Perils of Location Tracking? Personalized and Interpretable Privacy Preservation in Consumer Mobile Trajectories

Consumer location tracking is becoming omnipresent on mobile devices, producing a vast volume of behavior-rich location trajectory data. These data have enabled a wide range of opportunities for monetization, such as location-based targeting. An advertiser, however, could either use the acquired location data to play the role of a “butler” who understands consumer needs and provides valuable personalized services, or goes overboard with marketing campaigns and misuses the location data by invading consumer privacy and becoming a real-life “stalker.” This calls attention for regulatory bodies and any location data collector, such as a mobile app owner or data aggregator, to balance consumer privacy risk and advertiser utility, when sharing consumer location data with any advertiser. In this paper, we propose a personalized and interpretable framework that enables a location data collector to optimize the risk-utility trade-off. Validating the framework on nearly one million location trajectories from more than 40,000 individuals, we find that high privacy risks indeed prevail in the absence of data obfuscation. For instance, an individual’s home address can be accurately predicted within an average radius of 2.5 miles. Moreover, 49% of individuals’ entire location trajectories can be fully identified by knowing merely two randomly sampled locations visited by the individual. Outperforming multiple baselines, the proposed framework significantly reduces each consumer's privacy risk (e.g., by 15% of inferring home address) while preserving an advertiser’s utility. As novel and powerful consumer location data become increasingly available, we demonstrate their economic value to an advertiser and accompanying privacy risk to consumers, and most importantly, propose an actionable framework to mitigate their risk while maximizing their utility.