Trajectory data has the potential to greatly benefit a wide-range of real-world applications, such as tracking the spread of the disease through people's movement patterns and providing personalized location-based services based on travel preference. However, privay concerns and data protection regulations have limited the extent to which this data is shared and utilized. To overcome this challenge, local differential privacy provides a solution by allowing people to share a perturbed version of their data, ensuring privacy as only the data owners have access to the original information. Despite its potential, existing point-based perturbation mechanisms are not suitable for real-world scenarios due to poor utility, dependence on external knowledge, high computational overhead, and vulnerability to attacks. To address these limitations, we introduce LDPTrace, a novel locally differentially private trajectory synthesis framework. Our framework takes into account three crucial patterns inferred from users' trajectories in the local setting, allowing us to synthesize trajectories that closely resemble real ones with minimal computational cost. Additionally, we present a new method for selecting a proper grid granularity without compromising privacy. Our extensive experiments using real-world data, various utility metrics and attacks, demonstrate the efficacy and efficiency of LDPTrace.

翻译：轨迹数据有可能极大促进一系列现实世界应用，例如通过人口移动模式追踪疾病传播，以及基于出行偏好提供个性化位置服务。然而，隐私问题和数据保护法规限制了此类数据的共享与利用。为了克服这一挑战，局部差分隐私提供了一种解决方案，允许用户共享扰动后的数据版本，确保只有数据所有者能访问原始信息，从而保护隐私。尽管潜力巨大，现有的基于点的扰动机制因效用低下、依赖外部知识、计算开销高以及易受攻击等问题，并不适用于实际场景。为解决这些限制，我们提出了LDPTrace，一种新颖的局部差分隐私轨迹合成框架。该框架考虑了从用户轨迹中推断出的三种关键模式，能够在最小计算成本下合成与真实轨迹高度相似的轨迹。此外，我们提出了一种无需牺牲隐私即可选择适当网格粒度的新方法。基于真实数据、多种效用度量及攻击手段的大量实验证明，LDPTrace具有高效性和有效性。