Trajectory data has the potential to greatly benefit a wide-range of real-world applications, such as tracking the spread of the disease through people's movement patterns and providing personalized location-based services based on travel preference. However, privay concerns and data protection regulations have limited the extent to which this data is shared and utilized. To overcome this challenge, local differential privacy provides a solution by allowing people to share a perturbed version of their data, ensuring privacy as only the data owners have access to the original information. Despite its potential, existing point-based perturbation mechanisms are not suitable for real-world scenarios due to poor utility, dependence on external knowledge, high computational overhead, and vulnerability to attacks. To address these limitations, we introduce LDPTrace, a novel locally differentially private trajectory synthesis framework. Our framework takes into account three crucial patterns inferred from users' trajectories in the local setting, allowing us to synthesize trajectories that closely resemble real ones with minimal computational cost. Additionally, we present a new method for selecting a proper grid granularity without compromising privacy. Our extensive experiments using real-world data, various utility metrics and attacks, demonstrate the efficacy and efficiency of LDPTrace.

翻译：轨迹数据有望在广泛的实际应用中发挥重要作用，例如通过人们的移动模式追踪疾病传播，以及根据旅行偏好提供个性化位置服务。然而，隐私问题和数据保护法规限制了此类数据的共享与利用。为克服这一挑战，本地差分隐私提供了一种解决方案，允许用户共享数据的扰动版本，确保只有数据所有者能访问原始信息。尽管潜力巨大，现有基于点的扰动机制由于效用低、依赖外部知识、计算开销高且易受攻击，并不适用于现实场景。为解决这些局限，我们提出了LDPTrace——一种新型本地差分隐私轨迹合成框架。该框架考虑了从用户本地轨迹中推断出的三种关键模式，能够以最小的计算成本合成与真实轨迹高度相似的轨迹。此外，我们还提出了一种在不牺牲隐私的前提下选择合适网格粒度的方法。基于真实数据、多种效用指标和攻击手段的广泛实验，验证了LDPTrace的有效性与高效性。