Trajectory data has the potential to greatly benefit a wide-range of real-world applications, such as tracking the spread of the disease through people's movement patterns and providing personalized location-based services based on travel preference. However, privay concerns and data protection regulations have limited the extent to which this data is shared and utilized. To overcome this challenge, local differential privacy provides a solution by allowing people to share a perturbed version of their data, ensuring privacy as only the data owners have access to the original information. Despite its potential, existing point-based perturbation mechanisms are not suitable for real-world scenarios due to poor utility, dependence on external knowledge, high computational overhead, and vulnerability to attacks. To address these limitations, we introduce LDPTrace, a novel locally differentially private trajectory synthesis framework. Our framework takes into account three crucial patterns inferred from users' trajectories in the local setting, allowing us to synthesize trajectories that closely resemble real ones with minimal computational cost. Additionally, we present a new method for selecting a proper grid granularity without compromising privacy. Our extensive experiments using real-world data, various utility metrics and attacks, demonstrate the efficacy and efficiency of LDPTrace.

翻译：轨迹数据在众多实际应用场景中具有巨大潜力，例如通过人群移动模式追踪疾病传播，以及基于出行偏好提供个性化位置服务。然而，隐私问题与数据保护法规已限制了这些数据的共享与利用范围。为应对这一挑战，本地差分隐私提供了一种解决方案：允许用户共享其数据的扰动版本，由于仅有数据持有者能访问原始信息，从而保障隐私。尽管前景广阔，现有基于点的扰动机制因实用性差、依赖外部知识、计算开销高及易受攻击而无法适用于真实场景。为克服这些局限，我们提出LDPTrace——一种新型的本地差分隐私轨迹合成框架。该框架综合考虑从用户本地轨迹中推断出的三种关键模式，能以极低计算代价合成与真实轨迹高度近似的轨迹数据。此外，我们还提出一种新方法，可在不牺牲隐私的前提下选择适当的网格粒度。基于真实数据的广泛实验及多种效用指标与攻击测试，验证了LDPTrace的有效性与高效性。