Optimizing noise level for perturbing geo-location data

With the tremendous increase in the number of smart phones, app stores have been overwhelmed with applications requiring geo-location access in order to provide their users better services through personalization. Revealing a user’s location to these third party apps, no matter at what frequency, is a severe privacy breach which can have unpleasant social consequences. In order to prevent inference attacks derived from geo-location data, a number of location obfuscation techniques have been proposed in the literature. However, none of them provides any objective measure of privacy guarantee. Some work has been done to define differential privacy for geo-location data in the form of geo-indistinguishability with l privacy guarantee. These techniques do not utilize any prior background information about the Points of Interest (PoIs) of a user and apply Laplacian noise to perturb all the location coordinates. Intuitively, the utility of such a mechanism can be improved if the noise distribution is derived after considering some prior information about PoIs. In this paper, we apply the standard definition of differential privacy on geo-location data. We use first principles to model various privacy and utility constraints, prior background information available about the PoIs (distribution of PoI locations in a 1D plane) and the granularity of the input required by different types of apps, in order to produce a more accurate and a utility maximizing differentially private algorithm for geo-location data at the OS level. We investigate this for a particular category of apps and for some specific scenarios. This will also help us to verify that whether Laplacian noise is still the optimal perturbation when we have such prior information.

💡 Research Summary

The paper addresses the growing privacy concerns associated with location‑based services (LBS) on smartphones. While differential privacy, specifically geo‑indistinguishability, has been proposed as a formal guarantee, existing implementations rely on adding Laplace noise uniformly across the map, assuming no prior knowledge about a user’s points of interest (PoIs). The authors argue that this uniform approach can severely degrade utility, especially when applications already have implicit or explicit prior information about likely destinations (e.g., a restaurant search app knows the user is looking for nearby eateries).

To exploit such prior knowledge, the authors introduce two probability distributions: π, representing the user’s personal PoI history, and ψ, representing the operating system’s (OS) generic knowledge about PoI locations (e.g., typical distribution of restaurants, gas stations, etc.). They model the location perturbation mechanism as a conditional probability p(z|x) where x is the true coordinate (fixed at 0 for analysis) and z is the reported noisy coordinate. Two sets of constraints are formulated:

1. Privacy constraints: For any two adjacent inputs x and x′, the ratio p(z|x)/p(z|x′) must be bounded by e^ε, ensuring ε‑differential privacy (geo‑indistinguishability) holds.
2. Utility constraints: The expected distance loss E