anonymization of movement data. In Information Sciences, 2012.
  39. Cynthia Dwork, Adam Smith, Thomas Steinke, Jonathan Ullman, Salil Vadhan. Robust Traceability From Trace Amounts. In Proceedings of the 56th Annual IEEE Symposium on Foundations of Computer Science (FOCS), , pages 650–669. IEEE, 2015.

Previously filled.

Comments are closed.