Location obfuscation

Last updated April 13, 2023

Location obfuscation is a technique used in location-based services or information systems to protect the location of the users by slightly altering, substituting or generalizing their location in order to avoid reflecting their real position.

A formal definition of location obfuscation can be "the means of deliberately degrading the quality of information about an individual's location in order to protect that individual's location privacy.^[1]

Obfuscation techniques

The most common techniques to perform this change are:

Pseudonyms and the use of third party location providers^[2]
"Spatial cloaking" techniques in which a user is k-anonymous if her exact location cannot be distinguished among k-1 other users ^[3]
"Invisible cloaking", in which no locations are provided for certain zones
Adding random noise to the position ^[4]
Rounding, which uses landmarks to approximate the location ^[5]
Redefinition of possible areas of location.^[6]

Each technique for obfuscating location has strengths and weaknesses, and it is important to assess them based on each use case. For example, adding random noise is simple to implement, but can inadvertently create a circle of obfuscated values where the center reveals the individual's exact location. One should also consider the level of obfuscation required in urban areas versus rural areas.

Related Research Articles

<span class="mw-page-title-main">Obfuscation (software)</span> Deliberate creation of difficult-to-understand code

In software development, obfuscation is the act of creating source or machine code that is difficult for humans or computers to understand. Like obfuscation in natural language, it may use needlessly roundabout expressions to compose statements. Programmers may deliberately obfuscate code to conceal its purpose or its logic or implicit values embedded in it, primarily, in order to prevent tampering, deter reverse engineering, or even to create a puzzle or recreational challenge for someone reading the source code. This can be done manually or by using an automated tool, the latter being the preferred technique in industry.

A location-based service (LBS) is a general term denoting software services which use geographic data and information to provide services or information to users. LBS can be used in a variety of contexts, such as health, indoor object search, entertainment, work, personal life, etc. Commonly used examples of location based services include navigation software, social networking services, location-based advertising, and tracking systems. LBS can also include mobile commerce when taking the form of coupons or advertising directed at customers based on their current location. LBS also includes personalized weather services and even location-based games.

The Free Haven Project was formed in 1999 by a group of Massachusetts Institute of Technology students with the aim to develop a secure, decentralized system of data storage. The group's work led to a collaboration with the United States Naval Research Laboratory to develop Tor, funded by DARPA.

Secure communication is when two entities are communicating and do not want a third party to listen in. For this to be the case, the entities need to communicate in a way that is unsusceptible to eavesdropping or interception. Secure communication includes means by which people can share information with varying degrees of certainty that third parties cannot intercept what is said. Other than spoken face-to-face communication with no possible eavesdropper, it is probably safe to say that no communication is guaranteed to be secure in this sense, although practical obstacles such as legislation, resources, technical issues, and the sheer volume of communication serve to limit surveillance.

Mobile phone tracking is a process for identifying the location of a mobile phone, whether stationary or moving. Localization may be affected by a number of technologies, such as the multilateration of radio signals between (several) cell towers of the network and the phone or by simply using GNSS. To locate a mobile phone using multilateration of mobile radio signals, the phone must emit at least the idle signal to contact nearby antenna towers and does not require an active call. The Global System for Mobile Communications (GSM) is based on the phone's signal strength to nearby antenna masts.

Barnardisation is a method of statistical disclosure control for tables of counts. It involves adding +1, 0 or -1 to some or all of the internal non-zero cells in a table in a pseudo-random fashion. The probability of adjustment for each internal cell is calculated as p/2, 1-p, p/2. The table totals are then calculated as the sum of the post-adjustment internal counts.

Anonymizer, Inc. is an Internet privacy company, founded in 1995 by Lance Cottrell, author of the Mixmaster anonymous remailer. Anonymizer was originally named Infonex Internet. The name was changed to Anonymizer in 1997 when the company acquired a web based privacy proxy of the same name developed by Justin Boyan at Carnegie Mellon University School of Computer Science. Boyan licensed the software to C2Net for public beta testing before selling it to Infonex. One of the first web privacy companies founded, Anonymizer creates a VPN link between its servers and its users computer, creating a random IP address, rather than the one actually being used. This can be used to anonymously report a crime, avoid spam, avoid Internet censorship, keep the users identity safe and track competitors, among other uses.

Privacy-enhancing technologies (PET) are technologies that embody fundamental data protection principles by minimizing personal data use, maximizing data security, and empowering individuals. PETs allow online users to protect the privacy of their personally identifiable information (PII), which is often provided to and handled by services or applications. PETs use techniques to minimize an information system's possession of personal data without losing functionality. Generally speaking, PETs can be categorized as hard and soft privacy technologies.

Activity recognition aims to recognize the actions and goals of one or more agents from a series of observations on the agents' actions and the environmental conditions. Since the 1980s, this research field has captured the attention of several computer science communities due to its strength in providing personalized support for many different applications and its connection to many different fields of study such as medicine, human-computer interaction, or sociology.

A device fingerprint or machine fingerprint is information collected about the software and hardware of a remote computing device for the purpose of identification. The information is usually assimilated into a brief identifier using a fingerprinting algorithm. A browser fingerprint is information collected specifically by interaction with the web browser of the device.

Internet censorship circumvention is the use of various methods and tools to bypass internet censorship.

In Electronic Health Records (EHR’s) data masking, or controlled access, is the process of concealing patient health data from certain healthcare providers. Patients have the right to request the masking of their personal information, making it inaccessible to any physician, or a particular physician, unless a specific reason is provided. Data masking is also performed by healthcare agencies to restrict the amount of information that can be accessed by external bodies such as researchers, health insurance agencies and unauthorised individuals. It is a method used to protect patients’ sensitive information so that privacy and confidentiality are less of a concern. Techniques used to alter information within a patient’s EHR include data encryption, obfuscation, hashing, exclusion and perturbation.

