Understanding Vulnerabilities of Location Privacy Mechanisms against Mobility Prediction Attacks

In today's online social networks such as Facebook, users increasingly share their location information as a popular type of personal information. However, since location data can leak privacy-sensitive information about individuals such as the type of places they like to visit, a number of location obfuscation mechanisms have been proposed to avoid such disclosure. These mechanisms publish bigger regions containing the actual user location in order to make it imprecise. Thus an attacker may find it hard to precisely locate the user in a privacy-sensitive place such as a hospital.

In this paper, we show that state-of-the-art location obfuscation mechanisms do not provide privacy guarantees against attacks based on mobility prediction. In this regard, we design and demonstrate a mobility prediction attack that exploits location history information of users and show its effectiveness on a year-long real-world location dataset. In particular, our results show that such an attack can successfully de-obfuscate up to 50% of sensitive user visits with high precision (>= 80%), even when the location history data used for the attack is already obfuscated. We also analyze the success of our mobility prediction attacks and suggest important design improvements for future location privacy mechanisms.