While location trajectories represent a valuable data source for analyses and location-based services, they can reveal sensitive information, such as political and religious preferences. Differentially private publication mechanisms have been proposed to allow for analyses under rigorous privacy guarantees. However, the traditional protection schemes suffer from a limiting privacy-utility trade-off and are vulnerable to correlation and reconstruction attacks. Synthetic trajectory data generation and release represent a promising alternative to protection algorithms. While initial proposals achieve remarkable utility, they fail to provide rigorous privacy guarantees. This paper proposes a framework for designing a privacy-preserving trajectory publication approach by defining five design goals, particularly stressing the importance of choosing an appropriate Unit of Privacy. Based on this framework, we briefly discuss the existing trajectory protection approaches, emphasising their shortcomings. This work focuses on the systematisation of the state-of-the-art generative models for trajectories in the context of the proposed framework. We find that no existing solution satisfies all requirements. Thus, we perform an experimental study evaluating the applicability of six sequential generative models to the trajectory domain. Finally, we conclude that a generative trajectory model providing semantic guarantees remains an open research question and propose concrete next steps for future research.

翻译：位置轨迹作为分析和基于位置服务的重要数据源，其可能泄露敏感信息，例如政治与宗教偏好。差分隐私发布机制已被提出，以在严格隐私保证下支持数据分析。然而，传统保护方案受限于隐私与效用的权衡，且易受关联与重构攻击。合成轨迹数据的生成与发布代表了保护算法的一种有前景的替代方案。虽然初始方案实现了显著的效用，但未能提供严格的隐私保证。本文通过定义五项设计目标，特别是强调选择合适隐私单元的重要性，提出了隐私保护轨迹发布方法的设计框架。基于此框架，我们简要讨论了现有轨迹保护方法，重点指出其不足。本工作聚焦于在所提框架背景下，对最先进的轨迹生成模型进行系统化梳理。我们发现现有方案均无法满足所有要求。因此，我们通过实验研究评估了六种序列生成模型在轨迹领域的适用性。最后，我们得出结论：能够提供语义保证的生成式轨迹模型仍是开放的研究问题，并为未来研究提出了具体的后续步骤。