While location trajectories represent a valuable data source for analyses and location-based services, they can reveal sensitive information, such as political and religious preferences. Differentially private publication mechanisms have been proposed to allow for analyses under rigorous privacy guarantees. However, the traditional protection schemes suffer from a limiting privacy-utility trade-off and are vulnerable to correlation and reconstruction attacks. Synthetic trajectory data generation and release represent a promising alternative to protection algorithms. While initial proposals achieve remarkable utility, they fail to provide rigorous privacy guarantees. This paper proposes a framework for designing a privacy-preserving trajectory publication approach by defining five design goals, particularly stressing the importance of choosing an appropriate Unit of Privacy. Based on this framework, we briefly discuss the existing trajectory protection approaches, emphasising their shortcomings. This work focuses on the systematisation of the state-of-the-art generative models for trajectories in the context of the proposed framework. We find that no existing solution satisfies all requirements. Thus, we perform an experimental study evaluating the applicability of six sequential generative models to the trajectory domain. Finally, we conclude that a generative trajectory model providing semantic guarantees remains an open research question and propose concrete next steps for future research.

翻译：尽管位置轨迹是分析和基于位置服务的重要数据来源，但可能泄露政治倾向、宗教信仰等敏感信息。为在严格隐私保障下开展分析，研究者已提出差分隐私发布机制。然而，传统保护方案受限于隐私-效用权衡困境，且易遭受关联攻击与重构攻击。合成轨迹数据生成与发布作为保护算法的新兴替代方案，虽早期研究已取得显著效用，却无法提供严格的隐私保障。本文提出面向隐私保护轨迹发布方法的设计框架，通过定义五项设计目标，特别强调选择合适"隐私单元"的重要性。基于该框架，我们简要探讨现有轨迹保护方法的局限性。本研究聚焦于将现有最优轨迹生成模型纳入该框架的系统化分析，发现尚无方案能满足所有需求。为此，我们开展实验研究，评估六种序列生成模型在轨迹领域的适用性。最后得出结论：提供语义保障的生成式轨迹模型仍属开放研究问题，并针对未来研究提出具体推进方向。