Team, Visitors, External Collaborators
Overall Objectives
Research Program
Highlights of the Year
New Software and Platforms
New Results
Bilateral Contracts and Grants with Industry
Partnerships and Cooperations
XML PDF e-pub
PDF e-Pub

Section: New Results

How Geo-indistinguishability Affects Utility in Mobility-based Geographic Datasets

Participants : Adriano Di Luzio [Inria] , Aline Carneiro Viana, Catuscia Palamidessi [Comete – Inria] , Konstantinos Chatzikokolakis [Comete – Inria] , Georgi Dikov [Comete – Inria] , Julinda Stefa [Sapienza University] .

Many of the scientific challenges that we face today deal with improving the quality of our everyday lives. They aim at making the cities around us smarter, more efficient, and more sustainable (e.g., how to schedule public transport during peak hours or what is the most efficient path for waste disposal). All these challenges share a common ground. They rely on datasets gathered from the real world that depict the mobility of hundreds of thousands individuals and picture, with great detail, the whereabouts of their lives—where they live, work, shop for groceries, and hangout with friends. At the same time, however, the collection of personal data also endangers the privacy of the users that to whom these data belong. To protect the privacy of the users, it is necessary to sanitize these datasets before releasing them to the public.

When we sanitize the datasets we trade the accuracy of the information they contain to protect the privacy of their users. The task of this work is to shed light on the effects of the trade-off between privacy and utility in mobility-based geographic datasets. We aim at finding out whether it is possible to protect the privacy of the users in a dataset while, at the same time, maintaining intact the utility of the information that it contains. In particular, we focus on geo-indistinguishability as a privacy-preserving sanitization methodology, and we evaluate its effects on the utility of the Geolife dataset. We test the sanitized dataset in two real world scenarios: (1) Deploying an infrastructure of WiFi hotspots to offload the mobile traffic of users living, working, or commuting in a wide geographic area; (2) Simulating the spreading of a gossip-based epidemic as the outcome of a device-to-device communication protocol. We show the extent to which the current geo-indistinguishability techniques trade privacy for utility in real world applications and we focus on their effects at the levels of the population as a whole and of single individuals.

This paper was published at the LocalRec 2019 workshop, jointly with ACM SIGSPATIAL [12].