In mathematics and telecommunications, stochastic geometry models of wireless networks refer to mathematical models based on stochastic geometry that are designed to represent aspects of wireless networks. The related research consists of analyzing these models with the aim of better understanding wireless communication networks in order to predict and control various network performance metrics. The models require using techniques from stochastic geometry and related fields including point processes, spatial statistics, geometric probability, percolation theory, as well as methods from more general mathematical disciplines such as geometry, probability theory, stochastic processes, queueing theory, information theory, and Fourier analysis.

Monero is a cryptocurrency which uses a blockchain with privacy-enhancing technologies to obfuscate transactions to achieve anonymity and fungibility. Observers cannot decipher addresses trading Monero, transaction amounts, address balances, or transaction histories.

Crowdsensing, sometimes referred to as mobile crowdsensing, is a technique where a large group of individuals having mobile devices capable of sensing and computing collectively share data and extract information to measure, map, analyze, estimate or infer (predict) any processes of common interest. In short, this means crowdsourcing of sensor data from mobile devices.

Human rights applied to encryption, is a concept of freedom of expression where encryption is a technical resource in the implementation of basic human rights.

Ride sharing networks face issues of user privacy like other online platforms do. Concerns surrounding the apps include the security of financial details, and privacy of personal details and location. Privacy concerns can also rise during the ride as some drivers choose to use passenger facing cameras for their own security. As the use of ride sharing services become more widespread so do the privacy issues associated with them.

Local differential privacy (LDP) is a model of differential privacy with the added restriction that even if an adversary has access to the personal responses of an individual in the database, that adversary will still be unable to learn too much about the user's personal data. This is contrasted with global differential privacy, a model of differential privacy that incorporates a central aggregator with access to the raw data.

Spatial cloaking is a privacy mechanism that is used to satisfy specific privacy requirements by blurring users’ exact locations into cloaked regions. This technique is usually integrated into applications in various environments to minimize the disclosure of private information when users request location-based service. Since the database server does not receive the accurate location information, a set including the satisfying solution would be sent back to the user. General privacy requirements include K-anonymity, maximum area, and minimum area.

Identity replacement technology is any technology that is used to cover up all or parts of a person's identity, either in real life or virtually. This can include face masks, face authentication technology, and deepfakes on the Internet that spread fake editing of videos and images. Face replacement and identity masking are used by either criminals or law-abiding citizens. Identity replacement tech, when operated on by criminals, leads to heists or robbery activities. Law-abiding citizens utilize identity replacement technology to prevent government or various entities from tracking private information such as locations, social connections, and daily behaviors.

References

↑ M. Duckham, L. Kulik and A. Birtley, "A Formal Model of Obfuscation and Negotiation for Location Privacy." In Proc. Pervasive 2005. LCNC 3468/2005, pp. 243–251, 2005
↑ T. Rodden, A. Friday, H. Muller, and A. Dix, "A Lightweight Approach to Managing Privacy in Location-Based Services". Technical Report. Equator-02-058. CSTR-07-006, University of Nottingham and Lancaster University and University of Bristol. October 2002.
↑ M. Gruteser and D. Grunwald, "Anonymous usage of location-based services through spatial and temporal cloaking". In Proc. MobiSys ’03, pp. 31–42, 2003.
↑ M. E. Andrés, N. E. Bordenabe, K. Chatzikokolakis, and C. Palamidessi, "Geo-indistinguishability: differential privacy for location-based systems". In Proc. of CCS 2013, ACM, pp. 901–914, 2013.
↑ Krumm, J, “Inference Attacks on Location Tracks”. In Proc. Pervasive 2007, Springer-Verlag, pp. 127–143.
↑ Ardagna, Claudio; Cremonini, Marco; De Capitani di Vimercati, Sabrina; Samarati, Pierangela (1 January 2011). "An Obfuscation-Based Approach for Protecting Location Privacy". IEEE Transactions on Dependable and Secure Computing. 8 (1): 13–27. CiteSeerX 10.1.1.182.9007 . doi:10.1109/TDSC.2009.25.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[ProcPerv2005-1] M. Duckham, L. Kulik and A. Birtley, "A Formal Model of Obfuscation and Negotiation for Location Privacy." In Proc. Pervasive 2005. LCNC 3468/2005, pp. 243–251, 2005

[2] T. Rodden, A. Friday, H. Muller, and A. Dix, "A Lightweight Approach to Managing Privacy in Location-Based Services". Technical Report. Equator-02-058. CSTR-07-006, University of Nottingham and Lancaster University and University of Bristol. October 2002.

[3] M. Gruteser and D. Grunwald, "Anonymous usage of location-based services through spatial and temporal cloaking". In Proc. MobiSys ’03, pp. 31–42, 2003.

[4] M. E. Andrés, N. E. Bordenabe, K. Chatzikokolakis, and C. Palamidessi, "Geo-indistinguishability: differential privacy for location-based systems". In Proc. of CCS 2013, ACM, pp. 901–914, 2013.

[5] Krumm, J, “Inference Attacks on Location Tracks”. In Proc. Pervasive 2007, Springer-Verlag, pp. 127–143.

[6] Ardagna, Claudio; Cremonini, Marco; De Capitani di Vimercati, Sabrina; Samarati, Pierangela (1 January 2011). "An Obfuscation-Based Approach for Protecting Location Privacy". IEEE Transactions on Dependable and Secure Computing. 8 (1): 13–27. CiteSeerX 10.1.1.182.9007 . doi:10.1109/TDSC.2009.25.

[1]

[2]

[3]

[4]

[5]

[6]