joint obfuscation of location and its semantic information for privacy protection

Location-based social networks (LBSNs) such as Foursquare and Facebook enable users to share with each other, their (geographical) locations together with the semantic information associated with their locations. The semantic information captures the type of a location and is usually represented by a semantic tag like "restaurant", "museum", "school", etc. Semantic tag sharing increases the threat to users' location privacy (which is already at risk because of location sharing) and it also puts users' semantic location privacy at risk. The existing solution to protect the location privacy and the semantic location privacy of users in such LBSNs is to obfuscate the location and the semantic tag independently of each other in a so called disjoint obfuscation approach. Thus, in this approach, the semantic tag is obfuscated i.e., replaced by a more general tag. Also, the location is obfuscated i.e., replaced by a generalized area (called the cloaking area ) made of the actual location and some of its nearby locations. However, since in this approach the location obfuscation is performed in a semantic-oblivious manner, an adversary can still increase his chance to infer the actual location and the actual semantic tag by filtering out the locations in the cloaking area that are not semantically compatible with the obfuscated semantic tag. In this work, we address this issue by proposing a joint obfuscation approach in which the location obfuscation is performed based on the result of the semantic tag obfuscation. We also provide a formal framework for evaluation and comparison of our joint approach with the disjoint approach. By running an experimental evaluation on a dataset of real-world user traces collected from six different cities, we show that in almost all cases (i.e., in different cities and with different obfuscation parameters), the joint approach outperforms the disjoint approach in terms of location privacy protection and the semantic location privacy protection. Based on the evaluation results, we also discuss how different obfuscation parameters and the choice of the city can affect the performance of the obfuscation approaches. In particular, we show how changing these parameters can improve the performance of the joint approach. (c) 2021 Elsevier Ltd. All rights reserved.