As an indispensable personalized service within Location-Based Social Networks (LBSNs), the Point-of-Interest (POI) recommendation aims to assist individuals in discovering attractive and engaging places. However, the accurate recommendation capability relies on the powerful server collecting a vast amount of users' historical check-in data, posing significant risks of privacy breaches. Although several collaborative learning (CL) frameworks for POI recommendation enhance recommendation resilience and allow users to keep personal data on-device, they still share personal knowledge to improve recommendation performance, thus leaving vulnerabilities for potential attackers. Given this, we design a new Physical Trajectory Inference Attack (PTIA) to expose users' historical trajectories. Specifically, for each user, we identify the set of interacted POIs by analyzing the aggregated information from the target POIs and their correlated POIs. We evaluate the effectiveness of PTIA on two real-world datasets across two types of decentralized CL frameworks for POI recommendation. Empirical results demonstrate that PTIA poses a significant threat to users' historical trajectories. Furthermore, Local Differential Privacy (LDP), the traditional privacy-preserving method for CL frameworks, has also been proven ineffective against PTIA. In light of this, we propose a novel defense mechanism (AGD) against PTIA based on an adversarial game to eliminate sensitive POIs and their information in correlated POIs. After conducting intensive experiments, AGD has been proven precise and practical, with minimal impact on recommendation performance.

翻译：作为基于位置的社交网络（LBSNs）中不可或缺的个性化服务，兴趣点（POI）推荐旨在帮助用户发现具有吸引力的场所。然而，精准的推荐能力依赖于强大的服务器收集海量用户历史签到数据，这带来了显著的隐私泄露风险。尽管现有多种面向POI推荐的协作学习（CL）框架提升了推荐的鲁棒性，并允许用户在本地设备上保存个人数据，但这些框架仍需共享个人知识以提升推荐性能，从而为潜在攻击者留下可乘之机。基于此，我们设计了一种新型物理轨迹推断攻击（PTIA）以暴露用户的历史轨迹。具体而言，对每位用户，我们通过分析目标POI及其关联POI的聚合信息，识别其交互过的POI集合。我们在两个真实数据集上评估了PTIA对两类面向POI推荐的去中心化CL框架的攻击效果。实验结果表明，PTIA对用户历史轨迹构成重大威胁。此外，作为CL框架的传统隐私保护方法，本地差分隐私（LDP）已被证实在PTIA面前失效。针对此问题，我们提出了一种基于对抗博弈的新型防御机制（AGD），通过消除敏感POI及其在关联POI中的信息来抵御PTIA。经大量实验验证，AGD在几乎不影响推荐性能的前提下，展现出高精度与实用性。