Abstract
Location-based services have become an integral part of everyday life. To address the privacy issues that emerge from the use and sharing of location information, social networks and smartphone applications have adopted location proximity schemes as a means of balancing user privacy with utility. Unfortunately, despite the extensive academic literature on this topic, the schemes that large service providers have adopted are not always designed or implemented correctly, rendering users vulnerable to location-disclosure attacks. Such attacks have recently received major publicity as, in some cases, they even exposed citizens of oppressive regimes to life-threatening risks. In this article, we systematically assess the defenses that popular location-based services and mobile applications deploy to guard against adversaries seeking to identify a user’s location. We provide the theoretical foundations for formalizing the privacy guarantees of currently adopted proximity models, design practical attacks for each case, and prove tight bounds on the number of queries required for carrying out successful attacks in practice.
To evaluate the completeness of our approach, we conduct extensive experiments against popular services including Facebook, Foursquare, and Grindr. Our results demonstrate that, even though the aforementioned services implement various privacy-preserving techniques to protect their users, they are still vulnerable to attacks. In particular, we are able to pinpoint Facebook users within 5m of their exact location. For Foursquare and Grindr, users are pinpointed within 15m of their location in 90% of the cases, even with the strictest privacy settings enabled. Our attacks are highly efficient and complete within a few seconds. The severity of our findings was acknowledged by Facebook and Foursquare, both of which have followed our recommendations and adopted our design of a safe proximity scheme in their production systems. As the number of mobile applications offering location functionality will continue to increase, service providers and software developers must be able to assess the privacy guarantees that their services offer. To that end, we discuss viable defenses that can be currently adopted by all major services, and provide an open-source testing framework to be used by researchers and service providers who wish to evaluate the privacy-preserving properties of applications offering proximity functionality.
- Miguel E. Andrés, Nicolás E. Bordenabe, Konstantinos Chatzikokolakis, and Catuscia Palamidessi. 2013. Geo-indistinguishability: Differential privacy for location-based systems. In ACM CCS’13. Google Scholar
Digital Library
- Leyla Bilge, Thorsten Strufe, Davide Balzarotti, and Engin Kirda. 2009. All your contacts belong to us: Automated identity theft attacks on social networks. In ACM WWW’09. Google Scholar
Digital Library
- Nicolás E. Bordenabe, Konstantinos Chatzikokolakis, and Catuscia Palamidessi. 2014. Optimal geo-indistinguishable mechanisms for location privacy. In Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security. ACM, 251--262. Google Scholar
Digital Library
- Stephen Boyd and Lieven Vandenberghe. 2004. Convex Optimization. Cambridge University Press, New York, NY. Google Scholar
Digital Library
- A. Chaabane, G. Acs, and M. A. Kaafar. 2012. You are what you like! Information leakage through users’ interests. In NDSS’12.Google Scholar
- Brent N. Clark, Charles J. Colbourn, and David S. Johnson. 1990. Unit disk graphs. Discrete Mathematics 86, 1--3, 165--177. Google Scholar
Digital Library
- Josh Constine. 2014a. Techcrunch - Ambient Proximity Is The Next Phase Of Location Sharing. Retrieved November 28, 2016 from http://techcrunch.com/2014/05/01/ambient-proximity.Google Scholar
- Josh Constine. 2014b. Techcrunch - Facebook Launches Nearby Friends With Opt-In Real-Time Location Sharing To Help You Meet Up. Retrieved November 28, 2016 from http://techcrunch.com/2014/04/17/facebook-nearby-friends.Google Scholar
- Thomas H. Cormen, Clifford Stein, Ronald L. Rivest, and Charles E. Leiserson. 2001. Introduction to Algorithms (2nd ed.). McGraw-Hill Higher Education, New York, NY. Google Scholar
Digital Library
- Minati De, Gautam K. Das, and Subhas C. Nandy. 2011. Approximation algorithms for the discrete piercing set problem for unit disks. In CCCG.Google Scholar
- Federal Communications Commission. 2015. Wireless E911 location accuracy requirements. Ps Docket 07-114 (2015).Google Scholar
- Huan Feng and Kang G. Shin. 2014. POSTER session: Positioning attack on proximity-based people discovery. In CCS’14. Google Scholar
Digital Library
