Location data privacy has become a serious concern for users as Location Based Services (LBSs) have become an important part of their life. It is possible for malicious parties having access to geolocation data to learn sensitive information about the user such as religion or political views. Location Privacy Preserving Mechanisms (LPPMs) have been proposed by previous works to ensure the privacy of the shared data while allowing the users to use LBSs. But there is no clear view of which mechanism to use according to the scenario in which the user makes use of a LBS. The scenario is the way the user is using a LBS (frequency of reports, number of reports). In this paper, we study the sensitivity of LPPMs on the scenario on which they are used. We propose a framework to systematically evaluate LPPMs by considering an exhaustive combination of LPPMs, attacks and metrics. Using our framework we compare a selection of LPPMs including an improved mechanism that we introduce. By evaluating over a variety of scenarios, we find that the efficacy (privacy, utility, and robustness) of the studied mechanisms is dependent on the scenario: for example the privacy of Planar Laplace geo-indistinguishability is greatly reduced in a continuous scenario. We show that the scenario is essential to consider when choosing an obfuscation mechanism for a given application.

翻译：基于位置的服务（LBS）已成为用户生活的重要组成部分，位置数据隐私问题也随之成为用户关注的焦点。恶意方若获取地理定位数据，可能获知用户的敏感信息（如宗教信仰或政治观点）。现有研究提出了位置隐私保护机制（LPPMs），旨在保障共享数据隐私的同时允许用户使用LBS。但针对用户使用LBS的具体场景（如报告频率、报告数量），目前尚无明确指引指导选择何种机制。本文研究了LPPMs对应用场景的敏感性，提出了一种通过穷举组合LPPMs、攻击手段与评估指标来系统评估LPPMs的框架。利用该框架，我们比较了多种选定的LPPMs（包括一种改进机制）。通过多场景评估发现，所研究机制的有效性（隐私性、效用性、鲁棒性）依赖于具体场景：例如，平面拉普拉斯地理不可区分性机制在连续场景中的隐私保护效果显著下降。研究表明，为特定应用选择混淆机制时必须考虑场景因素。