TraCS: Trajectory Collection in Continuous Space under Local Differential Privacy

Trajectory collection is essential for location-based services, yet it can reveal highly sensitive information about users, such as daily routines and activities, raising serious privacy concerns. Local Differential Privacy (LDP) offers strong privacy guarantees for users even when the data collector is untrusted. However, existing trajectory collection methods under LDP are largely confined to discrete location spaces, where the size of the location space affects both privacy guarantees and trajectory utility. Moreover, many real-world applications, such as flying trajectories or wearable-sensor traces, naturally operate in continuous spaces, making these discrete-space methods inadequate. This paper shifts the focus from discrete to continuous spaces for trajectory collection under LDP. We propose two methods: TraCS-D, which perturbs the direction and distance of locations, and TraCS-C, which perturbs the Cartesian coordinates of locations. Both methods are theoretically and experimentally analyzed for trajectory utility in continuous spaces. TraCS can also be applied to discrete spaces by rounding perturbed locations to any discrete space embedded in the continuous space. In this case, the privacy and utility guarantees of TraCS are independent of the number of locations in the space, and each perturbation requires only $Θ(1)$ time complexity. Evaluation results on discrete location spaces validate the efficiency advantage and demonstrate that TraCS outperforms state-of-the-art methods with improved trajectory utility, particularly for large privacy parameters.

💡 Research Summary

Trajectory data are indispensable for many location‑based services, yet their collection poses severe privacy risks because a single trajectory can reveal a user’s daily routines, places of interest, and personal habits. Local Differential Privacy (LDP) offers strong, provable privacy guarantees even when the data collector is untrusted, but existing LDP‑based trajectory collection methods are designed for discrete location spaces. Those methods suffer from three fundamental drawbacks: (i) the privacy guarantee depends on the cardinality of the discrete domain, so a space with few locations provides weaker protection; (ii) the utility and computational cost scale with the domain size, because mechanisms such as the Exponential mechanism require linear‑time sampling over all candidate locations; and (iii) they cannot be directly applied to inherently continuous domains such as flight paths, sailing routes, or wearable‑sensor traces, and discretization introduces a difficult trade‑off between granularity, utility, and efficiency.

To overcome these limitations, the authors shift the focus to continuous two‑dimensional spaces S⊂ℝ² and propose two novel LDP mechanisms, TraCS‑D and TraCS‑C, collectively called TraCS. The key insight is to decompose the 2‑D continuous space into two one‑dimensional subspaces and to build a 2‑D perturbation mechanism by composing existing utility‑optimized piecewise‑based mechanisms for bounded numerical domains. Piecewise‑based mechanisms define a high‑probability interval