- D. Foo Kune, J. Koelndorfer, N. Hopper, and Y. Kim. 2012. Location leaks on the GSM air interface (NDSS’12).Google Scholar
- Police Forum. 2013. Police Forum - Social Media and Tactical Considerations For Law Enforcement. Retrieved November 28, 2016 from http://www.policeforum.org/assets/docs/Free_Online_Documents/Technology/social%20media%20and%20tactical%20considerations%20for%20law%20enforcement%202013.pdf.Google Scholar
- Sam Frizell. 2014. Time - Tinder Security Flaw Exposed Users’ Locations. Retrieved November 28, 2016 from http://time.com/8604/tinder-app-user-location-security-flaw/.Google Scholar
- Gabriel Ghinita, Maria Luisa Damiani, Claudio Silvestri, and Elisa Bertino. 2009. Preventing velocity-based linkage attacks in location-aware applications. In GIS’09. Google Scholar
Digital Library
- Glenn Greenwald and Ewen MacAskill. 2013. The Guardian - NSA Prism program taps in to user data of Apple, Google and others. Retrieved November 28, 2016 from http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-data.Google Scholar
- Grindr. 2014. Grindr - Location Security Update. Retrieved November 28, 2016 from http://grindr.com/blog/grindrs-location-security-update/.Google Scholar
- Marco Gruteser and Dirk Grunwald. 2003. Anonymous usage of location-based services through spatial and temporal cloaking. In MobiSys. Google Scholar
Digital Library
- Tanzima Hashem, Lars Kulik, and Rui Zhang. 2003. Countering overlapping rectangle privacy attack for moving kNN queries. Information Systems 38, 3. Google Scholar
Digital Library
- Trevor Hastie, Robert Tibshirani, and Jerome Friedman. 2001. The Elements of Statistical Learning. Springer, New York, NY.Google Scholar
- Ming-Shih Huang and Ram M. Narayanan. 2014. Trilateration-based localization algorithm using the Lemoine point formulation. IETE Journal of Research 60, 1, 60--73.Google Scholar
Cross Ref
- Yaoqi Jia, Xinshu Dong, Zhenkai Liang, and Prateek Saxena. 2014. I know where you’ve been: Geo-inference attacks via the browser cache. In W2SP’14.Google Scholar
- Richard Lardner. 2010. Huffington Post - Feds Using Fake Online Profiles To Spy On Suspects. Retrieved November 28, 2016 from http://www.huffingtonpost.com/2010/03/16/fbi-uses-fake-facebook-pr_n_500776.html.Google Scholar
- Hong Ping Li, Haibo Hu, and Jianliang Xu. 2013. Nearby friend alert: Location anonymity in mobile geosocial networks. IEEE Pervasive Computing 12, 4, 62--70. Google Scholar
Digital Library
- Muyuan Li, Haojin Zhu, Zhaoyu Gao, Si Chen, Le Yu, Shangqian Hu, and Kui Ren. 2014. All your locations belong to us: Breaking mobile social networks for automated user location tracking. In MobiHoc. Google Scholar
Digital Library
- Zi Lin, Denis Foo Kune, and Nicholas Hopper. 2012. Efficient private proximity testing with GSM location sketches. In Financial Cryptography and Data Security.Google Scholar
- M. V. Marathe, H. Breu, H. B. Hunt III, S. S. Ravi, and D. J. Rosenkrantz. 1995. Simple heuristics for unit disk graphs. NETWORKS 25.Google Scholar
- Claudio Marforio, Nikolaos Karapanos, Claudio Soriente, Kari Kostiainen, and Srdjan Capkun. 2014. Smartphones as practical and secure location verification tokens for payments (NDSS’14).Google Scholar
- Donald W. Marquardt. 1963. An algorithm for least-squares estimation of nonlinear parameters. Journal of the Society for Industrial 8 Applied Mathematics 11, 2, 431--441.Google Scholar
Cross Ref
- Sergio Mascetti, Letizia Bertolaja, and Claudio Bettini. 2013. A practical location privacy attack in proximity services. In MDM. IEEE. Google Scholar
Digital Library
- Sergio Mascetti, Claudio Bettini, Dario Freni, Xiaoyang Sean Wang, and Sushil Jajodia. 2009. Privacy-aware proximity based services. In MDM. IEEE. Google Scholar
Digital Library
- Sergio Mascetti, Dario Freni, Claudio Bettini, X. Sean Wang, and Sushil Jajodia. 2011. Privacy in geo-social networks: Proximity notification with untrusted service providers and curious buddies. The VLDB Journal The International Journal on Very Large Data Bases 20, 4, 541--566. Google Scholar
Digital Library
- Shigeru Masuyama, Toshihide Ibaraki, and Toshiharu Hasegawa. 1981. Computational complexity of the m-center problems on the plane. IEICE Transactions E64, 2, 57--64.Google Scholar
- Kazuhiro Minami and Nikita Borisov. 2010. Protecting location privacy against inference attacks (WPES’10). Google Scholar
Digital Library
- Arvind Narayanan, Narendran Thiagarajan, Michael Hamburg, Mugdha Lakhani, and Dan Boneh. 2011. Location privacy via private proximity testing. In NDSS’11.Google Scholar
- Tim Nieberg and Johann Hurink. 2006. A PTAS for the minimum dominating set problem in unit disk graphs. In WAOA. Google Scholar
Digital Library
