The growing popularity of location-based systems, allowing unknown/untrustedservers to easily collect huge amounts of information regarding users'location, has recently started raising serious privacy concerns. In this paperwe study geo-indistinguishability, a formal notion of privacy forlocation-based systems that protects the user's exact location, while allowingapproximate information - typically needed to obtain a certain desired service- to be released. Our privacy definition formalizes the intuitive notion ofprotecting the user's location within a radius r with a level of privacy thatdepends on r, and corresponds to a generalized version of the well-knownconcept of differential privacy. Furthermore, we present a perturbationtechnique for achieving geo-indistinguishability by adding controlled randomnoise to the user's location. We demonstrate the applicability of our techniqueon a LBS application. Finally, we compare our mechanism with other ones in theliterature. It turns our that our mechanism offers the best privacy guarantees,for the same utility, among all those which do not depend on the prior.
展开▼