- Rick Noack. 2014. Washington Post - Could using gay dating app Grindr get you arrested in Egypt? RetrievedNovember 28, 2016 from http://www.washingtonpost.com/blogs/worldviews/wp/2014/09/12/could-using-gay-dating-app-grindr-get-you-arrested-in-egypt/.Google Scholar
- Callum Paton. 2014. The Independent - Grindr and Egypt. Retrieved November 28, 2016 from http://www.independent.co.uk/news/world/africa/9757652.html.Google Scholar
- Iasonas Polakis, Stamatis Volanis, Elias Athanasopoulos, and Evangelos P. Markatos. 2013. The man who was there: Validating check-ins in location-based services. In ACSAC’13. Google Scholar
Digital Library
- Krishna P. N. Puttaswamy and Ben Y. Zhao. 2010. Preserving privacy in location-based mobile social applications (HotMobile’10). Google Scholar
Digital Library
- Guojun Qin, Constantinos Patsakis, and Mélanie Bouroche. 2014. Playing hide and seek with mobile dating applications. In IFIP SEC’14.Google Scholar
- Justin Scheck. 2010. WSJ - Stalkers Exploit Cellphone GPS. Retrieved November 28, 2016 from http://online.wsj.com/articles/SB10001424052748703467304575383522318244234.Google Scholar
- Reza Shokri, George Theodorakopoulos, Jean-Yves Le Boudec, and Jean-Pierre Hubaux. 2011. Quantifying location privacy. In IEEE Security and Privacy’11. Google Scholar
Digital Library
- Reza Shokri, George Theodorakopoulos, Carmela Troncoso, Jean-Pierre Hubaux, and Jean-Yves Le Boudec. 2012. Protecting location privacy: Optimal strategy against localization attacks (CCS’12). Google Scholar
Digital Library
- Laurynas Šikšnys, Jeppe Rishede Thomsen, Simonas Saltenis, and Man Lung Yiu. 2010. Private and flexible proximity detection in mobile social networks. In 11th International Conference on Mobile Data Management (MDM’10). IEEE, 75--84. Google Scholar
Digital Library
- Laurynas Šikšnys, Jeppe R. Thomsen, Simonas Šaltenis, Man Lung Yiu, and Ove Andersen. 2009. A location privacy aware friend locator. In SST’09.Google Scholar
- George Theodorakopoulos, Reza Shokri, Carmela Troncoso, Jean-Pierre Hubaux, and Jean-Yves Le Boudec. 2014. Prolonging the hide-and-seek game: Optimal trajectory privacy for location-based services. In WPES’14. Google Scholar
Digital Library
- Federico Thomas and Llus Ros. 2005. Revisiting trilateration for robot localization. Transactions on Robotics’05 21, 1. Google Scholar
Digital Library
- You-Chiun Wang, Chun-Chi Hu, and Yu-Chee Tseng. 2005. Efficient deployment algorithms for ensuring coverage and connectivity of wireless sensor networks. In Wireless Internet’05. Google Scholar
Digital Library
- Patrick Wardle. 2014. Synack Security - The Do’s and Don’ts of Location Aware Apps; A Case Study. (2014). Retrieved November 28, 2016 from https://www.synack.com/labs/projects/the-dos-and-donts-of-location-aware-apps-a-case-study.Google Scholar
- Zheng Yang, Yiyang Zhao, Yunhao Liu, and Yu Xu. 2014. Human mobility enhances global positioning accuracy for mobile phone localization. IEEE Transactions on Parallel and Distributed Systems 99, 1.Google Scholar
- Xinxin Zhao, Lingjun Li, and Guoliang Xue. 2013. Checking in without worries: Location privacy in location based social networks. In INFOCOM’13.Google Scholar
- Yao Zheng, Ming Li, Wenjing Lou, and Y. Thomas Hou. 2012. SHARP: Private proximity test and secure handshake with cheat-proof location tags. In ESORICS’12.Google Scholar
- Ge Zhong, Ian Goldberg, and Urs Hengartner. 2007. Louis, Lester and Pierre: Three protocols for location privacy. In PETS’07. Google Scholar
Digital Library
Index Terms
Evaluating the Privacy Guarantees of Location Proximity Services
Recommendations
Where's Wally?: Precise User Discovery Attacks in Location Proximity Services
CCS '15: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications SecurityLocation proximity schemes have been adopted by social networks and other smartphone apps as a means of balancing user privacy with utility. However, misconceptions about the privacy offered by proximity services have rendered users vulnerable to ...
From location to location pattern privacy in location-based services
Location privacy is extensively studied in the context of location-based services (LBSs). Typically, users are assigned a location privacy profile and the precise locations are cloaked so that the privacy profile is not compromised. Though being well-...
Feeling-based location privacy protection for location-based services
CCS '09: Proceedings of the 16th ACM conference on Computer and communications securityAnonymous location information may be correlated with restricted spaces such as home and office for subject re-identification. This makes it a great challenge to provide location privacy protection for users of location-based services. Existing work ...






Comments